vmmap.exe

File Path: C:\SysinternalsSuite\vmmap.exe
Description: Vmmap - process memory analyzer

Screenshot

vmmap.exe

Hashes

Type	Hash
MD5	`7618E5E6B04300DF689C6B360FE97B58`
SHA1	`DAA15F876363142FC4B6E858BE394297169AD824`
SHA256	`A8F39407AF01A4F75BE55A57D79DA1D20E29AA20B30F45155321AE8A0B68F816`
SHA384	`8D7BFF5FA7C7C41CECC35EBB7801A2AC090F04C173C3AE59317DDAC1EF1A7EF8D8372CFCB6E5FE5BB10FBB782E5C086D`
SHA512	`4BC747DFC817EF4580709BAFDFB561448F051DDDE45B52330EF663617B6C7D3B080D59A7F7DB482E5AA1403AB0048BFFE82331AF41B13CA46E61933D1A9007C4`
SSDEEP	`24576:1+VcRWmOOgA+n+0akqJzjXHqWrYh0hvn15tTF+eim9yW2EVyn2y1:1+gG+r9jXHhg09n15t4eim9yW2EVyn2u`
IMP	`D254F93270A26B68687C5BED60D6FDFF`
PESHA1	`56BCB6140797248B0FADEF2857EF29BCCD6C47F9`
PE256	`662679F387DB7B0D748C969A0E741E8337E90E21DDF2EF0251D0782CD0F12B31`

Runtime Data

Child Processes:

vmmap64.exe

Window Title:

VMMap Usage

Open Handles:

Path	Type
(R-D) C:\Windows\Fonts\StaticCache.dat	File
(RW-) C:\Windows	File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_11b1e5df2ffd8627	File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.508_none_429cdbca8a8ffa94	File
(RW-) C:\xCyclopedia	File
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0	Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0	Section
\Sessions\1\Windows\Theme2036293991	Section
\Windows\Theme1324212991	Section

Loaded Modules:

Path
C:\SysinternalsSuite\vmmap.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

Status: Signature verified.
Serial: 3300000187721772155940C709000000000187
Thumbprint: 2485A7AFA98E178CB8F30C9838346B514AEA4769
Issuer: CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

Original Filename: Vmmap
Product Name: Vmmap
Company Name: Sysinternals - www.sysinternals.com
File Version: 3.26
Product Version: 3.26
Language: English (United States)
Legal Copyright: Copyright (C) 2009-2019 Mark Russinovich
Machine Type: 32-bit

File Scan

VirusTotal Detections: 0/66
VirusTotal Link: https://www.virustotal.com/gui/file/a8f39407af01a4f75be55a57d79da1d20e29aa20b30f45155321ae8a0b68f816/detection/

File Similarity (ssdeep match)

File	Score
C:\SysinternalsSuite\vmmap64.exe	68

Possible Misuse

The following table contains possible examples of vmmap.exe being misused. While vmmap.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source	Source File	Example	License
sigma	proc_creation_win_false_sysinternalsuite.yml	`- '\vmmap.exe'`	DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.