home

4winlogon.exe

Project1

The executable 4winlogon.exe has been detected as malware by 12 anti-virus scanners. This is a setup program which is used to install the application.
Product:
Project1

Version:
1.00

MD5:
9079399e39e380c3012c2538fd0bf09e

SHA-1:
9bfcedd7a95aedd247a7e28f069a82a030c995be

SHA-256:
3eb1f28eda322122e5b25a9aa41d47b2ed28a599ac08f5d7773c7f4a8cf19495

Scanner detections:
12 / 68

Status:
Malware

Analysis date:
11/15/2024 4:45:43 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
2014.9-160114

AVG
Generic14_c
2017.0.2864

Baidu Antivirus
Hacktool.Win32.Packed.Themida
4.0.3.16114

Bkav FE
HW32.Packed
1.3.0.7383

Comodo Security
TrojWare.Win32.Agent.COC
23544

ESET NOD32
Win32/Packed.Themida suspicious (variant)
10.12529

Fortinet FortiGate
PossibleThreat
1/14/2016

K7 AntiVirus
Trojan
13.212.17779

McAfee
Artemis!9079399E39E3
5600.6520

Qihoo 360 Security
HEUR/QVM19.1.Malware.Gen
1.0.0.1077

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16112

VIPRE Antivirus
Trojan.Win32.Generic
45058

File size:
1.7 MB (1,753,088 bytes)

Product version:
1.00

Original file name:
4.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\microsoft\windows\start menu\programs\startup\4winlogon.exe

File PE Metadata
Compilation timestamp:
10/27/2015 12:14:42 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:NmneF0fpxfRr36Hu2BAYLRbxUJJQyyjhYMECO+nHPkwMmgSCfvVBkGoAyKTJzXVG:EWQXaLTUJbISOL1kfvLtoAykzqp6

Entry address:
0x349000

Entry point:
83, EC, 04, 50, 53, E8, 01, 00, 00, 00, CC, 58, 89, C3, 40, 2D, 00, 50, 18, 00, 2D, 1C, 8A, 09, 10, 05, 11, 8A, 09, 10, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, E7, 10, D4, 2B, 68, 72, A8, DC, 6B, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 89, E5, 50, 53, 51, 56, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, 85, C9, 74, 0A, 31, 06, 01, 1E, 83, C6, 04, 49, EB, F2, 5E, 59, 5B, 58, C9, C2, 10, 00, 5C, 85, 58, 61, 7C, 0A, 54, 8E, A7, 90, 89, 9D, 44, 71...
 
[+]

Code size:
192 KB (196,608 bytes)

User Start Menu Item
Name:
4winlogon.exe


The file 4winlogon.exe has been seen being distributed by the following URL.

ftp://ftp.uhserver.com/.../4winlogon.exe

Remove 4winlogon.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.