SecurityHealthService.exe

  • File Path: C:\windows\system32\SecurityHealthService.exe
  • Description: Windows Security Health Service

Hashes

Type Hash
MD5 AE082434FDF1E0CF46ABD095CA00C9F7
SHA1 1EF10C6F31BD42968F751E863B5A3EF324D5CC36
SHA256 856BE77E882FD64BFFBDDF7D543FD59749EC4985E8FEE759D8268A11B65E2670
SHA384 D1F4404EFF97ADD6C94F4DE9DD74AFAEC16CE2E1C8132BE79C9C7204200694C264025F9741498CF7CA7E1D9A3131B1CA
SHA512 C29B275222413C5C5F7EB9039BABB6CF1506233A0CA9B6FBBC20D84E2D40D7D1BFF922E6521F6847E62A82DA063588883C2A9B748EE7DF9612807F232239017D
SSDEEP 24576:7AVvj3VjZ6kEXpY9ExRnHS1wRhZJDuELAG:7koRftJDuELAG

Runtime Data

Usage (stdout):

Unknown switch.

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: SecurityHealthService.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 4.18.1807.16384 (WinBuild.160101.0800)
  • Product Version: 4.18.1807.16384
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of SecurityHealthService.exe being misused. While SecurityHealthService.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_susp_reg_disable_sec_services.yml - '\SecurityHealthService' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.