whois64.exe

  • File Path: C:\SysinternalsSuite\whois64.exe
  • Description: Domain information lookup

Hashes

Type Hash
MD5 8DD9E6EC7B140CE8DF8621529CB33E16
SHA1 4CA099288AFF1CDDAAA7233831BBC0E6F4F42D8D
SHA256 0797B9F6E0281D8F31791D8F92B375D1074FF7C68266F9372AB54F26B9DCDD3C
SHA384 143FCC5FB46ABCB94B3B475EF4648EC4EAB0351563AB1B5E9A73EFA3AAB65A78954518AEF1F813E5B0D28756CF81C176
SHA512 267410E63592730E1313E023F5A0DC5317114F8F0832644DC392D568315AD67DF8C9E30F5C8B756A0F6DE29E17428EB7402757BA18F68185A8EE770D0D0E66CC
SSDEEP 12288:LCs5SXYigqHM+10Po+zIHgEtdPyx60nwBZjl:x5q1gqHM+10Po+zEtyA0nwjjl
IMP 79DAADC0F542259DBB60D203AF99B225
PESHA1 D1FFCA0EE1FF4018808B1C21CAE25411933BB3A1
PE256 6CA9A30D8E48BDBC768AD3976F84321788DB822C4B7AC79E488EADB76F6CAA08

Runtime Data

Usage (stdout):


Whois v1.21 - Domain information lookup
Copyright (C) 2005-2019 Mark Russinovich
Sysinternals - www.sysinternals.com


Usage: whois [-v] domainname [whois.server]
 -v   Print whois information for referrals
 -nobanner
      Do not display the startup banner and copyright message.

Usage (stderr):

No such host is known.

Loaded Modules:

Path
C:\SysinternalsSuite\whois64.exe
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 33000001519E8D8F4071A30E41000000000151
  • Thumbprint: 62009AAABDAE749FD47D19150958329BF6FF4B34
  • Issuer: CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: whois.exe
  • Product Name: Sysinternals Whois
  • Company Name: Sysinternals - www.sysinternals.com
  • File Version: 1.21
  • Product Version: 1.21
  • Language: English (United States)
  • Legal Copyright: Copyright (C) 2005-2019 Mark Russinovich
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/66
  • VirusTotal Link: https://www.virustotal.com/gui/file/0797b9f6e0281d8f31791d8f92b375d1074ff7c68266f9372ab54f26b9dcdd3c/detection/

Possible Misuse

The following table contains possible examples of whois64.exe being misused. While whois64.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_false_sysinternalsuite.yml - '\whois64.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.