geosettershellext64.dll

GeoSetter

Friedemann Schmidt

Scan geosettershellext64.dll - Powered by Reason Core Security
Publisher:
Friedemann Schmidt

Product:
GeoSetter

Description:
Shell extension to show GeoSetter menu entries in file context menus

Version:
3.4.9.0

MD5:
f3fa62b474905645ac6ead4c6dcc2ed4

SHA-1:
ab4d15e4f7e328fe144189534b0eb80387f4ee93

SHA-256:
a8d8f71220b8f2ed388ad52f0267979e9eda1680b01ddb82d39dbbc26f9b284e

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
12/11/2016 9:08:14 AM UTC  (today)

Scan engine
Detection
Engine version

CMC Antivirus
Trojan.Win32.Krap.1!O
1.1.0.977

File size:
579.9 KB (593,788 bytes)

Product version:
3.4.9.0

Copyright:
Friedemann Schmidt

File type:
Dynamic link library (Win64 DLL)

Language:
English (United States)

Common path:
C:\Program Files\geosetter\geosettershellext64.dll

File PE Metadata
OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
2.42

CTPH (ssdeep):
6144:MKIooDc0U6yUZrSEbGO2fYBItJYBS0GFtZ0xQ+v54vz+0RJPDgbSqi1z:MeoE61NSEbcYpGFtZ0xQ+vGnrbd

Entry address:
0x12A30

Entry point:
48, 81, EC, 88, 00, 00, 00, C6, 05, E2, A5, 04, 00, 01, 48, 89, 0D, CB, B4, 04, 00, 89, 15, A5, B4, 04, 00, 44, 89, 05, AE, B4, 04, 00, E8, 09, 03, 00, 00, 48, 81, C4, 88, 00, 00, 00, C3, 00, 48, 83, EC, 48, 48, 83, C4, 48, C3, 00, 00, 00, 00, 00, 00, 00, 48, 83, EC, 48, 48, 83, C4, 48, C3, 00, 00, 00, 00, 00, 00, 00, 55, 48, 89, E5, 48, 81, EC, 80, 00, 00, 00, 48, 89, 5D, E0, 48, 89, 7D, E8, 48, 89, 75, F0, 48, 89, 55, F8, 4C, 89, C6, 49, BB, 00, 00, 00, 00, 00, 00, 00, 00, 48, B8, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
304 KB (311,280 bytes)

Approved Shell Extension
Name:
Explorer Context Menu for GeoSetter

CLSID:
{A50BD5C6-4B18-44F3-8D6D-62DE89A969E9}

CLSID name:
GeoSetterShellExt64


Scan geosettershellext64.dll - Powered by Reason Core Security