write.exe

  • File Path: C:\windows\SysWOW64\write.exe
  • Description: Windows Write

Hashes

Type Hash
MD5 1EFA647F97009893CC54BD677751A958
SHA1 18BEFBFC692DF3D6B2205A90A70E64E1787BD11B
SHA256 5CBEEA096C7A0AD76E40F461C1A2C1D79BAB42C1730ED70ECD8183302F9BE357
SHA384 715913C7052447911BAF1E4B9068D417572EB72731CA355FC729A726C4A7A17F59A33C2921563FA6C7ABBC506213585D
SHA512 067526B3539BD29E0F0F06FCA167ED3B6FA802DBE19A75B0DE5466E97AC4CF8DC09107E2425827E71097ED029E0102A63FE848CB77B728E734781C5D6AFBE69E
SSDEEP 96:IzX93EfVlX7k7d7xKDWPTQ+JDHQtX/QW6oRTJUw0FU/DJdMi2bKveLrxuJRd1EWi:IzXZEfATdGQW6oRT10F+Puxu/MWYOWV

Signature

  • Status: The file C:\windows\SysWOW64\write.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
  • Serial: ``
  • Thumbprint: ``
  • Issuer:
  • Subject:

File Metadata

  • Original Filename: write
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 6.3.9600.17415 (winblue_r4.141028-1500)
  • Product Version: 6.3.9600.17415
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\windows\system32\write.exe 35
C:\Windows\SysWOW64\write.exe 44
C:\WINDOWS\SysWOW64\write.exe 43
C:\WINDOWS\SysWOW64\write.exe 40
C:\Windows\SysWOW64\write.exe 54
C:\windows\write.exe 35

Possible Misuse

The following table contains possible examples of write.exe being misused. While write.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_susp_spoolsv_child_processes.yml - \write.exe DRL 1.0
LOLBAS Tracker.yml - Command: Tracker.exe /d .\calc.dll /c C:\Windows\write.exe  

MIT License. Copyright (c) 2020-2021 Strontic.