How to remove $ROW1492.exe
- File Details
- Overview
- Analysis
$ROW1492.exe
The module $ROW1492.exe has been detected as Risk.RemoteAdmin
File Details
| MD5: |
ae366968e0f401e4876b68a6b7b8166f |
| Size: |
185 KB |
| First Published: |
2017-07-18 17:13:14 (7 years ago) |
| Latest Published: |
2018-08-15 02:11:04 (6 years ago) |
| Status: |
Risk.RemoteAdmin (on last analysis) |
|
| Analysis Date: |
2018-08-15 02:11:04 (6 years ago) |
Overview
| %programfiles%\ultravnc |
| %sysdrive%\ubcd4win\plugin\network\ultravnc\files |
| %sysdrive%\$recycle.bin\s-1-5-21-2087035277-3798034300-3097854789-1002 |
| %sysdrive%\ubcd4win\plugin\network\ultravnc |
| %desktop%\backup\recovered data 09-13-2016 at 11_22_46\ntfs 0\ubcd4win\plugin\network\ultravnc |
| %desktop%\backup\recovered data 09-12-2016 at 22_05_51\ntfs 0\ubcd4win1\plugin\network\ultravnc |
| %desktop%\backup\recovered data 09-13-2016 at 11_22_46\ntfs 0\ubcd4win1\plugin\network\ultravnc |
| %desktop%\backup\recovered data 09-12-2016 at 22_05_51\ntfs 0\ubcd4win\plugin\network\ultravnc |
| %programfiles% |
| %sysdrive%\inetpub\wwwroot\software\ultravnc_1.0.6.5 for win7.zip |
| uvnc_settings.exe |
| $ROW1492.exe |
|
40.0% |
|
|
30.0% |
|
|
10.0% |
|
|
5.0% |
|
|
5.0% |
|
|
5.0% |
|
|
5.0% |
|
| Windows 10 |
60.0% |
|
| Windows 7 |
35.0% |
|
| Windows 8 |
5.0% |
|
Analysis
| Subsystem: |
Windows GUI |
| PE Type: |
pe |
| OS Bitness: |
32 |
| Image Base: |
0x00400000 |
| Entry Address: |
0x00008f69 |
| Name |
Size of data |
MD5 |
| .text |
90112 |
6ea57d9de81aad7ee7188420ef9b6f40 |
| .rdata |
20480 |
4abc20f4cb2e5129be19b3f8c2c7f471 |
| .data |
8192 |
8cb03ed8537f6035214c67617bc4ed7d |
| .rsrc |
61440 |
134b396e53f895d8b21c1396f80d4755 |
