Spectrum.exe

  • File Path: C:\Windows\system32\Spectrum.exe
  • Description: Windows Perception Service

Hashes

Type Hash
MD5 18581DEA4C3F92993862605BF2CB537E
SHA1 E494E805A03A96AA591F84CCCF83E242D2F69CFA
SHA256 85C48785E9B56B51F6F9DA63024C60409E8674EE76D369126FB4AA803501A83D
SHA384 7118237A5F96A447F184F014A08729FD1C474A1B4D5F0932EEDB95ED76DD2D67779C8EC3C29D00D3ACDF08F918CD16EB
SHA512 15D2C3323B876C73E09D84C82CBB466A503C2A00C3D3585EB6A54C45371114AB210704A26C136C5D7304649E4AF3EF6EFE3DCCA8BCF16D9ED2F2FFD6485ABA49
SSDEEP 12288:rYk0sKphzC3gVzq7F2+Iw6+DpB1MPh5hB:9JKzEgc7FPIw6+DpB1MPrh
IMP 2D430AF2F5D536907F1205720822457A
PESHA1 84E354CE80519A4A6FE43362A3D8E7737B6DEFCA
PE256 4BF8583F6FC3B3F44C6EBE5C25E34A0A744FCDDBF4B535B0E06B3D52DD230316

Runtime Data

Usage (stdout):

Unrecognized parameter: --help
Parameters:
 /debug             to run the service executable in debug mode
 /safemode          to set up the service to run in safe mode
 /safemode:off      to disable safe mode if enabled

Loaded Modules:

Path
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\system32\Spectrum.exe

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: Spectrum.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/68
  • VirusTotal Link: https://www.virustotal.com/gui/file/85c48785e9b56b51f6f9da63024c60409e8674ee76d369126fb4aa803501a83d/detection/

Possible Misuse

The following table contains possible examples of Spectrum.exe being misused. While Spectrum.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
atomic-red-team Atomic_Friday.md - https://posts.specterops.io/detection-spectrum-198a0bfb9302 MIT License. © 2018 Red Canary
atomic-red-team index.md testing their defenses against a broad spectrum of attacks. MIT License. © 2018 Red Canary

MIT License. Copyright (c) 2020-2021 Strontic.