» autoshutdown.exe
Overview
Analysis
File Details
Behaviors (1)

autoshutdown.exe

PC Auto Shutdown

drivermagician.com

The application autoshutdown.exe, “Auto shutdown computers at schedule time” by drivermagician.com has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘PC Auto Shutdown’.

File name:

autoshutdown.exe

Publisher:

GoldSolution Software, Inc. (signed by drivermagician.com)

Product:

PC Auto Shutdown

Description:

Auto shutdown computers at schedule time

Version:

3.9.0.0

MD5:

e3c3e2402ee43e9c7bb156085623c7f1

SHA-1:

c618418a68e56316a6bf6c5f0485158f5d3df77b

SHA-256:

b8ef83e1a996a1dd21c75404985a2a5b4d581e52cd4b2c29209a40c4aa9fd95e

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/24/2024 11:22:26 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Reason Heuristics

Win32.Generic

16.1.28.12

File size:

1.3 MB (1,393,240 bytes)

Product version:

3.90.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\pc auto shutdown\autoshutdown.exe

Digital Signature

Signed by:

drivermagician.com

Authority:

WoSign, Inc.

Valid from:

6/6/2007 2:00:00 AM

Valid to:

6/6/2009 1:59:59 AM

Subject:

CN=drivermagician.com, OU=Class 2 - for Microsoft Authenticode Signing, OU=Domain Control Validated, O=drivermagician.com

Issuer:

CN=WoSign Code Signing Authority, O="WoSign, Inc.", C=US

Serial number:

00B190558A17E22B229C4989668F434250

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:0nKfGtHDFUrI4jfcohlSUtHbe/yVVzjOZOY:6t5ec4jfcIlSU1e6rzjU/

Entry address:

0xB7F84

Entry point:

55, 8B, EC, B9, 10, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 53, 56, 57, B8, D4, 7B, 4B, 00, E8, 3C, E8, F4, FF, 33, C0, 55, 68, D9, 87, 4B, 00, 64, FF, 30, 64, 89, 20, 68, E8, 87, 4B, 00, 6A, FF, 6A, 00, E8, AC, EA, F4, FF, E8, 87, EB, F4, FF, 3D, B7, 00, 00, 00, 0F, 85, 83, 00, 00, 00, 68, 00, 88, 4B, 00, E8, C2, F3, F4, FF, 8B, 15, 38, B2, 4B, 00, 89, 02, 68, 18, 88, 4B, 00, 68, 2C, 88, 4B, 00, E8, 03, F1, F4, FF, 85, C0, 74, 21, 6A, 00, 6A, 00, A1, 38, B2, 4B, 00, 8B, 00, 50, 68, 18, 88, 4B, 00, 68, 2C... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

735 KB (752,640 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

PC Auto Shutdown

Command:

"C:\Program Files\pc auto shutdown\autoshutdown.exe"

Remove autoshutdown.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.