write.exe

  • File Path: C:\windows\system32\write.exe
  • Description: Windows Write

Hashes

Type Hash
MD5 73E19BE0E0ECD88616B5762F621B0226
SHA1 27CDEB38A55826936D5B55F54984447398C5D996
SHA256 E559C2673D312A0089D8DCDFAECD7FE261F74AAAF02A110722B34A0C85574012
SHA384 A3A502C730F75C528B24CA655337335D473A7AF4DBB4A651EE6ED83F8ABD2F895145BD2DE4DE212A6F143EC8E8E8C30E
SHA512 EAB88674F7B27FAE21BD2D0F4F3CDD391E56BC5FC9135363B8B1A05A8660D41518E6382C67094A76EF10EE9FCD49E46F6B3164843A0581EB5EC1B032D4FE775F
SSDEEP 192:fPgFa6DLjHpB+tH+r9eKY03hWxu/MWYOWS:w1Ljb+Byewoxu/MWYOWS

Signature

  • Status: The file C:\windows\system32\write.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
  • Serial: ``
  • Thumbprint: ``
  • Issuer:
  • Subject:

File Metadata

  • Original Filename: write
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 6.3.9600.17415 (winblue_r4.141028-1500)
  • Product Version: 6.3.9600.17415
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\windows\SysWOW64\write.exe 35
C:\windows\write.exe 100

Possible Misuse

The following table contains possible examples of write.exe being misused. While write.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_susp_spoolsv_child_processes.yml - \write.exe DRL 1.0
LOLBAS Tracker.yml - Command: Tracker.exe /d .\calc.dll /c C:\Windows\write.exe  

MIT License. Copyright (c) 2020-2021 Strontic.