SystemPropertiesProtection.exe

  • File Path: C:\Windows\system32\SystemPropertiesProtection.exe
  • Description: System Protection Settings

Hashes

Type Hash
MD5 8C4FF7C9FCB061E911D71AED66BC9AE9
SHA1 2EF041E8471A70D4CC47FC2E4575E81F452DC882
SHA256 9F97EB9B0E80CDBF6D8CEE98A65AB3E99DD70ED5ED55BF8C8031D9193258DBD5
SHA384 A8E903411CA7E7B1E8D5F84790884B86961582AF79380FC40452FF41DB2E719C28A4F14B238D84779E09D1A7C72918EC
SHA512 0AB162689D68828BC986D8A428E8C54B18639521871A42BA764FA886323934031FB151AF909FAD7C39D2AA470AAAEE9F2D2380E25029A6759B991B6B14D5798B
SSDEEP 1536:DZG8tREC/rMcgEPJV+G57ThjEC0kzJP+V5Jg:U8zECTMpuDhjRVJG2

Signature

  • Status: Signature verified.
  • Serial: 33000000BCE120FDD27CC8EE930000000000BC
  • Thumbprint: E85459B23C232DB3CB94C7A56D47678F58E8E51E
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: SSystemPropertiesProtection.EXE.MUI
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.14393.0 (rs1_release.160715-1616)
  • Product Version: 10.0.14393.0
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\WINDOWS\system32\MSchedExe.exe 90
C:\windows\system32\MSchedExe.exe 90
C:\Windows\system32\MSchedExe.exe 90
C:\Windows\system32\MSchedExe.exe 91
C:\Windows\system32\MSchedExe.exe 88
C:\Windows\system32\SystemPropertiesAdvanced.exe 90
C:\windows\system32\SystemPropertiesAdvanced.exe 90
C:\WINDOWS\system32\SystemPropertiesAdvanced.exe 90
C:\Windows\system32\SystemPropertiesAdvanced.exe 85
C:\Windows\system32\SystemPropertiesAdvanced.exe 90
C:\WINDOWS\system32\SystemPropertiesComputerName.exe 90
C:\windows\system32\SystemPropertiesComputerName.exe 90
C:\Windows\system32\SystemPropertiesComputerName.exe 90
C:\Windows\system32\SystemPropertiesComputerName.exe 90
C:\Windows\system32\SystemPropertiesComputerName.exe 90
C:\windows\system32\SystemPropertiesDataExecutionPrevention.exe 90
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe 90
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe 90
C:\WINDOWS\system32\SystemPropertiesDataExecutionPrevention.exe 90
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe 90
C:\Windows\system32\SystemPropertiesHardware.exe 90
C:\Windows\system32\SystemPropertiesHardware.exe 90
C:\Windows\system32\SystemPropertiesHardware.exe 90
C:\windows\system32\SystemPropertiesHardware.exe 86
C:\WINDOWS\system32\SystemPropertiesHardware.exe 90
C:\WINDOWS\system32\SystemPropertiesPerformance.exe 88
C:\Windows\system32\SystemPropertiesPerformance.exe 90
C:\Windows\system32\SystemPropertiesPerformance.exe 90
C:\windows\system32\SystemPropertiesPerformance.exe 91
C:\Windows\system32\SystemPropertiesPerformance.exe 90
C:\WINDOWS\system32\SystemPropertiesProtection.exe 90
C:\windows\system32\SystemPropertiesProtection.exe 86
C:\Windows\system32\SystemPropertiesProtection.exe 90
C:\Windows\system32\SystemPropertiesProtection.exe 90
C:\WINDOWS\system32\SystemPropertiesRemote.exe 90
C:\windows\system32\SystemPropertiesRemote.exe 86
C:\Windows\system32\SystemPropertiesRemote.exe 90
C:\Windows\system32\SystemPropertiesRemote.exe 90
C:\Windows\system32\SystemPropertiesRemote.exe 90
C:\windows\SysWOW64\SystemPropertiesAdvanced.exe 86
C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe 86
C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe 88
C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe 90
C:\WINDOWS\SysWOW64\SystemPropertiesAdvanced.exe 88
C:\windows\SysWOW64\SystemPropertiesComputerName.exe 90
C:\WINDOWS\SysWOW64\SystemPropertiesComputerName.exe 90
C:\Windows\SysWOW64\SystemPropertiesComputerName.exe 90
C:\Windows\SysWOW64\SystemPropertiesComputerName.exe 90
C:\Windows\SysWOW64\SystemPropertiesComputerName.exe 88
C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 90
C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 88
C:\windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 91
C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 90
C:\WINDOWS\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 90
C:\windows\SysWOW64\SystemPropertiesHardware.exe 86
C:\Windows\SysWOW64\SystemPropertiesHardware.exe 90
C:\WINDOWS\SysWOW64\SystemPropertiesHardware.exe 88
C:\Windows\SysWOW64\SystemPropertiesHardware.exe 86
C:\Windows\SysWOW64\SystemPropertiesHardware.exe 88
C:\Windows\SysWOW64\SystemPropertiesPerformance.exe 90
C:\Windows\SysWOW64\SystemPropertiesPerformance.exe 90
C:\Windows\SysWOW64\SystemPropertiesPerformance.exe 90
C:\windows\SysWOW64\SystemPropertiesPerformance.exe 88
C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe 90
C:\windows\SysWOW64\SystemPropertiesProtection.exe 88
C:\Windows\SysWOW64\SystemPropertiesProtection.exe 93
C:\Windows\SysWOW64\SystemPropertiesProtection.exe 90
C:\Windows\SysWOW64\SystemPropertiesProtection.exe 88
C:\WINDOWS\SysWOW64\SystemPropertiesProtection.exe 90
C:\Windows\SysWOW64\SystemPropertiesRemote.exe 88
C:\Windows\SysWOW64\SystemPropertiesRemote.exe 88
C:\windows\SysWOW64\SystemPropertiesRemote.exe 86
C:\WINDOWS\SysWOW64\SystemPropertiesRemote.exe 85
C:\Windows\SysWOW64\SystemPropertiesRemote.exe 88

Possible Misuse

The following table contains possible examples of SystemPropertiesProtection.exe being misused. While SystemPropertiesProtection.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base apt_apt6_malware.yar $s14 = ‚ÄúSystemPropertiesProtection.exe‚ÄĚ fullword ascii CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.