autoruns.exe

Sysinternals autoruns

Microsoft Corporation

Publisher:
Sysinternals - www.sysinternals.com  (signed by Microsoft Corporation)

Product:
Sysinternals autoruns

Description:
Autostart program viewer

Version:
11.70

MD5:
a6e0d27af296c251d4f0c62d018d5da5

SHA-1:
a86242b075a876fa695610778014a6add2bf500a

SHA-256:
800c58c08323386fa03d9ea6235d6b49c65af94a59091fc68ea2410a1d6d9598

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
12/26/2024 2:25:53 PM UTC  (today)

File size:
645.7 KB (661,184 bytes)

Product version:
11.70

Copyright:
Copyright (C) 2002-2013 Mark Russinovich and Bryce Cogswell

Original file name:
autoruns.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\autoruns.exe

Digital Signature
Authority:
Microsoft Corporation

Valid from:
1/24/2013 5:33:39 PM

Valid to:
4/24/2014 6:33:39 PM

Subject:
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
33000000B011AF0A8BD03B9FDD0001000000B0

File PE Metadata
Compilation timestamp:
7/15/2013 1:32:58 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:IdCCY8iLpstMzcsP3v13lRoZXWyRqns/V0ODGzr6j:IdCCY8iLJ1AlWGqs/V0ODd

Entry address:
0x4AEA0

Entry point:
E8, 64, 96, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 0F, 03, C1, 1B, C9, 0B, C1, 59, E9, FA, C9, FF, FF, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 07, 03, C1, 1B, C9, 0B, C1, 59, E9, E4, C9, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, EC, F5, 47, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53...
 
[+]

Entropy:
6.1496

Code size:
388 KB (397,312 bytes)

The file autoruns.exe has been discovered within the following programs.

SUPERAntiSpyware  by SUPERAntiSpyware.com
SUPERAntiSpyware is a software application distributed as shareware which can detect and remove spyware, adware, trojan horses, rogue security software, computer worms, rootkits, parasites and other potentially harmful software applications.
www.superantispyware.com/support.html
25% remove it
Sysinternals Software  by Sysinternals - www.sysinternals.com
technet.microsoft.com/en-us/sysinternals/bb545027.aspx
4% remove it
SysInternalsUpdater  by Wieldraaijer
About 1% of users remove it
 
Powered by Should I Remove It?

The file autoruns.exe has been seen being distributed by the following 8 URLs.

ftp://ftp.4mat.co.il/.../autoruns.exe