Procexp.exe

Process Explorer

Microsoft Corporation

This is a setup program which is used to install the application. This is installed with multiple programs including Process Explorer. The file has been seen being downloaded from download002.fshare.vn and multiple other hosts.
Publisher:
Sysinternals - www.sysinternals.com  (signed by Microsoft Corporation)

Product:
Process Explorer

Description:
Sysinternals Process Explorer

Version:
16.04

MD5:
92e04bcf92cf588f434393d0b3b6bca2

SHA-1:
0a34a5c547aadea85cf48d0126fb68ac49db4c42

SHA-256:
94eac5559220793377c3f3b791aa81d853deee34d21467d70799a32eb8d4bd51

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
12/25/2024 12:59:19 AM UTC  (today)

File size:
2.4 MB (2,480,312 bytes)

Product version:
16.04

Copyright:
Copyright © 1998-2014 Mark Russinovich

Trademarks:
Copyright (C) 1998-2014 Mark Russinovich

Original file name:
Procexp.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\chocolatey\lib\procexp.15.13\tools\procexp.exe

Digital Signature
Authority:
Microsoft Corporation

Valid from:
4/22/2014 7:39:00 PM

Valid to:
7/22/2015 7:39:00 PM

Subject:
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
33000000CA6CD5321235C4E1550001000000CA

File PE Metadata
Compilation timestamp:
9/1/2014 7:40:54 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:iHV7rENy7W8I2ZFBzYKfWuOuVjpomRBYSaBD0sEGn:iHVXYkHLcT

Entry address:
0x9303E

Entry point:
E8, FC, AD, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 0F, 03, C1, 1B, C9, 0B, C1, 59, E9, AA, D6, FF, FF, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 07, 03, C1, 1B, C9, 0B, C1, 59, E9, 94, D6, FF, FF, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2...
 
[+]

Code size:
684.5 KB (700,928 bytes)

The file Procexp.exe has been discovered within the following programs.

DoubleKiller Pro  by Big Bang enterprises
bigbangenterprises.de/en/doublekillerpro
About 7% of users remove it
Process Explorer  by Sysinternals - www.sysinternals.com
Publisher's description - “The Process Explorer display consists of two sub-windows.”
technet.microsoft.com/en-US/sysinternals
9% remove it
www.Toolwiz.com
About 5% of users remove it
 
Powered by Should I Remove It?

The file Procexp.exe has been seen being distributed by the following 7 URLs.

http://download002.fshare.vn/dl/.../process-explorer_1604.exe

&onid=2094&oid=3001-2094_4-10223605&rsid=cbsidownloadcomsite&sl=en&sc=us&pdguid=download:13813074&topicguid=utilities/sys&topicbrcrm=windows software&pid=13813074&mfgid=50119&merid=50119&ctype=dm&cval=NONE&devicetype=desktop&pguid=37ed4af4bf6b998cc468bebe&viewguid=QhDH7BdhsIZyUMT598XI8mlIdjtZh1Hu6kKY&destUrl=http://software-files-a.cnet.com/s/software/13/81/30/.../procexp.exe