× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6b6c00548e5e92127c8b2a78f02c1e9c9d10f5ef5aa98e3d1af14c0320d19ee2
File name: verclsid.exe
Detection ratio: 49 / 61
Analysis date: 2017-05-18 19:14:40 UTC ( 1 week, 3 days ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4829859 20170518
AegisLab Ml.Attribute.Gen!c 20170518
AhnLab-V3 Backdoor/Win32.Dridex.R198857 20170518
ALYac Trojan.GenericKD.4829859 20170518
Antiy-AVL Trojan[Backdoor]/Win32.Dridex 20170518
Arcabit Trojan.Generic.D49B2A3 20170518
Avast Win32:Rootkit-gen [Rtk] 20170518
AVG SCGeneric_c.JNC 20170518
Avira (no cloud) TR/Agent.inpfp 20170518
AVware Trojan.Win32.Generic!BT 20170518
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170503
BitDefender Trojan.GenericKD.4829859 20170518
Bkav HW32.Packed.F4CA 20170518
CAT-QuickHeal Backdoor.Dridex 20170518
Comodo UnclassifiedMalware 20170518
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/Trojan.MTHZ-8544 20170518
DrWeb Trojan.Dridex.506 20170518
Emsisoft Trojan.GenericKD.4829859 (B) 20170518
Endgame malicious (high confidence) 20170515
ESET-NOD32 Win32/Agent.YUH 20170518
F-Prot W32/Trojan2.PTWY 20170518
F-Secure Trojan.GenericKD.4829859 20170518
Fortinet W32/GenKryptik.ABHP!tr 20170518
GData Trojan.GenericKD.4829859 20170518
Ikarus Trojan.Win32.Agent 20170518
Invincea virus.win32.ramnit.j 20170516
K7AntiVirus Trojan ( 0050acc01 ) 20170518
K7GW Trojan ( 0050acc01 ) 20170518
Kaspersky Backdoor.Win32.Dridex.hh 20170518
McAfee RDN/Generic.grp 20170518
McAfee-GW-Edition BehavesLike.Win32.Virut.cc 20170518
Microsoft Trojan:Win32/Skeeyah.A!rfn 20170518
eScan Trojan.GenericKD.4829859 20170518
NANO-Antivirus Trojan.Win32.Dridex.enrsrb 20170518
nProtect Backdoor/W32.Dridex.143360.B 20170518
Palo Alto Networks (Known Signatures) generic.ml 20170518
Panda Trj/GdSda.A 20170518
SentinelOne (Static ML) static engine - malicious 20170516
Sophos Mal/Generic-S 20170518
Symantec W32.Cridex!gen14 20170518
Tencent Win32.Backdoor.Dridex.Lqeq 20170518
TrendMicro TROJ_FAKEMS.USQA 20170518
TrendMicro-HouseCall TROJ_FAKEMS.USQA 20170518
VBA32 Backdoor.Dridex 20170518
VIPRE Trojan.Win32.Generic!BT 20170518
Webroot W32.Trojan.Gen 20170518
Yandex Backdoor.Dridex! 20170518
ZoneAlarm by Check Point Backdoor.Win32.Dridex.hh 20170518
Alibaba 20170518
ClamAV 20170518
CMC 20170518
Jiangmin 20170518
Kingsoft 20170518
Malwarebytes 20170518
Qihoo-360 20170518
Rising None
SUPERAntiSpyware 20170518
Symantec Mobile Insight 20170518
TheHacker 20170516
ViRobot 20170518
WhiteArmor 20170517
Zillya 20170518
Zoner 20170518
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name verclsid.exe
Internal name verclsid.exe
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Extension CLSID Verification Host
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-04-11 06:31:02
Entry Point 0x00001970
Number of sections 6
PE sections
PE imports
CryptDuplicateKey
ClearEventLogW
ClusterResourceEnum
CertAddSerializedElementToStore
CertGetCRLContextProperty
CertFindAttribute
SelectPalette
SetDCBrushColor
ModifyWorldTransform
PolylineTo
SetColorAdjustment
GetTempFileNameW
InterlockedExchange
LocalFree
HeapQueryInformation
RaiseException
EnumResourceNamesA
LocalAlloc
ExpandEnvironmentStringsW
LoadLibraryW
GetLastError
FreeLibrary
lstrcpyA
HeapAlloc
FreeConsole
BackupWrite
GlobalUnlock
GetProcAddress
LoadLibraryA
SystemTimeToTzSpecificLocalTime
MprConfigGetGuidName
DsBindWithCredW
VarBstrFromUI1
SafeArrayCreateVectorEx
VarDateFromCy
BSTR_UserUnmarshal
RpcBindingInqObject
NdrSimpleStructBufferSize
RpcBindingServerFromClient
SetupDiCreateDeviceInfoA
SetupQueueCopyIndirectW
SHPathPrepareForWriteW
wnsprintfW
AssocQueryKeyW
VerifySignature
wsprintfA
FindWindowExA
IntersectRect
CharNextA
SetUserObjectSecurity
GetMenuBarInfo
SystemParametersInfoW
DefWindowProcA
OpenWindowStationW
SetScrollInfo
SetCursor
FindCloseUrlCache
InternetSetOptionA
timeEndPeriod
waveInClose
waveOutGetErrorTextW
getprotobyname
SCardListCardsW
CoFileTimeNow
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x1970

OriginalFileName
verclsid.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2017:04:11 07:31:02+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
verclsid.exe

ProductVersion
6.1.7600.16385

FileDescription
Extension CLSID Verification Host

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
16384

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 a9e0d7e94f555dc3a2db5e59e92ed778
SHA1 90e4ad0e21d2649e4182a8f41ed8c1a503e52a01
SHA256 6b6c00548e5e92127c8b2a78f02c1e9c9d10f5ef5aa98e3d1af14c0320d19ee2
ssdeep
3072:yozNAkO8MGjdBuUzDT+1pyJq+7iXBTDuu+SZ7ieW/:yoZLOjcuUzfipEBGB/IQ7i

authentihash 27d12c3223c2ec7ae0f1653c69f5242132354515bce8297d4bf6486a1c5f7d93
imphash 62cc114fbb0c2ea4cfe9f7329a041e91
File size 140.0 KB ( 143360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2017-04-11 22:19:14 UTC ( 1 month, 2 weeks ago )
Last submission 2017-04-17 02:45:06 UTC ( 1 month, 1 week ago )
File names sp.exe
verclsid.exe
winword.exe
a53e2dffa318e4703832a9901cd70ca69b9e8dc8
sp.exe.bin
Win32.Trojan.Agent@6b6c00548e5e92127c8b2a78f02c1e9c9d10f5ef5aa98e3d1af14c0320d19ee2.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
UDP communications