× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3ce065f0cce5c5f6504040013d545cd3fab91c5da48d406ff34f399afa06755d
File name: winlogon.eXe1
Detection ratio: 48 / 57
Analysis date: 2017-02-04 15:50:52 UTC ( 2 years ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.3OW@tjWRRphcb 20170204
AegisLab Packer.W32.Krap.lo3q 20170204
Antiy-AVL Virus/Win32.Delf.bi 20170204
Arcabit Trojan.Heur.ED7D76 20170204
Avast Win32:Delf-FXK 20170204
AVG Win32/DH{YYFRCQ?} 20170204
AVware BehavesLike.Win32.Malware.tsc (mx-v) 20170204
Baidu Win32.Trojan.Delf.fl 20170125
BitDefender Gen:Trojan.Heur.3OW@tjWRRphcb 20170204
Bkav W32.VetorDBA1 20170204
ClamAV Win.Trojan.Delf-33328 20170204
CMC Virus.Win32.Delf!O 20170204
Comodo Win32.Delf.BI 20170204
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/Heuristic-114!Eldorado 20170204
DrWeb Win32.HLLW.Silly 20170204
Emsisoft Gen:Trojan.Heur.3OW@tjWRRphcb (B) 20170204
ESET-NOD32 Win32/Delf.BI 20170204
F-Prot W32/Heuristic-114!Eldorado 20170204
F-Secure Gen:Trojan.Heur.3OW@tjWRRphcb 20170204
Fortinet W32/Delf.BI 20170204
GData Gen:Trojan.Heur.3OW@tjWRRphcb 20170204
Ikarus Trojan.Win32.Pincav 20170204
Sophos ML virus.win32.neshta.a 20170203
Jiangmin Virus.Delf.h 20170203
K7AntiVirus Trojan ( 7000000f1 ) 20170204
K7GW Trojan ( 7000000f1 ) 20170204
Kaspersky Virus.Win32.Delf.bi 20170204
Kingsoft Win32.Virut.ce.57344 20170204
Malwarebytes Trojan.Malex 20170204
McAfee Generic Delphi 20170204
McAfee-GW-Edition Generic Delphi 20170204
Microsoft Trojan:Win32/Dorv.D!rfn 20170204
eScan Gen:Trojan.Heur.3OW@tjWRRphcb 20170204
NANO-Antivirus Trojan.Win32.Behav043.ubyil 20170204
Panda W32/Spamta.QO.worm 20170204
Qihoo-360 Win32/Virus.665 20170204
Rising Malware.Generic!iGvWmXxz9RS@1 (thunder) 20170204
Sophos AV Troj/Malex-AB 20170204
Symantec W32.SillyDC 20170203
Tencent Win32.Virus.Delf.Aiid 20170204
TotalDefense Win32/Resumur.B 20170204
TrendMicro WORM_AUTORUN.CS 20170204
TrendMicro-HouseCall WORM_AUTORUN.CS 20170204
VBA32 Virus.Win32.Delf.bi 20170203
VIPRE BehavesLike.Win32.Malware.tsc (mx-v) 20170204
Yandex Trojan.Agent!ngYT43CzYf0 20170204
Zillya Virus.Delf.Win32.73 20170204
AhnLab-V3 20170204
Alibaba 20170122
ALYac 20170204
Avira (no cloud) 20170204
CAT-QuickHeal 20170204
nProtect 20170204
SUPERAntiSpyware 20170204
TheHacker 20170202
Trustlook 20170204
ViRobot 20170204
WhiteArmor 20170202
Zoner 20170204
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2055-05-25 18:10:40
Entry Point 0x0000488C
Number of sections 10
PE sections
PE imports
RegCloseKey
GetUserNameA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyA
TextOutA
SetBkMode
Rectangle
GetStdHandle
EnterCriticalSection
FreeLibrary
CopyFileA
ExitProcess
GetThreadLocale
GetModuleFileNameA
RtlUnwind
DeleteCriticalSection
GetStartupInfoA
GetLocaleInfoA
LocalAlloc
CreateDirectoryA
GetWindowsDirectoryA
UnhandledExceptionFilter
SetErrorMode
GetCommandLineA
RaiseException
GetModuleHandleA
WriteFile
GetCurrentThreadId
SetFileAttributesA
GetDriveTypeA
LocalFree
GetDiskFreeSpaceExA
InitializeCriticalSection
VirtualFree
TlsGetValue
Sleep
TlsSetValue
GetVersion
VirtualAlloc
LeaveCriticalSection
SysFreeString
ReleaseDC
CharNextA
SendMessageA
MessageBoxA
GetWindowTextA
FindWindowA
GetKeyboardType
GetDC
Number of PE resources by type
RT_RCDATA 2
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 2
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2055:05:25 19:10:40+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
625664

LinkerVersion
2.25

FileTypeExtension
exe

InitializedDataSize
522240

SubsystemVersion
4.0

EntryPoint
0x488c

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 7f039cdf167e2755b2740f0b9cb90f3c
SHA1 f95cf79a318ec71e5b77d88dd323ed655e69b43d
SHA256 3ce065f0cce5c5f6504040013d545cd3fab91c5da48d406ff34f399afa06755d
ssdeep
1536:cyql9mQwum484QSk/+Hggf1oryXS03i2nqlOCvc5qQhp:Tzui4a/MpfCr/0xn2I

authentihash 1adc18e9208817bc970466365cfa8ea4e011579451fc220debe2bfbab0407660
imphash 2e4f57c019eef54352715c24b4f9e6a7
File size 886.0 KB ( 907264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-22 15:14:00 UTC ( 2 years, 2 months ago )
Last submission 2017-02-04 15:50:52 UTC ( 2 years ago )
File names winlogon.eXe
winlogon.eXe1
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Searched windows
Runtime DLLs
UDP communications