Skip to content

Instantly share code, notes, and snippets.

@KateLibC

KateLibC/gist:f041d529453d73dabe94

Created January 7, 2015 15:14
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save KateLibC/f041d529453d73dabe94 to your computer and use it in GitHub Desktop.
Save KateLibC/f041d529453d73dabe94 to your computer and use it in GitHub Desktop.
Download ZIP
VirusTotal MD5 results for %windir%
Raw
gistfile1.txt
MD5: ad61f7afe913b2642650504df283aa63
Path(s):
./winsxs/wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4a5d2c9ecd59afa7/dnscacheugc.exe
Detection details:
AegisLab - W32.Expiro
MD5: fcf5c8bb9afd8d15b324b702f9b186b7
Path(s):
./System32/ieetwcollector.exe
./winsxs/amd64_microsoft-windows-ie-ieetwcollector_31bf3856ad364e35_11.2.9600.17239_none_a584352617c3f1bb/ieetwcollector.exe
Detection details:
AegisLab - Win64.Expiro
MD5: bb88d7bf8b6d3fad2459a6e70105228a
Path(s):
./winsxs/amd64_microsoft-windows-g..ebuild-search-index_31bf3856ad364e35_6.1.7601.17610_none_1d10224d57ce5c5e/rebuildSearchIndex.exe
Detection details:
AegisLab - Win64.Expiro
MD5: e3406f3104957c4967826e7c06ff77fd
Path(s):
./Installer/{236BB7C4-4419-42FD-0409-1E257A25E34D}/NewShortcut1_236BB7C4441942FD04091E257A25E34D.exe
Detection details:
TheHacker - W32/Leave.gu
MD5: ea6eadf6314e43783ba8eee79f93f73c
Path(s):
./winsxs/wow64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7600.16385_none_352647b674b9e378/sidebar.exe
Detection details:
ByteHero - Trojan.Win32.Heur.098
MD5: 46b8be4f4ba4d853c6825956d98021e2
Path(s):
./winsxs/amd64_microsoft-windows-fsutil_31bf3856ad364e35_6.1.7601.21680_none_2ac406171fe62477/fsutil.exe
Detection details:
AegisLab - Win64.Expiro
MD5: bfd3178735d97c858ffa467f8199700c
Path(s):
./SoftwareDistribution/Download/e0e3274808cbc64c021ffcb005720a65/amd64_microsoft-windows-ie-ieetwcollector_31bf3856ad364e35_11.2.9600.17126_none_a58e492017bc6f90/ieetwcollector.exe
Detection details:
AegisLab - Win64.Expiro
MD5: 19340d1fba1a2a3c96f1a2c84a9ec415
Path(s):
./System32/Speech/SpeechUX/SpeechUXTutorial.exe
./winsxs/amd64_microsoft-windows-speech-userexperience_31bf3856ad364e35_6.1.7600.16385_none_77fee1b2657da663/SpeechUXTutorial.exe
./winsxs/amd64_microsoft-windows-speech-userexperience_31bf3856ad364e35_6.1.7601.17514_none_7a2ff57a626c29fd/SpeechUXTutorial.exe
Detection details:
Bkav - HW64.packed.8090
MD5: 8daacebf0e55cfb82b01fc450576be5a
Path(s):
./System32/IME/IMEJP10/imjpuexc.exe
./winsxs/amd64_microsoft-windows-d..andlinepropertytool_31bf3856ad364e35_6.1.7601.17514_none_696354579779eadf/imjpuexc.exe
Detection details:
AegisLab - Win64.Expiro
MD5: 2830c1fca1da002a498eca5dbb0679ae
Path(s):
./winsxs/amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_6.1.7601.17514_none_12d42225a9a7aef7/showmount.exe
Detection details:
AegisLab - Win64.Expiro
MD5: 6e570050e6cf5d6f6dc1c1eef9bb3949
Path(s):
./System32/DriverStore/FileRepository/c7118908.inf_amd64_neutral_8dc4ff304e4afff6/B117547/atiapfxx.exe
Detection details:
Bkav - W32.Clod5f7.Trojan.f044
