SystemPropertiesProtection.exe

  • File Path: C:\Windows\system32\SystemPropertiesProtection.exe
  • Description: System Protection Settings

Hashes

Type Hash
MD5 83A6F5D5B65906B811F4D92CAE30A22D
SHA1 7164EC293D2F98AB8267AB098AFA4F31085BC80A
SHA256 71438D2A073507B0D8A41ACD59418EC9F0659DC01CB0ECF8F23517B33F2CC454
SHA384 D910CA0A8DC3BC5B2C0173908EC22277E8CC196F59657E2CCC3FE3C0CC3C2E8A1F66DE5742AB97320AA24E83AE914A3E
SHA512 9452A1C0C92075BB3BF40BDBB0EE3960A1ADC8C882CC9854AF94C87DD71C935CA7D471800418B5113480662176895028B06589D1210166F143ECB358074E408B
SSDEEP 1536:VfMZAtREC/rMcgEPJV+G57ThjEC0kzJP+V5Js:hmAzECTMpuDhjRVJGy
IMP 68CA080EE65AE9EA92581804B773ECBD
PESHA1 9BB26AD93AFBA170EEB0B41B5023EC6C496D2895
PE256 EC5F15CC7B31376CCD150C55E25EAB21EDCFF812F9AB422ADD4F813B210C6152

Runtime Data

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\System32\en-US\netid.dll.mui File
(R-D) C:\Windows\System32\en-US\remotepg.dll.mui File
(R-D) C:\Windows\System32\en-US\sysdm.cpl.mui File
(R-D) C:\Windows\System32\en-US\SystemPropertiesProtection.exe.mui File
(R-D) C:\Windows\WinSxS\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.17763.1518_en-us_f47974b57ff45754\comctl32.dll.mui File
(RW-) C:\Users\user File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.17763.1518_en-us_f47974b57ff45754 File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17763.1518_none_de6e2bd0534e2567 File
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000004.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000004.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\2\BaseNamedObjects\windows_shell_global_counters Section
\Sessions\2\Windows\Theme2131664586 Section
\Windows\Theme966197582 Section

Loaded Modules:

Path
C:\Windows\System32\advapi32.dll
C:\Windows\system32\bcd.dll
C:\Windows\System32\bcrypt.dll
C:\Windows\System32\bcryptPrimitives.dll
C:\Windows\System32\cfgmgr32.dll
C:\Windows\System32\combase.dll
C:\Windows\System32\COMDLG32.dll
C:\Windows\System32\cryptsp.dll
C:\Windows\System32\GDI32.dll
C:\Windows\System32\gdi32full.dll
C:\Windows\System32\imagehlp.dll
C:\Windows\System32\kernel.appcore.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcp_win.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\ole32.dll
C:\Windows\System32\powrprof.dll
C:\Windows\System32\profapi.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\sechost.dll
C:\Windows\System32\SETUPAPI.dll
C:\Windows\System32\shcore.dll
C:\Windows\System32\SHELL32.dll
C:\Windows\System32\shlwapi.dll
C:\Windows\system32\SYSDM.CPL
C:\Windows\system32\SystemPropertiesProtection.exe
C:\Windows\System32\ucrtbase.dll
C:\Windows\System32\USER32.dll
C:\Windows\system32\USERENV.dll
C:\Windows\System32\win32u.dll
C:\Windows\System32\windows.storage.dll
C:\Windows\system32\WINSTA.dll
C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17763.1518_none_de6e2bd0534e2567\COMCTL32.dll

Signature

  • Status: Signature verified.
  • Serial: 33000001C422B2F79B793DACB20000000001C4
  • Thumbprint: AE9C1AE54763822EEC42474983D8B635116C8452
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: SSystemPropertiesProtection.EXE.MUI
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.17763.1 (WinBuild.160101.0800)
  • Product Version: 10.0.17763.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/70
  • VirusTotal Link: https://www.virustotal.com/gui/file/71438d2a073507b0d8a41acd59418ec9f0659dc01cb0ecf8f23517b33f2cc454/detection/

File Similarity (ssdeep match)

