The Class ID, or CLSID, is a serial number that represents a unique ID for any application component in Windows. In practice, this means all registry entries for an application component can usually be found under the registry key HKEY_CLASSES_ROOT\CLSID\{CLSID value}. Certain malware have the ability to encrypt copies of itself such that antivirus scanners may find it difficult to detect them using existing signatures of available samples. More complex malware use variable encryption keys for each new copy, requiring more complex formula-based patterns from antivirus vendors.

Connect with us on