SystemPropertiesProtection.exe

  • File Path: C:\WINDOWS\SysWOW64\SystemPropertiesProtection.exe
  • Description: System Protection Settings

Hashes

Type Hash
MD5 F6E03518246D9DD4BD0DA304D386B79A
SHA1 FB9203A876005650A6717D0B7005B38C63CC4ED7
SHA256 7457741B6EEA940108BDEAB4F587BCD8F299EE4979D50666D9E946F639C6824E
SHA384 028A9BB725E65A97343F78DF163F3082295BD17703936356C0AFD2A38DF047991A44EC18EAEA0379CA23950E1608177D
SHA512 EA19036F43C38B88F9BD146D8E47B2C5172250B2D7B0F46D1A58EBB7760B4D1F0B7E3193DE04393F3514F8768870D5806B14F4F7A4A005E4CBDA56BDA8F40008
SSDEEP 1536:Vq/Z2tREC/rMcgEPJV+G57ThjEC0kzJP+V5Ji:Vy2zECTMpuDhjRVJGs

Signature

  • Status: Signature verified.
  • Serial: 330000023241FB59996DCC4DFF000000000232
  • Thumbprint: FF82BC38E1DA5E596DF374C53E3617F7EDA36B06
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: SSystemPropertiesProtection.EXE
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.18362.1 (WinBuild.160101.0800)
  • Product Version: 10.0.18362.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\WINDOWS\system32\MSchedExe.exe 91
C:\windows\system32\MSchedExe.exe 91
C:\Windows\system32\MSchedExe.exe 88
C:\Windows\system32\MSchedExe.exe 88
C:\Windows\system32\MSchedExe.exe 88
C:\Windows\system32\SystemPropertiesAdvanced.exe 86
C:\windows\system32\SystemPropertiesAdvanced.exe 88
C:\WINDOWS\system32\SystemPropertiesAdvanced.exe 90
C:\Windows\system32\SystemPropertiesAdvanced.exe 85
C:\Windows\system32\SystemPropertiesAdvanced.exe 90
C:\WINDOWS\system32\SystemPropertiesComputerName.exe 90
C:\windows\system32\SystemPropertiesComputerName.exe 88
C:\Windows\system32\SystemPropertiesComputerName.exe 91
C:\Windows\system32\SystemPropertiesComputerName.exe 90
C:\Windows\system32\SystemPropertiesComputerName.exe 86
C:\windows\system32\SystemPropertiesDataExecutionPrevention.exe 85
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe 85
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe 90
C:\WINDOWS\system32\SystemPropertiesDataExecutionPrevention.exe 88
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe 90
C:\Windows\system32\SystemPropertiesHardware.exe 90
C:\Windows\system32\SystemPropertiesHardware.exe 90
C:\Windows\system32\SystemPropertiesHardware.exe 86
C:\windows\system32\SystemPropertiesHardware.exe 88
C:\WINDOWS\system32\SystemPropertiesHardware.exe 90
C:\WINDOWS\system32\SystemPropertiesPerformance.exe 86
C:\Windows\system32\SystemPropertiesPerformance.exe 85
C:\Windows\system32\SystemPropertiesPerformance.exe 88
C:\windows\system32\SystemPropertiesPerformance.exe 88
C:\Windows\system32\SystemPropertiesPerformance.exe 88
C:\WINDOWS\system32\SystemPropertiesProtection.exe 91
C:\windows\system32\SystemPropertiesProtection.exe 88
C:\Windows\system32\SystemPropertiesProtection.exe 90
C:\Windows\system32\SystemPropertiesProtection.exe 91
C:\Windows\system32\SystemPropertiesProtection.exe 90
C:\WINDOWS\system32\SystemPropertiesRemote.exe 90
C:\windows\system32\SystemPropertiesRemote.exe 88
C:\Windows\system32\SystemPropertiesRemote.exe 90
C:\Windows\system32\SystemPropertiesRemote.exe 90
C:\Windows\system32\SystemPropertiesRemote.exe 86
C:\windows\SysWOW64\SystemPropertiesAdvanced.exe 85
C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe 85
C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe 86
C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe 85
C:\WINDOWS\SysWOW64\SystemPropertiesAdvanced.exe 93
C:\windows\SysWOW64\SystemPropertiesComputerName.exe 86
C:\WINDOWS\SysWOW64\SystemPropertiesComputerName.exe 93
C:\Windows\SysWOW64\SystemPropertiesComputerName.exe 88
C:\Windows\SysWOW64\SystemPropertiesComputerName.exe 86
C:\Windows\SysWOW64\SystemPropertiesComputerName.exe 86
C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 88
C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 86
C:\windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 90
C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 86
C:\WINDOWS\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 93
C:\windows\SysWOW64\SystemPropertiesHardware.exe 85
C:\Windows\SysWOW64\SystemPropertiesHardware.exe 88
C:\WINDOWS\SysWOW64\SystemPropertiesHardware.exe 93
C:\Windows\SysWOW64\SystemPropertiesHardware.exe 85
C:\Windows\SysWOW64\SystemPropertiesHardware.exe 86
C:\Windows\SysWOW64\SystemPropertiesPerformance.exe 90
C:\Windows\SysWOW64\SystemPropertiesPerformance.exe 90
C:\Windows\SysWOW64\SystemPropertiesPerformance.exe 86
C:\windows\SysWOW64\SystemPropertiesPerformance.exe 90
C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe 90
C:\windows\SysWOW64\SystemPropertiesProtection.exe 86
C:\Windows\SysWOW64\SystemPropertiesProtection.exe 86
C:\Windows\SysWOW64\SystemPropertiesProtection.exe 91
C:\Windows\SysWOW64\SystemPropertiesProtection.exe 93
C:\Windows\SysWOW64\SystemPropertiesRemote.exe 86
C:\Windows\SysWOW64\SystemPropertiesRemote.exe 86
C:\windows\SysWOW64\SystemPropertiesRemote.exe 85
C:\WINDOWS\SysWOW64\SystemPropertiesRemote.exe 85
C:\Windows\SysWOW64\SystemPropertiesRemote.exe 83

Possible Misuse

The following table contains possible examples of SystemPropertiesProtection.exe being misused. While SystemPropertiesProtection.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base apt_apt6_malware.yar $s14 = ‚ÄúSystemPropertiesProtection.exe‚ÄĚ fullword ascii CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.