Gridinsoft Logo

The config7101627.exe (Credential Manager UI Host) File Analysis

Updated 1 year ago
Checked by Malware Check
config7101627.exe

Technical Analysis

File Name config7101627.exe
File Type
Win32 EXE
Magic Bytes PE32 executable (GUI) Intel 80386, for MS Windows
SSDEEP Hash
12288:9QjYFZz0TcPzjNyYkZZgZRAtCbtUp6eoLezvRtXtg/Rs0I2jZxS:9CYFZz0TKzjNRZRAtIUp62vRpsRK294
Scanner Version 1.0.168.174
Database Version 2024-03-04 05:00:43 UTC

Suspicious File Detected

Detected by 24 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
33%
Detection Rate
1,290,216
File Size (bytes)
24/72
Engines Detected
2024-03-04
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
aa0268ab584f5fee855edfdf175b2a5c
SHA1
cb5ee5ef9eb984809afb72c54d4edd78dd999ee4
SHA256
fb2ee6f6d4efc21a5eea83312a90dd3b1f50cd4fdd27bb635a8db5e2c8913e47
SHA512
1a58ea819947a4dcaf8e82a8656eb18d5da94d24be8058a9a213c855805ee424242a38247e13ef8f240c52ce2cde11e3d1719aac1ac8b00b4eba6afa23e03b54
ImpHash
7892c039093f24d042274218024f00f3

Security Engines with Detections (24 of 72)

Bkav
W32.AIDetectMalware Malicious
MicroWorld-eScan
Gen:Variant.Fugrafa.285219 Malicious
Malwarebytes
Backdoor.Remcos Malicious
Symantec
ML.Attribute.HighConfidence Malicious
Elastic
malicious (high confidence) Malicious
ESET-NOD32
a variant of Win32/GenKryptik.GOPP Malicious
Cynet
Malicious (score: 100) Malicious
Kaspersky
HEUR:Backdoor.Win32.Remcos.gen Malicious
BitDefender
Gen:Variant.Fugrafa.285219 Malicious
Avast
Win32:Evo-gen [Trj] Malicious
Emsisoft
Gen:Variant.Fugrafa.285219 (B) Malicious
VIPRE
Gen:Variant.Fugrafa.285219 Malicious
Trapmine
suspicious.low.ml.score Malicious
FireEye
Gen:Variant.Fugrafa.285219 Malicious
GData
Gen:Variant.Fugrafa.285219 Malicious
MAX
malware (ai score=87) Malicious
Arcabit
Trojan.Fugrafa.D45A23 Malicious
ZoneAlarm
HEUR:Backdoor.Win32.Remcos.gen Malicious
AhnLab-V3
Trojan/Win.Generic.R610804 Malicious
ALYac
Gen:Variant.Fugrafa.285219 Malicious
Cylance
unsafe Malicious
AVG
Win32:Evo-gen [Trj] Malicious
DeepInstinct
MALICIOUS Malicious
CrowdStrike
win/malicious_confidence_70% (D) Malicious
48 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Image Base 0x00400000
Entry Point 0x00415e00
Compilation Time 2098-01-07 06:22:41
Checksum 0x00144a00 (Actual: 0x00144a00)
OS Version 10.0
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows
PDB Path CredentialUIBroker.pdb
Digital Signature The expected hash does not match the digest in SpcInfo
Imports 19 libraries
Exports 0 functions
Resources 2 Resources
Sections 7 Sections

Version Information

CompanyName Microsoft Corporation
FileDescription Credential Manager UI Host
FileVersion 10.0.19041.1741 (WinBuild.160101.0800)
InternalName CredentialUIBroker
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename CredentialUIBroker.exe
ProductName Microsoft® Windows® Operating System
ProductVersion 10.0.19041.1741
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 87,988 bytes 88,064 bytes 6.67 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 05DEDBE18037167AB627E8C7529A965D
.imrsiv 0x00017000 4 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.data 0x00018000 1,700 bytes 512 bytes 0.61 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7CE8F1EAB3B77CD3A3475408436C9F27
.idata 0x00019000 5,750 bytes 6,144 bytes 5.32 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 46CC24378D2E0DE0CA9D5ABF636B23C9
.didat 0x0001b000 8 bytes 512 bytes 0.06 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 6348AB9FEBA9D0CB08A015A104D835CA
.rsrc 0x0001c000 2,344 bytes 2,560 bytes 4.47 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ DA5EDF8EC919F7B2B113F9A9015AD44B
.reloc 0x0001d000 480,256 bytes 480,256 bytes 7.68 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ BFB0F7E2D6B9E8312030DD85F8F47BEC
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 2 (2,173 bytes)
Resource Type Count Total Size Percentage
RT_VERSION 1 972 bytes
44.7%
RT_MANIFEST 1 1,201 bytes
55.3%

Certificate Chain Analysis

Certificate Information
Product Microsoft® Windows® Operating System
Description Credential Manager UI Host
File Version 10.0.19041.1741 (WinBuild.160101.0800)
Original Name CredentialUIBroker.exe
Signing Date 07:16 PM 05/22/2022 (1126 days ago)
Verification Status The digital signature of the object did not verify.
Signers Microsoft Windows; Microsoft Windows Production PCA 2011; Microsoft Root Certificate Authority 2010
Counter Signers Microsoft Time-Stamp Service; Microsoft Time-Stamp PCA 2010; Microsoft Root Certificate Authority 2010
Internal Name CredentialUIBroker
Copyright © Microsoft Corporation. All rights reserved.
Certificate Chain Summary
Microsoft Windows #1 Primary
Validity Period: 2021-09-02 18:23:41 → 2022-09-01 18:23:41
Signature Algorithm: sha256RSA
Serial Number: 33 00 00 03 3B 65 5F AE FA DB 75 E9 D6 00 00 00 00 03 3B
Microsoft Windows Production PCA 2011 #2 Chain
Validity Period: 2011-10-19 18:41:42 → 2026-10-19 18:51:42
Signature Algorithm: sha256RSA
Serial Number: 61 07 76 56 00 00 00 00 00 08
Microsoft Time-Stamp Service #3 Chain
Validity Period: 2021-12-02 19:05:23 → 2023-02-28 19:05:23
Signature Algorithm: sha256RSA
Serial Number: 33 00 00 01 A0 E9 BB 8C BB 0E A2 D1 7A 00 01 00 00 01 A0
Microsoft Time-Stamp PCA 2010 #4 Chain
Validity Period: 2021-09-30 18:22:25 → 2030-09-30 18:32:25
Signature Algorithm: sha256RSA
Serial Number: 33 00 00 00 15 C5 E7 6B 9E 02 9B 49 99 00 00 00 00 00 15

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

The expected hash does not match the digest in SpcInfo

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
24 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware