» MicrosoftSecurityClient.exe
Overview
Analysis
File Details
Behaviors (1)

MicrosoftSecurityClient.exe

Microsoft Security Client

Mircosoft Corporation

The executable MicrosoftSecurityClient.exe has been detected as malware by 26 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Microsoft Essential Updater’.

File name:

Publisher:

Mircosoft Corporation

Product:

Microsoft Security Client

Version:

2.0.2.0

MD5:

6deb4249cbe13173948b0dbf8d2db629

SHA-1:

bc871ca30300b583550b73bcf822fe105704d10c

SHA-256:

6a744e2a09a2e3696007acf299758d17f0a6a79a8003ad943da28d98cafa61d5

Scanner detections:

26 / 68

Status:

Malware

Analysis date:

4/25/2024 3:51:18 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.201581

701

AegisLab AV Signature

W32.W.Gen

2.1.4+

Avira AntiVirus

TR/Agent.aew.2

7.11.213.146

avast!

MSIL:Agent-AEW [Trj]

2014.9-150305

AVG

MSIL

2016.0.3179

Baidu Antivirus

Trojan.MSIL.Agent

4.0.3.1535

Bitdefender

Gen:Variant.Kazy.201581

1.0.20.320

Comodo Security

UnclassifiedMalware

21299

Emsisoft Anti-Malware

Gen:Variant.Kazy.201581

8.15.03.05.11

ESET NOD32

MSIL/Agent.OBE

9.11272

F-Secure

Gen:Variant.Kazy.201581

11.2015-05-03_5

G Data

Gen:Variant.Kazy.201581

15.3.25

IKARUS anti.virus

Trojan.Msil

t3scan.1.8.6.0

K7 AntiVirus

Trojan

13.200.15167

Kaspersky

Trojan.MSIL.Agent

14.0.0.2390

McAfee

RDN/Generic.dx!dgg

5600.6835

MicroWorld eScan

Gen:Variant.Kazy.201581

16.0.0.192

Norman

Troj_Generic.SACVB

11.20150305

Panda Antivirus

Trj/CI.A

15.03.05.11

Qihoo 360 Security

Win32/Trojan.Multi.daf

1.0.0.1015

Quick Heal

Trojan.Agen.r4

3.15.14.00

Sophos

Mal/MSIL-HL

4.98

Trend Micro House Call

TROJ_GEN.R0C1C0EAK15

7.2.64

Trend Micro

TROJ_GEN.R0C1C0EAK15

10.465.05

VIPRE Antivirus

Trojan.Win32.Generic

38138

Zillya! Antivirus

Trojan.Agent.Win32.497843

2.0.0.2088

File size:

79 KB (80,896 bytes)

Product version:

2.0.2.0

Original file name:

MicrosoftSecurityClient.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\ProgramData\updates\microsoftsecurityclient.exe

File PE Metadata

Compilation timestamp:

1/24/2013 8:59:57 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:6MqlxT17ef/gltwUpHurtbMojtcT4ccD2sUZ+lDI:6jnVeHKtBgbLosDxDI

Entry address:

0x651E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.7464

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

17.5 KB (17,920 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Microsoft Essential Updater

Command:

C:\ProgramData\updates\microsoftsecurityclient.exe

Remove MicrosoftSecurityClient.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.