SystemPropertiesProtection.exe

  • File Path: C:\Windows\SysWOW64\SystemPropertiesProtection.exe
  • Description: System Protection Settings

Hashes

Type Hash
MD5 C10866CE474947F1842777D8E34315DD
SHA1 8DE50722C833B82DCA0D8C9BFBE43B5EF95738AA
SHA256 64D46A44784B59500BE52A0E7F8F2B8ACC2FA679115C31C9DEFA04511662D8AA
SHA384 3469467984FB4EBF97333BD1BA2CD446EDDA1951C686A04E05A6E05FE164ACAE39BE587C4473458F068AC4E89F597D5D
SHA512 B4A9144F2810B85862B795CD45395B859BD73392DC3C379412F34665DE9FAD067D45D179FDE0813E10010C36C3601726F40B251AC15409C2F7150AD12DD1D50D
SSDEEP 1536:qfdZ2tREC/rMcgEPJV+G57ThjEC0kzJP+V5JPH:qH2zECTMpuDhjRVJGF
IMP B788892AE84BA86201A726810F01CB07
PESHA1 DD9A26189ED4179A8F2E7197269FD6114C1243E2
PE256 E71F004844A013910D440915075FF5D1B93350DA252221965F603F4F5716CF9A

Runtime Data

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\System32\en-US\remotepg.dll.mui File
(R-D) C:\Windows\System32\en-US\SystemPropertiesProtection.exe.mui File
(R-D) C:\Windows\SystemResources\sysdm.cpl.mun File
(R-D) C:\Windows\SysWOW64\en-US\netid.dll.mui File
(R-D) C:\Windows\SysWOW64\en-US\sysdm.cpl.mui File
(R-D) C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1_en-us_130e63d987a738df\comctl32.dll.mui File
(RW-) C:\Users\user File
(RW-) C:\Windows File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1_en-us_130e63d987a738df File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_11b1e5df2ffd8627 File
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\1\BaseNamedObjects\windows_shell_global_counters Section
\Sessions\1\Windows\Theme1175649999 Section
\Windows\Theme601709542 Section

Loaded Modules:

Path
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll
C:\Windows\SysWOW64\SystemPropertiesProtection.exe

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: SSystemPropertiesProtection.EXE
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/74
  • VirusTotal Link: https://www.virustotal.com/gui/file/64d46a44784b59500be52a0e7f8f2b8acc2fa679115c31c9defa04511662d8aa/detection

File Similarity (ssdeep match)

File Score
C:\WINDOWS\system32\MSchedExe.exe 88
C:\windows\system32\MSchedExe.exe 88
C:\WINDOWS\system32\MSchedExe.exe 86
C:\Windows\system32\MSchedExe.exe 88
C:\Windows\system32\MSchedExe.exe 86
C:\Windows\system32\MSchedExe.exe 86
C:\Windows\system32\SystemPropertiesAdvanced.exe 85
C:\WINDOWS\system32\SystemPropertiesAdvanced.exe 86
C:\windows\system32\SystemPropertiesAdvanced.exe 83
C:\WINDOWS\system32\SystemPropertiesAdvanced.exe 91
C:\Windows\system32\SystemPropertiesAdvanced.exe 83
C:\Windows\system32\SystemPropertiesAdvanced.exe 88
C:\WINDOWS\system32\SystemPropertiesComputerName.exe 88
C:\windows\system32\SystemPropertiesComputerName.exe 86
C:\Windows\system32\SystemPropertiesComputerName.exe 91
C:\WINDOWS\system32\SystemPropertiesComputerName.exe 86
C:\Windows\system32\SystemPropertiesComputerName.exe 88
C:\Windows\system32\SystemPropertiesComputerName.exe 85
C:\windows\system32\SystemPropertiesDataExecutionPrevention.exe 83
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe 83
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe 88
C:\WINDOWS\system32\SystemPropertiesDataExecutionPrevention.exe 86
C:\WINDOWS\system32\SystemPropertiesDataExecutionPrevention.exe 86
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe 88
C:\WINDOWS\system32\SystemPropertiesHardware.exe 85
C:\Windows\system32\SystemPropertiesHardware.exe 88
C:\Windows\system32\SystemPropertiesHardware.exe 88
C:\Windows\system32\SystemPropertiesHardware.exe 85
C:\windows\system32\SystemPropertiesHardware.exe 83
C:\WINDOWS\system32\SystemPropertiesHardware.exe 88
C:\WINDOWS\system32\SystemPropertiesPerformance.exe 85
C:\WINDOWS\system32\SystemPropertiesPerformance.exe 85
C:\Windows\system32\SystemPropertiesPerformance.exe 85
C:\Windows\system32\SystemPropertiesPerformance.exe 86
C:\windows\system32\SystemPropertiesPerformance.exe 86
C:\Windows\system32\SystemPropertiesPerformance.exe 86
C:\WINDOWS\system32\SystemPropertiesProtection.exe 88
C:\windows\system32\SystemPropertiesProtection.exe 83
C:\Windows\system32\SystemPropertiesProtection.exe 93
C:\Windows\system32\SystemPropertiesProtection.exe 90
C:\Windows\system32\SystemPropertiesProtection.exe 88
C:\WINDOWS\system32\SystemPropertiesProtection.exe 86
C:\WINDOWS\system32\SystemPropertiesRemote.exe 86
C:\WINDOWS\system32\SystemPropertiesRemote.exe 88
C:\windows\system32\SystemPropertiesRemote.exe 83
C:\Windows\system32\SystemPropertiesRemote.exe 88
C:\Windows\system32\SystemPropertiesRemote.exe 88
C:\Windows\system32\SystemPropertiesRemote.exe 85
C:\windows\SysWOW64\SystemPropertiesAdvanced.exe 83
C:\WINDOWS\SysWOW64\SystemPropertiesAdvanced.exe 85
C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe 90
C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe 85
C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe 83
C:\WINDOWS\SysWOW64\SystemPropertiesAdvanced.exe 91
C:\windows\SysWOW64\SystemPropertiesComputerName.exe 85
C:\WINDOWS\SysWOW64\SystemPropertiesComputerName.exe 90
C:\Windows\SysWOW64\SystemPropertiesComputerName.exe 86
C:\WINDOWS\SysWOW64\SystemPropertiesComputerName.exe 86
C:\Windows\SysWOW64\SystemPropertiesComputerName.exe 85
C:\Windows\SysWOW64\SystemPropertiesComputerName.exe 91
C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 86
C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 93
C:\windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 90
C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 85
C:\WINDOWS\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 90
C:\WINDOWS\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 85
C:\WINDOWS\SysWOW64\SystemPropertiesHardware.exe 85
C:\windows\SysWOW64\SystemPropertiesHardware.exe 86
C:\Windows\SysWOW64\SystemPropertiesHardware.exe 86
C:\WINDOWS\SysWOW64\SystemPropertiesHardware.exe 88
C:\Windows\SysWOW64\SystemPropertiesHardware.exe 90
C:\Windows\SysWOW64\SystemPropertiesHardware.exe 85
C:\Windows\SysWOW64\SystemPropertiesPerformance.exe 88
C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe 88
C:\Windows\SysWOW64\SystemPropertiesPerformance.exe 88
C:\Windows\SysWOW64\SystemPropertiesPerformance.exe 85
C:\windows\SysWOW64\SystemPropertiesPerformance.exe 88
C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe 88
C:\windows\SysWOW64\SystemPropertiesProtection.exe 85
C:\Windows\SysWOW64\SystemPropertiesProtection.exe 85
C:\Windows\SysWOW64\SystemPropertiesProtection.exe 90
C:\WINDOWS\SysWOW64\SystemPropertiesProtection.exe 90
C:\WINDOWS\SysWOW64\SystemPropertiesProtection.exe 93
C:\Windows\SysWOW64\SystemPropertiesRemote.exe 88
C:\WINDOWS\SysWOW64\SystemPropertiesRemote.exe 85
C:\Windows\SysWOW64\SystemPropertiesRemote.exe 85
C:\windows\SysWOW64\SystemPropertiesRemote.exe 86
C:\WINDOWS\SysWOW64\SystemPropertiesRemote.exe 86
C:\Windows\SysWOW64\SystemPropertiesRemote.exe 83

Possible Misuse

The following table contains possible examples of SystemPropertiesProtection.exe being misused. While SystemPropertiesProtection.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base apt_apt6_malware.yar $s14 = “SystemPropertiesProtection.exe” fullword ascii CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.