How to remove winlogin.exe
- File Details
- Overview
- Analysis
winlogin.exe
The module winlogin.exe has been detected as Trojan.Runner
File Details
| Product Name: |
|
| MD5: |
df653d4ebef00cf380c54c566d9e1c53 |
| Size: |
7 KB |
| First Published: |
2017-06-12 06:07:49 (8 years ago) |
| Latest Published: |
2021-01-14 13:10:28 (5 years ago) |
| Status: |
Trojan.Runner (on last analysis) |
|
| Analysis Date: |
2021-01-14 13:10:28 (5 years ago) |
| %appdata%\microsoft\windows\templates |
| %appdata%\microsoft\windows |
| %appdata%\microsoft\windows |
| %appdata%\microsoft\windows |
|
23.1% |
|
|
19.2% |
|
|
19.2% |
|
|
7.7% |
|
|
7.7% |
|
|
7.7% |
|
|
3.8% |
|
|
3.8% |
|
|
3.8% |
|
|
3.8% |
|
| Windows Server 2012 R2 |
52.4% |
|
| Windows 7 |
23.8% |
|
| Windows Server 2016 |
9.5% |
|
| Windows 10 |
9.5% |
|
| Windows Server 2012 |
4.8% |
|
Analysis
| Subsystem: |
Windows GUI |
| PE Type: |
pe |
| OS Bitness: |
32 |
| Image Base: |
0x00400000 |
| Entry Address: |
0x000032ce |
| MVID: |
230b43a8-d4aa-416b-93a3-290eb77b3763 |
| Typelib ID: |
556c9273-74a7-4bf1-9d62-340962ebd85c |
| Name |
Size of data |
MD5 |
| .text |
5120 |
b5ce4b650b398b5c1d80d87e37e762fd |
| .rsrc |
1536 |
b4b1892300b60f4e6535ffc27e66478d |
| .reloc |
512 |
5964092e6375b3053bf450eb5749b2ed |
