colorcpl.exe

  • File Path: C:\WINDOWS\system32\colorcpl.exe
  • Description: Microsoft Color Control Panel

Screenshot

colorcpl.exe

Hashes

Type Hash
MD5 25040F44B9DDAB66CE97AE7EB076C1F4
SHA1 5E6B9B6F1C5CE669ABF9D5DCB2BE2E524208B700
SHA256 4DA630079F51A5290C2B478D9179D1F4DFEB9B3AE14298244B48C4C00C73E83C
SHA384 A21ECB6EFF61817886CA3D6E6545A33BC98D46BBB8B9C4F58021893441CF0996E38E6D19EAC6853584591ABC075F6B95
SHA512 9E8AA02768F2F9B2B9B44D3BE24C7F0205A001AB8B740FA8CB8F8BEE07032DCF71F05D5CD93150C861164BDCD4A0B6C6CD429C60D7185AC0F90E68BC07DD8BD5
SSDEEP 1536:2q4IPfSbS9vMBN7rQOJ7CFToTCzhcRguhwxTyPCb3lZpdym4dy7p:HDXlvq7jSP1cR2prbpdCY9

Signature

  • Status: Signature verified.
  • Serial: 330000023241FB59996DCC4DFF000000000232
  • Thumbprint: FF82BC38E1DA5E596DF374C53E3617F7EDA36B06
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: colorcpl.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.18362.1 (WinBuild.160101.0800)
  • Product Version: 10.0.18362.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\windows\system32\colorcpl.exe 96
C:\Windows\system32\colorcpl.exe 96
C:\Windows\system32\colorcpl.exe 94
C:\WINDOWS\system32\colorcpl.exe 94
C:\Windows\system32\colorcpl.exe 96
C:\windows\SysWOW64\colorcpl.exe 94
C:\WINDOWS\SysWOW64\colorcpl.exe 96
C:\Windows\SysWOW64\colorcpl.exe 97
C:\Windows\SysWOW64\colorcpl.exe 96
C:\Windows\SysWOW64\colorcpl.exe 96
C:\WINDOWS\SysWOW64\colorcpl.exe 99

Possible Misuse

The following table contains possible examples of colorcpl.exe being misused. While colorcpl.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma file_event_win_susp_colorcpl.yml title: Suspicious Creation with Colorcpl DRL 1.0
sigma file_event_win_susp_colorcpl.yml description: Once executed, colorcpl.exe will copy the arbitrary file to c:\windows\system32\spool\drivers\color\ DRL 1.0
sigma file_event_win_susp_colorcpl.yml Image\|endswith: \colorcpl.exe DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.