SystemPropertiesRemote.exe

  • File Path: C:\WINDOWS\SysWOW64\SystemPropertiesRemote.exe
  • Description: System Remote Settings

Hashes

Type Hash
MD5 249802F4FC14592893925F75237E9E31
SHA1 1FCE64E0899A293B8AA10D0D794E599DFFAD3F9E
SHA256 B05DE2DAC6F6DA8231C29405955B42CABBCA6CE8058EED72A0F7DF1395A7F777
SHA384 ABACD839FFF24A8C55796D65934D49C037966A7C81E23AC284B919BF1C1911F64011EB3D703692FD80C6C7CC0DC5A50B
SHA512 E5B2955FF8BE91BC064257A019FF15B2FBB40E4D854ECBB076F84555C8BCF4BD6CF51CC4D000C6C396FEA23ACC0577FD20966428ADD4AF56AC9D677033426D4D
SSDEEP 1536:AMKZsztREC/rMcgEPJV+G57ThjEC0kzJP+V5Ji:AlAzECTMpuDhjRVJG4
IMP B788892AE84BA86201A726810F01CB07
PESHA1 2036E37F4884B9F8428D42B8DF6E24AC9E624336
PE256 A9E3C00D76B64F02807CB4DA47B9471BC4DD106FEF83DD519958834FE68D4F36

Runtime Data

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\System32\en-US\remotepg.dll.mui File
(R-D) C:\Windows\System32\en-US\SystemPropertiesRemote.exe.mui File
(R-D) C:\Windows\SystemResources\sysdm.cpl.mun File
(R-D) C:\Windows\SysWOW64\en-US\netid.dll.mui File
(R-D) C:\Windows\SysWOW64\en-US\sysdm.cpl.mui File
(R-D) C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.22000.1_en-us_b335b4dbed333454\comctl32.dll.mui File
(RW-) C:\Windows File
(RW-) C:\Windows\SysWOW64 File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.22000.1_en-us_b335b4dbed333454 File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_e541a94fcce8ed6d File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.22000.282_none_162e9dd7277998f6 File
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\2\BaseNamedObjects\windows_shell_global_counters Section
\Sessions\2\Windows\Theme1077709572 Section
\Windows\Theme3461253685 Section

Loaded Modules:

Path
C:\WINDOWS\SYSTEM32\ntdll.dll
C:\WINDOWS\System32\wow64.dll
C:\WINDOWS\System32\wow64base.dll
C:\WINDOWS\System32\wow64con.dll
C:\WINDOWS\System32\wow64cpu.dll
C:\WINDOWS\System32\wow64win.dll
C:\WINDOWS\SysWOW64\SystemPropertiesRemote.exe

Signature

  • Status: Signature verified.
  • Serial: 33000002ED2C45E4C145CF48440000000002ED
  • Thumbprint: 312860D2047EB81F8F58C29FF19ECDB4C634CF6A
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: SystemPropertiesRemote.EXE
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.22000.1 (WinBuild.160101.0800)
  • Product Version: 10.0.22000.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/72
  • VirusTotal Link: https://www.virustotal.com/gui/file/b05de2dac6f6da8231c29405955b42cabbca6ce8058eed72a0f7df1395a7f777/detection

File Similarity (ssdeep match)

File Score
C:\WINDOWS\system32\MSchedExe.exe 88
C:\windows\system32\MSchedExe.exe 88
C:\WINDOWS\system32\MSchedExe.exe 90
C:\Windows\system32\MSchedExe.exe 90
C:\Windows\system32\MSchedExe.exe 86
C:\Windows\system32\MSchedExe.exe 90
C:\Windows\system32\SystemPropertiesAdvanced.exe 85
C:\WINDOWS\system32\SystemPropertiesAdvanced.exe 86
C:\windows\system32\SystemPropertiesAdvanced.exe 83
C:\WINDOWS\system32\SystemPropertiesAdvanced.exe 88
C:\Windows\system32\SystemPropertiesAdvanced.exe 83
C:\Windows\system32\SystemPropertiesAdvanced.exe 88
C:\WINDOWS\system32\SystemPropertiesComputerName.exe 88
C:\windows\system32\SystemPropertiesComputerName.exe 83
C:\Windows\system32\SystemPropertiesComputerName.exe 88
C:\WINDOWS\system32\SystemPropertiesComputerName.exe 86
C:\Windows\system32\SystemPropertiesComputerName.exe 88
C:\Windows\system32\SystemPropertiesComputerName.exe 85
C:\windows\system32\SystemPropertiesDataExecutionPrevention.exe 86
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe 83
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe 88
C:\WINDOWS\system32\SystemPropertiesDataExecutionPrevention.exe 86
C:\WINDOWS\system32\SystemPropertiesDataExecutionPrevention.exe 86
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe 88
C:\WINDOWS\system32\SystemPropertiesHardware.exe 82
C:\Windows\system32\SystemPropertiesHardware.exe 88
C:\Windows\system32\SystemPropertiesHardware.exe 88
C:\Windows\system32\SystemPropertiesHardware.exe 85
C:\windows\system32\SystemPropertiesHardware.exe 83
C:\WINDOWS\system32\SystemPropertiesHardware.exe 91
C:\WINDOWS\system32\SystemPropertiesPerformance.exe 85
C:\WINDOWS\system32\SystemPropertiesPerformance.exe 88
C:\Windows\system32\SystemPropertiesPerformance.exe 86
C:\Windows\system32\SystemPropertiesPerformance.exe 86
C:\windows\system32\SystemPropertiesPerformance.exe 86
C:\Windows\system32\SystemPropertiesPerformance.exe 86
C:\WINDOWS\system32\SystemPropertiesProtection.exe 91
C:\windows\system32\SystemPropertiesProtection.exe 86
C:\Windows\system32\SystemPropertiesProtection.exe 88
C:\Windows\system32\SystemPropertiesProtection.exe 90
C:\Windows\system32\SystemPropertiesProtection.exe 88
C:\WINDOWS\system32\SystemPropertiesProtection.exe 86
C:\WINDOWS\system32\SystemPropertiesRemote.exe 90
C:\WINDOWS\system32\SystemPropertiesRemote.exe 88
C:\windows\system32\SystemPropertiesRemote.exe 83
C:\Windows\system32\SystemPropertiesRemote.exe 88
C:\Windows\system32\SystemPropertiesRemote.exe 88
C:\Windows\system32\SystemPropertiesRemote.exe 85
C:\windows\SysWOW64\SystemPropertiesAdvanced.exe 86
C:\WINDOWS\SysWOW64\SystemPropertiesAdvanced.exe 91
C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe 85
C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe 85
C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe 86
C:\WINDOWS\SysWOW64\SystemPropertiesAdvanced.exe 85
C:\windows\SysWOW64\SystemPropertiesComputerName.exe 85
C:\WINDOWS\SysWOW64\SystemPropertiesComputerName.exe 86
C:\Windows\SysWOW64\SystemPropertiesComputerName.exe 86
C:\WINDOWS\SysWOW64\SystemPropertiesComputerName.exe 93
C:\Windows\SysWOW64\SystemPropertiesComputerName.exe 88
C:\Windows\SysWOW64\SystemPropertiesComputerName.exe 85
C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 86
C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 85
C:\windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 90
C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 88
C:\WINDOWS\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 86
C:\WINDOWS\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 86
C:\WINDOWS\SysWOW64\SystemPropertiesHardware.exe 91
C:\windows\SysWOW64\SystemPropertiesHardware.exe 83
C:\Windows\SysWOW64\SystemPropertiesHardware.exe 86
C:\WINDOWS\SysWOW64\SystemPropertiesHardware.exe 85
C:\Windows\SysWOW64\SystemPropertiesHardware.exe 85
C:\Windows\SysWOW64\SystemPropertiesHardware.exe 85
C:\Windows\SysWOW64\SystemPropertiesPerformance.exe 88
C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe 88
C:\Windows\SysWOW64\SystemPropertiesPerformance.exe 88
C:\Windows\SysWOW64\SystemPropertiesPerformance.exe 88
C:\windows\SysWOW64\SystemPropertiesPerformance.exe 85
C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe 88
C:\windows\SysWOW64\SystemPropertiesProtection.exe 88
C:\Windows\SysWOW64\SystemPropertiesProtection.exe 91
C:\Windows\SysWOW64\SystemPropertiesProtection.exe 86
C:\WINDOWS\SysWOW64\SystemPropertiesProtection.exe 93
C:\Windows\SysWOW64\SystemPropertiesProtection.exe 85
C:\WINDOWS\SysWOW64\SystemPropertiesProtection.exe 90
C:\Windows\SysWOW64\SystemPropertiesRemote.exe 93
C:\Windows\SysWOW64\SystemPropertiesRemote.exe 91
C:\windows\SysWOW64\SystemPropertiesRemote.exe 83
C:\WINDOWS\SysWOW64\SystemPropertiesRemote.exe 88
C:\Windows\SysWOW64\SystemPropertiesRemote.exe 83

Possible Misuse

The following table contains possible examples of SystemPropertiesRemote.exe being misused. While SystemPropertiesRemote.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base apt_apt6_malware.yar $s15 = “SystemPropertiesRemote.exe” fullword ascii CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.