How to remove winlogon.exe
- File Details
- Overview
- Analysis
winlogon.exe
The module winlogon.exe has been detected as Virtool.NSSM
File Details
| Product Name: |
|
| MD5: |
8a874af5c543a7fa5a4bef61e7a1c842 |
| Size: |
288 KB |
| First Published: |
2017-07-25 05:14:19 (7 years ago) |
| Latest Published: |
2024-03-15 23:25:46 (a year ago) |
| Status: |
Virtool.NSSM (on last analysis) |
|
| Analysis Date: |
2024-03-15 23:25:46 (a year ago) |
| %windir%\prey\versions\1.3.9\node_modules\satan\lib\win32 |
| %windir%\prey\versions\1.4.2\node_modules\satan\lib\win32 |
| %windir%\prey\versions\1.4.0\node_modules\satan\lib\win32 |
| %windir%\prey\versions\1.5.0\node_modules\satan\lib\win32 |
| %windir%\prey\versions\1.4.1\node_modules\satan\lib\win32 |
| %windir%\temp\prey-windows-1.6.9-x86.zip\prey-1.6.9\node_modules\satan\lib\win32 |
| %windir%\prey\versions\1.6.6\node_modules\satan\lib\win32 |
| %windir%\prey\versions\1.6.4\node_modules\satan\lib\win32 |
| %windir%\prey\versions\1.6.8\node_modules\satan\lib\win32 |
| %windir%\prey\versions\1.6.9\node_modules\satan\lib\win32 |
| nssm.exe |
| winlogon.exe |
| $R04I2H2.exe |
| $RBECXX4.exe |
| $RGKVMLS.exe |
|
21.5% |
|
|
12.0% |
|
|
7.3% |
|
|
7.3% |
|
|
6.4% |
|
|
6.0% |
|
|
6.0% |
|
|
4.7% |
|
|
4.3% |
|
|
3.4% |
|
|
3.4% |
|
|
2.6% |
|
|
1.7% |
|
|
1.3% |
|
|
1.3% |
|
|
1.3% |
|
|
0.9% |
|
|
0.9% |
|
|
0.9% |
|
|
0.9% |
|
|
0.9% |
|
|
0.4% |
|
|
0.4% |
|
|
0.4% |
|
|
0.4% |
|
|
0.4% |
|
|
0.4% |
|
|
0.4% |
|
|
0.4% |
|
|
0.4% |
|
|
0.4% |
|
|
0.4% |
|
|
0.4% |
|
| Windows 10 |
75.5% |
|
| Windows 7 |
19.3% |
|
| Windows 8.1 |
2.6% |
|
| Windows 8 |
2.1% |
|
| Windows XP |
0.4% |
|
Analysis
| Subsystem: |
Windows CUI |
| PE Type: |
pe |
| OS Bitness: |
32 |
| Image Base: |
0x00400000 |
| Entry Address: |
0x00013e53 |
| Name |
Size of data |
MD5 |
| .text |
114176 |
941138fc9588f894a9667ca350164874 |
| .rdata |
18944 |
2a6ddc225784dfe7d0dfa7ac774200df |
| .data |
5120 |
4492984c066180a50b40cbb63640632f |
| .rsrc |
155648 |
51554871c0103a4ab606f99329649a6c |
