» shutdown.exe
Overview
Analysis
File Details

shutdown.exe

Komcore Corporation

The application shutdown.exe by Komcore has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

shutdown.exe

Publisher:

Komcore Corporation (signed and verified)

MD5:

234a7ce8db5520362fd8d0c46a61aa28

SHA-1:

1ded60222b255bfa89b205218e78ed07831cd268

SHA-256:

4e98bd2b21213655fc87a6ab7dd7807cefb7444027de49f2545d8cf5df390375

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 1:06:58 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.KomcoreC (M)

16.3.9.12

File size:

128 KB (131,048 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\windows\music chow\shutdown.exe

Digital Signature

Signed by:

Komcore Corporation

Authority:

COMODO CA Limited

Valid from:

9/23/2013 9:00:00 PM

Valid to:

9/24/2014 8:59:59 PM

Subject:

CN=Komcore Corporation, O=Komcore Corporation, STREET="300 Avalon Drive #3476", L=Wood Ridge, S=New Jersey, PostalCode=07075, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00FF5D7A28287F6E63C617031741E32633

File PE Metadata

Compilation timestamp:

9/30/2013 12:40:51 PM

OS version:

1.11

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.18

CTPH (ssdeep):

1536:9adIyUgdSFZUargYpUjBcbQhG3+GYLyenizMEyKZU/292r4uQGs:wdIYcZUakYp3QcYLhioEXZc2928ut

Entry address:

0xDFDC

Entry point:

E9, 3F, 20, 00, 00, 03, 10, 40, 00, 4F, 70, 65, 6E, 20, 57, 61, 74, 63, 6F, 6D, 20, 43, 2F, 43, 2B, 2B, 33, 32, 20, 52, 75, 6E, 2D, 54, 69, 6D, 65, 20, 73, 79, 73, 74, 65, 6D, 2E, 20, 50, 6F, 72, 74, 69, 6F, 6E, 73, 20, 43, 6F, 70, 79, 72, 69, 67, 68, 74, 20, 28, 43, 29, 20, 53, 79, 62, 61, 73, 65, 2C, 20, 49, 6E, 63, 2E, 20, 31, 39, 38, 38, 2D, 32, 30, 30, 32, 2E, 68, 3F, 0C, 00, 00, D9, 7C, 24, 02, D9, 2C, 24, D9, FC, D9, 6C, 24, 02, 8D, 64, 24, 04, C3, 00, 53, 52, 83, EC, 04, 8D, 44, 24, 18, 89, E3, 8B... 
[+]

Packer / compiler:

Xtreme-Protector v1.05

Code size:

101 KB (103,424 bytes)

Remove shutdown.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.