MD5: e78910d78ca05c06ed6455d401999402
Path(s):
./winsxs/amd64_microsoft-windows-shell-previewhost_31bf3856ad364e35_6.1.7600.20904_none_a0117c29336d4534/prevhost.exe
Detection details:
Bkav - HW64.packed.84DC
MD5: 2bf84985de59544a0460bb33f804da3a
Path(s):
./SysWOW64/ReAgentc.exe
./winsxs/x86_microsoft-windows-winre-recoverytools_31bf3856ad364e35_6.1.7601.17514_none_d7553e5fcf6b6373/ReAgentc.exe
Detection details:
AegisLab - W32.Virut
MD5: 37c7c89b03f9d39629eda545a1645d68
Path(s):
./SoftwareDistribution/Download/9b1fd27f7aca994956425ec72072da60/amd64_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7601.18539_none_735ca6b7203d6b5a/tzupd.exe
Detection details:
AegisLab - Win64.Expiro
MD5: 04ff24d66412fc1072f8d0b7cb83bcf5
Path(s):
./winsxs/wow64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7601.22252_none_b6b33b7d8557de1f/mstsc.exe
Detection details:
AegisLab - W32.Expiro
MD5: 334c44bf74df6af20a45a4477d995dbc
Path(s):
./Installer/{B74D4E10-1033-0000-0000-000000000001}/AdobeBridge_B74D4E10103300000000000000000001_1.exe
./Installer/{B74D4E10-1033-0000-0000-000000000001}/BridgeCommonShortcut_B74D4E101033000000000001_1.exe
Detection details:
TheHacker - W32/Leave.gu
MD5: bc3beeeeb1ada8687738d057ceed6f1c
Path(s):
./winsxs/amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d/appcmd.exe
Detection details:
AegisLab - Win64.Expiro
MD5: db4ffb795611eb2d8ab55d5fc047ce32
Path(s):
./winsxs/amd64_microsoft-windows-g..ewowregisteredowner_31bf3856ad364e35_6.1.7601.17671_none_e3b3f68bbb72a87b/UpdateWowRegisteredOwner.exe
Detection details:
AegisLab - Win64.Expiro
MD5: 3afa03119583647136c49b80dad38f19
Path(s):
./winsxs/amd64_microsoft-windows-ie-ieetwcollector_31bf3856ad364e35_11.2.9600.16428_none_a56da9e617d4f97e/ieetwcollector.exe
Detection details:
AegisLab - Win64.Expiro
MD5: 2145f324edfed2498adef6a0e2290ec2
Path(s):
./winsxs/x86_microsoft-windows-ie-pdm-configuration_31bf3856ad364e35_11.2.9600.16428_none_d6876629731ce419/PDMSetup.exe
Detection details:
AegisLab - W32.Virut
MD5: 1a42ea6484e6e1a773c2fd09e976e774
Path(s):
./winsxs/amd64_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7601.17514_none_736d5be520319b24/tzupd.exe
./winsxs/amd64_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7601.22156_none_73cd994e396e053e/tzupd.exe
./winsxs/amd64_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7601.22508_none_7405b1163943a0d3/tzupd.exe
Detection details:
AegisLab - Win64.Expiro
MD5: 199d8ecb6748b2b866cba52a8d092034
Path(s):
./winsxs/x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.1.7601.17514_none_f71e39745cb0f950/RMActivate_ssp_isv.exe
Detection details:
AegisLab - W32.Expiro
MD5: a3a132cbe48af0324466469f2caae8a2
Path(s):
./winsxs/amd64_microsoft-windows-ie-ieetwcollector_31bf3856ad364e35_11.2.9600.17041_none_a59b8b8817b20628/ieetwcollector.exe
Detection details:
AegisLab - Win64.Expiro
MD5: a236b1646e96ab06be0f8d592b6d9a0d
Path(s):
./System32/OxpsConverter.exe
./winsxs/amd64_oxpsconverter_31bf3856ad364e35_6.1.7601.17933_none_0804e1f7c5c64bf1/OxpsConverter.exe
