home

clwireg_x64.exe

Microsoft Visual Studio 2008

Microsoft Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from 10.70.21.234 and multiple other hosts.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft® Visual Studio® 2008

Description:
Microsoft .NET Framework Registration Correction Tool

Version:
9.0.30519.0 built by: DTG(MICARLS1-micarls)

MD5:
c113fe3acbaa40ab0f68f08f212c7608

SHA-1:
1de60eec5314d66263503ed6a903add4ca807b50

SHA-256:
9337e74de00a881de92030110eebe0fe80516f7064a58b696cf51216e7b9c5f3

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
11/24/2024 2:59:49 PM UTC  (today)

File size:
128.5 KB (131,608 bytes)

Product version:
9.0.30519.0

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
clwireg.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\dotnetfx35sp1\tools\clwireg_x64.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
8/23/2007 2:23:13 AM

Valid to:
2/23/2009 1:33:13 AM

Subject:
CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
610F784D000000000003

File PE Metadata
Compilation timestamp:
6/3/2008 1:41:29 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:QdHgZZXaDc0mp1oFvs/mqKWGEKeUy6Gn58CYeg8Cu1k:SHgvYjm10sXGEsy6GKCYFak

Entry address:
0x46D4

Entry point:
48, 83, EC, 28, E8, 43, 2D, 00, 00, 48, 83, C4, 28, E9, 52, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, 29, 7B, 01, 00, 75, 11, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 02, F3, C3, 48, C1, C9, 10, E9, BD, 2D, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, 40, 53, 48, 83, EC, 30, 49, 8B, C0, 4D, 85, C9, 74, 4B, 48, 85, C9, 75, 25, E8, 54, 34, 00, 00, BB, 16, 00, 00, 00, 48, 83, 64, 24, 20, 00, 45, 33, C9, 45, 33, C0, 33, D2, 33...
 
[+]

Code size:
81 KB (82,944 bytes)

The file clwireg_x64.exe has been seen being distributed by the following 10 URLs.

http://10.70.21.234/UNIERPSmartDeploy/DotNetFX35SP1/.../clwireg_x64.exe

http://113.160.155.90/UNIERPSmartDeploy/DotNetFX35SP1/.../clwireg_x64.exe

http://125.212.132.121/UNIERPSmartDeploy/DotNetFX35SP1/.../clwireg_x64.exe

http://update.software.trotec.com/DotNetFX35SP1/.../clwireg_x64.exe

http://212.62.32.199/RestitucijaARInstallerProdukcija/DotNetFX35SP1/.../clwireg_x64.exe

http://ecr.daisytech.bg/ECRManager/DotNetFX35SP1/.../clwireg_x64.exe

http://downloadcentre.sdl.com/prerequisites/DotNetFX35SP1/.../clwireg_x64.exe

http://download.microsoft.com/download/6/4/B/.../clwireg_x64.exe

http://aaccsvr/agentdesktop/DotNetFX35SP1/.../clwireg_x64.exe

about:internet

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.