How to remove WinLogins.exe
- File Details
- Overview
- Analysis
WinLogins.exe
The module WinLogins.exe has been detected as Risk.CoinMiner
File Details
| Product Name: |
|
| Company Name: |
|
| MD5: |
d4993b6537fce559eaec85640d96fc34 |
| Size: |
1 MB |
| First Published: |
2018-10-19 23:11:43 (7 years ago) |
| Latest Published: |
2024-12-07 23:01:01 (a year ago) |
| Status: |
Risk.CoinMiner (on last analysis) |
|
| Analysis Date: |
2024-12-07 23:01:01 (a year ago) |
| %system% |
| %windir%\debug |
| %windir%\fonts\com5.{241d7c960-f8bf-4f95-b01f-e2b053341a5b}\com4.{241d7c960-f9bf-4f85-b01f-e3b043341a4b} |
| %windir%\fonts\com5.{242d7c960-f8bf-4f95-b01f-e2b053341a5b}\com4.{241d7v960-f8bf-4f85-b01f-e2c043341a4b} |
| %windir%\fonts\com6.{241d7c930-f8bf-4f85-b01f-e2b043341a4b}\com6.{241d7c970-f8bf-4f85-b01f-e2b043341a3b} |
| %system%\bg-bg |
| %windir%\fonts\com6.{241d7c560-f8cf-4f85-b01f-e2b043341a4b}\com6.{231d7c970-f8bf-4f85-b01f-e7b043341a4b} |
| %windir%\fonts\com5.{243d7c960-f8bf-4f95-b01f-e2b053341a5b}\com4.{241d7c960-f8bf-4f85-b01f-e2b042341a4b} |
| %desktop% |
| %sysdrive%\backup |
| xmrig.exe |
| WinLogins.exe |
| vercls.exe |
| sys64.exe |
| logwin.exe |
| backupwin.exe |
| managewin.exe |
| tapi32.exe |
| svhost.exe |
| xmrig-notls.exe |
|
61.9% |
|
|
17.5% |
|
|
7.9% |
|
|
3.2% |
|
|
3.2% |
|
|
1.6% |
|
|
1.6% |
|
|
1.6% |
|
|
1.6% |
|
| Windows Server 2012 R2 |
74.6% |
|
| Windows 10 |
12.7% |
|
| Windows 8.1 |
7.9% |
|
| Windows Server 2008 R2 |
3.2% |
|
| Windows 7 |
1.6% |
|
Analysis
| Subsystem: |
Windows CUI |
| PE Type: |
pe |
| OS Bitness: |
64 |
| Image Base: |
0x0000000000400000 |
| Entry Address: |
0x000014f0 |
| Name |
Size of data |
MD5 |
| .text |
882688 |
82da2c5b976f9e1fb2d093ec56ea1f98 |
| .data |
2560 |
7472d84eec50a59eb7a89bc685de45e4 |
| .rdata |
89600 |
bf7eb018d5c70fdf923b650b315a4de9 |
| .pdata |
27648 |
75a4711f11d0d51d9ef6ebc503fc1eea |
| .xdata |
29696 |
668761de9e85f2764963ee31a4a71332 |
| .bss |
0 |
00000000000000000000000000000000 |
| .edata |
1536 |
341db8f5a5f71594e9442bb666692435 |
| .idata |
12800 |
a110564dd0021f7464038a95c1ee28c1 |
| .CRT |
512 |
86f914443cf708c8162d145b124f72ae |
| .tls |
512 |
bf619eac0cdf3f68d496ea9344137e8b |
| .rsrc |
23808 |
5522f44c913ad59bf706c56d79535b69 |
| .reloc |
2560 |
6d309dd13e52c93e744f655342fc013f |