Detection details:
K7GW - Trojan ( 700001171 )
MD5: b2120b16b3e221b4d3342e87867a5163
Path(s):
./winsxs/x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.1.7601.17514_none_71c62979c253e895/RMActivate_ssp.exe
Detection details:
AegisLab - W32.Expiro
MD5: d5a8dbf87c5e9ab71075a7ff16c1e719
Path(s):
./winsxs/amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f/PkgMgr.exe
Detection details:
AegisLab - Win64.Expiro
MD5: 4e1073b674746eea0b2ea0f4775ea6a4
Path(s):
./winsxs/amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.17514_none_7df14b591094e7ec/TsUsbRedirectionGroupPolicyControl.exe
Detection details:
AegisLab - Win64.Expiro
MD5: 25c460925c98446a96eedd3029e3e246
Path(s):
./winsxs/amd64_microsoft-windows-shell-previewhost_31bf3856ad364e35_6.1.7601.21663_none_a1b5f77730c54248/prevhost.exe
Detection details:
Bkav - HW64.packed.E463
MD5: 5b96f9bebf4de1722b9d4646305222dc
Path(s):
./winsxs/x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.1.7601.22530_none_ebc92b07671d5e00/RMActivate_isv.exe
Detection details:
AegisLab - W32.Virut
MD5: 916cec665a9879deb15bbdd943b7350b
Path(s):
./SoftwareDistribution/Download/a1c89802275d7f027da0a0bd82ca400b/amd64_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7601.18588_none_732596d12066ddb8/tzupd.exe
Detection details:
AegisLab - Win64.Expiro
MD5: 9c64d5c8a624f506c87e7a4a8682a322
Path(s):
./winsxs/amd64_microsoft-windows-shell-previewhost_31bf3856ad364e35_6.1.7600.16762_none_9f44fd5c1a821d3b/prevhost.exe
Detection details:
Bkav - HW64.packed.A128
MD5: e01d2ac63453534db8ad1ea97dee9c3a
Path(s):
./SysWOW64/RMActivate_isv.exe
./winsxs/x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.1.7601.18332_none_eb418cea4dfdf3bd/RMActivate_isv.exe
Detection details:
AegisLab - W32.Virut
MD5: dc0b0581268858f95766139a394426e7
Path(s):
./winsxs/amd64_microsoft-windows-g..validatefntcache-03_31bf3856ad364e35_6.1.7601.17888_none_a6ac762931614073/invalidateFntcache.exe
Detection details:
AegisLab - Win64.Expiro
MD5: f642e79073c719e0bf2f500b84236944
Path(s):
./Installer/{E9787678-1033-0000-8E67-000000000001}/AppLanuchShortcut_E9787678103300008E67000000000001_1.exe
./Installer/{E9787678-1033-0000-8E67-000000000001}/ProgramMenuShortcut_E9787678103300008E670000000001_1.exe
Detection details:
TheHacker - W32/Leave.gu
MD5: 725d0cd0bc104b47b1975319712e280b
Path(s):
./winsxs/amd64_microsoft-windows-g..validatefntcache-02_31bf3856ad364e35_6.1.7601.17621_none_a6f11fcb312ed12d/invalidateFntcache.exe
Detection details:
AegisLab - Win64.Expiro
MD5: 3cced287ec7df84cec633a9a4e03dd62
Path(s):
./winsxs/amd64_microsoft-windows-g..ebuild-search-index_31bf3856ad364e35_6.1.7601.21720_none_1d8eef2c70f41819/rebuildSearchIndex.exe
Detection details:
AegisLab - Win64.Expiro
MD5: a45092e6f09f68118b27e31bc0b2c014
Path(s):
./winsxs/amd64_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.5.7601.17514_none_af500e3c7fc49bc4/wuapp.exe
Detection details:
AegisLab - Win64.Expiro
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment