How to remove winlogon.exe
- File Details
- Overview
- Analysis
winlogon.exe
The module winlogon.exe has been detected as Risk.CoinMiner
File Details
| Product Name: |
|
| Company Name: |
|
| MD5: |
40c6d6d0194688cf981bd2c090efb08a |
| Size: |
380 KB |
| First Published: |
2017-07-08 09:01:21 (7 years ago) |
| Latest Published: |
2020-02-26 03:57:55 (4 years ago) |
| Status: |
Risk.CoinMiner (on last analysis) |
|
| Analysis Date: |
2020-02-26 03:57:55 (4 years ago) |
| %windir%\fonts |
| %windir% |
| %commonappdata% |
| %sysdrive%\$36osection |
| %windir%\media |
| %programfiles% |
| %sysdrive%\ditron\netstore\tools\dpaservice\nssm |
| %sysdrive%\ditron\netstore\tools\dpaservice\nssm |
| %sysdrive%\ditron\netstore\tools\dpaservice\nssm |
| %sysdrive%\ditron\netstore\tools\dpaservice\nssm |
| javas.exe |
| winlogon.exe |
| java.exe |
| csrss.exe |
| winlog.exe |
| lsass.exe |
| nssem.exe |
|
63.5% |
|
|
7.1% |
|
|
4.7% |
|
|
4.7% |
|
|
4.7% |
|
|
4.7% |
|
|
2.4% |
|
|
2.4% |
|
|
2.4% |
|
|
2.4% |
|
|
1.2% |
|
| Windows 7 |
69.4% |
|
| Windows Server 2008 R2 |
17.6% |
|
| Windows 10 |
7.1% |
|
| Windows Server 2012 R2 |
5.9% |
|
Analysis
| Subsystem: |
Windows CUI |
| PE Type: |
pe |
| OS Bitness: |
64 |
| Image Base: |
0x0000000140000000 |
| Entry Address: |
0x0001ee98 |
| Name |
Size of data |
MD5 |
| .text |
168448 |
d507427c34b9b20ef8c8cab49b21c0eb |
| .rdata |
38400 |
e228984a79d5671f2c5bc67528d59c22 |
| .data |
8704 |
c28408e87b282dce92660d0fec626779 |
| .pdata |
9216 |
eb5afb62bce41bf341c4269226c2368c |
| .rsrc |
163328 |
0e052ba6b4690c1c8b42488d25307258 |
