» atieclx.exe
Overview
Analysis
File Details
Behaviors (1)

atieclx.exe

Imaging Devices Control Panel

Tencent Technology(Shenzhen) Company Limited

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable atieclx.exe, “Imaging Devices Control Panel” has been detected as malware by 25 anti-virus scanners. It runs as a windows Service named “Stuvwx Abcdefgh Jklmnopq Stuv”.

File name:

atieclx.exe

Publisher:

Microsoft Corporation (signed by Tencent Technology(Shenzhen) Company Limited)

Product:

Microsoft® Windows® Operating System

Description:

Imaging Devices Control Panel

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

MD5:

2805948eb0f3fa63ce36850677298abd

SHA-1:

97f9d7c4249883db76a85eba0faa7ccac8b15592

SHA-256:

f3ba68033e529738979e2bd8470734a94b500fb206ca67d76f150b4d4ea81996

Scanner detections:

25 / 68

Status:

Malware

Analysis date:

4/19/2024 12:15:53 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zegost.8

366

Agnitum Outpost

Trojan.Agent

7.1.1

AhnLab V3 Security

Backdoor/Win32.Agent

2015.05.04

avast!

Win32:Malware-gen

2014.9-160203

AVG

BackDoor.Generic_r

2017.0.2844

Bitdefender

Gen:Variant.Zegost.8

1.0.20.170

Bkav FE

HW32.Packed

1.3.0.6379

Comodo Security

TrojWare.Win32.Farfli.LK

21995

Dr.Web

Trojan.SpyBot.604

9.0.1.034

Emsisoft Anti-Malware

Gen:Variant.Zegost

8.16.02.03.12

ESET NOD32

Win32/Farfli.OY

10.11570

Fortinet FortiGate

W32/Farfli.PZ!tr

2/3/2016

F-Secure

Gen:Variant.Zegost.8

11.2016-03-02_4

G Data

Gen:Variant.Zegost

16.2.25

IKARUS anti.virus

Trojan.Win32.Staser

t3scan.1.8.9.0

K7 AntiVirus

Trojan

13.203.15791

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.717

MicroWorld eScan

Gen:Variant.Zegost.8

17.0.0.102

NANO AntiVirus

Trojan.Win32.Staser.deopon

0.30.24.1357

Norman

Agent.BAIQY

11.20160203

Panda Antivirus

Trj/Genetic.gen

16.02.03.12

Qihoo 360 Security

HEUR/QVM07.1.Malware.Gen

1.0.0.1015

Vba32 AntiVirus

Trojan.Staser

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

39928

Zillya! Antivirus

Trojan.Staser.Win32.2134

2.0.0.2165

File size:

245.4 KB (251,324 bytes)

Product version:

6.1.7600.16385

Original file name:

ImagingDevices.cpl

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Windows\System32\atieclx.exe

Digital Signature

Signed by:

Tencent Technology(Shenzhen) Company Limited

Authority:

VeriSign, Inc.

Valid from:

2/17/2008 4:00:00 PM

Valid to:

2/17/2009 3:59:59 PM

Subject:

CN=Tencent Technology(Shenzhen) Company Limited, OU=R&D, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Tencent Technology(Shenzhen) Company Limited, L=Shenzhen, S=Guangdong, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

7FC80871A66FE6B07D8CFCA5AF93014D

File PE Metadata

Compilation timestamp:

8/27/2014 10:11:35 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:X+Cw8tA3n6iU1mHewidZumeC2BInG7cX6O1+186p2YQnVB:X+dnCSeHZuJBgG7cqO1+qT7B

Entry address:

0x27CF

Entry point:

55, 8B, EC, 6A, FF, 68, 40, 74, 40, 00, 68, A0, 53, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 4C, 70, 40, 00, 33, D2, 8A, D4, 89, 15, 78, 64, 43, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 74, 64, 43, 00, C1, E1, 08, 03, CA, 89, 0D, 70, 64, 43, 00, C1, E8, 10, A3, 6C, 64, 43, 00, 33, F6, 56, E8, 62, 1E, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, AA, 29, 00, 00, FF, 15, 48, 70, 40, 00, A3, 7C, 69, 43, 00, E8... 
[+]

Entropy:

7.5883

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

24 KB (24,576 bytes)

Service

Display name:

Stuvwx Abcdefgh Jklmnopq Stuv

Service name:

Stuvwx Abcdefgh Jkl

Description:

Stuvwxya Cdefghijk Mnopqrs Uvwxyabc Efg

Type:

Win32OwnProcess, InteractiveProcess

Remove atieclx.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.