home

USERINIT.EXE

Userinit Logon Application

Microsoft Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from lp4.bongacams24.com.
Publisher:
Microsoft Corporation

Product:
Microsoft® Windows® Operating System

Description:
Userinit Logon Application

Version:
6.3.9600.16384

MD5:
9bd98e88052ee0fe245bf2c9c561474c

SHA-1:
078c838c9bcb18dff4da5f3d57414744a8e3f2a0

SHA-256:
1f6d585b74e1756e8680b271931c7fee1e7fbfd5de1086321325d895e50d0dbd

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 11:19:36 PM UTC  (a few moments ago)

File size:
1.5 MB (1,553,920 bytes)

Product version:
6.3.9600.16384

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
USERINIT.EXE

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\userinit.exe

File PE Metadata
Compilation timestamp:
2/2/2016 1:57:48 PM

OS version:
6.0

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
12.0

CTPH (ssdeep):
12288:fqT9QCrVt0onICB2Jwpy0jPiFg/JfY6v0GXG7D7vrV/o:iT9QCrDJB2Jwpy0jiFgi68Gw

Entry address:
0x5B1E4

Entry point:
48, 83, EC, 28, E8, 43, 05, 00, 00, 48, 83, C4, 28, E9, 7E, FE, FF, FF, FF, 25, 14, C4, 00, 00, FF, 25, 46, C4, 00, 00, CC, CC, 48, 89, 5C, 24, 08, 48, 89, 6C, 24, 10, 48, 89, 74, 24, 18, 57, 48, 83, EC, 10, 33, C9, 33, C0, 33, FF, 0F, A2, C7, 05, EE, 45, 04, 00, 02, 00, 00, 00, C7, 05, E0, 45, 04, 00, 01, 00, 00, 00, 44, 8B, DB, 8B, D9, 44, 8B, C2, 81, F3, 6E, 74, 65, 6C, 44, 8B, CA, 41, 8B, D3, 41, 81, F0, 69, 6E, 65, 49, 81, F2, 47, 65, 6E, 75, 8B, E8, 44, 0B, C3, 8D, 47, 01, 44, 0B, C2, 41, 0F, 94, C2...
 
[+]

Code size:
405 KB (414,720 bytes)

The file USERINIT.EXE has been seen being distributed by the following URL.

http://lp4.bongacams24.com/userinit.exe

Scan USERINIT.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.