colorcpl.exe

  • File Path: C:\Windows\system32\colorcpl.exe
  • Description: Microsoft Color Control Panel

Screenshot

colorcpl.exe

Hashes

Type Hash
MD5 362986B35574BF922A81E7B0BA50C96B
SHA1 FD3359E461AE6BC2EE3C72AE5E456E5617695E91
SHA256 AFC126088E3292D6455584222B70822D3A1AF397F48EF6982834A03ED181863D
SHA384 C11903F4E80D8A58D633434F8CA890C8BD5727EE3581FE68B7ABEE9A700B3B01F431BC26F3CB0B7D5A2B9C15DDBCDA14
SHA512 177D1F3A1AD6EEDFE4E1DFBD762A1B7F49F756791D4F8CDFF6280282AE26FAE821443DBE852693F634324029DFB70052223E1F4FADBCBA5181263BC250C9CEAE
SSDEEP 1536:0z7IPfSbS9vMBN7rQOJ7CFToTCzhcRguhwxTyPCb3lZpdym4dy7p:skXlvq7jSP1cR2prbpdCY9

Signature

  • Status: Signature verified.
  • Serial: 33000000BCE120FDD27CC8EE930000000000BC
  • Thumbprint: E85459B23C232DB3CB94C7A56D47678F58E8E51E
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: colorcpl.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.14393.0 (rs1_release.160715-1616)
  • Product Version: 10.0.14393.0
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\windows\system32\colorcpl.exe 96
C:\WINDOWS\system32\colorcpl.exe 96
C:\Windows\system32\colorcpl.exe 96
C:\WINDOWS\system32\colorcpl.exe 94
C:\Windows\system32\colorcpl.exe 96
C:\windows\SysWOW64\colorcpl.exe 94
C:\WINDOWS\SysWOW64\colorcpl.exe 96
C:\Windows\SysWOW64\colorcpl.exe 97
C:\Windows\SysWOW64\colorcpl.exe 96
C:\Windows\SysWOW64\colorcpl.exe 96
C:\WINDOWS\SysWOW64\colorcpl.exe 96

Possible Misuse

The following table contains possible examples of colorcpl.exe being misused. While colorcpl.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma file_event_win_susp_colorcpl.yml title: Suspicious Creation with Colorcpl DRL 1.0
sigma file_event_win_susp_colorcpl.yml description: Once executed, colorcpl.exe will copy the arbitrary file to c:\windows\system32\spool\drivers\color\ DRL 1.0
sigma file_event_win_susp_colorcpl.yml Image\|endswith: \colorcpl.exe DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.