How to remove windir.exe
windir.exe
The module windir.exe has been detected as Trojan.CoinMiner
File Details
| Product Name: | COMSS Advisor |
| Company Name: | BELOFF |
| MD5: | caaceba8a7fdca63d9477878039102fc |
| Size: | 1 MB |
| First Published: | 2018-01-13 20:04:13 (6 years ago) |
| Latest Published: | 2018-01-13 20:04:14 (6 years ago) |
| Status: | Trojan.CoinMiner (on last analysis) | |
| Analysis Date: | 2018-01-13 20:04:14 (6 years ago) |
Overview
| Signed By: | Auslogics Labs Pty Ltd |
| Status: | Invalid (digital signature could be stolen or file could be patched) |
Common Places:
| %commonappdata% |
Geography:
| 100.0% |
OS Version:
| Windows 7 | 100.0% |
Analysis
| Subsystem: | Windows GUI |
| PE Type: | pe |
| OS Bitness: | 32 |
| Image Base: | 0x00400000 |
| Entry Address: | 0x00093b4e |
PE Sections:
| Name | Size of data | MD5 |
| .text | 655872 | 05f27704ca9832e6d9a6cf3a3f8eb92e |
| .rdata | 167936 | a4b8adb0f581e3762f4a32dbfdcb8a5f |
| .data | 6656 | b8f0921903d87787116621787d2e4661 |
| .gfids | 512 | e5a0822fa7845d95a7b18881c1fcdaff |
| .tls | 512 | 8e3343efa9afc26ac6caf49228cbe049 |
| .rsrc | 179200 | 999676de5acbe5129b4e733121d3b821 |
| .reloc | 38912 | abc8a815b90c7ba4d51c882692ad97cb |
More information:
Download GridinSoft
Anti-Malware - Removal tool for windir.exe
