SystemPropertiesRemote.exe

• File Path: C:\Windows\SysWOW64\SystemPropertiesRemote.exe
• Description: System Remote Settings

Hashes

Type	Hash
MD5	0DE57A0B7FB7DA84154D92A1B5770873
SHA1	E53C34C8A5E91EBACCBA44D44DD0E15A3644CEAB
SHA256	75F0B2B0123CDAC9D250BCB51BCD79332E2ECC9F371850C058246D80C9886B6A
SHA384	A2C576FD371BFB7E4F91D175E0C245F906B5572D6FEBC8878926876BEC65DF935A1463B8710F665610438EA8D5537D00
SHA512	CE11C5848D1446061066EEF51C2FE146207A873B5C879703B558124D71737D684FEEBB9090D4C4AC9B761DFF79F6C50741857F83C86F9F373999C016D3CC1E4D
SSDEEP	1536:efMZsztREC/rMcgEPJV+G57ThjEC0kzJP+V5Jx:eOAzECTMpuDhjRVJGf
IMP	B788892AE84BA86201A726810F01CB07
PESHA1	049CF851A767B3D4ED61EC869F493F036E8BDA4C
PE256	1356EF94D6BA4DA9DDA29F71D5AE146FEB83000083CEB47E47558EEEF0CB2317

Runtime Data

Open Handles:

Path	Type
(R-D) C:\Windows\Fonts\StaticCache.dat	File
(R-D) C:\Windows\System32\en-US\remotepg.dll.mui	File
(R-D) C:\Windows\System32\en-US\SystemPropertiesRemote.exe.mui	File
(R-D) C:\Windows\SystemResources\sysdm.cpl.mun	File
(R-D) C:\Windows\SysWOW64\en-US\netid.dll.mui	File
(R-D) C:\Windows\SysWOW64\en-US\sysdm.cpl.mui	File
(R-D) C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1_en-us_130e63d987a738df\comctl32.dll.mui	File
(RW-) C:\Users\user	File
(RW-) C:\Windows	File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1_en-us_130e63d987a738df	File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_11b1e5df2ffd8627	File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.685_none_4299dbb28a92ae3e	File
\BaseNamedObjects__ComCatalogCache__	Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db	Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db	Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2	Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0	Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0	Section
\Sessions\1\BaseNamedObjects\windows_shell_global_counters	Section
\Sessions\1\Windows\Theme1175649999	Section
\Windows\Theme601709542	Section

Loaded Modules:

Path
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll
C:\Windows\SysWOW64\SystemPropertiesRemote.exe

Signature

• Status: Signature verified.
• Serial: 3300000266BD1580EFA75CD6D3000000000266
• Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
• Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
• Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

• Original Filename: SystemPropertiesRemote.EXE
• Product Name: Microsoft Windows Operating System
• Company Name: Microsoft Corporation
• File Version: 10.0.19041.1 (WinBuild.160101.0800)
• Product Version: 10.0.19041.1
• Language: English (United States)
• Legal Copyright: Microsoft Corporation. All rights reserved.
• Machine Type: 32-bit

File Scan

• VirusTotal Detections: 0/75
• VirusTotal Link: https://www.virustotal.com/gui/file/75f0b2b0123cdac9d250bcb51bcd79332e2ecc9f371850c058246d80c9886b6a/detection

File Similarity (ssdeep match)

File	Score
C:\WINDOWS\system32\MSchedExe.exe	88
C:\windows\system32\MSchedExe.exe	88
C:\WINDOWS\system32\MSchedExe.exe	86
C:\Windows\system32\MSchedExe.exe	88
C:\Windows\system32\MSchedExe.exe	90
C:\Windows\system32\MSchedExe.exe	90
C:\Windows\system32\SystemPropertiesAdvanced.exe	88
C:\WINDOWS\system32\SystemPropertiesAdvanced.exe	86
C:\windows\system32\SystemPropertiesAdvanced.exe	86
C:\WINDOWS\system32\SystemPropertiesAdvanced.exe	88
C:\Windows\system32\SystemPropertiesAdvanced.exe	83
C:\Windows\system32\SystemPropertiesAdvanced.exe	88
C:\WINDOWS\system32\SystemPropertiesComputerName.exe	88
C:\windows\system32\SystemPropertiesComputerName.exe	83
C:\Windows\system32\SystemPropertiesComputerName.exe	91
C:\WINDOWS\system32\SystemPropertiesComputerName.exe	96
C:\Windows\system32\SystemPropertiesComputerName.exe	88
C:\Windows\system32\SystemPropertiesComputerName.exe	85
C:\windows\system32\SystemPropertiesDataExecutionPrevention.exe	86
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe	83
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe	88
C:\WINDOWS\system32\SystemPropertiesDataExecutionPrevention.exe	86
C:\WINDOWS\system32\SystemPropertiesDataExecutionPrevention.exe	86
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe	88
C:\WINDOWS\system32\SystemPropertiesHardware.exe	82
C:\Windows\system32\SystemPropertiesHardware.exe	88
C:\Windows\system32\SystemPropertiesHardware.exe	88
C:\Windows\system32\SystemPropertiesHardware.exe	85
C:\windows\system32\SystemPropertiesHardware.exe	86
C:\WINDOWS\system32\SystemPropertiesHardware.exe	91
C:\WINDOWS\system32\SystemPropertiesPerformance.exe	85
C:\WINDOWS\system32\SystemPropertiesPerformance.exe	85
C:\Windows\system32\SystemPropertiesPerformance.exe	85
C:\Windows\system32\SystemPropertiesPerformance.exe	86
C:\windows\system32\SystemPropertiesPerformance.exe	86
C:\Windows\system32\SystemPropertiesPerformance.exe	86
C:\WINDOWS\system32\SystemPropertiesProtection.exe	88
C:\windows\system32\SystemPropertiesProtection.exe	86
C:\Windows\system32\SystemPropertiesProtection.exe	88
C:\Windows\system32\SystemPropertiesProtection.exe	93
C:\Windows\system32\SystemPropertiesProtection.exe	88
C:\WINDOWS\system32\SystemPropertiesProtection.exe	86
C:\WINDOWS\system32\SystemPropertiesRemote.exe	86
C:\WINDOWS\system32\SystemPropertiesRemote.exe	88
C:\windows\system32\SystemPropertiesRemote.exe	86
C:\Windows\system32\SystemPropertiesRemote.exe	88
C:\Windows\system32\SystemPropertiesRemote.exe	91
C:\Windows\system32\SystemPropertiesRemote.exe	88
C:\windows\SysWOW64\SystemPropertiesAdvanced.exe	83
C:\WINDOWS\SysWOW64\SystemPropertiesAdvanced.exe	88
C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe	86
C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe	85
C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe	90
C:\WINDOWS\SysWOW64\SystemPropertiesAdvanced.exe	85
C:\windows\SysWOW64\SystemPropertiesComputerName.exe	85
C:\WINDOWS\SysWOW64\SystemPropertiesComputerName.exe	86
C:\Windows\SysWOW64\SystemPropertiesComputerName.exe	90
C:\WINDOWS\SysWOW64\SystemPropertiesComputerName.exe	90
C:\Windows\SysWOW64\SystemPropertiesComputerName.exe	85
C:\Windows\SysWOW64\SystemPropertiesComputerName.exe	88
C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe	86
C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe	88
C:\windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe	90
C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe	85
C:\WINDOWS\SysWOW64\SystemPropertiesDataExecutionPrevention.exe	86
C:\WINDOWS\SysWOW64\SystemPropertiesDataExecutionPrevention.exe	86
C:\WINDOWS\SysWOW64\SystemPropertiesHardware.exe	88
C:\windows\SysWOW64\SystemPropertiesHardware.exe	86
C:\Windows\SysWOW64\SystemPropertiesHardware.exe	83
C:\WINDOWS\SysWOW64\SystemPropertiesHardware.exe	85
C:\Windows\SysWOW64\SystemPropertiesHardware.exe	86
C:\Windows\SysWOW64\SystemPropertiesHardware.exe	85
C:\Windows\SysWOW64\SystemPropertiesPerformance.exe	88
C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe	88
C:\Windows\SysWOW64\SystemPropertiesPerformance.exe	88
C:\Windows\SysWOW64\SystemPropertiesPerformance.exe	85
C:\windows\SysWOW64\SystemPropertiesPerformance.exe	88
C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe	88
C:\windows\SysWOW64\SystemPropertiesProtection.exe	85
C:\Windows\SysWOW64\SystemPropertiesProtection.exe	88
C:\Windows\SysWOW64\SystemPropertiesProtection.exe	86
C:\WINDOWS\SysWOW64\SystemPropertiesProtection.exe	90
C:\Windows\SysWOW64\SystemPropertiesProtection.exe	88
C:\WINDOWS\SysWOW64\SystemPropertiesProtection.exe	86
C:\WINDOWS\SysWOW64\SystemPropertiesRemote.exe	93
C:\Windows\SysWOW64\SystemPropertiesRemote.exe	91
C:\windows\SysWOW64\SystemPropertiesRemote.exe	86
C:\WINDOWS\SysWOW64\SystemPropertiesRemote.exe	91
C:\Windows\SysWOW64\SystemPropertiesRemote.exe	83

Possible Misuse

The following table contains possible examples of SystemPropertiesRemote.exe being misused. While SystemPropertiesRemote.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source	Source File	Example	License
signature-base	apt_apt6_malware.yar	$s15 = “SystemPropertiesRemote.exe” fullword ascii	CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.