How to remove winlogon.exe
- File Details
- Overview
- Analysis
winlogon.exe
The module winlogon.exe has been detected as Trojan.Agent
File Details
| MD5: |
c24315b0585b852110977dacafe6c8c1 |
| Size: |
44 KB |
| First Published: |
2017-09-27 04:10:08 (8 years ago) |
| Latest Published: |
2025-05-31 23:03:13 (6 months ago) |
| Status: |
Trojan.Agent (on last analysis) |
|
| Analysis Date: |
2025-05-31 23:03:13 (6 months ago) |
| %profile%\ocalservice\local settings\temp\1229191031 |
| %profile%\ocalservice\local settings\temp\1195433385 |
| %profile%\ocalservice\local settings\temp\1150596088 |
| %profile%\ocalservice\local settings\temp\1491739677 |
| %profile%\ocalservice\local settings\temp\1563003529 |
| %profile%\ocalservice\local settings\temp\1418631798 |
| %profile%\ocalservice\local settings\temp\1527378999 |
| %profile%\ocalservice\local settings\temp\1615519974 |
| %profile%\ocalservice\local settings\temp\1272324006 |
| %profile%\ocalservice\local settings\temp\1381097752 |
| Doublepulsar-1.3.1.exe |
| spoolsv.exe |
| SVCHOST.EXE |
| d.exe |
| Doublepulsar-1.3.1.exe.quarantined |
| chrome..exe |
| $R4FBI95.exe |
| c.exe |
| puls.exe |
| spoolsv1.exe |
| star.exe |
| winlogon.exe |
|
37.3% |
|
|
11.7% |
|
|
10.2% |
|
|
8.6% |
|
|
4.4% |
|
|
3.6% |
|
|
2.4% |
|
|
2.2% |
|
|
1.6% |
|
|
1.5% |
|
|
1.5% |
|
|
1.4% |
|
|
1.3% |
|
|
0.8% |
|
|
0.7% |
|
|
0.7% |
|
|
0.7% |
|
|
0.7% |
|
|
0.6% |
|
|
0.6% |
|
|
0.6% |
|
|
0.5% |
|
|
0.5% |
|
|
0.4% |
|
|
0.4% |
|
|
0.3% |
|
|
0.3% |
|
|
0.3% |
|
|
0.3% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
| Windows 7 |
83.6% |
|
| Windows 10 |
8.4% |
|
| Windows Server 2008 R2 |
3.6% |
|
| Windows Server 2003 |
1.5% |
|
| Windows XP |
1.0% |
|
| Windows 8.1 |
0.9% |
|
| Windows Server 2012 R2 |
0.6% |
|
| Windows Vista |
0.3% |
|
| Windows Web Server 2008 R2 |
0.1% |
|
Analysis
| Subsystem: |
Windows CUI |
| PE Type: |
pe |
| OS Bitness: |
32 |
| Image Base: |
0x00400000 |
| Entry Address: |
0x00003eb5 |
| Name |
Size of data |
MD5 |
| .text |
13312 |
47a2b82dfccc8f79faf38beae871f9ca |
| .rdata |
8192 |
ee1c04e69fc13c8b46ed2e3e4e80e654 |
| .data |
19968 |
158788917d9d1aab2eef5af81bd8e2e5 |
| .rsrc |
512 |
44a70bdd3dc9af38103d562d29023882 |
| .reloc |
2560 |
ae00eeed0074e97ccb8f9d1e378313b2 |
