× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 922ede49a8278b71c666f6f92b34ada58319a68ded7f2885bf30a4bbb10ae756
File name: 0274.exe
Detection ratio: 25 / 61
Analysis date: 2017-05-08 04:55:35 UTC ( 1 year, 9 months ago )
Antivirus Result Update
AegisLab Uds.Dangerousobject.Multi!c 20170508
AVG Atros5.BCZH 20170508
Avira (no cloud) TR/Crypt.ZPACK.ubzjh 20170507
AVware Trojan.Win32.Generic!BT 20170508
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170503
Bkav HW32.Packed.DA4C 20170506
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Endgame malicious (high confidence) 20170503
ESET-NOD32 a variant of Win32/GenKryptik.AETS 20170508
Fortinet W32/GenKryptik.AETS!tr 20170508
GData Win32.Trojan.Agent.UKRUGE 20170508
Ikarus Trojan.Win32.Krypt 20170507
Sophos ML backdoor.win32.prosti.l 20170413
Kaspersky Backdoor.Win32.Dridex.je 20170508
McAfee RDN/Generic.grp 20170508
McAfee-GW-Edition RDN/Generic.grp 20170507
NANO-Antivirus Trojan.Win32.Dridex.eohhnp 20170507
Palo Alto Networks (Known Signatures) generic.ml 20170508
Sophos AV Mal/Generic-S 20170508
Symantec Trojan.Gen.2 20170507
Tencent Win32.Backdoor.Dridex.Ajvd 20170508
TrendMicro-HouseCall TROJ_GEN.R0EDC0FE717 20170508
VBA32 suspected of Malware-Cryptor.General.5 20170506
VIPRE Trojan.Win32.Generic!BT 20170508
ZoneAlarm by Check Point Backdoor.Win32.Dridex.je 20170508
Ad-Aware 20170508
AhnLab-V3 20170508
Alibaba 20170508
ALYac 20170508
Antiy-AVL 20170508
Arcabit 20170508
Avast 20170508
BitDefender 20170508
CAT-QuickHeal 20170508
ClamAV 20170508
CMC 20170507
Comodo 20170508
Cyren 20170508
DrWeb 20170508
Emsisoft 20170508
F-Prot 20170508
F-Secure 20170508
Jiangmin 20170508
K7AntiVirus 20170508
K7GW 20170508
Kingsoft 20170508
Malwarebytes 20170508
Microsoft 20170508
eScan 20170508
nProtect 20170508
Panda 20170507
Qihoo-360 20170508
Rising 20170429
SentinelOne (Static ML) 20170330
SUPERAntiSpyware 20170507
Symantec Mobile Insight 20170504
TheHacker 20170508
TotalDefense 20170508
TrendMicro 20170508
Trustlook 20170508
ViRobot 20170508
WhiteArmor 20170502
Yandex 20170504
Zillya 20170505
Zoner 20170508
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name verclsid.exe
Internal name verclsid.exe
File version 6.1.7601.16385 (win7_rtm.090713-1255)
Description Extension CLSID Verification Host
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-05 13:01:39
Entry Point 0x00001C00
Number of sections 10
PE sections
PE imports
PrintDlgW
ImmUnregisterWordA
OpenMutexA
WriteProcessMemory
LoadLibraryW
lstrcpyA
GetTimeFormatA
SetFileAttributesW
GetProcAddress
DsUnBindA
DsReplicaSyncAllW
wnsprintfW
wsprintfA
wcslen
atof
CoInitializeEx
CoLockObjectExternal
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
159744

EntryPoint
0x1c00

OriginalFileName
verclsid.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.16385 (win7_rtm.090713-1255)

TimeStamp
2017:05:05 14:01:39+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
verclsid.exe

ProductVersion
6.1.7601.16385

FileDescription
Extension CLSID Verification Host

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
12288

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 e0c9da5483c9734d0bcfc3e4f9c674c6
SHA1 bb884fbd7b638fc42b2dc711903ce1c6f53cc259
SHA256 922ede49a8278b71c666f6f92b34ada58319a68ded7f2885bf30a4bbb10ae756
ssdeep
1536:/UVvCCGZWmTBcRAwMIjTZbqKc+CBInK/Z5T8Tayo7BX055eHvGTN6/Vxb5UGcvMg:yGZWkBcMIpjikfo7Rsm+Ix74M/quk

authentihash 1bfba7ede2eeb1e68a92918ac140cbc4a65b5a45a24bc99f0e57e418cd8101cc
imphash dbf45d9a72f6df0c201899c72fa60201
File size 136.0 KB ( 139264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-05-05 12:51:07 UTC ( 1 year, 9 months ago )
Last submission 2017-05-05 12:51:07 UTC ( 1 year, 9 months ago )
File names 0274.exe
verclsid.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications