colorcpl.exe

  • File Path: C:\windows\SysWOW64\colorcpl.exe
  • Description: Microsoft Color Control Panel

Screenshot

colorcpl.exe

Hashes

Type Hash
MD5 0A606DBA8620A3F24240226798720CDD
SHA1 4268AF3937279110A26EE406FB8BEE67F383E989
SHA256 81EE15C4666D73420333BACE26971F9DF60178F2694951B2E56C36DF572551C7
SHA384 A9621CFDF0F9371C82B5B82C95C7A313D2A4630C9E8CD543993AF0710392ABFE92986518160502AF76A8BEE175230F81
SHA512 9BA0BBF91F003AEF18103E8BD552808B8EBF35C75286C81D18F9632F6B4F9B32782FEF4C9A7938E23CD2B9B9BDF6CA140B5C1F72B2006CB4CAC8F61D7802D0C1
SSDEEP 1536:uKPl8IPfSbS9vMBN7rQOJ7CFToTCzhcRguhwxTyPCb3lZpdym4dy7p:plvXlvq7jSP1cR2prbpdCY9

Signature

  • Status: The file C:\windows\SysWOW64\colorcpl.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
  • Serial: ``
  • Thumbprint: ``
  • Issuer:
  • Subject:

File Metadata

  • Original Filename: colorcpl.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 6.3.9600.16384 (winblue_rtm.130821-1623)
  • Product Version: 6.3.9600.16384
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\windows\system32\colorcpl.exe 96
C:\WINDOWS\system32\colorcpl.exe 94
C:\Windows\system32\colorcpl.exe 94
C:\Windows\system32\colorcpl.exe 93
C:\WINDOWS\system32\colorcpl.exe 93
C:\Windows\system32\colorcpl.exe 94
C:\WINDOWS\SysWOW64\colorcpl.exe 94
C:\Windows\SysWOW64\colorcpl.exe 96
C:\Windows\SysWOW64\colorcpl.exe 94
C:\Windows\SysWOW64\colorcpl.exe 96
C:\WINDOWS\SysWOW64\colorcpl.exe 94

Possible Misuse

The following table contains possible examples of colorcpl.exe being misused. While colorcpl.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma file_event_win_susp_colorcpl.yml title: Suspicious Creation with Colorcpl DRL 1.0
sigma file_event_win_susp_colorcpl.yml description: Once executed, colorcpl.exe will copy the arbitrary file to c:\windows\system32\spool\drivers\color\ DRL 1.0
sigma file_event_win_susp_colorcpl.yml Image\|endswith: \colorcpl.exe DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.