× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: 6739c782d114307deaac42120a7061f51f9e74a86f1e60664997a269784143f2
Nombre: verclsid.exe
Detecciones: 54 / 68
Fecha de análisis: 2018-10-22 09:07:34 UTC ( hace 1 mes, 3 semanas )
Antivirus Resultado Actualización
Ad-Aware Trojan.GenericKD.4823002 20181022
AhnLab-V3 Backdoor/Win32.Dridex.R198857 20181022
ALYac Trojan.Dridex.A 20181022
Antiy-AVL Trojan/Win32.TSGeneric 20181022
Arcabit Trojan.Generic.D4997DA 20181022
Avast Win32:GenMalicious-NYM [Trj] 20181022
AVG Win32:GenMalicious-NYM [Trj] 20181022
Avira (no cloud) TR/Crypt.ZPACK.Gen2 20181022
BitDefender Trojan.GenericKD.4823002 20181022
Bkav HW32.Packed. 20181019
CAT-QuickHeal Backdoor.Dridex 20181021
ClamAV Win.Trojan.Agent-6260425-0 20181022
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180723
Cybereason malicious.f79cb0 20180225
Cylance Unsafe 20181022
Cyren W32/Agent.LXID-7388 20181022
DrWeb Trojan.Dridex.504 20181022
Emsisoft Trojan.GenericKD.4823002 (B) 20181022
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/Dridex.BC 20181022
F-Prot W32/Agent.MZLQ 20181022
F-Secure Trojan.GenericKD.4823002 20181022
Fortinet W32/Agent.YUH!tr 20181022
GData Win32.Trojan-Spy.Emotet.CO 20181022
Ikarus Trojan.Win32.Agent 20181022
Sophos ML heuristic 20180717
Jiangmin Backdoor.Dridex.aw 20181022
K7AntiVirus Trojan ( 0050acd61 ) 20181022
K7GW Trojan ( 0050acd61 ) 20181022
Kaspersky Backdoor.Win32.Dridex.gu 20181022
MAX malware (ai score=100) 20181022
McAfee Generic.abl 20181022
McAfee-GW-Edition BehavesLike.Win32.Generic.cc 20181022
Microsoft Backdoor:Win32/Drixed 20181022
eScan Trojan.GenericKD.4823002 20181022
NANO-Antivirus Trojan.Win32.Dridex.enscza 20181022
Palo Alto Networks (Known Signatures) generic.ml 20181022
Panda Trj/Agent.AAK 20181021
Qihoo-360 Win32/Backdoor.3c1 20181022
Rising Backdoor.Dridex!8.3226 (TFE:2:gP39N0O1EJN) 20181022
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Troj/Inject-CLN 20181022
Symantec Trojan.Cridex 20181022
TACHYON Backdoor/W32.Dridex.131072 20181022
Tencent Win32.Backdoor.Dridex.Dvzx 20181022
TrendMicro TSPY_KEGOTIP.YNP 20181022
TrendMicro-HouseCall TSPY_KEGOTIP.YNP 20181022
VBA32 Backdoor.Dridex 20181022
VIPRE Trojan.Win32.Generic!BT 20181022
ViRobot Trojan.Win32.Z.Dridex.131072.E 20181022
Webroot W32.Trojan.Gen 20181022
Yandex Trojan.Agent!xp8vuEkPCMY 20181020
ZoneAlarm by Check Point Backdoor.Win32.Dridex.gu 20181022
Zoner Trojan.Dridex 20181021
AegisLab 20181022
Alibaba 20180921
Avast-Mobile 20181022
Babable 20180918
Baidu 20181022
CMC 20181022
eGambit 20181022
Kingsoft 20181022
Malwarebytes 20181022
SUPERAntiSpyware 20181015
Symantec Mobile Insight 20181001
TheHacker 20181018
TotalDefense 20181022
Trustlook 20181022
Zillya 20181019
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name verclsid.exe
Internal name verclsid.exe
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Extension CLSID Verification Host
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-04-10 14:39:33
Entry Point 0x00001AA0
Number of sections 6
PE sections
PE imports
RegQueryValueExW
PolyDraw
StartPage
GetLastError
FileTimeToLocalFileTime
GetWindowsDirectoryW
LoadLibraryW
lstrcpyA
CopyFileA
FreeConsole
CompareStringOrdinal
GetProcAddress
MoveFileExA
MprAdminServerDisconnect
wnsprintfW
EnumerateSecurityPackagesW
wsprintfA
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Extension CLSID Verification Host

ImageFileCharacteristics
Executable, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
151552

EntryPoint
0x1aa0

OriginalFileName
verclsid.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2017:04:10 15:39:33+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
verclsid.exe

ProductVersion
6.1.7600.16385

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
12288

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 117da8ef79cb0d96c1c803709bd4827f
SHA1 e8d1972737c0c4f439350b0b297d9db4971f7240
SHA256 6739c782d114307deaac42120a7061f51f9e74a86f1e60664997a269784143f2
ssdeep
3072:2MpobNZ59u5b/+ce5drpyh1kfBFFw9PilpkCch4eSg:21NZ59uB/le5drc6fJYPilTs1

authentihash 77c46cfd6e52c328ff27d401aa5902d99838398c614b243241e6de5aafe771a6
imphash b6c65863c1795bee9de6674ac3cc19ce
Tamaño del fichero 128.0 KB ( 131072 bytes )
Tipo Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-04-11 11:34:04 UTC ( hace 1 año, 8 meses )
Last submission 2017-08-18 23:55:53 UTC ( hace 1 año, 4 meses )
Nombres verclsid.exe
potential_locky.exe
DRIDEX_1
localfile~
117da8ef79cb0d96c1c803709bd4827f
redchip2.exe-1491929177
redchip2.exe
redchip2 - Copy - Copy - Copy.exe-1491929177
redchip2.exe
redchip2 - Copy - Copy (2).exe-1491929177
redchip2 - Copy (2).exe-1491929177
redchip2.exe.964549679.DROPPED
DRIDEX
117da8ef79cb0d96c1c803709bd4827f.exe
redchip2.exe
redchip2.exe
A.exe
redchip2.exe
Behaviour characterization
Zemana
dll-injection

No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!