colorcpl.exe

  • File Path: C:\WINDOWS\SysWOW64\colorcpl.exe
  • Description: Microsoft Color Control Panel

Screenshot

colorcpl.exe

Hashes

Type Hash
MD5 F68A384E758C94DA13875354C9CFEB27
SHA1 7BD15445532E3677A0E04C1AFEB9CF1AE0F134D4
SHA256 0714E7857E1B05EB73DDF8AFEC026150BFCCBD507060F6AF13D32F7C056A3539
SHA384 6D585766D41E34A8997332EA3E04B8A8D19546C5C36354CA6417E956C672488BAC478A731CD21540448C54A68A9A75A7
SHA512 1D401EA1699DA5A74D70AA9B7923C238D7972A8E1429CB0CFE985EA65E00EB76E680D91D822AE8DD866F2DA756D1FD95F66A948F55EA365B0B7E538ACA8F2C17
SSDEEP 1536:vq4IPfSbS9vMBN7rQOJ7CFToTCzhcRguhwxTyPCb3lZpdym4dy7p:yDXlvq7jSP1cR2prbpdCY9

Signature

  • Status: Signature verified.
  • Serial: 330000023241FB59996DCC4DFF000000000232
  • Thumbprint: FF82BC38E1DA5E596DF374C53E3617F7EDA36B06
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: colorcpl.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.18362.1 (WinBuild.160101.0800)
  • Product Version: 10.0.18362.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\windows\system32\colorcpl.exe 96
C:\WINDOWS\system32\colorcpl.exe 99
C:\Windows\system32\colorcpl.exe 96
C:\Windows\system32\colorcpl.exe 94
C:\WINDOWS\system32\colorcpl.exe 94
C:\Windows\system32\colorcpl.exe 96
C:\windows\SysWOW64\colorcpl.exe 94
C:\WINDOWS\SysWOW64\colorcpl.exe 96
C:\Windows\SysWOW64\colorcpl.exe 96
C:\Windows\SysWOW64\colorcpl.exe 96
C:\Windows\SysWOW64\colorcpl.exe 96

Possible Misuse

The following table contains possible examples of colorcpl.exe being misused. While colorcpl.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma file_event_win_susp_colorcpl.yml title: Suspicious Creation with Colorcpl DRL 1.0
sigma file_event_win_susp_colorcpl.yml description: Once executed, colorcpl.exe will copy the arbitrary file to c:\windows\system32\spool\drivers\color\ DRL 1.0
sigma file_event_win_susp_colorcpl.yml Image\|endswith: \colorcpl.exe DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.