waitfor.exe
- File Path:
C:\windows\system32\waitfor.exe - Description: waitfor - wait/send a signal over a network
Hashes
| Type | Hash |
|---|---|
| MD5 | 3286BDFBE32C205ABE62BC07DE4F7419 |
| SHA1 | 715CFAA4E13B403BA1983F4D3AFC2847DE4AD521 |
| SHA256 | 09FD55427A57887F92AE5B22CA3B6D75B81EA4ED5CE34FA891D0D49602022DA5 |
| SHA384 | 2A6ECADA8EF3387D5FB8287E146DCD8634BCB18E79CBF21BA7D52D610A5563F53F0B6DF77A4D234C1B0F1603BBE71BEF |
| SHA512 | 0F0A95F904F055C88CB89A48911A85FB23E8F5DEC593F0623DB694F5AE9E3A666C67DB07397D9B1DA37556A48B6541710EACD31231E6E7EB9474E3AE4ABFDA6C |
| SSDEEP | 768:RJHK01RkeC/6adXbdI8i4LrvxqQJvHK16Xoi7M6QB/yO/y7Oxk/n:RJHK0bkeC/6adLd1ZP6DiEpyGyKx2n |
Signature
- Status: The file C:\windows\system32\waitfor.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
- Serial: ``
- Thumbprint: ``
- Issuer:
- Subject:
File Metadata
- Original Filename: waitfor.exe.mui
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 6.3.9600.16384 (winblue_rtm.130821-1623)
- Product Version: 6.3.9600.16384
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
Possible Misuse
The following table contains possible examples of waitfor.exe being misused. While waitfor.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| signature-base | apt_oilrig.yar | $x2 = “wss.Run "powershell.exe " & Chr(34) & "& {waitfor haha /T 2}" & Chr(34), 0” fullword ascii | CC BY-NC 4.0 |
Additional Info*
*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.
waitfor
Sends or waits for a signal on a system. This command is used to synchronize computers across a network.
Syntax
waitfor [/s <computer> [/u [<domain>\]<user> [/p [<password>]]]] /si <signalname>
waitfor [/t <timeout>] <signalname>
Parameters
| Parameter | Description |
|---|---|
/s <computer> |
Specifies the name or IP address of a remote computer (don’t use backslashes). The default is the local computer. This parameter applies to all files and folders specified in the command. If you don’t use this parameter, the signal is broadcast to all the systems in a domain. If you do use this parameter, the signal is sent only to the specified system. |
/u [<domain>]<user> |
Runs the script using the credentials of the specified user account. By default, waitfor uses the current user’s credentials. |
/p [\<password>] |
Specifies the password of the user account that is specified in the /u parameter. |
| /si | Sends the specified signal across the network. This parameter also lets you manually activate a signal. |
/t <timeout> |
Specifies the number of seconds to wait for a signal. By default, waitfor waits indefinitely. |
<signalname> |
Specifies the signal that waitfor waits for or sends. This parameter isn’t case-sensitive and can’t exceed 225 characters. Valid characters include a-z, A-Z, 0-9, and the ASCII extended character set (128-255). |
| /? | Displays help at the command prompt. |
Remarks
-
You can run multiple instances of waitfor on a single computer, but each instance of waitfor must wait for a different signal. Only one instance of waitfor can wait for a given signal on a given computer.
-
Computers can only receive signals if they are in the same domain as the computer sending the signal.
-
You can use this command when you test software builds. For example, the compiling computer can send a signal to several computers running waitfor after the compile has completed successfully. On receipt of the signal, the batch file that includes waitfor can instruct the computers to immediately start installing software or running tests on the compiled build.
Examples
To wait until the espresso\build007 signal is received, type:
waitfor espresso\build007
By default, waitfor waits indefinitely for a signal.
To wait 10 seconds for the espresso\compile007 signal to be received before timing out, type:
waitfor /t 10 espresso\build007
To manually activate the espresso\build007 signal, type:
waitfor /si espresso\build007
Additional References
MIT License. Copyright (c) 2020-2021 Strontic.