home

clwireg.exe

Microsoft Visual Studio 2008

Microsoft Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from 103.3.32.206 and multiple other hosts.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft® Visual Studio® 2008

Description:
Microsoft .NET Framework Registration Correction Tool

Version:
9.0.30519.0 built by: DTG(MICARLS1-micarls)

MD5:
77f1b033c0c892c91206f496a9127fae

SHA-1:
5abc962c97e49d9588f7bef83c0feafc520aeda4

SHA-256:
b26c0cacd19b52e8d5c28bad52cd72909886f9b4f3b3b15d672945993fc06c71

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/20/2024 11:27:14 AM UTC  (today)

File size:
111.5 KB (114,200 bytes)

Product version:
9.0.30519.0

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
clwireg.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\dotnetfx35sp1\tools\clwireg.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
8/23/2007 2:23:13 AM

Valid to:
2/23/2009 1:33:13 AM

Subject:
CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
610F784D000000000003

File PE Metadata
Compilation timestamp:
6/3/2008 1:39:02 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:/D07x4OnK1Ljjg0hi7Vxg4F5iEdn8Cu1d:gqOnK1Ljjg0wRxg4a+ad

Entry address:
0x6C3A

Entry point:
E8, 02, 28, 00, 00, E9, A0, FE, FF, FF, CC, CC, CC, CC, CC, 3B, 0D, 44, 81, 41, 00, 75, 02, F3, C3, E9, 84, 28, 00, 00, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 8B, 45, 14, 56, 57, 33, FF, 3B, C7, 74, 47, 39, 7D, 08, 75, 1B, E8, 96, 2E, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 15, 2E, 00, 00, 83, C4, 14, 8B, C6, EB, 29, 39, 7D, 10, 74, E0, 39, 45, 0C, 73, 0E, E8, 71, 2E, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, D7, 50, FF, 75, 10, FF, 75, 08, E8, 3F, 29, 00, 00, 83, C4, 0C, 33, C0, 5F, 5E, 5D, C3...
 
[+]

Code size:
88.5 KB (90,624 bytes)

The file clwireg.exe has been seen being distributed by the following 12 URLs.

http://103.3.32.206/msupdate/6/4/B/.../clwireg.exe

http://10.70.21.234/UNIERPSmartDeploy/DotNetFX35SP1/.../clwireg.exe

http://113.160.155.90/UNIERPSmartDeploy/DotNetFX35SP1/.../clwireg.exe

http://113.171.226.6/msupdate-hijack/id/6/4/B/.../clwireg.exe/original/download.microsoft.com/download/6/4/B/.../clwireg.exe

http://125.212.132.121/UNIERPSmartDeploy/DotNetFX35SP1/.../clwireg.exe

http://update.software.trotec.com/DotNetFX35SP1/.../clwireg.exe

http://212.62.32.199/RestitucijaARInstallerProdukcija/DotNetFX35SP1/.../clwireg.exe

http://ecr.daisytech.bg/ECRManager/DotNetFX35SP1/.../clwireg.exe

http://downloadcentre.sdl.com/prerequisites/DotNetFX35SP1/.../clwireg.exe

http://113.171.224.168/.../clwireg.exe

http://download.microsoft.com/download/6/4/B/.../clwireg.exe

http://aaccsvr/agentdesktop/DotNetFX35SP1/.../clwireg.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.