home

GenuineCheck.exe

Microsoft Genuine Advantage

Microsoft Corporation

This is installed with Windows Media Player 11. The file has been seen being downloaded from downloads.ziddu.com and multiple other hosts.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft Genuine Advantage

Description:
Genuine Windows Validation

Version:
1.9.0042.0

MD5:
c191c746cd975ce2dd5f8b5e009f8385

SHA-1:
e1ac8ff6434acfbe2f06d16bbab377732c892589

SHA-256:
c4d163cabd288dfb98b0b9d5a1d050885481c3d0cc5010405df50be128ff5e7c

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/26/2024 10:15:32 AM UTC  (today)

File size:
1.5 MB (1,528,184 bytes)

Product version:
1.9.0042.0

Copyright:
© 1995-2008 Microsoft Corporation

Original file name:
GenuineCheck.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\genuinecheck.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
10/22/2008 5:24:55 PM

Valid to:
1/22/2010 4:34:55 PM

Subject:
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
61062781000000000008

File PE Metadata
Compilation timestamp:
6/25/2009 2:54:28 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:P7cb8RF8uJF9foPP10FrPhmojwbb5oRViMWaSVkW4O6:P7c68uuPP+Fbh1jwbb+VQatj

Entry address:
0xFBBA9

Entry point:
8B, FF, 55, 8B, EC, 51, 0F, 31, 53, 56, 57, A3, 4C, C9, 11, 01, FF, 15, 18, 12, 00, 01, 25, 00, 00, 00, 80, B9, A0, C8, 11, 01, A3, 48, C9, 11, 01, E8, EB, 00, 00, 00, 85, C0, 0F, 8C, 89, 00, 00, 00, 33, FF, 39, 3D, B8, C8, 11, 01, 76, 25, BE, BC, C8, 11, 01, 8D, 4E, 04, E8, CC, 00, 00, 00, 85, C0, 7C, 6E, C7, 06, 00, 00, 00, 00, 83, C7, 01, 83, C6, 1C, 3B, 3D, B8, C8, 11, 01, 72, E0, E8, 9C, 00, 00, 00, 85, C0, 7C, 51, C7, 45, FC, 00, 00, 00, 00, FF, 15, 98, C8, 11, 01, 8B, 1D, 0C, 11, 00, 01, 33, FF, 39...
 
[+]

Entropy:
6.7220

Code size:
1.1 MB (1,111,552 bytes)

The file GenuineCheck.exe has been discovered within the following program.

Windows Media Player 11  by Microsoft Corporation
Windows Media Player 11 was included with Vista with no updates, final release on XP. Windows Media Player is a media player and media library application developed by Microsoft that is used for playing audio, video and viewing images .
windows.microsoft.com/en-US/windows/download-windows-media-player
5% remove it
 
Powered by Should I Remove It?

The file GenuineCheck.exe has been seen being distributed by the following 8 URLs.

http://downloads.ziddu.com/downloadfiles/.../GenuineCheck.exe

http://113.171.224.212/.../GenuineCheck.exe

http://113.171.224.69/msupdate/E/5/6/.../GenuineCheck.exe

http://91.74.184.33/.../GenuineCheck.exe

https://go.microsoft.com/.../?LinkId=71696

http://179.184.140.97/msupdate/E/5/6/.../GenuineCheck.exe

http://go.microsoft.com/.../?LinkId=71696

http://download.microsoft.com/download/E/5/6/.../GenuineCheck.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.