SystemPropertiesRemote.exe

  • File Path: C:\Windows\SysWOW64\SystemPropertiesRemote.exe
  • Description: System Remote Settings

Hashes

Type Hash
MD5 6068264C72837FF4741001B5FC4DE7A1
SHA1 414F149EAA6654C3B71A89330F3D8EB9EA71CAF9
SHA256 76C62B0DC6D0EEC97CE4AF5DBF7658C6025147EF73653C8E0CE33C15CF4D8570
SHA384 FF39680AEEAC24B4C21F5CA0513E63F47224A7425175E30AE5FDB57E18A66672D5573210B54844997B53DE08EB24D56C
SHA512 85734370E920B46782E99335A7B070BE327565EE58D8F5260DC53CAC17BF1482654733D8A9FD723458F1156D7FA6733A769AB4445EEFCFC566FA03945E88FCDA
SSDEEP 1536:9ELZsztREC/rMcgEPJV+G57ThjEC0kzJP+V5Ju:9AAzECTMpuDhjRVJGc
IMP B788892AE84BA86201A726810F01CB07
PESHA1 27129F762FDA536A7595EFCF7290301EF35451DE
PE256 0C79076F9137C0C4256F7C2D83D2DB55451467C7CA93D722FFA22B4C10156D32

Runtime Data

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\System32\en-US\remotepg.dll.mui File
(R-D) C:\Windows\System32\en-US\SystemPropertiesRemote.exe.mui File
(R-D) C:\Windows\SysWOW64\en-US\netid.dll.mui File
(R-D) C:\Windows\SysWOW64\en-US\sysdm.cpl.mui File
(R-D) C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.17763.1518_en-us_3c26ab8c9470805a\comctl32.dll.mui File
(RW-) C:\Users\user File
(RW-) C:\Windows File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.17763.1518_en-us_3c26ab8c9470805a File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17763.1518_none_261b62a767ca4e6d File
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000004.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000004.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\2\BaseNamedObjects\windows_shell_global_counters Section
\Sessions\2\Windows\Theme2131664586 Section
\Windows\Theme966197582 Section

Loaded Modules:

Path
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll
C:\Windows\SysWOW64\SystemPropertiesRemote.exe

Signature

  • Status: Signature verified.
  • Serial: 33000001C422B2F79B793DACB20000000001C4
  • Thumbprint: AE9C1AE54763822EEC42474983D8B635116C8452
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: SystemPropertiesRemote.EXE
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.17763.1 (WinBuild.160101.0800)
  • Product Version: 10.0.17763.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/71
  • VirusTotal Link: https://www.virustotal.com/gui/file/76c62b0dc6d0eec97ce4af5dbf7658c6025147ef73653c8e0ce33c15cf4d8570/detection/

File Similarity (ssdeep match)

File Score
C:\WINDOWS\system32\MSchedExe.exe 90
C:\windows\system32\MSchedExe.exe 88
C:\Windows\system32\MSchedExe.exe 88
C:\Windows\system32\MSchedExe.exe 86
C:\Windows\system32\MSchedExe.exe 86
C:\Windows\system32\SystemPropertiesAdvanced.exe 85
C:\windows\system32\SystemPropertiesAdvanced.exe 86
C:\WINDOWS\system32\SystemPropertiesAdvanced.exe 88
C:\Windows\system32\SystemPropertiesAdvanced.exe 86
C:\Windows\system32\SystemPropertiesAdvanced.exe 91
C:\WINDOWS\system32\SystemPropertiesComputerName.exe 88
C:\windows\system32\SystemPropertiesComputerName.exe 83
C:\Windows\system32\SystemPropertiesComputerName.exe 88
C:\Windows\system32\SystemPropertiesComputerName.exe 91
C:\Windows\system32\SystemPropertiesComputerName.exe 85
C:\windows\system32\SystemPropertiesDataExecutionPrevention.exe 83
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe 83
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe 88
C:\WINDOWS\system32\SystemPropertiesDataExecutionPrevention.exe 86
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe 88
C:\Windows\system32\SystemPropertiesHardware.exe 88
C:\Windows\system32\SystemPropertiesHardware.exe 88
C:\Windows\system32\SystemPropertiesHardware.exe 86
C:\windows\system32\SystemPropertiesHardware.exe 86
C:\WINDOWS\system32\SystemPropertiesHardware.exe 88
C:\WINDOWS\system32\SystemPropertiesPerformance.exe 85
C:\Windows\system32\SystemPropertiesPerformance.exe 85
C:\Windows\system32\SystemPropertiesPerformance.exe 86
C:\windows\system32\SystemPropertiesPerformance.exe 86
C:\Windows\system32\SystemPropertiesPerformance.exe 90
C:\WINDOWS\system32\SystemPropertiesProtection.exe 88
C:\windows\system32\SystemPropertiesProtection.exe 86
C:\Windows\system32\SystemPropertiesProtection.exe 88
C:\Windows\system32\SystemPropertiesProtection.exe 86
C:\Windows\system32\SystemPropertiesProtection.exe 88
C:\WINDOWS\system32\SystemPropertiesRemote.exe 88
C:\windows\system32\SystemPropertiesRemote.exe 86
C:\Windows\system32\SystemPropertiesRemote.exe 91
C:\Windows\system32\SystemPropertiesRemote.exe 88
C:\Windows\system32\SystemPropertiesRemote.exe 85
C:\windows\SysWOW64\SystemPropertiesAdvanced.exe 86
C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe 85
C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe 91
C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe 86
C:\WINDOWS\SysWOW64\SystemPropertiesAdvanced.exe 85
C:\windows\SysWOW64\SystemPropertiesComputerName.exe 88
C:\WINDOWS\SysWOW64\SystemPropertiesComputerName.exe 86
C:\Windows\SysWOW64\SystemPropertiesComputerName.exe 93
C:\Windows\SysWOW64\SystemPropertiesComputerName.exe 88
C:\Windows\SysWOW64\SystemPropertiesComputerName.exe 88
C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 86
C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 85
C:\windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 90
C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 85
C:\WINDOWS\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 86
C:\windows\SysWOW64\SystemPropertiesHardware.exe 86
C:\Windows\SysWOW64\SystemPropertiesHardware.exe 83
C:\WINDOWS\SysWOW64\SystemPropertiesHardware.exe 85
C:\Windows\SysWOW64\SystemPropertiesHardware.exe 85
C:\Windows\SysWOW64\SystemPropertiesHardware.exe 91
C:\Windows\SysWOW64\SystemPropertiesPerformance.exe 91
C:\Windows\SysWOW64\SystemPropertiesPerformance.exe 88
C:\Windows\SysWOW64\SystemPropertiesPerformance.exe 85
C:\windows\SysWOW64\SystemPropertiesPerformance.exe 85
C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe 91
C:\windows\SysWOW64\SystemPropertiesProtection.exe 88
C:\Windows\SysWOW64\SystemPropertiesProtection.exe 88
C:\Windows\SysWOW64\SystemPropertiesProtection.exe 93
C:\Windows\SysWOW64\SystemPropertiesProtection.exe 85
C:\WINDOWS\SysWOW64\SystemPropertiesProtection.exe 86
C:\Windows\SysWOW64\SystemPropertiesRemote.exe 91
C:\windows\SysWOW64\SystemPropertiesRemote.exe 86
C:\WINDOWS\SysWOW64\SystemPropertiesRemote.exe 88
C:\Windows\SysWOW64\SystemPropertiesRemote.exe 83

Possible Misuse

The following table contains possible examples of SystemPropertiesRemote.exe being misused. While SystemPropertiesRemote.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base apt_apt6_malware.yar $s15 = “SystemPropertiesRemote.exe” fullword ascii CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.