× I cookies sono disabilitati! Questo sito richiede i cookies abilitati per funzionare correttamente
SHA256: fb749c32b58fd1238f21d48ba1deb60e6fb4546f3a74e211f80a3ed005f9e046
Nome del file: winlogon.com
Rapporto rilevamento: 44 / 68
Data analisi: 2018-09-07 12:27:03 UTC ( 1 mese, 1 settimana fa )
Antivirus Risultato Aggiornamento
Ad-Aware Trojan.GenericKD.40429887 20180907
AhnLab-V3 Trojan/Win32.Agent.C2685630 20180907
ALYac Trojan.Agent.RtPOS 20180907
Antiy-AVL Trojan/Win32.Agent 20180906
Arcabit Trojan.Generic.D268E93F 20180907
Avast Win32:Malware-gen 20180907
AVG Win32:Malware-gen 20180907
AVware Trojan.Win32.Generic!BT 20180907
BitDefender Trojan.GenericKD.40429887 20180907
CAT-QuickHeal Trojan.IGENERIC 20180906
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180723
Cylance Unsafe 20180907
Cyren W32/Trojan.KNUX-7295 20180907
DrWeb Trojan.CardStealer.22 20180907
Emsisoft Trojan.GenericKD.40429887 (B) 20180907
ESET-NOD32 Win32/Spy.POSCardStealer.BJ 20180907
F-Secure Trojan.GenericKD.40429887 20180907
Fortinet W32/RtPOS.A!tr 20180907
GData Trojan.GenericKD.40429887 20180907
Ikarus Trojan.Win32.Vwnbos 20180907
Sophos ML heuristic 20180717
Jiangmin AdWare.StartSurf.lm 20180907
K7AntiVirus Spyware ( 0053b7b01 ) 20180907
K7GW Spyware ( 0053b7b01 ) 20180907
Kaspersky Trojan.Win32.Agent.ikzv 20180907
Malwarebytes Trojan.Agent.UKN 20180907
McAfee RDN/Generic PWS.y 20180907
McAfee-GW-Edition BehavesLike.Win32.Generic.dh 20180907
Microsoft Trojan:Win32/Vwnbos 20180907
eScan Trojan.GenericKD.40429887 20180907
Palo Alto Networks (Known Signatures) generic.ml 20180907
Panda Trj/GdSda.A 20180907
Qihoo-360 Win32/Trojan.044 20180907
Rising Spyware.POSCardStealer!8.644 (CLOUD) 20180907
Sophos AV Troj/Posteal-A 20180907
Symantec Hacktool 20180907
TACHYON Trojan/W32.RtPOS.226304 20180907
Tencent Win32.Trojan.Agent.Hrol 20180907
TrendMicro TROJ_GEN.R011C0DHT18 20180907
TrendMicro-HouseCall TROJ_GEN.R011C0DHT18 20180907
VIPRE Trojan.Win32.Generic!BT 20180907
ViRobot Trojan.Win32.Z.Agent.226304.IG 20180907
Zillya Trojan.GenericKD.Win32.168760 20180906
ZoneAlarm by Check Point Trojan.Win32.Agent.ikzv 20180907
AegisLab 20180907
Alibaba 20180713
Avast-Mobile 20180907
Avira (no cloud) 20180907
Babable 20180902
Baidu 20180906
Bkav 20180906
ClamAV 20180907
CMC 20180907
Comodo 20180907
Cybereason 20180225
eGambit 20180907
Endgame 20180730
F-Prot 20180907
Kingsoft 20180907
MAX 20180907
NANO-Antivirus 20180907
SentinelOne (Static ML) 20180830
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180905
TheHacker 20180907
TotalDefense 20180907
Trustlook 20180907
VBA32 20180907
Webroot 20180907
Yandex 20180906
Zoner 20180907
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2005

Original name winlogon.com
Internal name winlogon.com
File version 1.0.0.1
Description Windows Logon Service
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-08-13 09:50:47
Entry Point 0x000090EA
Number of sections 7
PE sections
PE imports
CloseServiceHandle
ChangeServiceConfig2W
StartServiceW
SetServiceStatus
QueryServiceStatus
RegisterServiceCtrlHandlerW
OpenSCManagerW
OpenServiceW
ControlService
StartServiceCtrlDispatcherW
DeleteService
QueryServiceStatusEx
CreateServiceW
GetStdHandle
WaitForSingleObject
EncodePointer
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
UnhandledExceptionFilter
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
InitializeCriticalSection
FindClose
TlsGetValue
QueueUserWorkItem
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
SetEnvironmentVariableW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
VirtualQueryEx
ReadConsoleW
GetCurrentThreadId
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
lstrcmpiW
RtlUnwind
OpenProcess
GetStartupInfoW
ReadProcessMemory
GetProcAddress
GetProcessHeap
CreateFileMappingW
CompareStringW
lstrcpyW
FindNextFileW
ResetEvent
IsValidLocale
lstrcmpW
FindFirstFileExW
GetUserDefaultLCID
CreateEventW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GetConsoleCP
GetEnvironmentStringsW
WaitForSingleObjectEx
lstrlenW
Process32NextW
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
Process32FirstW
RaiseException
MapViewOfFile
TlsFree
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
VirtualFree
Sleep
VirtualAlloc
GetOEMCP
SHGetFolderPathW
StrStrA
PathAppendW
wsprintfW
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 1
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.0

ImageVersion
0.0

FileVersionNumber
1.0.0.1

LanguageCode
Russian

FileFlagsMask
0x003f

FileDescription
Windows Logon Service

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
82944

EntryPoint
0x90ea

OriginalFileName
winlogon.com

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2005

FileVersion
1.0.0.1

TimeStamp
2017:08:13 10:50:47+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
winlogon.com

ProductVersion
1.0.0.1

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CodeSize
146432

FileSubtype
0

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 9443861a644029b7092a6b7bf98939fb
SHA1 a3c81c9e3d92c5007ac2ef75451fe007721189c6
SHA256 fb749c32b58fd1238f21d48ba1deb60e6fb4546f3a74e211f80a3ed005f9e046
ssdeep
3072:3cAmkDTgWpRT+fAv6Qeyt+TdY5ilY9OBkHTLNVBjBNvOv86NEAg0FujopmDFF369:3R3g8T+foBWlCOBkHtAOXZE0N4

authentihash b63cb8e795d7679a574dcae4675cdf1a42729f6a0f766a87e8fab34457840127
imphash c81dfe061163f724274a9fbc897f2ffb
File size 221.0 KB ( 226304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-24 16:29:09 UTC ( 1 mese, 3 settimane fa )
Last submission 2018-08-28 05:12:25 UTC ( 1 mese, 2 settimane fa )
Nomi dei files alohae.exe
alohae.exe
winlogon.com
a3c81c9e3d92c5007ac2ef75451fe007721189c6.ex
Nessun commento. Nessun membro della Comunità di VirusTotal ha commentato questo item, sii il primo a farlo!

Lascia il tuo commento...

?
Posta commento

Non ti sei ancora collegato. Solo gli utenti registrati possono commentare, collegati ed esprimi il tuo giudizio!

Nessun voto. Nessuno ha ancora votato questo item, sii il primo a farlo!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files