SystemPropertiesProtection.exe

  • File Path: C:\WINDOWS\SysWOW64\SystemPropertiesProtection.exe
  • Description: System Protection Settings

Hashes

Type Hash
MD5 AF5E0D3BE4ADF3C76936BC6DD62B0DF0
SHA1 EF822CA836D8884EF2E0A42C54186442FCC420C9
SHA256 2AB2FECD64E90C5EE26AA7F1E2765AF9C7A76946FC4A5BD4276A6AF20206856E
SHA384 418A0E45C6A37797E784FCA31F450AA309D00D397F150A898B5EE51CA6AE5E99A213A2C9BC7506BE7BB5771078632CF0
SHA512 21B49BE4F4A380772C56A912CA23C5BEB6CDA9137B994E4A1C224F67451C9F4BBAAAAE5EABF2099901B10288B3F37D6500F918583CCBA56CC45553CEBB0C70C6
SSDEEP 1536:cMKZ2tREC/rMcgEPJV+G57ThjEC0kzJP+V5JY:cl2zECTMpuDhjRVJG+
IMP B788892AE84BA86201A726810F01CB07
PESHA1 8833F2BBA445AE5F346236B5EFA3ADB07BE1E284
PE256 C300ED4105976F9C917E174B27D46C332CDBFBA31369AD3DDC78A111BE5914F8

Runtime Data

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\System32\en-US\remotepg.dll.mui File
(R-D) C:\Windows\System32\en-US\SystemPropertiesProtection.exe.mui File
(R-D) C:\Windows\SystemResources\sysdm.cpl.mun File
(R-D) C:\Windows\SysWOW64\en-US\netid.dll.mui File
(R-D) C:\Windows\SysWOW64\en-US\sysdm.cpl.mui File
(R-D) C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.22000.1_en-us_b335b4dbed333454\comctl32.dll.mui File
(RW-) C:\Windows File
(RW-) C:\Windows\SysWOW64 File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.22000.1_en-us_b335b4dbed333454 File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_e541a94fcce8ed6d File
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\2\BaseNamedObjects\windows_shell_global_counters Section
\Sessions\2\Windows\Theme1077709572 Section
\Windows\Theme3461253685 Section

Loaded Modules:

Path
C:\WINDOWS\SYSTEM32\ntdll.dll
C:\WINDOWS\System32\wow64.dll
C:\WINDOWS\System32\wow64base.dll
C:\WINDOWS\System32\wow64con.dll
C:\WINDOWS\System32\wow64cpu.dll
C:\WINDOWS\System32\wow64win.dll
C:\WINDOWS\SysWOW64\SystemPropertiesProtection.exe

Signature

  • Status: Signature verified.
  • Serial: 33000002ED2C45E4C145CF48440000000002ED
  • Thumbprint: 312860D2047EB81F8F58C29FF19ECDB4C634CF6A
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: SSystemPropertiesProtection.EXE
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.22000.1 (WinBuild.160101.0800)
  • Product Version: 10.0.22000.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/2ab2fecd64e90c5ee26aa7f1e2765af9c7a76946fc4a5bd4276a6af20206856e/detection

File Similarity (ssdeep match)

