» CLIStart.exe
Overview
Analysis
File Details
Behaviors (1)

CLIStart.exe

Catalyst Control Center

Advanced Micro Devices, Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘StartCCC’.

File name:

CLIStart.exe

Publisher:

Advanced Micro Devices, Inc. (signed and verified)

Product:

Catalyst® Control Center

Description:

Catalyst® Control Center Launcher

Version:

3.5.0.0

MD5:

5fc6ad6ae07f8827f954c4c6b73568e2

SHA-1:

62a3420b015f4a508483d06708b1e5f3192f25dd

SHA-256:

6a2c1328bfbfb8d41ce268c2d1c26b1e2fcf2e426a98a740536689fb568acfe9

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/20/2024 2:27:29 AM UTC (today)

File size:

749.2 KB (767,176 bytes)

Product version:

3.5.0.0

Original file name:

CLIStart.exe

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Program Files\amd\ati.ace\core-static\amd64\clistart.exe

Digital Signature

Signed by:

Advanced Micro Devices, Inc.

Authority:

VeriSign, Inc.

Valid from:

4/3/2013 2:00:00 AM

Valid to:

6/2/2016 1:59:59 AM

Subject:

CN="Advanced Micro Devices, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Advanced Micro Devices, Inc.", L=Sunnyvale, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

4CD9E755850C1372B48DC182A7308BAB

File PE Metadata

Compilation timestamp:

11/21/2014 3:19:54 AM

OS version:

6.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:lnzfdZwZsywJi7T+KfS8URIxUx5oMBULKv6gQu:l70ZsywU7TMl5vU2CgQ

Entry address:

0x2DD04

Entry point:

48, 83, EC, 28, E8, 1B, 94, 00, 00, 48, 83, C4, 28, E9, 02, 00, 00, 00, CC, CC, 48, 89, 5C, 24, 10, 48, 89, 74, 24, 18, 57, 48, 83, EC, 30, E8, 10, 5C, 00, 00, 0F, B7, F0, B9, 02, 00, 00, 00, E8, A7, 93, 00, 00, B8, 4D, 5A, 00, 00, 48, 8D, 3D, BB, 22, FD, FF, 66, 39, 05, B4, 22, FD, FF, 74, 04, 33, DB, EB, 31, 48, 63, 05, E3, 22, FD, FF, 48, 03, C7, 81, 38, 50, 45, 00, 00, 75, EA, B9, 0B, 02, 00, 00, 66, 39, 48, 18, 75, DF, 33, DB, 83, B8, 84, 00, 00, 00, 0E, 76, 09, 39, 98, F8, 00, 00, 00, 0F, 95, C3, 89... 
[+]

Entropy:

5.4579

Code size:

307.5 KB (314,880 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

StartCCC

Command:

"C:\Program Files\amd\ati.ace\core-static\amd64\clistart.exe" msrun

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.