How to remove winlogon.exe
- File Details
- Overview
- Analysis
winlogon.exe
The module winlogon.exe has been detected as Trojan.Agent
File Details
MD5: |
c24315b0585b852110977dacafe6c8c1 |
Size: |
44 KB |
First Published: |
2017-09-27 04:10:08 (6 years ago) |
Latest Published: |
2024-04-03 23:07:08 (a month ago) |
Status: |
Trojan.Agent (on last analysis) |
|
Analysis Date: |
2024-04-03 23:07:08 (a month ago) |
%profile%\ocalservice\local settings\temp\1229191031 |
%profile%\ocalservice\local settings\temp\1195433385 |
%profile%\ocalservice\local settings\temp\1150596088 |
%profile%\ocalservice\local settings\temp\1491739677 |
%profile%\ocalservice\local settings\temp\1563003529 |
%profile%\ocalservice\local settings\temp\1418631798 |
%profile%\ocalservice\local settings\temp\1527378999 |
%profile%\ocalservice\local settings\temp\1615519974 |
%profile%\ocalservice\local settings\temp\1272324006 |
%profile%\ocalservice\local settings\temp\1381097752 |
Doublepulsar-1.3.1.exe |
spoolsv.exe |
SVCHOST.EXE |
d.exe |
Doublepulsar-1.3.1.exe.quarantined |
chrome..exe |
$R4FBI95.exe |
c.exe |
puls.exe |
spoolsv1.exe |
star.exe |
winlogon.exe |
|
37.4% |
|
|
11.7% |
|
|
10.2% |
|
|
8.6% |
|
|
4.4% |
|
|
3.6% |
|
|
2.4% |
|
|
2.2% |
|
|
1.6% |
|
|
1.5% |
|
|
1.5% |
|
|
1.4% |
|
|
1.3% |
|
|
0.8% |
|
|
0.8% |
|
|
0.7% |
|
|
0.7% |
|
|
0.7% |
|
|
0.6% |
|
|
0.6% |
|
|
0.6% |
|
|
0.5% |
|
|
0.5% |
|
|
0.4% |
|
|
0.4% |
|
|
0.3% |
|
|
0.3% |
|
|
0.3% |
|
|
0.3% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
Windows 7 |
83.6% |
|
Windows 10 |
8.4% |
|
Windows Server 2008 R2 |
3.6% |
|
Windows Server 2003 |
1.5% |
|
Windows XP |
1.0% |
|
Windows 8.1 |
0.9% |
|
Windows Server 2012 R2 |
0.6% |
|
Windows Vista |
0.3% |
|
Windows Web Server 2008 R2 |
0.1% |
|
Analysis
Subsystem: |
Windows CUI |
PE Type: |
pe |
OS Bitness: |
32 |
Image Base: |
0x00400000 |
Entry Address: |
0x00003eb5 |
Name |
Size of data |
MD5 |
.text |
13312 |
47a2b82dfccc8f79faf38beae871f9ca |
.rdata |
8192 |
ee1c04e69fc13c8b46ed2e3e4e80e654 |
.data |
19968 |
158788917d9d1aab2eef5af81bd8e2e5 |
.rsrc |
512 |
44a70bdd3dc9af38103d562d29023882 |
.reloc |
2560 |
ae00eeed0074e97ccb8f9d1e378313b2 |