» handle.exe
Overview
Analysis
File Details
Programs (2)
Downloads (1)

handle.exe

Sysinternals Handle

Microsoft Corporation

This is installed with multiple programs including Sysinternals Software. The file has been seen being downloaded from live.sysinternals.com.

File name:

handle.exe

Publisher:

Sysinternals (signed by Microsoft Corporation)

Product:

Sysinternals Handle

Description:

Handle viewer

Version:

4.0

MD5:

2579df066d38a15be8142954a2633e7f

SHA-1:

5f08cc1dfcbd277f607e01bbbfbb34996febd937

SHA-256:

680327b39d67502103cc9ac8656564529c9a2765adbf563f3145589bcf87681b

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

11/24/2024 12:36:56 AM UTC (today)

File size:

523.7 KB (536,256 bytes)

Product version:

4.0

Original file name:

Nthandle.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\sysinternals suite\handle.exe

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

4/22/2014 10:39:00 AM

Valid to:

7/22/2015 10:39:00 AM

Subject:

CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

33000000CA6CD5321235C4E1550001000000CA

File PE Metadata

Compilation timestamp:

9/7/2014 8:47:13 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

12.0

CTPH (ssdeep):

6144:yfV+qzgQA7uQnHcjwlkEjA2ZZrTpnHqseZyTWSfbSRk4ewqK5u:yN1gQA7pHcKkQAY/beZDEK5u

Entry address:

0x75DC

Entry point:

E8, 06, D9, 00, 00, E9, 35, FE, FF, FF, E9, 57, 01, 00, 00, 55, 8B, EC, FF, 75, 18, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 96, 01, 00, 00, CC, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, 00, 4F, 43, 00, 33, C5, 89, 45, FC, 83, 7D, 08, FF, 57, 74, 09, FF, 75, 08, E8, BB, D9, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 8D, 85, E4, FC, FF, FF, 6A, 4C, 6A, 00, 50, E8, 43, DC, FF, FF, 8D, 85, E0, FC, FF, FF, 83, C4, 0C, 89, 85, D8, FC, FF, FF, 8D, 85, 30, FD, FF, FF, 89, 85, DC, FC, FF, FF, 89, 85, E0, FD... 
[+]

Entropy:

6.4742

Code size:

161.5 KB (165,376 bytes)

The file handle.exe has been discovered within the following programs.

CMU Security Behavior Observatory (SBO) Client by Carnegie Mellon University (CMU) Usable Privacy and Security (CUPS) research group

About 6% of users remove it

Sysinternals Software by Sysinternals - www.sysinternals.com

technet.microsoft.com/en-us/sysinternals/bb545027.aspx

4% remove it

The file handle.exe has been seen being distributed by the following URL.

https://live.sysinternals.com/handle.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.