home

classicshellutility.exe

Ivaylo Beltchev

Publisher:
Ivaylo Beltchev  (signed and verified)

MD5:
2d7c64a29f31af5e52acea88d4f345f8

SHA-1:
d9137f2e6818fc946909b4b8a5850d88cce2dc86

SHA-256:
499cb0d97501cec43dbf00cce04bd7ad7d6f566c1cd78e9d7fe2cb0033e4d393

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 7:11:25 PM UTC  (today)

File size:
582.5 KB (596,448 bytes)

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
Ivaylo Beltchev

Authority:
StartCom Ltd.

Valid from:
7/6/2013 5:10:27 AM

Valid to:
7/6/2015 6:07:17 PM

Subject:
E=ivo@ibeltchev.com, CN=Ivaylo Beltchev, L=Redmond, S=Washington, C=US, Description=Wkn3SU1V6I6wWa28

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
0A5B

File PE Metadata
Compilation timestamp:
1/18/2014 8:59:54 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:LhVjyLfJyUJ0GdhYLUun7mE/hYl4Voquq1Gq:nuTjK0hfgz/el4Vorqd

Entry address:
0x1F185

Entry point:
E8, 66, 96, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 53, 33, DB, 39, 5D, 14, 75, 20, E8, F5, 0F, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 9E, E5, FF, FF, 83, C4, 14, 83, C8, FF, E9, 99, 00, 00, 00, 56, 8B, 75, 0C, 57, 8B, 7D, 10, 3B, FB, 74, 21, 3B, F3, 75, 1D, E8, C5, 0F, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 6E, E5, FF, FF, 83, C4, 14, 83, C8, FF, EB, 6A, B8, FF, FF, FF, 7F, 89, 45, E4, 3B, F8, 77, 03, 89, 7D, E4, FF, 75, 1C, 8D, 45, E0, FF, 75, 18, C7...
 
[+]

Entropy:
6.3345

Code size:
198.5 KB (203,264 bytes)

The file classicshellutility.exe has been seen being distributed by the following 3 URLs.

http://download1171.mediafire.com/7b8hfr2ckcig/.../ClassicShellUtility.exe

http://download1171.mediafire.com/ck5p1f2gpybg/.../ClassicShellUtility.exe

http://www.mediafire.com/download/.../ClassicShellUtility.exe

Scan classicshellutility.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.