× I cookies sono disabilitati! Questo sito richiede i cookies abilitati per funzionare correttamente
SHA256: 760390f07cefafadece0638a643d69964433041abeab09b65bfcdb922c047872
Nome del file: verclsid.exe
Rapporto rilevamento: 57 / 63
Data analisi: 2017-08-18 23:55:23 UTC ( 1 giorno, 15 ore fa )
Antivirus Risultato Aggiornamento
Ad-Aware Trojan.GenericKD.4888239 20170818
AegisLab Ml.Attribute.Gen!c 20170818
AhnLab-V3 Backdoor/Win32.Dridex.R198857 20170818
ALYac Trojan.Dridex.A 20170818
Antiy-AVL Trojan[Backdoor]/Win32.Dridex 20170818
Arcabit Trojan.Generic.D4A96AF 20170818
Avast Win32:Malware-gen 20170818
AVG Win32:Malware-gen 20170818
Avira (no cloud) TR/AD.Inject.bdmls 20170818
AVware Trojan.Win32.Generic!BT 20170818
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170817
BitDefender Trojan.GenericKD.4888239 20170818
CAT-QuickHeal Backdoor.Drixed 20170818
Comodo TrojWare.Win32.TrojanDropper.NCP.hlbfb 20170818
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20170819
Cyren W32/Dridex.KYUQ-3795 20170818
DrWeb Trojan.Inject2.53025 20170818
Emsisoft Trojan.GenericKD.4888239 (B) 20170818
Endgame malicious (high confidence) 20170721
ESET-NOD32 Win32/Dridex.BC 20170818
F-Prot W32/Dridex.KM 20170818
F-Secure Trojan.GenericKD.4888239 20170818
Fortinet W32/DRIDEX.HS!tr 20170818
GData Win32.Trojan-Spy.Dridex.A36IGA 20170818
Ikarus Trojan.Win32.Agent 20170818
Sophos ML heuristic 20170818
Jiangmin Backdoor.Dridex.ax 20170818
K7AntiVirus Trojan ( 0050acd61 ) 20170818
K7GW Trojan ( 0050acd61 ) 20170817
Kaspersky Backdoor.Win32.Dridex.hs 20170818
Malwarebytes Trojan.Dridex 20170818
MAX malware (ai score=89) 20170818
McAfee Generic.abl 20170818
McAfee-GW-Edition BehavesLike.Win32.Virut.cc 20170818
Microsoft VirTool:Win32/Injector 20170818
eScan Trojan.GenericKD.4888239 20170818
NANO-Antivirus Trojan.Win32.Dridex.enuutq 20170818
nProtect Backdoor/W32.Dridex.151552.D 20170818
Palo Alto Networks (Known Signatures) generic.ml 20170819
Panda Trj/WLT.C 20170818
Qihoo-360 Trojan.Generic 20170819
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Troj/Dridex-XK 20170818
Symantec Trojan.Cridex 20170818
Tencent Win32.Trojan.Agent.Mtug 20170819
TheHacker Trojan/Agent.yuh 20170817
TrendMicro BKDR_HANCITOR.YYSWN 20170818
TrendMicro-HouseCall BKDR_HANCITOR.YYSWN 20170818
VBA32 Trojan.Filecoder 20170818
VIPRE Trojan.Win32.Generic!BT 20170818
ViRobot Trojan.Win32.S.Agent.151552.DQU 20170818
Webroot W32.Trojan.Gen 20170819
Yandex Backdoor.Dridex! 20170818
Zillya Backdoor.Dridex.Win32.40 20170817
ZoneAlarm by Check Point Backdoor.Win32.Dridex.hs 20170818
Zoner Trojan.Dridex 20170818
Alibaba 20170818
ClamAV 20170818
CMC 20170818
Kingsoft 20170819
SUPERAntiSpyware 20170818
Symantec Mobile Insight 20170818
TotalDefense 20170818
Trustlook 20170819
WhiteArmor 20170817
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name verclsid.exe
Internal name verclsid.exe
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Extension CLSID Verification Host
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-04-19 13:27:52
Entry Point 0x000020F0
Number of sections 10
PE sections
PE imports
CryptDuplicateKey
ClearEventLogW
ClusterResourceEnum
CertAddSerializedElementToStore
CertGetCRLContextProperty
CertFindAttribute
SelectPalette
SetDCBrushColor
ModifyWorldTransform
PolylineTo
SetColorAdjustment
FreeLibrary
InterlockedExchange
LocalFree
RaiseException
LocalAlloc
ExpandEnvironmentStringsW
LoadLibraryW
GetLastError
HeapQueryInformation
lstrcpyA
HeapAlloc
EnumResourceNamesA
GetTempFileNameW
BackupWrite
GlobalUnlock
GetProcAddress
LoadLibraryA
SystemTimeToTzSpecificLocalTime
MprConfigGetGuidName
DsBindWithCredW
VarBstrFromUI1
SafeArrayCreateVectorEx
VarDateFromCy
BSTR_UserUnmarshal
RpcBindingInqObject
NdrSimpleStructBufferSize
RpcBindingServerFromClient
SetupDiCreateDeviceInfoA
SetupQueueCopyIndirectW
SHPathPrepareForWriteW
wnsprintfW
AssocQueryKeyW
VerifySignature
wsprintfA
FindWindowExA
IntersectRect
CharNextA
OpenWindowStationW
SetScrollInfo
SystemParametersInfoW
DefWindowProcA
SetUserObjectSecurity
GetMenuBarInfo
SetCursor
FindCloseUrlCache
InternetSetOptionA
timeEndPeriod
waveInClose
waveOutGetErrorTextW
getprotobyname
SCardListCardsW
CoFileTimeNow
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x20f0

OriginalFileName
verclsid.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2017:04:19 14:27:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
verclsid.exe

ProductVersion
6.1.7600.16385

FileDescription
Extension CLSID Verification Host

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
16384

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 2d1d89f4430e9cf58e364f93177a0933
SHA1 28641958f117e8f24e19a7d9756157987449e534
SHA256 760390f07cefafadece0638a643d69964433041abeab09b65bfcdb922c047872
ssdeep
3072:aIewadROmMTIX36iXZ6Nbv/lcFxsNYEygpaqtCAFJRw:afdROlTwH8NzlQxHIJ

authentihash 0668f4c305a1ab6b1d88348446654cfa76097b088335e5a69307851319ad0275
imphash 2fa2e2184c1b2c34bf6a50cab49515eb
File size 148.0 KB ( 151552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-04-19 09:31:08 UTC ( 4 mesi fa )
Last submission 2017-08-18 23:55:23 UTC ( 1 giorno, 15 ore fa )
Nomi dei files redchip2 - Copy.exe
redchip4.exe.3232.dr
verclsid.exe
redchip2.exe.4072.dr
6gfd43.malware
2017-04-19-dridex-executable.exe
Spyware(Dridex02).exe
2017-04-19-Dridex-executable.exe
redchip2.exe
Dridex-executable.exe
redchip2.exe.964549679.DROPPED.ex_
MAL.exe
2d1d89f4430e9cf58e364f93177a0933.exe
Advanced heuristic and reputation engines
Behaviour characterization
Zemana
dll-injection

Nessun commento. Nessun membro della Comunità di VirusTotal ha commentato questo item, sii il primo a farlo!

Lascia il tuo commento...

?
Posta commento

Non ti sei ancora collegato. Solo gli utenti registrati possono commentare, collegati ed esprimi il tuo giudizio!

Nessun voto. Nessuno ha ancora votato questo item, sii il primo a farlo!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications