SystemPropertiesProtection.exe

• File Path: C:\Windows\system32\SystemPropertiesProtection.exe
• Description: System Protection Settings

Hashes

Type	Hash
MD5	8C4FF7C9FCB061E911D71AED66BC9AE9
SHA1	2EF041E8471A70D4CC47FC2E4575E81F452DC882
SHA256	9F97EB9B0E80CDBF6D8CEE98A65AB3E99DD70ED5ED55BF8C8031D9193258DBD5
SHA384	A8E903411CA7E7B1E8D5F84790884B86961582AF79380FC40452FF41DB2E719C28A4F14B238D84779E09D1A7C72918EC
SHA512	0AB162689D68828BC986D8A428E8C54B18639521871A42BA764FA886323934031FB151AF909FAD7C39D2AA470AAAEE9F2D2380E25029A6759B991B6B14D5798B
SSDEEP	1536:DZG8tREC/rMcgEPJV+G57ThjEC0kzJP+V5Jg:U8zECTMpuDhjRVJG2

Signature

• Status: Signature verified.
• Serial: 33000000BCE120FDD27CC8EE930000000000BC
• Thumbprint: E85459B23C232DB3CB94C7A56D47678F58E8E51E
• Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
• Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

• Original Filename: SSystemPropertiesProtection.EXE.MUI
• Product Name: Microsoft Windows Operating System
• Company Name: Microsoft Corporation
• File Version: 10.0.14393.0 (rs1_release.160715-1616)
• Product Version: 10.0.14393.0
• Language: English (United States)
• Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File	Score
C:\WINDOWS\system32\MSchedExe.exe	90
C:\windows\system32\MSchedExe.exe	90
C:\WINDOWS\system32\MSchedExe.exe	88
C:\Windows\system32\MSchedExe.exe	90
C:\Windows\system32\MSchedExe.exe	91
C:\Windows\system32\MSchedExe.exe	88
C:\Windows\system32\SystemPropertiesAdvanced.exe	90
C:\WINDOWS\system32\SystemPropertiesAdvanced.exe	90
C:\windows\system32\SystemPropertiesAdvanced.exe	90
C:\WINDOWS\system32\SystemPropertiesAdvanced.exe	90
C:\Windows\system32\SystemPropertiesAdvanced.exe	85
C:\Windows\system32\SystemPropertiesAdvanced.exe	90
C:\WINDOWS\system32\SystemPropertiesComputerName.exe	90
C:\windows\system32\SystemPropertiesComputerName.exe	90
C:\Windows\system32\SystemPropertiesComputerName.exe	90
C:\WINDOWS\system32\SystemPropertiesComputerName.exe	90
C:\Windows\system32\SystemPropertiesComputerName.exe	90
C:\Windows\system32\SystemPropertiesComputerName.exe	90
C:\windows\system32\SystemPropertiesDataExecutionPrevention.exe	90
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe	90
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe	90
C:\WINDOWS\system32\SystemPropertiesDataExecutionPrevention.exe	90
C:\WINDOWS\system32\SystemPropertiesDataExecutionPrevention.exe	90
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe	90
C:\WINDOWS\system32\SystemPropertiesHardware.exe	86
C:\Windows\system32\SystemPropertiesHardware.exe	90
C:\Windows\system32\SystemPropertiesHardware.exe	90
C:\Windows\system32\SystemPropertiesHardware.exe	90
C:\windows\system32\SystemPropertiesHardware.exe	86
C:\WINDOWS\system32\SystemPropertiesHardware.exe	90
C:\WINDOWS\system32\SystemPropertiesPerformance.exe	91
C:\WINDOWS\system32\SystemPropertiesPerformance.exe	88
C:\Windows\system32\SystemPropertiesPerformance.exe	90
C:\Windows\system32\SystemPropertiesPerformance.exe	90
C:\windows\system32\SystemPropertiesPerformance.exe	91
C:\Windows\system32\SystemPropertiesPerformance.exe	90
C:\WINDOWS\system32\SystemPropertiesProtection.exe	90
C:\windows\system32\SystemPropertiesProtection.exe	86
C:\Windows\system32\SystemPropertiesProtection.exe	90
C:\Windows\system32\SystemPropertiesProtection.exe	90
C:\WINDOWS\system32\SystemPropertiesProtection.exe	90
C:\WINDOWS\system32\SystemPropertiesRemote.exe	90
C:\WINDOWS\system32\SystemPropertiesRemote.exe	90
C:\windows\system32\SystemPropertiesRemote.exe	86
C:\Windows\system32\SystemPropertiesRemote.exe	90
C:\Windows\system32\SystemPropertiesRemote.exe	90
C:\Windows\system32\SystemPropertiesRemote.exe	90
C:\windows\SysWOW64\SystemPropertiesAdvanced.exe	86
C:\WINDOWS\SysWOW64\SystemPropertiesAdvanced.exe	91
C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe	86
C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe	88
C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe	90
C:\WINDOWS\SysWOW64\SystemPropertiesAdvanced.exe	88
C:\windows\SysWOW64\SystemPropertiesComputerName.exe	90
C:\WINDOWS\SysWOW64\SystemPropertiesComputerName.exe	90
C:\Windows\SysWOW64\SystemPropertiesComputerName.exe	90
C:\WINDOWS\SysWOW64\SystemPropertiesComputerName.exe	90
C:\Windows\SysWOW64\SystemPropertiesComputerName.exe	90
C:\Windows\SysWOW64\SystemPropertiesComputerName.exe	88
C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe	90
C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe	88
C:\windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe	91
C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe	90
C:\WINDOWS\SysWOW64\SystemPropertiesDataExecutionPrevention.exe	90
C:\WINDOWS\SysWOW64\SystemPropertiesDataExecutionPrevention.exe	86
C:\WINDOWS\SysWOW64\SystemPropertiesHardware.exe	88
C:\windows\SysWOW64\SystemPropertiesHardware.exe	86
C:\Windows\SysWOW64\SystemPropertiesHardware.exe	90
C:\WINDOWS\SysWOW64\SystemPropertiesHardware.exe	88
C:\Windows\SysWOW64\SystemPropertiesHardware.exe	86
C:\Windows\SysWOW64\SystemPropertiesHardware.exe	88
C:\Windows\SysWOW64\SystemPropertiesPerformance.exe	90
C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe	90
C:\Windows\SysWOW64\SystemPropertiesPerformance.exe	90
C:\Windows\SysWOW64\SystemPropertiesPerformance.exe	90
C:\windows\SysWOW64\SystemPropertiesPerformance.exe	88
C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe	90
C:\windows\SysWOW64\SystemPropertiesProtection.exe	88
C:\Windows\SysWOW64\SystemPropertiesProtection.exe	93
C:\Windows\SysWOW64\SystemPropertiesProtection.exe	90
C:\WINDOWS\SysWOW64\SystemPropertiesProtection.exe	90
C:\Windows\SysWOW64\SystemPropertiesProtection.exe	88
C:\WINDOWS\SysWOW64\SystemPropertiesProtection.exe	90
C:\Windows\SysWOW64\SystemPropertiesRemote.exe	88
C:\WINDOWS\SysWOW64\SystemPropertiesRemote.exe	88
C:\Windows\SysWOW64\SystemPropertiesRemote.exe	88
C:\windows\SysWOW64\SystemPropertiesRemote.exe	86
C:\WINDOWS\SysWOW64\SystemPropertiesRemote.exe	85
C:\Windows\SysWOW64\SystemPropertiesRemote.exe	88

Possible Misuse

The following table contains possible examples of SystemPropertiesProtection.exe being misused. While SystemPropertiesProtection.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source	Source File	Example	License
signature-base	apt_apt6_malware.yar	$s14 = “SystemPropertiesProtection.exe” fullword ascii	CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.