home

shutdown.exe

Windows Shutdown and Annotation Tool

Microsoft Corporation

Publisher:
Microsoft Corporation

Product:
Microsoft® Windows® Operating System

Description:
Windows Shutdown and Annotation Tool

 
Part of the Windows Operating System

Version:
10.0.10240.16384 (th1.150709-1700)

MD5:
09670e5e523e9b366799e82729719658

SHA-1:
61667d61f9be3ad23d02de5ab0ddb8f0e3bbea70

SHA-256:
77a515e1386c93a5d4279ba333c7f5913cdbaf0c93fa53a3d20d28883583aa96

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
5/9/2024 4:26:03 AM UTC  (today)

File size:
33 KB (33,792 bytes)

Product version:
10.0.10240.16384

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
SHUTDOWN.EXE.MUI

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\syswow64\shutdown.exe

File PE Metadata
Compilation timestamp:
7/10/2015 4:29:03 AM

OS version:
10.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
12.10

CTPH (ssdeep):
768:mov5RJbM5ooUi49gnhKqdndsgujuKzkNQ9O53VD/++1jf:m6NbMdUi4yMNXwQ9OpVT+Y

Entry address:
0x6330

Entry point:
E8, 83, 05, 00, 00, E9, 2E, FE, FF, FF, CC, CC, CC, CC, CC, CC, 3B, 0D, 04, 70, 40, 00, 75, 03, C2, 00, 00, E9, EE, 00, 00, 00, CC, CC, CC, CC, CC, 6A, 18, 68, 28, 6B, 40, 00, E8, 23, 06, 00, 00, 83, 65, D8, 00, A1, 10, 7F, 40, 00, 89, 45, E0, 83, F8, FF, 75, 16, FF, 75, 08, 8B, 35, 7C, 81, 40, 00, 8B, CE, FF, 15, F8, 81, 40, 00, FF, D6, 59, EB, 54, 6A, 08, E8, 87, 06, 00, 00, 59, 83, 65, FC, 00, A1, 10, 7F, 40, 00, 89, 45, E0, A1, 0C, 7F, 40, 00, 89, 45, DC, 8D, 45, DC, 50, 8D, 45, E0, 50, FF, 75, 08, E8...
 
[+]

Entropy:
6.0900

Code size:
23 KB (23,552 bytes)

The file shutdown.exe has been seen being distributed by the following URL.

http://www71.zippyshare.com/d/LsubI0qk/.../shutdown.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.