× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 538fe1012fedc72727a8de0c2c01944b3d35c29812ecef88e95aac07235e0b0b
File name: userinit.exe
Detection ratio: 0 / 54
Analysis date: 2015-06-24 08:20:28 UTC ( 2 years, 7 months ago ) View latest
Trusted source! This file belongs to the Microsoft Corporation software catalogue.
Antivirus Result Update
ALYac 20150624
AVG 20150623
AVware 20150623
Ad-Aware 20150623
AegisLab 20150623
Yandex 20150623
AhnLab-V3 20150623
Alibaba 20150623
Antiy-AVL 20150623
Arcabit 20150624
Avast 20150623
Avira (no cloud) 20150624
Baidu-International 20150623
BitDefender 20150623
Bkav 20150623
ByteHero 20150624
CAT-QuickHeal 20150623
ClamAV 20150624
Comodo 20150623
Cyren 20150623
DrWeb 20150623
ESET-NOD32 20150623
Emsisoft 20150623
F-Prot 20150622
F-Secure 20150623
Fortinet 20150624
GData 20150623
Ikarus 20150624
Jiangmin 20150620
K7AntiVirus 20150623
K7GW 20150623
Kaspersky 20150623
Kingsoft 20150624
Malwarebytes 20150624
McAfee 20150623
McAfee-GW-Edition 20150623
Microsoft 20150624
NANO-Antivirus 20150623
Panda 20150623
Qihoo-360 20150624
Rising 20150618
SUPERAntiSpyware 20150623
Sophos AV 20150624
Symantec 20150623
Tencent 20150624
TheHacker 20150622
TrendMicro 20150623
TrendMicro-HouseCall 20150623
VBA32 20150622
VIPRE 20150623
ViRobot 20150623
Zillya 20150624
Zoner 20150624
nProtect 20150623
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name USERINIT.EXE
Internal name userinit
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description Userinit Logon Application
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-11-20 09:26:16
Entry Point 0x00002BE9
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegDeleteTreeW
RegOpenKeyExW
RegQueryValueExW
GetCurrentProcess
OpenProcessToken
CreateThread
SetThreadPriority
CreateProcessW
GetCurrentThread
GetLastError
GetUserDefaultLangID
RegQueryValueExA
LoadLibraryW
WaitForSingleObject
GetVersionExW
SetEvent
QueryPerformanceCounter
LocalAlloc
GetTickCount
LoadLibraryA
lstrlenW
FreeLibrary
HeapSetInformation
GetStartupInfoA
LoadLibraryExA
CompareFileTime
GetCurrentProcessId
DelayLoadFailureHook
UnhandledExceptionFilter
RegOpenKeyExA
GetProcAddress
InterlockedCompareExchange
ExpandEnvironmentStringsW
SetEnvironmentVariableW
GetModuleHandleA
GetSystemDirectoryW
InterlockedExchange
SetUnhandledExceptionFilter
CloseHandle
GetSystemTimeAsFileTime
ExpandEnvironmentStringsA
GetFileAttributesExW
LocalFree
FormatMessageW
TerminateProcess
SearchPathW
SetCurrentDirectoryW
OpenEventW
Sleep
GetCurrentThreadId
GetEnvironmentVariableW
SetLastError
GetSystemMetrics
MessageBoxW
LoadRemoteFonts
GetKeyboardLayout
RegisterClassExW
DefWindowProcW
LoadStringW
CreateWindowExW
SystemParametersInfoW
CharNextW
ExitWindowsEx
DestroyWindow
Ord(175)
_cexit
_acmdln
_wcsicmp
_ismbblead
memmove
__p__commode
memset
__setusermatherr
__p__fmode
?terminate@@YAXXZ
_except_handler4_common
_amsg_exit
exit
_XcptFilter
__getmainargs
_initterm
_exit
_controlfp
_vsnwprintf
__set_app_type
NtOpenKey
DbgPrint
RtlInitUnicodeString
NtClose
Number of PE resources by type
RT_MANIFEST 1
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.1

InitializedDataSize
5120

ImageVersion
6.1

ProductName
Microsoft Windows Operating System

FileVersionNumber
6.1.7601.17514

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
USERINIT.EXE

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2010:11:20 10:26:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
userinit

ProductVersion
6.1.7601.17514

FileDescription
Userinit Logon Application

OSVersion
6.1

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
20480

FileSubtype
0

ProductVersionNumber
6.1.7601.17514

EntryPoint
0x2be9

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Overlay parents
Compressed bundles
File identification
MD5 61ac3efdfacfdd3f0f11dd4fd4044223
SHA1 211295ccda6cf6409189279bf66a212bd53fc650
SHA256 538fe1012fedc72727a8de0c2c01944b3d35c29812ecef88e95aac07235e0b0b
ssdeep
384:dxAeSOCguz8sfE4XslZzN5hbFJ5K6gUf6mgKWjwtdeKpuZPFa3mWVPymW49TU:LCJD8lZZ5hbFJILcve34Ep

authentihash 4f7d90371787731adf4780ce4841be09d592d8a193570c6f15b28160c27fc2aa
imphash da2666d3347f129193ab91a0eab85c0c
File size 26.0 KB ( 26624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe trusted via-tor

Trusted verdicts
This file belongs to the Microsoft Corporation software catalogue. The file is often found with userinit.exe as its name.
VirusTotal metadata
First submission 2011-02-20 17:55:12 UTC ( 6 years, 11 months ago )
Last submission 2018-01-16 11:07:09 UTC ( 4 days, 23 hours ago )
File names tmpe41ddfb53b37deb6
tmp3c280abe517a7505
userinit[162500].exe
0efa5815889942ec22e9cef122fc6e9bea5bb66f.exe
tmpce154e86847c4971
tmpf1bf42233506e314
tmpa2c52d80d8fe5a92
tmpf5c4caa5d9fff428
tmpc1a9c8cef986accb
a945ca7b256497439d103f3292ca4878.tmp
b6d2fab279b3fd459bff46ed62af7a03.tmp
tmpfe719454c56bea27
538fe1012fedc727_userinit.exe
4b84531988742f478ae76de4a6c6308b.tmp
tmp3796b64cf0ccbaa4
tmpd4a9472d4946ff9b
tmp829b2b876b984b51
userinit.exe.vir
tmp4b63f17e91d91cfd
tmp6c7a84b74709da42
tmp700358e37c1f963b
userinit
255823e101818f4e93baffa66c8d9150.tmp
tmp288d228348e9b244
ab80a0b89ca932f999485533122c47e9106556c3.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!