File Score
C:\WINDOWS\system32\MSchedExe.exe 91
C:\windows\system32\MSchedExe.exe 91
C:\Windows\system32\MSchedExe.exe 88
C:\Windows\system32\MSchedExe.exe 88
C:\Windows\system32\MSchedExe.exe 90
C:\Windows\system32\SystemPropertiesAdvanced.exe 86
C:\windows\system32\SystemPropertiesAdvanced.exe 85
C:\WINDOWS\system32\SystemPropertiesAdvanced.exe 90
C:\Windows\system32\SystemPropertiesAdvanced.exe 85
C:\Windows\system32\SystemPropertiesAdvanced.exe 90
C:\WINDOWS\system32\SystemPropertiesComputerName.exe 90
C:\windows\system32\SystemPropertiesComputerName.exe 85
C:\Windows\system32\SystemPropertiesComputerName.exe 90
C:\Windows\system32\SystemPropertiesComputerName.exe 90
C:\Windows\system32\SystemPropertiesComputerName.exe 86
C:\windows\system32\SystemPropertiesDataExecutionPrevention.exe 88
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe 85
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe 90
C:\WINDOWS\system32\SystemPropertiesDataExecutionPrevention.exe 88
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe 90
C:\Windows\system32\SystemPropertiesHardware.exe 90
C:\Windows\system32\SystemPropertiesHardware.exe 90
C:\Windows\system32\SystemPropertiesHardware.exe 86
C:\windows\system32\SystemPropertiesHardware.exe 85
C:\WINDOWS\system32\SystemPropertiesHardware.exe 91
C:\WINDOWS\system32\SystemPropertiesPerformance.exe 86
C:\Windows\system32\SystemPropertiesPerformance.exe 85
C:\Windows\system32\SystemPropertiesPerformance.exe 88
C:\windows\system32\SystemPropertiesPerformance.exe 90
C:\Windows\system32\SystemPropertiesPerformance.exe 91
C:\WINDOWS\system32\SystemPropertiesProtection.exe 90
C:\windows\system32\SystemPropertiesProtection.exe 85
C:\Windows\system32\SystemPropertiesProtection.exe 90
C:\Windows\system32\SystemPropertiesProtection.exe 90
C:\WINDOWS\system32\SystemPropertiesRemote.exe 90
C:\windows\system32\SystemPropertiesRemote.exe 85
C:\Windows\system32\SystemPropertiesRemote.exe 90
C:\Windows\system32\SystemPropertiesRemote.exe 90
C:\Windows\system32\SystemPropertiesRemote.exe 86
C:\windows\SysWOW64\SystemPropertiesAdvanced.exe 85
C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe 88
C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe 86
C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe 88
C:\WINDOWS\SysWOW64\SystemPropertiesAdvanced.exe 86
C:\windows\SysWOW64\SystemPropertiesComputerName.exe 86
C:\WINDOWS\SysWOW64\SystemPropertiesComputerName.exe 88
C:\Windows\SysWOW64\SystemPropertiesComputerName.exe 88
C:\Windows\SysWOW64\SystemPropertiesComputerName.exe 90
C:\Windows\SysWOW64\SystemPropertiesComputerName.exe 90
C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 88
C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 90
C:\windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 90
C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 90
C:\WINDOWS\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 88
C:\windows\SysWOW64\SystemPropertiesHardware.exe 88
C:\Windows\SysWOW64\SystemPropertiesHardware.exe 88
C:\WINDOWS\SysWOW64\SystemPropertiesHardware.exe 86
C:\Windows\SysWOW64\SystemPropertiesHardware.exe 88
C:\Windows\SysWOW64\SystemPropertiesHardware.exe 86
C:\Windows\SysWOW64\SystemPropertiesPerformance.exe 90
C:\Windows\SysWOW64\SystemPropertiesPerformance.exe 90
C:\Windows\SysWOW64\SystemPropertiesPerformance.exe 86
C:\windows\SysWOW64\SystemPropertiesPerformance.exe 90
C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe 90
C:\windows\SysWOW64\SystemPropertiesProtection.exe 86
C:\Windows\SysWOW64\SystemPropertiesProtection.exe 90
C:\Windows\SysWOW64\SystemPropertiesProtection.exe 91
C:\Windows\SysWOW64\SystemPropertiesProtection.exe 90
C:\WINDOWS\SysWOW64\SystemPropertiesProtection.exe 91
C:\Windows\SysWOW64\SystemPropertiesRemote.exe 93
C:\Windows\SysWOW64\SystemPropertiesRemote.exe 86
C:\windows\SysWOW64\SystemPropertiesRemote.exe 88
C:\WINDOWS\SysWOW64\SystemPropertiesRemote.exe 86
C:\Windows\SysWOW64\SystemPropertiesRemote.exe 85

Possible Misuse

The following table contains possible examples of SystemPropertiesProtection.exe being misused. While SystemPropertiesProtection.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base apt_apt6_malware.yar $s14 = ‚ÄúSystemPropertiesProtection.exe‚ÄĚ fullword ascii CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.