SystemPropertiesRemote.exe

  • File Path: C:\WINDOWS\system32\SystemPropertiesRemote.exe
  • Description: System Remote Settings

Hashes

Type Hash
MD5 211D9C64F7C671CB07B3D402626D824B
SHA1 E6AC7520C9EB349E6CE9A379041836D9201F3B31
SHA256 FE1627C6CDC27E3B2C617FB694BEBA68E72DE63E67EE5FA92C580B16280D8618
SHA384 1825AEF93DED27985D05CA599E9924779D1FD2A0C33097444CD86E75882C10A806F72DEB8F70ACDFFED0B90D517CCDD4
SHA512 B0D3848DFF4107E858582D4B778417694F787FEC7BE59EFCB85DDCD8D8BC7E060499DCC6B05101FB47D29DEA49584D68D1CFBFFFF031622EBA54C04801CED0F0
SSDEEP 1536:uJ1ZItREC/rMcgEPJV+G57ThjEC0kzJP+V5Ji:kHIzECTMpuDhjRVJG4
IMP 68CA080EE65AE9EA92581804B773ECBD
PESHA1 A76D0B2395BF0A7A0EF4F3798FF47B17BD316460
PE256 D54BE5C4F5CA4089263EF238B894F25111F3E2BC092F661A0AA66A10F7F5495A

Runtime Data

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\System32\en-US\netid.dll.mui File
(R-D) C:\Windows\System32\en-US\remotepg.dll.mui File
(R-D) C:\Windows\System32\en-US\srrstr.dll.mui File
(R-D) C:\Windows\System32\en-US\sysdm.cpl.mui File
(R-D) C:\Windows\System32\en-US\SystemPropertiesRemote.exe.mui File
(R-D) C:\Windows\SystemResources\sysdm.cpl.mun File
(R-D) C:\Windows\WinSxS\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.22000.1_en-us_6b887e04d8b70b4e\comctl32.dll.mui File
(RW-) C:\Windows\System32 File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.22000.1_en-us_6b887e04d8b70b4e File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467 File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.22000.282_none_ce81670012fd6ff0 File
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\2\BaseNamedObjects\windows_shell_global_counters Section
\Sessions\2\Windows\Theme1077709572 Section
\Windows\Theme3461253685 Section

Loaded Modules:

Path
C:\WINDOWS\System32\advapi32.dll
C:\WINDOWS\system32\bcd.dll
C:\WINDOWS\System32\combase.dll
C:\WINDOWS\System32\COMDLG32.dll
C:\WINDOWS\System32\GDI32.dll
C:\WINDOWS\System32\gdi32full.dll
C:\WINDOWS\System32\imagehlp.dll
C:\WINDOWS\System32\IMM32.DLL
C:\WINDOWS\System32\KERNEL32.DLL
C:\WINDOWS\System32\KERNELBASE.dll
C:\WINDOWS\System32\msvcp_win.dll
C:\WINDOWS\System32\msvcrt.dll
C:\WINDOWS\SYSTEM32\ntdll.dll
C:\WINDOWS\System32\ole32.dll
C:\WINDOWS\system32\profapi.dll
C:\WINDOWS\System32\RPCRT4.dll
C:\WINDOWS\System32\sechost.dll
C:\WINDOWS\System32\SETUPAPI.dll
C:\WINDOWS\System32\shcore.dll
C:\WINDOWS\System32\SHELL32.dll
C:\WINDOWS\System32\SHLWAPI.dll
C:\WINDOWS\system32\SYSDM.CPL
C:\WINDOWS\system32\SystemPropertiesRemote.exe
C:\WINDOWS\System32\ucrtbase.dll
C:\WINDOWS\System32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\System32\win32u.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\COMCTL32.dll

Signature

  • Status: Signature verified.
  • Serial: 33000002ED2C45E4C145CF48440000000002ED
  • Thumbprint: 312860D2047EB81F8F58C29FF19ECDB4C634CF6A
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: SystemPropertiesRemote.EXE.MUI
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.22000.1 (WinBuild.160101.0800)
  • Product Version: 10.0.22000.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/71
  • VirusTotal Link: https://www.virustotal.com/gui/file/fe1627c6cdc27e3b2c617fb694beba68e72de63e67ee5fa92c580b16280d8618/detection

File Similarity (ssdeep match)

File Score
C:\WINDOWS\system32\MSchedExe.exe 88
C:\windows\system32\MSchedExe.exe 88
C:\WINDOWS\system32\MSchedExe.exe 90
C:\Windows\system32\MSchedExe.exe 90
C:\Windows\system32\MSchedExe.exe 88
C:\Windows\system32\MSchedExe.exe 88
C:\Windows\system32\SystemPropertiesAdvanced.exe 86
C:\WINDOWS\system32\SystemPropertiesAdvanced.exe 91
C:\windows\system32\SystemPropertiesAdvanced.exe 85
C:\WINDOWS\system32\SystemPropertiesAdvanced.exe 90
C:\Windows\system32\SystemPropertiesAdvanced.exe 85
C:\Windows\system32\SystemPropertiesAdvanced.exe 90
C:\WINDOWS\system32\SystemPropertiesComputerName.exe 90
C:\windows\system32\SystemPropertiesComputerName.exe 85
C:\Windows\system32\SystemPropertiesComputerName.exe 90
C:\WINDOWS\system32\SystemPropertiesComputerName.exe 91
C:\Windows\system32\SystemPropertiesComputerName.exe 90
C:\Windows\system32\SystemPropertiesComputerName.exe 86
C:\windows\system32\SystemPropertiesDataExecutionPrevention.exe 85
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe 88
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe 90
C:\WINDOWS\system32\SystemPropertiesDataExecutionPrevention.exe 91
C:\WINDOWS\system32\SystemPropertiesDataExecutionPrevention.exe 88
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe 90
C:\WINDOWS\system32\SystemPropertiesHardware.exe 88
C:\Windows\system32\SystemPropertiesHardware.exe 90
C:\Windows\system32\SystemPropertiesHardware.exe 90
C:\Windows\system32\SystemPropertiesHardware.exe 86
C:\windows\system32\SystemPropertiesHardware.exe 88
C:\WINDOWS\system32\SystemPropertiesHardware.exe 90
C:\WINDOWS\system32\SystemPropertiesPerformance.exe 90
C:\WINDOWS\system32\SystemPropertiesPerformance.exe 86
C:\Windows\system32\SystemPropertiesPerformance.exe 85
C:\Windows\system32\SystemPropertiesPerformance.exe 88
C:\windows\system32\SystemPropertiesPerformance.exe 88
C:\Windows\system32\SystemPropertiesPerformance.exe 88
C:\WINDOWS\system32\SystemPropertiesProtection.exe 91
C:\windows\system32\SystemPropertiesProtection.exe 85
C:\Windows\system32\SystemPropertiesProtection.exe 90
C:\Windows\system32\SystemPropertiesProtection.exe 88
C:\Windows\system32\SystemPropertiesProtection.exe 90
C:\WINDOWS\system32\SystemPropertiesProtection.exe 91
C:\WINDOWS\system32\SystemPropertiesRemote.exe 91
C:\windows\system32\SystemPropertiesRemote.exe 88
C:\Windows\system32\SystemPropertiesRemote.exe 90
C:\Windows\system32\SystemPropertiesRemote.exe 90
C:\Windows\system32\SystemPropertiesRemote.exe 86
C:\windows\SysWOW64\SystemPropertiesAdvanced.exe 85
C:\WINDOWS\SysWOW64\SystemPropertiesAdvanced.exe 86
C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe 85
C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe 86
C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe 85
C:\WINDOWS\SysWOW64\SystemPropertiesAdvanced.exe 86
C:\windows\SysWOW64\SystemPropertiesComputerName.exe 86
C:\WINDOWS\SysWOW64\SystemPropertiesComputerName.exe 88
C:\Windows\SysWOW64\SystemPropertiesComputerName.exe 88
C:\WINDOWS\SysWOW64\SystemPropertiesComputerName.exe 88
C:\Windows\SysWOW64\SystemPropertiesComputerName.exe 86
C:\Windows\SysWOW64\SystemPropertiesComputerName.exe 86
C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 88
C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 86
C:\windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 90
C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 86
C:\WINDOWS\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 88
C:\WINDOWS\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 85
C:\WINDOWS\SysWOW64\SystemPropertiesHardware.exe 86
C:\windows\SysWOW64\SystemPropertiesHardware.exe 88
C:\Windows\SysWOW64\SystemPropertiesHardware.exe 85
C:\WINDOWS\SysWOW64\SystemPropertiesHardware.exe 86
C:\Windows\SysWOW64\SystemPropertiesHardware.exe 85
C:\Windows\SysWOW64\SystemPropertiesHardware.exe 86
C:\Windows\SysWOW64\SystemPropertiesPerformance.exe 90
C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe 90
C:\Windows\SysWOW64\SystemPropertiesPerformance.exe 90
C:\Windows\SysWOW64\SystemPropertiesPerformance.exe 86
C:\windows\SysWOW64\SystemPropertiesPerformance.exe 86
C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe 90
C:\windows\SysWOW64\SystemPropertiesProtection.exe 86
C:\Windows\SysWOW64\SystemPropertiesProtection.exe 86
C:\Windows\SysWOW64\SystemPropertiesProtection.exe 88
C:\WINDOWS\SysWOW64\SystemPropertiesProtection.exe 88
C:\Windows\SysWOW64\SystemPropertiesProtection.exe 86
C:\WINDOWS\SysWOW64\SystemPropertiesProtection.exe 91
C:\Windows\SysWOW64\SystemPropertiesRemote.exe 86
C:\WINDOWS\SysWOW64\SystemPropertiesRemote.exe 90
C:\Windows\SysWOW64\SystemPropertiesRemote.exe 86
C:\windows\SysWOW64\SystemPropertiesRemote.exe 85
C:\WINDOWS\SysWOW64\SystemPropertiesRemote.exe 85
C:\Windows\SysWOW64\SystemPropertiesRemote.exe 83

Possible Misuse

The following table contains possible examples of SystemPropertiesRemote.exe being misused. While SystemPropertiesRemote.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base apt_apt6_malware.yar $s15 = “SystemPropertiesRemote.exe” fullword ascii CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.