BackgroundTransferHost.exe

File Path: C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
Description: Download/Upload Host

Hashes

Type	Hash
MD5	`BD2AD4F6150E93C0E6896DE2C0A0F763`
SHA1	`97023470855301EAC5CA993676E949A037AA1CD2`
SHA256	`C4B2F30E8AC46B5A6963FA736EDA26CE0B42456A8E3D0D5DEC0A8D3B3D06D7D2`
SHA384	`9DAB34147FB2DAF57FB927A91239E0F7ED61555F092697E38F7AD0B9FF60974F5FE31D9DE47CD5D5ED1413C690641F50`
SHA512	`4415EFF1D42ACCDEEAAC593D17356E3A330C88B18D21D783520FAA8D1E65954CDF86AC37E2F62F5113EB5AC0D3D252B2E899D7FC56A36FE334CCEB95E32179CC`
SSDEEP	`384:F+lJ8NF/KsQdVdZk3dvXspKMAezHW0/gWEQE0g7qW2RPT/8rFeZmJhY63:F8yNdKLGv/ez1k2aM6`
IMP	`2C84391D64B2AF34A9B9E60431B39091`
PESHA1	`322300442014748BA4FDF3F1FE34F952A0AF69ED`
PE256	`85686BAB3F9F092DBC9561905C0785746E43FF35E3E365298A86E3E14394409F`

Runtime Data

Child Processes:

BackgroundTransferHost.exe WerFault.exe

Loaded Modules:

Path
C:\WINDOWS\SYSTEM32\ntdll.dll
C:\WINDOWS\System32\wow64.dll
C:\WINDOWS\System32\wow64base.dll
C:\WINDOWS\System32\wow64con.dll
C:\WINDOWS\System32\wow64cpu.dll
C:\WINDOWS\System32\wow64win.dll
C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe

Signature

Status: Signature verified.
Serial: 33000002ED2C45E4C145CF48440000000002ED
Thumbprint: 312860D2047EB81F8F58C29FF19ECDB4C634CF6A
Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

Original Filename: BackgroundTransferHost.exe
Product Name: Microsoft Windows Operating System
Company Name: Microsoft Corporation
File Version: 10.0.22000.1 (WinBuild.160101.0800)
Product Version: 10.0.22000.1
Language: English (United States)
Legal Copyright: Microsoft Corporation. All rights reserved.
Machine Type: 32-bit

File Scan

VirusTotal Detections: 0/73
VirusTotal Link: https://www.virustotal.com/gui/file/c4b2f30e8ac46b5a6963fa736eda26ce0b42456a8e3d0d5dec0a8d3b3d06d7d2/detection

File Similarity (ssdeep match)

File	Score
C:\WINDOWS\system32\BackgroundTransferHost.exe	47
C:\Windows\system32\BackgroundTransferHost.exe	54
C:\Windows\system32\BackgroundTransferHost.exe	52
C:\Windows\system32\BackgroundTransferHost.exe	49
C:\WINDOWS\system32\BackgroundTransferHost.exe	49
C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe	57
C:\Windows\SysWOW64\BackgroundTransferHost.exe	55
C:\Windows\SysWOW64\BackgroundTransferHost.exe	61
C:\Windows\SysWOW64\BackgroundTransferHost.exe	57

MIT License. Copyright (c) 2020-2021 Strontic.