× الكوكيز معطل! هذا الموقع يتطلب تمكين الكوكيز للعمل بشكل صحيح
SHA256: 760390f07cefafadece0638a643d69964433041abeab09b65bfcdb922c047872
إسم الملف: verclsid.exe
نسبة الفحص: 57 / 64
تاريخ الفحص 2017-08-17 10:13:52 UTC ( 20 ساعة، 25 دقيقة مضت )
مكافح الفيروسات النتيجة التحديث
Ad-Aware Trojan.GenericKD.4888239 20170817
AegisLab Ml.Attribute.Gen!c 20170817
AhnLab-V3 Backdoor/Win32.Dridex.R198857 20170817
ALYac Trojan.Dridex.A 20170817
Antiy-AVL Trojan[Backdoor]/Win32.Dridex 20170817
Arcabit Trojan.Generic.D4A96AF 20170817
Avast Win32:Malware-gen 20170817
AVG Win32:Malware-gen 20170817
Avira (no cloud) TR/AD.Inject.bdmls 20170817
AVware Trojan.Win32.Generic!BT 20170817
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170817
BitDefender Trojan.GenericKD.4888239 20170817
CAT-QuickHeal Backdoor.Drixed 20170817
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20170817
Cyren W32/Dridex.KYUQ-3795 20170817
DrWeb Trojan.Inject2.53025 20170817
Emsisoft Trojan.GenericKD.4888239 (B) 20170817
Endgame malicious (high confidence) 20170721
ESET-NOD32 Win32/Dridex.BC 20170817
F-Prot W32/Dridex.KM 20170817
F-Secure Trojan.GenericKD.4888239 20170817
Fortinet W32/DRIDEX.HS!tr 20170817
GData Win32.Trojan-Spy.Dridex.A36IGA 20170817
Ikarus Trojan.Win32.Agent 20170817
Sophos ML heuristic 20170817
Jiangmin Backdoor.Dridex.ax 20170817
K7AntiVirus Trojan ( 0050acd61 ) 20170817
K7GW Trojan ( 0050acd61 ) 20170817
Kaspersky Backdoor.Win32.Dridex.hs 20170817
Malwarebytes Trojan.Dridex 20170817
MAX malware (ai score=89) 20170817
McAfee Generic.abl 20170817
McAfee-GW-Edition BehavesLike.Win32.Virut.cc 20170817
Microsoft VirTool:Win32/Injector 20170817
eScan Trojan.GenericKD.4888239 20170817
NANO-Antivirus Trojan.Win32.Dridex.enuutq 20170817
nProtect Backdoor/W32.Dridex.151552.D 20170817
Palo Alto Networks (Known Signatures) generic.ml 20170817
Panda Trj/WLT.C 20170816
Qihoo-360 Trojan.Generic 20170817
Rising Backdoor.Dridex!8.3226 (ktse) 20170817
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Troj/Dridex-XK 20170817
Symantec Trojan.Cridex 20170817
Tencent Win32.Trojan.Agent.Mtug 20170817
TheHacker Trojan/Agent.yuh 20170817
TrendMicro BKDR_HANCITOR.YYSWN 20170817
TrendMicro-HouseCall BKDR_HANCITOR.YYSWN 20170817
VBA32 Trojan.Filecoder 20170817
VIPRE Trojan.Win32.Generic!BT 20170817
ViRobot Trojan.Win32.S.Agent.151552.DQU 20170817
Webroot W32.Trojan.Gen 20170817
Yandex Backdoor.Dridex! 20170815
Zillya Backdoor.Dridex.Win32.40 20170817
ZoneAlarm by Check Point Backdoor.Win32.Dridex.hs 20170817
Zoner Trojan.Dridex 20170817
Alibaba 20170817
ClamAV 20170817
CMC 20170817
Comodo 20170817
Kingsoft 20170817
SUPERAntiSpyware 20170817
Symantec Mobile Insight 20170816
TotalDefense 20170817
Trustlook 20170817
WhiteArmor 20170817
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name verclsid.exe
Internal name verclsid.exe
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Extension CLSID Verification Host
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-04-19 13:27:52
Entry Point 0x000020F0
Number of sections 10
PE sections
PE imports
CryptDuplicateKey
ClearEventLogW
ClusterResourceEnum
CertAddSerializedElementToStore
CertGetCRLContextProperty
CertFindAttribute
SelectPalette
SetDCBrushColor
ModifyWorldTransform
PolylineTo
SetColorAdjustment
FreeLibrary
InterlockedExchange
LocalFree
RaiseException
LocalAlloc
ExpandEnvironmentStringsW
LoadLibraryW
GetLastError
HeapQueryInformation
lstrcpyA
HeapAlloc
EnumResourceNamesA
GetTempFileNameW
BackupWrite
GlobalUnlock
GetProcAddress
LoadLibraryA
SystemTimeToTzSpecificLocalTime
MprConfigGetGuidName
DsBindWithCredW
VarBstrFromUI1
SafeArrayCreateVectorEx
VarDateFromCy
BSTR_UserUnmarshal
RpcBindingInqObject
NdrSimpleStructBufferSize
RpcBindingServerFromClient
SetupDiCreateDeviceInfoA
SetupQueueCopyIndirectW
SHPathPrepareForWriteW
wnsprintfW
AssocQueryKeyW
VerifySignature
wsprintfA
FindWindowExA
IntersectRect
CharNextA
OpenWindowStationW
SetScrollInfo
SystemParametersInfoW
DefWindowProcA
SetUserObjectSecurity
GetMenuBarInfo
SetCursor
FindCloseUrlCache
InternetSetOptionA
timeEndPeriod
waveInClose
waveOutGetErrorTextW
getprotobyname
SCardListCardsW
CoFileTimeNow
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x20f0

