Gridinsoft Logo
File Icon

The ProcessExplorer64-17.05-CHSFIX2.exe (Sysinternals 进程资源管理器) File Analysis

Updated 3 months ago
Checked by Malware Check
ProcessExplorer64-17.05-CHSFIX2.exe

Technical Analysis

File Name ProcessExplorer64-17.05-CHSFIX2.exe
File Type
PE32+ executable (GUI) x86-64, for MS Windows
Scanner Version 1.0.226.174
Database Version 2025-10-07 09:00:28 UTC

Clean File

No threats detected by our scanner

0%
Detection Rate
2,397,064
File Size (bytes)
2025-10-07
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
e27f6bdfb2a2b4ba1dea26362e639d0a
SHA1
f7c4b94017ac3ed6036102881001d46abf9ace5f
SHA256
4a2bbc899c538d895d6f534ca374f1c8819f257d393ed3668a827ae9028e721e
SHA512
33b0c60063672bc56471101a11b74df700e72745e4f0763f81f979894824402c72977538a0304a2ed4f8748e34f8ce4b5d67ffda8729720451f864c75ffdc9b7
ImpHash
74a352b7be38be736b4f1e0d51b66e8c

PE Analysis

Basic Information

Icon
Hash: 158dea441b55ee899edff9c4f3f45b56
Fuzzy: 9ddd7b3b82251b6e5e90f8ca47bd0db7
dHash: d6f0f8e8b0b2e6c6
Image Base 0x140000000
Entry Point 0x1400e1d78
Compilation Time 2023-07-13 14:54:36
Checksum 0x002517a0 (Actual: 0x00258849)
OS Version 6.0
PEiD Signatures PE32+ executable (GUI) x86-64, for MS Windows
PDB Path D:\a\1\s\exe\x64\Release\procexp64.pdb
Digital Signature The expected hash does not match the digest in SpcInfo
Imports 25 libraries
Exports 0 functions
Resources 252 Resources
Sections 7 Sections

Version Information

CompanyName Sysinternals - www.sysinternals.com
FileDescription Sysinternals 进程资源管理器
FileVersion 17.05
InternalName 进程资源管理器
LegalCopyright 版权所有 (C) 1998-2023Mark Russinovich
LegalTrademarks 版权所有 (C) 1998-2023Mark Russinovich
OriginalFilename Procexp.exe
ProductName 进程资源管理器
ProductVersion 17.05
Translation 0x0804 0x03a8

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 1,159,374 bytes 1,159,680 bytes 6.43 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ A346B1D92EFFCDF48C3DEDBB368FAB47
.rdata 0x0011d000 313,122 bytes 313,344 bytes 5.07 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 9849BF22F4293431F302CB3CB8589EEC
.data 0x0016a000 265,940 bytes 54,272 bytes 2.97 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE F5A99A47F9E7C660868B19A1706BE70B
.pdata 0x001ab000 40,896 bytes 40,960 bytes 6.06 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ F70E5B4DB5A79CF5D5D993C7DC0437BA
_RDATA 0x001b5000 348 bytes 512 bytes 3.30 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ DF29A87EB66A9141D95EA558F116A79B
.rsrc 0x001b6000 794,963 bytes 795,136 bytes 4.94 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 9DBADDA76ABFC409FE97403B881975E2
.reloc 0x00279000 24,576 bytes 22,016 bytes 2.25 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 2C8B228E83AC41F7523F90C37956E369

Resource Analysis

Total Resources: 252 (781,144 bytes)
Resource Type Count Total Size Percentage
BINRES 1 37,232 bytes
4.8%
INI 1 1,175 bytes
0.2%
RT_CURSOR 3 924 bytes
0.1%
RT_ICON 118 680,992 bytes
87.2%
RT_MENU 9 3,120 bytes
0.4%
RT_DIALOG 60 48,692 bytes
6.2%
RT_STRING 28 3,638 bytes
0.5%
RT_ACCELERATOR 3 480 bytes
0.1%
RT_GROUP_CURSOR 3 60 bytes
0%
RT_GROUP_ICON 24 1,796 bytes
0.2%
RT_VERSION 1 880 bytes
0.1%
RT_MANIFEST 1 2,155 bytes
0.3%

Certificate Chain Analysis

Certificate Information
Product 进程资源管理器
Description Sysinternals 进程资源管理器
File Version 17.05
Original Name Procexp.exe
Signing Date 02:54 PM 07/13/2023 (911 days ago)
Verification Status The digital signature of the object did not verify.
Signers Microsoft Corporation; Microsoft Code Signing PCA 2011; Microsoft Root Certificate Authority 2011
Counter Signers Microsoft Time-Stamp Service; Microsoft Time-Stamp PCA 2010; Microsoft Root Certificate Authority 2010
Internal Name 进程资源管理器
Copyright 版权所有 (C) 1998-2023Mark Russinovich
Certificate Chain Summary
Microsoft Windows Hardware Compatibility Publisher #1 Primary
Validity Period: 2023-02-02 22:57:29 → 2024-01-31 22:57:29
Signature Algorithm: sha256RSA
Serial Number: 33 00 00 00 FB 12 D9 F7 7F CE E3 D2 8D 00 00 00 00 00 FB
Microsoft Windows Third Party Component CA 2012 #2 Chain
Validity Period: 2012-04-18 23:48:38 → 2027-04-18 23:58:38
Signature Algorithm: sha256RSA
Serial Number: 61 0B AA C1 00 00 00 00 00 09
Microsoft Time-Stamp Service #3 Chain
Validity Period: 2022-11-04 19:01:37 → 2024-02-02 19:01:37
Signature Algorithm: sha256RSA
Serial Number: 33 00 00 01 C8 F9 B0 EE 67 ED EA 6B 46 00 01 00 00 01 C8
Microsoft Time-Stamp PCA 2010 #4 Chain
Validity Period: 2021-09-30 18:22:25 → 2030-09-30 18:32:25
Signature Algorithm: sha256RSA
Serial Number: 33 00 00 00 15 C5 E7 6B 9E 02 9B 49 99 00 00 00 00 00 15
Microsoft Corporation #5 Chain
Validity Period: 2023-03-16 18:43:29 → 2024-03-14 18:43:29
Signature Algorithm: sha256RSA
Serial Number: 33 00 00 03 4E B5 3C 7A C1 84 6F EB 2B 00 00 00 00 03 4E
Microsoft Code Signing PCA 2011 #6 Chain
Validity Period: 2011-07-08 20:59:09 → 2026-07-08 21:09:09
Signature Algorithm: sha256RSA
Serial Number: 61 0E 90 D2 00 00 00 00 00 03
Microsoft Time-Stamp Service #7 Chain
Validity Period: 2022-11-04 19:01:28 → 2024-02-02 19:01:28
Signature Algorithm: sha256RSA
Serial Number: 33 00 00 01 C2 FA 7D 87 0E 54 53 47 24 00 01 00 00 01 C2

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

The expected hash does not match the digest in SpcInfo

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
This file passed all security checks, but stay vigilant. New malware variants appear daily that can evade detection. Always verify files come from official sources and check digital signatures when available.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for
/

Gridinsoft Anti-Malware

Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware

Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!

Gridinsoft Anti-Malware Download Now
Gridinsoft Anti-Malware