FileHistory.exe

  • File Path: C:\Windows\system32\FileHistory.exe
  • Description: File History

Screenshot

FileHistory.exe

Hashes

Type Hash
MD5 EEBA3DD643CED2781EC1B7E3CD6FA246
SHA1 2D394173E603625E231633FC270072E854BAC17B
SHA256 BEE0799A52FE65B8DC291DE32F0C8B03B5A067915B1868BC8BA2A1B139C90B87
SHA384 A3BAFE0109931EEA7746AE5F0E0CD29046AF49F0C516354752E6E376E165454040D106C8232C6B5160ABAD0C009AE32E
SHA512 222D4FBC7EE57D75889698A0660996293A0143518FDECC1B222618796D76D40F2D3B00B071F92AB917AC8847F195D7DE02DF55B5E89DAD8A80D110E464CD3271
SSDEEP 3072:dc6awDj8+NorasBpOs1d/L6VD7xvxzYuVD8C+cxICGQWWMh1NOHobdmyTVulAyXu:dc6RsvIvxzYuVD8CnxICGJWQKobd
IMP 0C153A28F0F3D65D93238BD2C448D417
PESHA1 52B23BAF17F11B053F71EA59F097A89AAB476EF6
PE256 6239DE14C50CA1BCB641CE9BDCB9D185A46389EF52E4C7592EB09D67293B8FC0

Runtime Data

Window Title:

–help - File History

Open Handles:

Path Type
(R-D) C:\Windows\apppatch\DirectXApps_FOD.sdb File
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll File
(R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll File
(R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll File
(R-D) C:\Windows\System32\en-US\explorerframe.dll.mui File
(R-D) C:\Windows\System32\en-US\FileHistory.exe.mui File
(R-D) C:\Windows\System32\en-US\user32.dll.mui File
(R-D) C:\Windows\System32\fhuxadapter.dll File
(R-D) C:\Windows\System32\fhuxapi.dll File
(R-D) C:\Windows\System32\fhuxcommon.dll File
(R-D) C:\Windows\System32\fhuxgraphics.dll File
(R-D) C:\Windows\System32\fhuxpresentation.dll File
(R-D) C:\Windows\SystemResources\ExplorerFrame.dll.mun File
(R-D) C:\Windows\WinSxS\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1_en-us_cb612d02732b0fd9\comctl32.dll.mui File
(RW-) C:\Users\user File
(RW-) C:\Windows\System32 File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1_en-us_cb612d02732b0fd9 File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.1320_none_91a11828cc8ae445 File
...\Cor_SxSPublic_IPCBlock Section
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 Section
\BaseNamedObjects\Cor_Private_IPCBlock_v4_1588 Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\1\BaseNamedObjects\UrlZonesSM_user Section
\Sessions\1\BaseNamedObjects\windows_shell_global_counters Section
\Sessions\1\Windows\Theme449731986 Section
\Windows\Theme1396518710 Section

Loaded Modules:

Path
C:\Windows\system32\FileHistory.exe
C:\Windows\System32\KERNEL32.dll
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\MSCOREE.DLL
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\USER32.dll
C:\Windows\System32\win32u.dll

Signature

  • Status: Signature verified.
  • Serial: 33000002EC6579AD1E670890130000000002EC
  • Thumbprint: F7C2F2C96A328C13CDA8CDB57B715BDEA2CBD1D9
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: FileHistory.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/74
  • VirusTotal Link: https://www.virustotal.com/gui/file/bee0799a52fe65b8dc291de32f0c8b03b5a067915b1868bc8ba2a1b139c90b87/detection

File Similarity (ssdeep match)

File Score
C:\Windows\system32\FileHistory.exe 83
C:\WINDOWS\system32\FileHistory.exe 79
C:\WINDOWS\system32\FileHistory.exe 71

Possible Misuse

The following table contains possible examples of FileHistory.exe being misused. While FileHistory.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
malware-ioc nukesped_lazarus .FileHistory.exe``{:.highlight .language-cmhg} © ESET 2014-2018

MIT License. Copyright (c) 2020-2021 Strontic.