× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 760390f07cefafadece0638a643d69964433041abeab09b65bfcdb922c047872
File name: verclsid.exe
Detection ratio: 46 / 61
Analysis date: 2017-04-24 06:34:48 UTC ( 2 days, 16 hours ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4888239 20170424
AhnLab-V3 Backdoor/Win32.Dridex.R198857 20170424
ALYac Trojan.Dridex.A 20170423
Arcabit Trojan.Generic.D4A96AF 20170424
Avast Win32:Malware-gen 20170424
AVG Agent6.BBVR 20170424
Avira (no cloud) TR/AD.Inject.bdmls 20170423
AVware Trojan.Win32.Generic!BT 20170424
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170424
BitDefender Trojan.GenericKD.4888239 20170424
Bkav HW32.Packed.E70C 20170422
CAT-QuickHeal Backdoor.Drixed 20170424
Comodo TrojWare.Win32.TrojanDropper.NCP.hlbfb 20170424
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/Trojan.VWQU-4142 20170424
DrWeb Trojan.Inject2.53025 20170424
Emsisoft Trojan.GenericKD.4888239 (B) 20170424
Endgame malicious (high confidence) 20170419
ESET-NOD32 Win32/Agent.YUH 20170424
F-Secure Trojan.GenericKD.4888239 20170424
Fortinet W32/DRIDEX.HS!tr 20170424
GData Win32.Trojan-Spy.Dridex.A36IGA 20170424
Ikarus Trojan.Win32.Agent 20170423
Invincea virus.win32.ramnit.j 20170413
K7AntiVirus Trojan ( 0050acd61 ) 20170424
K7GW Trojan ( 0050acd61 ) 20170424
Kaspersky Backdoor.Win32.Dridex.hs 20170424
Malwarebytes Trojan.Dridex 20170423
McAfee RDN/Generic.grp 20170424
McAfee-GW-Edition BehavesLike.Win32.Downloader.cc 20170423
Microsoft VirTool:Win32/Injector 20170424
eScan Trojan.GenericKD.4888239 20170424
NANO-Antivirus Trojan.Win32.Dridex.enuutq 20170423
Palo Alto Networks (Known Signatures) generic.ml 20170424
Panda Trj/GdSda.A 20170423
Qihoo-360 Trojan.Generic 20170424
Rising Malware.Generic.2!tfe (cloud:R5vDwcVaAhU) 20170424
Sophos Troj/Dridex-XK 20170424
TrendMicro BKDR_HANCITOR.YYSWN 20170424
TrendMicro-HouseCall BKDR_HANCITOR.YYSWN 20170424
VBA32 Trojan.Filecoder 20170421
VIPRE Trojan.Win32.Generic!BT 20170424
ViRobot Trojan.Win32.S.Agent.151552.DQU[h] 20170424
Webroot W32.Trojan.Gen 20170424
Yandex Backdoor.Dridex! 20170421
ZoneAlarm by Check Point Backdoor.Win32.Dridex.hs 20170424
AegisLab 20170424
Alibaba 20170424
Antiy-AVL 20170424
ClamAV 20170424
CMC 20170421
F-Prot 20170424
Jiangmin 20170422
Kingsoft 20170424
nProtect 20170424
SentinelOne (Static ML) 20170330
SUPERAntiSpyware 20170424
Symantec Mobile Insight 20170424
Tencent 20170424
TheHacker 20170424
TotalDefense 20170424
Trustlook 20170424
WhiteArmor 20170409
Zillya 20170421
Zoner 20170424
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name verclsid.exe
Internal name verclsid.exe
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Extension CLSID Verification Host
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-04-19 13:27:52
Entry Point 0x000020F0
Number of sections 10
PE sections
PE imports
CryptDuplicateKey
ClearEventLogW
ClusterResourceEnum
CertAddSerializedElementToStore
CertGetCRLContextProperty
CertFindAttribute
SelectPalette
SetDCBrushColor
ModifyWorldTransform
PolylineTo
SetColorAdjustment
FreeLibrary
InterlockedExchange
LocalFree
RaiseException
LocalAlloc
ExpandEnvironmentStringsW
LoadLibraryW
GetLastError
HeapQueryInformation
lstrcpyA
HeapAlloc
EnumResourceNamesA
GetTempFileNameW
BackupWrite
GlobalUnlock
GetProcAddress
LoadLibraryA
SystemTimeToTzSpecificLocalTime
MprConfigGetGuidName
DsBindWithCredW
VarBstrFromUI1
SafeArrayCreateVectorEx
VarDateFromCy
BSTR_UserUnmarshal
RpcBindingInqObject
NdrSimpleStructBufferSize
RpcBindingServerFromClient
SetupDiCreateDeviceInfoA
SetupQueueCopyIndirectW
SHPathPrepareForWriteW
wnsprintfW
AssocQueryKeyW
VerifySignature
wsprintfA
FindWindowExA
IntersectRect
CharNextA
OpenWindowStationW
SetScrollInfo
SystemParametersInfoW
DefWindowProcA
SetUserObjectSecurity
GetMenuBarInfo
SetCursor
FindCloseUrlCache
InternetSetOptionA
timeEndPeriod
waveInClose
waveOutGetErrorTextW
getprotobyname
SCardListCardsW
CoFileTimeNow
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x20f0

OriginalFileName
verclsid.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2017:04:19 14:27:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
verclsid.exe

ProductVersion
6.1.7600.16385

FileDescription
Extension CLSID Verification Host

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
16384

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 2d1d89f4430e9cf58e364f93177a0933
SHA1 28641958f117e8f24e19a7d9756157987449e534
SHA256 760390f07cefafadece0638a643d69964433041abeab09b65bfcdb922c047872
ssdeep
3072:aIewadROmMTIX36iXZ6Nbv/lcFxsNYEygpaqtCAFJRw:afdROlTwH8NzlQxHIJ

authentihash 0668f4c305a1ab6b1d88348446654cfa76097b088335e5a69307851319ad0275
imphash 2fa2e2184c1b2c34bf6a50cab49515eb
File size 148.0 KB ( 151552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-04-19 09:31:08 UTC ( 1 week ago )
Last submission 2017-04-23 22:31:05 UTC ( 3 days, 1 hour ago )
File names redchip2 - Copy.exe
redchip4.exe.3232.dr
verclsid.exe
redchip2.exe.4072.dr
6gfd43.malware
2017-04-19-dridex-executable.exe
2017-04-19-Dridex-executable.exe
redchip2.exe
redchip2.exe.964549679.DROPPED.ex_
MAL.exe
2d1d89f4430e9cf58e364f93177a0933.exe
Advanced heuristic and reputation engines
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications