BackgroundTransferHost.exe

  • File Path: C:\WINDOWS\system32\BackgroundTransferHost.exe
  • Description: Download/Upload Host

Hashes

Type Hash
MD5 EEB44728CBFD6D703BDD6CE216FEEBF2
SHA1 4532BE6F288D63086540D1BDC61671AAEAA21714
SHA256 5EFAA346669939FEA3013CE4A82BFEEA10E4ADFDEF7245414EC5210C7B8F47EA
SHA384 347B7136925357BB46CE7704042C9434266C5DA9C96AE854B059EC380F0B3823856DF8DAB80806770710108562B68C90
SHA512 904CEEC05E3C84585960FEAE00974CF35B8BAF6F6DFF731954F4B7E47912CDCB0DAA76B7B54D4AEDDCF8F5F41DEB4CF967FB0289362F69AD030266A1CF337386
SSDEEP 384:8kgi2LFTpTtVKtJZsytU56ZF382FwNNUZSsp2YAeY9LJW0/gWEQE0g7qW2RPT/8/:Bgi2WsytU56jvuNaZseQL7k2a
IMP 43BA7C14F952D3784267C6946F79BD81
PESHA1 2F7AE45DFFDE4C0D1631B0B6C114D640743F4BCD
PE256 BD990B09F814C0D6AB0CA84627266B6C9E89207C4DDD8826330426DFEE1065E5

Runtime Data

Child Processes:

BackgroundTransferHost.exe WerFault.exe

Open Handles:

Path Type
(RW-) C:\Windows\System32 File
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section

Loaded Modules:

Path
C:\WINDOWS\system32\BackgroundTransferHost.exe
C:\WINDOWS\System32\KERNEL32.DLL
C:\WINDOWS\System32\KERNELBASE.dll
C:\WINDOWS\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 33000002ED2C45E4C145CF48440000000002ED
  • Thumbprint: 312860D2047EB81F8F58C29FF19ECDB4C634CF6A
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: BackgroundTransferHost.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.22000.1 (WinBuild.160101.0800)
  • Product Version: 10.0.22000.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/5efaa346669939fea3013ce4a82bfeea10e4adfdef7245414ec5210c7b8f47ea/detection

File Similarity (ssdeep match)

File Score
C:\WINDOWS\system32\BackgroundTransferHost.exe 41
C:\Windows\system32\BackgroundTransferHost.exe 46
C:\Windows\system32\BackgroundTransferHost.exe 41
C:\Windows\system32\BackgroundTransferHost.exe 44
C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe 40
C:\Windows\SysWOW64\BackgroundTransferHost.exe 38
C:\Windows\SysWOW64\BackgroundTransferHost.exe 43
C:\Windows\SysWOW64\BackgroundTransferHost.exe 41
C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe 49

MIT License. Copyright (c) 2020-2021 Strontic.