× Куки вимкнені! Цей сайт потребує ввімкнення куків для правильної роботи
SHA256: 760390f07cefafadece0638a643d69964433041abeab09b65bfcdb922c047872
Назва файлу: verclsid.exe
Співвідношення виявлення: 52 / 61
Дата дослідження: 2017-05-10 06:39:57 UTC ( 2 тижні тому )
Противірус Підсумок Оновлення
Ad-Aware Trojan.GenericKD.4888239 20170510
AegisLab Ml.Attribute.Gen!c 20170510
AhnLab-V3 Backdoor/Win32.Dridex.R198857 20170509
ALYac Trojan.Dridex.A 20170510
Antiy-AVL Trojan[Backdoor]/Win32.Dridex 20170510
Arcabit Trojan.Generic.D4A96AF 20170510
Avast Win32:Malware-gen 20170510
AVG Agent6.BBVR 20170509
Avira (no cloud) TR/AD.Inject.bdmls 20170509
AVware Trojan.Win32.Generic!BT 20170508
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170503
BitDefender Trojan.GenericKD.4888239 20170510
Bkav HW32.Packed.E70C 20170509
CAT-QuickHeal Backdoor.Drixed 20170510
Comodo TrojWare.Win32.TrojanDropper.NCP.hlbfb 20170510
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/Trojan.VWQU-4142 20170510
DrWeb Trojan.Inject2.53025 20170510
Emsisoft Trojan.GenericKD.4888239 (B) 20170510
Endgame malicious (high confidence) 20170503
ESET-NOD32 Win32/Agent.YUH 20170510
F-Prot W32/Dridex.KM 20170510
F-Secure Trojan.GenericKD.4888239 20170510
Fortinet W32/DRIDEX.HS!tr 20170510
GData Win32.Trojan-Spy.Dridex.A36IGA 20170510
Ikarus Trojan.Win32.Agent 20170509
Invincea virus.win32.ramnit.j 20170413
K7AntiVirus Trojan ( 0050acd61 ) 20170510
K7GW Trojan ( 0050acd61 ) 20170510
Kaspersky Backdoor.Win32.Dridex.hs 20170510
Malwarebytes Trojan.Dridex 20170510
McAfee Generic.abl 20170510
McAfee-GW-Edition BehavesLike.Win32.Downloader.cc 20170509
Microsoft VirTool:Win32/Injector 20170510
eScan Trojan.GenericKD.4888239 20170510
NANO-Antivirus Trojan.Win32.Dridex.enuutq 20170510
Palo Alto Networks (Known Signatures) generic.ml 20170510
Panda Trj/WLT.C 20170509
Qihoo-360 Trojan.Generic 20170510
Rising Malware.Generic.2!tfe (cloud:R5vDwcVaAhU) 20170510
Sophos Troj/Dridex-XK 20170510
Symantec Trojan.Cridex 20170509
Tencent Win32.Trojan.Agent.Mtug 20170510
TrendMicro BKDR_HANCITOR.YYSWN 20170510
TrendMicro-HouseCall BKDR_HANCITOR.YYSWN 20170510
VBA32 Trojan.Filecoder 20170506
VIPRE Trojan.Win32.Generic!BT 20170510
ViRobot Trojan.Win32.S.Agent.151552.DQU[h] 20170510
Webroot W32.Trojan.Gen 20170510
Yandex Backdoor.Dridex! 20170504
Zillya Backdoor.Dridex.Win32.40 20170505
ZoneAlarm by Check Point Backdoor.Win32.Dridex.hs 20170510
Alibaba 20170510
ClamAV 20170510
CMC 20170510
Jiangmin 20170510
Kingsoft 20170510
nProtect 20170510
SentinelOne (Static ML) 20170330
SUPERAntiSpyware 20170510
Symantec Mobile Insight 20170510
TheHacker 20170508
Trustlook 20170510
WhiteArmor 20170502
Zoner 20170510
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name verclsid.exe
Internal name verclsid.exe
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Extension CLSID Verification Host
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-04-19 13:27:52
Entry Point 0x000020F0
Number of sections 10
PE sections
PE imports
CryptDuplicateKey
ClearEventLogW
ClusterResourceEnum
CertAddSerializedElementToStore
CertGetCRLContextProperty
CertFindAttribute
SelectPalette
SetDCBrushColor
ModifyWorldTransform
PolylineTo
SetColorAdjustment
FreeLibrary
InterlockedExchange
LocalFree
RaiseException
LocalAlloc
ExpandEnvironmentStringsW
LoadLibraryW
GetLastError
HeapQueryInformation
lstrcpyA
HeapAlloc
EnumResourceNamesA
GetTempFileNameW
BackupWrite
GlobalUnlock
GetProcAddress
LoadLibraryA
SystemTimeToTzSpecificLocalTime
MprConfigGetGuidName
DsBindWithCredW
VarBstrFromUI1
SafeArrayCreateVectorEx
VarDateFromCy
BSTR_UserUnmarshal
RpcBindingInqObject
NdrSimpleStructBufferSize
RpcBindingServerFromClient
SetupDiCreateDeviceInfoA
SetupQueueCopyIndirectW
SHPathPrepareForWriteW
wnsprintfW
AssocQueryKeyW
VerifySignature
wsprintfA
FindWindowExA
IntersectRect
CharNextA
OpenWindowStationW
SetScrollInfo
SystemParametersInfoW
DefWindowProcA
SetUserObjectSecurity
GetMenuBarInfo
SetCursor
FindCloseUrlCache
InternetSetOptionA
timeEndPeriod
waveInClose
waveOutGetErrorTextW
getprotobyname
SCardListCardsW
CoFileTimeNow
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x20f0

OriginalFileName
verclsid.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2017:04:19 14:27:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
verclsid.exe

ProductVersion
6.1.7600.16385

FileDescription
Extension CLSID Verification Host

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
16384

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 2d1d89f4430e9cf58e364f93177a0933
SHA1 28641958f117e8f24e19a7d9756157987449e534
SHA256 760390f07cefafadece0638a643d69964433041abeab09b65bfcdb922c047872
ssdeep
3072:aIewadROmMTIX36iXZ6Nbv/lcFxsNYEygpaqtCAFJRw:afdROlTwH8NzlQxHIJ

authentihash 0668f4c305a1ab6b1d88348446654cfa76097b088335e5a69307851319ad0275
imphash 2fa2e2184c1b2c34bf6a50cab49515eb
Розмір файлу 148.0 Кб ( 151552 bytes )
Тип файлу Win32 EXE
Чарівні букви
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-04-19 09:31:08 UTC ( 1 місяць тому )
Last submission 2017-05-09 16:18:50 UTC ( 2 тижні, 1 день тому )
Назви файлів redchip2 - Copy.exe
redchip4.exe.3232.dr
verclsid.exe
redchip2.exe.4072.dr
6gfd43.malware
2017-04-19-dridex-executable.exe
2017-04-19-Dridex-executable.exe
redchip2.exe
Dridex-executable.exe
redchip2.exe.964549679.DROPPED.ex_
MAL.exe
2d1d89f4430e9cf58e364f93177a0933.exe
Advanced heuristic and reputation engines
Behaviour characterization
Zemana
dll-injection

Немає дописів. Жоден член VirusTotal Спільноти ще не писав з цього приводу, Ви можете стати першим, хто зробить це!

Напишіть свій допис…

?
Залишити допис

Ви не ввійшли в систему. Лише зареєстровані користувачі можуть залишати дописи, увійдіть для отримання прав!

Немає голосів. Наразі ніхто не проголосував з цього приводу, Ви можете стати першим, хто зробить це!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications