SystemPropertiesRemote.exe

  • File Path: C:\Windows\system32\SystemPropertiesRemote.exe
  • Description: System Remote Settings

Hashes

Type Hash
MD5 CDCE1EE7F316F249A3C20CC7A0197DA9
SHA1 DADB23AF07827758005EC0235AC1573FFCEA0DA6
SHA256 7984E2BFF295C8DBCBD3CD296D0741E3A6844B8DB9F962ABDBC8D333E9A83932
SHA384 476242B4A137123FA5400D77564CA0BACEF554D699594FA455060595A15422F6C35162D3F2DF4E6B46F9C076FA8B8A0C
SHA512 F1DC529EBFED814ADCF3E68041243EE02BA33B56C356A63EBA5EF2CB6EDE1EDA192E03349F6A200D34DFAB67263DF79CF295BE3706F4197B9008CCDC53410C26
SSDEEP 1536:82ZTtREC/rMcgEPJV+G57ThjEC0kzJP+V5Jx:lTzECTMpuDhjRVJGf
IMP 68CA080EE65AE9EA92581804B773ECBD
PESHA1 FAFF7FC273278A8F510FDEBE654560D74009F8ED
PE256 F1F0809B2C29F6395BA032947620CC05301C4682C4F14CBE576F8360C2F50EB4

Runtime Data

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\System32\en-US\netid.dll.mui File
(R-D) C:\Windows\System32\en-US\remotepg.dll.mui File
(R-D) C:\Windows\System32\en-US\srrstr.dll.mui File
(R-D) C:\Windows\System32\en-US\sysdm.cpl.mui File
(R-D) C:\Windows\System32\en-US\SystemPropertiesRemote.exe.mui File
(R-D) C:\Windows\SystemResources\sysdm.cpl.mun File
(R-D) C:\Windows\WinSxS\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1_en-us_cb612d02732b0fd9\comctl32.dll.mui File
(RW-) C:\Users\user File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1_en-us_cb612d02732b0fd9 File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_ca04af081b815d21 File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.685_none_faeca4db76168538 File
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\1\BaseNamedObjects\windows_shell_global_counters Section
\Sessions\1\Windows\Theme1175649999 Section
\Windows\Theme601709542 Section

Loaded Modules:

Path
C:\Windows\System32\GDI32.dll
C:\Windows\System32\gdi32full.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcp_win.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\SHELL32.dll
C:\Windows\system32\SYSDM.CPL
C:\Windows\system32\SystemPropertiesRemote.exe
C:\Windows\System32\ucrtbase.dll
C:\Windows\System32\win32u.dll
C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_ca04af081b815d21\COMCTL32.dll

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: SystemPropertiesRemote.EXE.MUI
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/76
  • VirusTotal Link: https://www.virustotal.com/gui/file/7984e2bff295c8dbcbd3cd296d0741e3a6844b8db9f962abdbc8d333e9a83932/detection

File Similarity (ssdeep match)

File Score
C:\WINDOWS\system32\MSchedExe.exe 90
C:\windows\system32\MSchedExe.exe 90
C:\Windows\system32\MSchedExe.exe 90
C:\Windows\system32\MSchedExe.exe 91
C:\Windows\system32\MSchedExe.exe 88
C:\Windows\system32\SystemPropertiesAdvanced.exe 93
C:\windows\system32\SystemPropertiesAdvanced.exe 90
C:\WINDOWS\system32\SystemPropertiesAdvanced.exe 90
C:\Windows\system32\SystemPropertiesAdvanced.exe 85
C:\Windows\system32\SystemPropertiesAdvanced.exe 90
C:\WINDOWS\system32\SystemPropertiesComputerName.exe 90
C:\windows\system32\SystemPropertiesComputerName.exe 90
C:\Windows\system32\SystemPropertiesComputerName.exe 93
C:\Windows\system32\SystemPropertiesComputerName.exe 90
C:\Windows\system32\SystemPropertiesComputerName.exe 88
C:\windows\system32\SystemPropertiesDataExecutionPrevention.exe 90
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe 86
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe 90
C:\WINDOWS\system32\SystemPropertiesDataExecutionPrevention.exe 90
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe 90
C:\Windows\system32\SystemPropertiesHardware.exe 90
C:\Windows\system32\SystemPropertiesHardware.exe 90
C:\Windows\system32\SystemPropertiesHardware.exe 88
C:\windows\system32\SystemPropertiesHardware.exe 86
C:\WINDOWS\system32\SystemPropertiesHardware.exe 90
C:\WINDOWS\system32\SystemPropertiesPerformance.exe 88
C:\Windows\system32\SystemPropertiesPerformance.exe 86
C:\Windows\system32\SystemPropertiesPerformance.exe 90
C:\windows\system32\SystemPropertiesPerformance.exe 88
C:\Windows\system32\SystemPropertiesPerformance.exe 91
C:\WINDOWS\system32\SystemPropertiesProtection.exe 90
C:\windows\system32\SystemPropertiesProtection.exe 86
C:\Windows\system32\SystemPropertiesProtection.exe 90
C:\Windows\system32\SystemPropertiesProtection.exe 90
C:\Windows\system32\SystemPropertiesProtection.exe 90
C:\WINDOWS\system32\SystemPropertiesRemote.exe 90
C:\windows\system32\SystemPropertiesRemote.exe 86
C:\Windows\system32\SystemPropertiesRemote.exe 90
C:\Windows\system32\SystemPropertiesRemote.exe 88
C:\windows\SysWOW64\SystemPropertiesAdvanced.exe 90
C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe 86
C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe 88
C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe 90
C:\WINDOWS\SysWOW64\SystemPropertiesAdvanced.exe 88
C:\windows\SysWOW64\SystemPropertiesComputerName.exe 90
C:\WINDOWS\SysWOW64\SystemPropertiesComputerName.exe 90
C:\Windows\SysWOW64\SystemPropertiesComputerName.exe 91
C:\Windows\SysWOW64\SystemPropertiesComputerName.exe 88
C:\Windows\SysWOW64\SystemPropertiesComputerName.exe 88
C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 90
C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 88
C:\windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 94
C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 88
C:\WINDOWS\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 90
C:\windows\SysWOW64\SystemPropertiesHardware.exe 86
C:\Windows\SysWOW64\SystemPropertiesHardware.exe 90
C:\WINDOWS\SysWOW64\SystemPropertiesHardware.exe 88
C:\Windows\SysWOW64\SystemPropertiesHardware.exe 86
C:\Windows\SysWOW64\SystemPropertiesHardware.exe 88
C:\Windows\SysWOW64\SystemPropertiesPerformance.exe 90
C:\Windows\SysWOW64\SystemPropertiesPerformance.exe 90
C:\Windows\SysWOW64\SystemPropertiesPerformance.exe 88
C:\windows\SysWOW64\SystemPropertiesPerformance.exe 93
C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe 90
C:\windows\SysWOW64\SystemPropertiesProtection.exe 90
C:\Windows\SysWOW64\SystemPropertiesProtection.exe 88
C:\Windows\SysWOW64\SystemPropertiesProtection.exe 90
C:\Windows\SysWOW64\SystemPropertiesProtection.exe 88
C:\WINDOWS\SysWOW64\SystemPropertiesProtection.exe 90
C:\Windows\SysWOW64\SystemPropertiesRemote.exe 91
C:\Windows\SysWOW64\SystemPropertiesRemote.exe 88
C:\windows\SysWOW64\SystemPropertiesRemote.exe 86
C:\WINDOWS\SysWOW64\SystemPropertiesRemote.exe 85
C:\Windows\SysWOW64\SystemPropertiesRemote.exe 85

Possible Misuse

The following table contains possible examples of SystemPropertiesRemote.exe being misused. While SystemPropertiesRemote.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base apt_apt6_malware.yar $s15 = “SystemPropertiesRemote.exe” fullword ascii CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.