OriginalFileName
verclsid.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2017:04:19 14:27:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
verclsid.exe

ProductVersion
6.1.7600.16385

FileDescription
Extension CLSID Verification Host

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
16384

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 2d1d89f4430e9cf58e364f93177a0933
SHA1 28641958f117e8f24e19a7d9756157987449e534
SHA256 760390f07cefafadece0638a643d69964433041abeab09b65bfcdb922c047872
ssdeep
3072:aIewadROmMTIX36iXZ6Nbv/lcFxsNYEygpaqtCAFJRw:afdROlTwH8NzlQxHIJ

authentihash 0668f4c305a1ab6b1d88348446654cfa76097b088335e5a69307851319ad0275
imphash 2fa2e2184c1b2c34bf6a50cab49515eb
File size 148.0 ك.ب ( 151552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-04-19 09:31:08 UTC ( 4 أشهر مضت )
Last submission 2017-08-17 10:13:52 UTC ( 20 ساعة، 25 دقيقة مضت )
أسماء الملفات redchip2 - Copy.exe
redchip4.exe.3232.dr
verclsid.exe
redchip2.exe.4072.dr
6gfd43.malware
2017-04-19-dridex-executable.exe
Spyware(Dridex02).exe
2017-04-19-Dridex-executable.exe
redchip2.exe
Dridex-executable.exe
redchip2.exe.964549679.DROPPED.ex_
MAL.exe
2d1d89f4430e9cf58e364f93177a0933.exe
Advanced heuristic and reputation engines
Behaviour characterization
Zemana
dll-injection

لا توجد تعليقات. لا يوجد أحد من أعضاء مجتمع فايروس توتال قام بالتعليق على هذا الملف حتى الآن، كٌن اول شخص يفعل ذلك!

أترك تعليقك...

?
إضافة تعليق

لم تقم بتسجيل الدخول.فقط الأعضاء المسجلون لدينا يملكون صلاحية الرد, قم بتسجيل الدخول وشارك بصوتك !

لا توجد تصويتات. لا احد صوت على هذا الملف من قبل، كٌن اول شخص يفعل ذلك!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications