colorcpl.exe

  • File Path: C:\windows\system32\colorcpl.exe
  • Description: Microsoft Color Control Panel

Screenshot

colorcpl.exe

Hashes

Type Hash
MD5 1FCE45CF94DA9CD4D28B25FFFC1E684F
SHA1 ED550B9D8A51CE3DD08D38B0A980AC68E82712CA
SHA256 6B547DA69A199DF7FCF8D8070DCCD5E95ABFCAACA33BBF31249C84D22934369C
SHA384 C1FADFFD9ABB5C1A55852F81F4391FACF6D2976EECCB97146C49F2E074900F5E4D67600B460DCBF467F97BB4FFB1EC2A
SHA512 BB1CFD5E8DCB6F0C624617629199E4C62905F2EDCF7007FF93DF1030130C921232AED3EF2F49179FF01E694C65620C13A56036E0F46C24865393907A91E9814B
SSDEEP 1536:VF8IPfSbS9vMBN7rQOJ7CFToTCzhcRguhwxTyPCb3lZpdym4dy7p:7vXlvq7jSP1cR2prbpdCY9

Signature

  • Status: The file C:\windows\system32\colorcpl.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
  • Serial: ``
  • Thumbprint: ``
  • Issuer:
  • Subject:

File Metadata

  • Original Filename: colorcpl.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 6.3.9600.16384 (winblue_rtm.130821-1623)
  • Product Version: 6.3.9600.16384
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\WINDOWS\system32\colorcpl.exe 96
C:\Windows\system32\colorcpl.exe 96
C:\Windows\system32\colorcpl.exe 94
C:\WINDOWS\system32\colorcpl.exe 94
C:\Windows\system32\colorcpl.exe 96
C:\windows\SysWOW64\colorcpl.exe 96
C:\WINDOWS\SysWOW64\colorcpl.exe 96
C:\Windows\SysWOW64\colorcpl.exe 96
C:\Windows\SysWOW64\colorcpl.exe 96
C:\Windows\SysWOW64\colorcpl.exe 96
C:\WINDOWS\SysWOW64\colorcpl.exe 96

Possible Misuse

The following table contains possible examples of colorcpl.exe being misused. While colorcpl.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma file_event_win_susp_colorcpl.yml title: Suspicious Creation with Colorcpl DRL 1.0
sigma file_event_win_susp_colorcpl.yml description: Once executed, colorcpl.exe will copy the arbitrary file to c:\windows\system32\spool\drivers\color\ DRL 1.0
sigma file_event_win_susp_colorcpl.yml Image\|endswith: \colorcpl.exe DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.