File Score
C:\WINDOWS\system32\MSchedExe.exe 91
C:\windows\system32\MSchedExe.exe 88
C:\WINDOWS\system32\MSchedExe.exe 90
C:\Windows\system32\MSchedExe.exe 88
C:\Windows\system32\MSchedExe.exe 88
C:\Windows\system32\MSchedExe.exe 90
C:\Windows\system32\SystemPropertiesAdvanced.exe 86
C:\WINDOWS\system32\SystemPropertiesAdvanced.exe 88
C:\windows\system32\SystemPropertiesAdvanced.exe 85
C:\WINDOWS\system32\SystemPropertiesAdvanced.exe 90
C:\Windows\system32\SystemPropertiesAdvanced.exe 85
C:\Windows\system32\SystemPropertiesAdvanced.exe 90
C:\WINDOWS\system32\SystemPropertiesComputerName.exe 90
C:\windows\system32\SystemPropertiesComputerName.exe 88
C:\Windows\system32\SystemPropertiesComputerName.exe 90
C:\WINDOWS\system32\SystemPropertiesComputerName.exe 88
C:\Windows\system32\SystemPropertiesComputerName.exe 90
C:\Windows\system32\SystemPropertiesComputerName.exe 86
C:\windows\system32\SystemPropertiesDataExecutionPrevention.exe 88
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe 85
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe 90
C:\WINDOWS\system32\SystemPropertiesDataExecutionPrevention.exe 88
C:\WINDOWS\system32\SystemPropertiesDataExecutionPrevention.exe 88
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe 90
C:\WINDOWS\system32\SystemPropertiesHardware.exe 83
C:\Windows\system32\SystemPropertiesHardware.exe 90
C:\Windows\system32\SystemPropertiesHardware.exe 90
C:\Windows\system32\SystemPropertiesHardware.exe 86
C:\windows\system32\SystemPropertiesHardware.exe 85
C:\WINDOWS\system32\SystemPropertiesHardware.exe 91
C:\WINDOWS\system32\SystemPropertiesPerformance.exe 86
C:\WINDOWS\system32\SystemPropertiesPerformance.exe 90
C:\Windows\system32\SystemPropertiesPerformance.exe 88
C:\Windows\system32\SystemPropertiesPerformance.exe 88
C:\windows\system32\SystemPropertiesPerformance.exe 88
C:\Windows\system32\SystemPropertiesPerformance.exe 88
C:\WINDOWS\system32\SystemPropertiesProtection.exe 90
C:\windows\system32\SystemPropertiesProtection.exe 85
C:\Windows\system32\SystemPropertiesProtection.exe 90
C:\Windows\system32\SystemPropertiesProtection.exe 91
C:\Windows\system32\SystemPropertiesProtection.exe 90
C:\WINDOWS\system32\SystemPropertiesProtection.exe 93
C:\WINDOWS\system32\SystemPropertiesRemote.exe 88
C:\WINDOWS\system32\SystemPropertiesRemote.exe 90
C:\windows\system32\SystemPropertiesRemote.exe 85
C:\Windows\system32\SystemPropertiesRemote.exe 90
C:\Windows\system32\SystemPropertiesRemote.exe 90
C:\Windows\system32\SystemPropertiesRemote.exe 86
C:\windows\SysWOW64\SystemPropertiesAdvanced.exe 86
C:\WINDOWS\SysWOW64\SystemPropertiesAdvanced.exe 93
C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe 85
C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe 86
C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe 85
C:\WINDOWS\SysWOW64\SystemPropertiesAdvanced.exe 86
C:\windows\SysWOW64\SystemPropertiesComputerName.exe 86
C:\WINDOWS\SysWOW64\SystemPropertiesComputerName.exe 88
C:\Windows\SysWOW64\SystemPropertiesComputerName.exe 91
C:\WINDOWS\SysWOW64\SystemPropertiesComputerName.exe 93
C:\Windows\SysWOW64\SystemPropertiesComputerName.exe 86
C:\Windows\SysWOW64\SystemPropertiesComputerName.exe 86
C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 88
C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 86
C:\windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 90
C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 86
C:\WINDOWS\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 88
C:\WINDOWS\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 88
C:\WINDOWS\SysWOW64\SystemPropertiesHardware.exe 93
C:\windows\SysWOW64\SystemPropertiesHardware.exe 85
C:\Windows\SysWOW64\SystemPropertiesHardware.exe 88
C:\WINDOWS\SysWOW64\SystemPropertiesHardware.exe 86
C:\Windows\SysWOW64\SystemPropertiesHardware.exe 85
C:\Windows\SysWOW64\SystemPropertiesHardware.exe 86
C:\Windows\SysWOW64\SystemPropertiesPerformance.exe 90
C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe 90
C:\Windows\SysWOW64\SystemPropertiesPerformance.exe 90
C:\Windows\SysWOW64\SystemPropertiesPerformance.exe 90
C:\windows\SysWOW64\SystemPropertiesPerformance.exe 86
C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe 90
C:\windows\SysWOW64\SystemPropertiesProtection.exe 90
C:\Windows\SysWOW64\SystemPropertiesProtection.exe 86
C:\Windows\SysWOW64\SystemPropertiesProtection.exe 91
C:\Windows\SysWOW64\SystemPropertiesProtection.exe 90
C:\WINDOWS\SysWOW64\SystemPropertiesProtection.exe 91
C:\Windows\SysWOW64\SystemPropertiesRemote.exe 90
C:\WINDOWS\SysWOW64\SystemPropertiesRemote.exe 93
C:\Windows\SysWOW64\SystemPropertiesRemote.exe 86
C:\windows\SysWOW64\SystemPropertiesRemote.exe 85
C:\WINDOWS\SysWOW64\SystemPropertiesRemote.exe 85
C:\Windows\SysWOW64\SystemPropertiesRemote.exe 83

Possible Misuse

The following table contains possible examples of SystemPropertiesProtection.exe being misused. While SystemPropertiesProtection.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base apt_apt6_malware.yar $s14 = “SystemPropertiesProtection.exe” fullword ascii CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.