» ntuser.log
Overview
Analysis
File Details

ntuser.log

The file ntuser.log has been detected as malware by 24 anti-virus scanners.

File name:

ntuser.log

MD5:

0c2667d39b95891fc6d1553a817f4f30

SHA-1:

ea39dca1be6c01dcd564e124b30cb1306b3da606

SHA-256:

1f931d2426c97aee697a6477576175f5ac737db082b5038cb52990ac83fb24f6

Scanner detections:

24 / 68

Status:

Malware

Analysis date:

4/1/2025 8:05:48 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.Packed

7.1.1

AhnLab V3 Security

Trojan/Win32.Insight

2013.03.28

Avira AntiVirus

TR/Black.Gen2

7.11.67.138

avast!

Win32:Trojan-gen

2014.9-170315

AVG

Generic6_c.AWRM.dropper

2018.0.2438

Bitdefender

Dropped:Trojan.Generic.8765871

1.0.20.370

Dr.Web

BackDoor.Siggen.49100

9.0.1.074

Emsisoft Anti-Malware

Gen:Trojan.Heur.RP.uzW@aWb5H7oG

8.17.03.15.06

ESET NOD32

Win32/Packed.VMProtect.AAN (variant)

11.8169

Fortinet FortiGate

W32/Dx.BGBV!tr

3/15/2017

F-Secure

Dropped:Trojan.Generic.8765871

11.2017-15-03_4

G Data

Dropped:Trojan.Generic.8765871

17.3.22

IKARUS anti.virus

Backdoor.Win32.PcClient

t3scan.2.0.0.0

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.-1314

McAfee

Artemis!0C2667D39B95

5600.6094

Microsoft Security Essentials

Backdoor:Win32/PcClient.CP

1.163.1557.0

MicroWorld eScan

Dropped:Trojan.Generic.8765871

18.0.0.222

NANO AntiVirus

Trojan.Win32.Black.zwqiw

0.22.8.51404

Norman

Troj_Generic.EWKUW

11.20170315

Panda Antivirus

Trj/Thed.W

17.03.15.06

Sophos

Mal/Behav-035

4.87

Trend Micro House Call

TROJ_GEN.RC1H1JE

7.2.74

Trend Micro

TROJ_GEN.R72CEJG

10.465.15

VIPRE Antivirus

Trojan.Win32.Generic

16346

File size:

1.3 MB (1,391,616 bytes)

Common path:

C:\users\{user}\appdata\local\virtualstore\windows\ntuser.log

File PE Metadata

Compilation timestamp:

10/11/2012 9:22:12 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0xB44E8

Entry point:

E9, 18, EA, FF, FF, C6, 44, 24, 04, FD, 8D, 64, 24, 08, 0F, 85, 2F, 8E, FF, FF, F6, D4, 0F, B6, C3, C6, 47, FF, 00, 60, 66, 0F, BE, C1, 60, 89, 5C, 24, 3C, 0F, 95, C4, 9C, 66, 0F, BE, C1, 8D, 05, 8E, 04, 4B, 00, 68, 4A, 30, 85, 25, C6, 44, 24, 04, 4E, 66, C7, 44, 24, 04, 92, 79, C7, 44, 24, 40, 23, 0D, 4B, 00, E9, CC, 9D, FF, FF, E9, E0, B8, FF, FF, 23, 4D, 77, FC, 60, AF, 19, 6E, 9F, 56, 91, 93, 43, 65, AC, 82, 2E, 50, F7, 97, 3E, DF, F3, 5A, BB, 97, 34, D7, FB, 16, AC, 13, 84, 7C, DD, 4C, E4, FE, 0F, FF... 
[+]

Entropy:

7.6296

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

24 KB (24,576 bytes)

Remove ntuser.log - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.