vmmap64.exe

  • File Path: C:\SysinternalsSuite\vmmap64.exe
  • Description: Vmmap - process memory analyzer

Screenshot

vmmap64.exe vmmap64.exe

Hashes

Type Hash
MD5 46265A5B8B362D94D818005877672839
SHA1 F93C6E0BC6F9111E3242E2A3C7B4363A54D73267
SHA256 7741EA312099ACA6C9BBFE4004A832C01921CC46B73A8116A9913D8047D9DC1A
SHA384 8C0BC87148FB10D848B735C43049828ED3EE8A1796CF65DEDD3D473D21F23D249991277B6618B2F05E731B4DD4F9977F
SHA512 7C09BC750C4042EEDAA3372EEA945C346D865A1BCBA1BE6EA7CFBC51FD95595CA90844EB582D63F363F45A455528277431D64F06217645D04942C2740101D849
SSDEEP 12288:DHqWrYh0P5mEnZoy5tVBFksY09imflmJW2EnHf2buylG:DHqWrYh0hvn15tTF+eim9yW2EVy
IMP 038325277E3D830160EECEA375AC32B0
PESHA1 5A1752F9D50FB066F102B67F9A260E66C7F456D4
PE256 C7A07D1FF3FF79363E4FD1F410C1777F4F35CF6FB08127CF828E6C0441FF99B0

Runtime Data

Window Title:

VMMap Usage

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_ca04af081b815d21 File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.508_none_faefa4f37613d18e File
(RW-) C:\xCyclopedia File
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\1\Windows\Theme2036293991 Section
\Windows\Theme1324212991 Section

Loaded Modules:

Path
C:\SysinternalsSuite\vmmap64.exe
C:\Windows\System32\ADVAPI32.dll
C:\Windows\System32\combase.dll
C:\Windows\System32\COMDLG32.dll
C:\Windows\System32\GDI32.dll
C:\Windows\System32\gdi32full.dll
C:\Windows\System32\IMM32.DLL
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcp_win.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\ole32.dll
C:\Windows\System32\OLEAUT32.dll
C:\Windows\System32\psapi.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\sechost.dll
C:\Windows\System32\shcore.dll
C:\Windows\System32\SHELL32.dll
C:\Windows\System32\SHLWAPI.dll
C:\Windows\System32\ucrtbase.dll
C:\Windows\System32\USER32.dll
C:\Windows\SYSTEM32\uxtheme.dll
C:\Windows\SYSTEM32\VERSION.dll
C:\Windows\System32\win32u.dll
C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_ca04af081b815d21\COMCTL32.dll
C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.508_none_faefa4f37613d18e\gdiplus.dll

Signature

  • Status: Signature verified.
  • Serial: 3300000187721772155940C709000000000187
  • Thumbprint: 2485A7AFA98E178CB8F30C9838346B514AEA4769
  • Issuer: CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: Vmmap
  • Product Name: Vmmap
  • Company Name: Sysinternals - www.sysinternals.com
  • File Version: 3.26
  • Product Version: 3.26
  • Language: English (United States)
  • Legal Copyright: Copyright (C) 2009-2019 Mark Russinovich
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/66
  • VirusTotal Link: https://www.virustotal.com/gui/file/7741ea312099aca6c9bbfe4004a832c01921cc46b73a8116a9913d8047d9dc1a/detection/

File Similarity (ssdeep match)

File Score
C:\SysinternalsSuite\vmmap.exe 68

Possible Misuse

The following table contains possible examples of vmmap64.exe being misused. While vmmap64.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_false_sysinternalsuite.yml - '\vmmap64.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.