» chext64.dll
Overview
Analysis
File Details
Behaviors (1)

chext64.dll

Open Source Developer, Józef Starosczyk

It is registered as a context menu handler (displays a menu when right-clicked in Explorer) named “chext”.

File name:

chext64.dll

Publisher:

Open Source Developer, Józef Starosczyk (signed and verified)

MD5:

99b6d8d0d62f9347457740f8bcf69f23

SHA-1:

6036d13e107481365524de904fbacf40d8e529ea

SHA-256:

ced148c1a79fac3e4239322cf0f8b5c5763a405c8613b9f94ae81eee0aca4534

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/24/2024 12:12:34 AM UTC (today)

File size:

1.5 MB (1,617,496 bytes)

File type:

Dynamic link library (Win64 DLL)

Common path:

C:\Program Files\copy handler\chext64.dll

Digital Signature

Signed by:

Open Source Developer, Józef Starosczyk

Authority:

Unizeto Technologies S.A.

Valid from:

1/11/2016 12:02:14 AM

Valid to:

1/10/2017 12:02:14 AM

Subject:

E=ixen@copyhandler.com, CN="Open Source Developer, Józef Starosczyk", O=Open Source Developer, C=PL

Issuer:

CN=Certum Level III CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

6A8CA74C28DB4978F2ACE8BC61A3BDEA

Registration

CLSIDs:

{3D855ACA-8274-4f1f-94E9-6BEF4FC2A2AF}, {B46F8244-86E6-43CF-B8AB-8C3A89928A48}, {E7A4C2DA-F3AF-4145-AC19-E3B215306A54}

ProgIDs:

chext.ShellExtControl.1, chext.DropMenuExt.1, chext.MenuExt.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

4/3/2016 6:37:42 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

24576:iLBSm4Ghl1YZsWsDO+JzBXePHsyg5uDQslg/ZIkItMX1mqZ:aH7usWsDO+JzBXePHjg5uDQ5/

Entry address:

0x98AB4

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, DB, 03, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 08, 48, 89, 70, 10, 48, 89, 78, 18, 41, 56, 48, 83, EC, 30, 49, 8B, F0, 8B, FA, 4C, 8B, F1, BB, 01, 00, 00, 00, 89, 58, E8, 89, 15, 55, F7, 0C, 00, 85, D2, 75, 12, 39, 15, CB, A4, 0D, 00, 75, 0A, 33, DB, 89, 58, E8, E9, CB, 00, 00... 
[+]

Entropy:

6.1225

Code size:

1007 KB (1,031,168 bytes)

Context Menu Handler

Display name:

chext

CLSID:

{E7A4C2DA-F3AF-4145-AC19-E3B215306A54}

CLSID name:

MenuExt Class

Scan chext64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.