AccCheckConsole.exe
- File Path:
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\arm\AccChecker\AccCheckConsole.exe - Description:
Hashes
| Type | Hash |
|---|---|
| MD5 | D5777B6C068E726AF25C21FB0F9608BF |
| SHA1 | C2688C6600F7BA712D7B5987C46F526F6049C3AF |
| SHA256 | D70D8281EF0F03342F3C0D4E680907B98A86292709FEC0B23FDAB34AA84D43C2 |
| SHA384 | F484762A946E57EC8B30CA42CAB16BD4E4FA43CC5D9E4EA64B1E4D36CC9654F1371E97C0DD727FB11985BC1518FFA8D6 |
| SHA512 | 93773A96298D6EB6993FA06E1080779924A0DEDB316C9625019B45253C516A1E54CADEBC877C33E81749DC61BE2B41D7BA3F38A21077616D5501D08000926C95 |
| SSDEEP | 384:+LwCj6aYZS0reG41oCvYf6kQFTFemhjITi3K+dwJugM6gQW2VQwWZE4JeRlFO:ABkC5hnjHK+dwJuugoVQ3H |
| PESHA1 | 1C0230A9362C27FF3FFDBC717228D4141D649D19 |
| PE256 | 65EC0E5CA89E67EE2CACD69F9C9A02ABAE4091F275E2B3C32EA4245B2A56A358 |
Signature
- Status: Signature verified.
- Serial:
33000002B7E8E007A82AEF13150000000002B7 - Thumbprint:
5A68625F1A516670A744F7EF919500A479D32A5B - Issuer: CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows Kits Publisher, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: AccCheckConsole.exe
- Product Name: Microsoft (R) Windows (R) Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.19041.1
- Product Version: 10.0.19041.1
- Language: Language Neutral
- Legal Copyright: Copyright (c) Microsoft Corporation. All rights reserved.
- Machine Type: 452
File Scan
- VirusTotal Detections: Unknown
File Similarity (ssdeep match)
Possible Misuse
The following table contains possible examples of AccCheckConsole.exe being misused. While AccCheckConsole.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | proc_creation_win_susp_acccheckconsole.yml | title: Suspicious LOLBIN AccCheckConsole |
DRL 1.0 |
| sigma | proc_creation_win_susp_acccheckconsole.yml | description: Detects suspicious LOLBIN AccCheckConsole execution with parameters as used to load an arbitrary DLL |
DRL 1.0 |
| sigma | proc_creation_win_susp_acccheckconsole.yml | Image\|endswith: '\AccCheckConsole.exe' |
DRL 1.0 |
MIT License. Copyright (c) 2020-2021 Strontic.