The procexp.exe (Sysinternals Process Explorer) File Analysis

Updated 3 months ago

Checked by Malaware Check

procexp.exe

Technical Analysis

File Name	procexp.exe
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Scanner Version	1.0.207.174
Database Version	2025-02-07 22:00:35 UTC

✓

Clean File

No threats detected by our scanner

0%

Detection Rate

4,531,120

File Size (bytes)

2025-02-07

Analysis Date

Scan Another File

File Identification

Hash Type	Value	Action
MD5	94c60e6704b5dd11a139f2ffebde9135
SHA1	cd89f1cf9428a3eab554a3eb9ff6ca869e5bc368
SHA256	106bf123359d03963b1df1011fb8560aaf1c5e811de775dce1d8a53758a69102
SHA512	586bf326eae890379fcc7ad60e0a70384d069898aea46da32baf6bd60854df97b461019beaf17744ba3dfc0e70eb75970b977c30f035d296ae89763605d4ff6d
ImpHash	dbc825879296e020d5134f3622c3aca0

PE Analysis

Basic Information

▼

Icon	Hash: 158dea441b55ee899edff9c4f3f45b56 Fuzzy: 9ddd7b3b82251b6e5e90f8ca47bd0db7 dHash: d6f0f8e8b0b2e6c6
Image Base	`0x00400000`
Entry Point	`0x004c43ce`
Compilation Time	2024-05-28 15:50:44
Checksum	0x00461373 (Actual: 0x00461373)
OS Version	6.0
PEiD Signatures	`PE32 executable (GUI) Intel 80386, for MS Windows`
PDB Path	`C:\__w\1\s\exe\Win32\Release\procexp.pdb`
Digital Signature	OK
Imports	25 libraries
Exports	0 functions
Resources	253 Resources
Sections	5 Sections

Version Information

▼

CompanyName	Sysinternals - www.sysinternals.com
FileDescription	Sysinternals Process Explorer
FileVersion	17.06
InternalName	Process Explorer
LegalCopyright	Copyright © 1998-2024 Mark Russinovich
LegalTrademarks	Copyright © 1998-2024 Mark Russinovich
OriginalFilename	Procexp.exe
ProductName	Process Explorer
ProductVersion	17.06
Translation	0x0409 0x04e4

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	1,014,060 bytes	1,014,272 bytes	6.49 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`E34D64C330ADE803A69931AECB833413`
`.rdata`	`0x000f9000`	216,402 bytes	216,576 bytes	4.56 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`ECB7F89CF797BFEDF1FCEB6A25B1896D`
`.data`	`0x0012e000`	250,516 bytes	44,032 bytes	3.20 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`AD0BF420A57C2B1919B80A417240DBB3`
`.rsrc`	`0x0016c000`	3,185,112 bytes	3,185,152 bytes	5.79 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`B99DF5E71E0CCE4FDF0E38ABA312747E`
`.reloc`	`0x00476000`	59,768 bytes	59,904 bytes	6.75 (Compressed)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`39A74254D5739F00EC1983506ECFB475`

Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

▼

Total Resources: 253 (3,170,992 bytes)

Resource Type	Count	Total Size	Percentage
BINRES	2	2,411,456 bytes	76%
INI	1	1,175 bytes	0%
RT_CURSOR	3	924 bytes	0%
RT_ICON	118	680,992 bytes	21.5%
RT_MENU	9	4,170 bytes	0.1%
RT_DIALOG	60	59,830 bytes	1.9%
RT_STRING	28	7,002 bytes	0.2%
RT_ACCELERATOR	3	480 bytes	0%
RT_GROUP_CURSOR	3	60 bytes	0%
RT_GROUP_ICON	24	1,796 bytes	0.1%
RT_VERSION	1	952 bytes	0%
RT_MANIFEST	1	2,155 bytes	0.1%

Certificate Chain Analysis

▼

Certificate Information

Product	Process Explorer
Description	Sysinternals Process Explorer
File Version	17.06
Original Name	Procexp.exe
Signing Date	03:51 PM 05/28/2024 (373 days ago)
Verification Status	Signed
Signers	Microsoft Corporation; Microsoft Code Signing PCA 2011; Microsoft Root Certificate Authority 2011
Counter Signers	Microsoft Time-Stamp Service; Microsoft Time-Stamp PCA 2010; Microsoft Root Certificate Authority 2010
Internal Name	Process Explorer
Copyright	Copyright © 1998-2024 Mark Russinovich

Certificate Chain Summary

Microsoft Windows Hardware Compatibility Publisher #1 Primary

Validity Period: 2023-10-19 19:50:13 → 2024-10-16 19:50:13

Signature Algorithm: sha256RSA

Serial Number: 33 00 00 01 0A F9 67 00 02 A9 7C BC D3 00 00 00 00 01 0A

Microsoft Windows Third Party Component CA 2012 #2 Chain

Validity Period: 2012-04-18 23:48:38 → 2027-04-18 23:58:38

Signature Algorithm: sha256RSA

Serial Number: 61 0B AA C1 00 00 00 00 00 09

Microsoft Time-Stamp Service #3 Chain

Validity Period: 2023-12-06 18:45:19 → 2025-03-05 18:45:19

Signature Algorithm: sha256RSA

Serial Number: 33 00 00 01 E7 2E 8F 2F 93 0B 4F 1B E9 00 01 00 00 01 E7

Microsoft Time-Stamp PCA 2010 #4 Chain

Validity Period: 2021-09-30 18:22:25 → 2030-09-30 18:32:25

Signature Algorithm: sha256RSA

Serial Number: 33 00 00 00 15 C5 E7 6B 9E 02 9B 49 99 00 00 00 00 00 15

Microsoft Time-Stamp Service #5 Chain

Validity Period: 2023-10-12 19:07:19 → 2025-01-10 19:07:19

Signature Algorithm: sha256RSA

Serial Number: 33 00 00 01 E0 D4 FC 1F 13 15 1F 7E 5D 00 01 00 00 01 E0

Microsoft Corporation #6 Chain

Validity Period: 2023-11-16 19:09:00 → 2024-11-14 19:09:00

Signature Algorithm: sha256RSA

Serial Number: 33 00 00 03 AF 30 40 0E 4C A3 4D 05 41 00 00 00 00 03 AF

Microsoft Code Signing PCA 2011 #7 Chain

Validity Period: 2011-07-08 20:59:09 → 2026-07-08 21:09:09

Signature Algorithm: sha256RSA

Serial Number: 61 0E 90 D2 00 00 00 00 00 03

Microsoft Time-Stamp Service #8 Chain

Validity Period: 2023-10-12 19:07:09 → 2025-01-10 19:07:09

Signature Algorithm: sha256RSA

Serial Number: 33 00 00 01 DD 5D 57 1D 95 D4 AD AA 1B 00 01 00 00 01 DD

Microsoft Time-Stamp Service #9 Chain

Validity Period: 2023-10-12 19:06:59 → 2025-01-10 19:06:59

Signature Algorithm: sha256RSA

Serial Number: 33 00 00 01 DA 8E D5 C9 5A 00 D1 11 B1 00 01 00 00 01 DA

✓ This file has been digitally signed and the certificate chain has been verified

The signature ensures file integrity and authenticity from the publisher
Timestamping proves when the signature was applied

Certificate Verification Status

OK

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
Email Security: Be cautious with email attachments and links, even from known contacts.

Proactive Protection

This file passed all security checks, but stay vigilant. New malware variants appear daily that can evade detection. Always verify files come from official sources and check digital signatures when available.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for

5 4 3 2 1

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now

Gridinsoft Anti-Malware