home

shutdown.exe

Windows Shutdown and Annotation Tool

Microsoft Corporation

It is included with the Windows 7 OS. The file has been seen being downloaded from www.dosya1.com and multiple other hosts.
Publisher:
Microsoft Corporation

Product:
Microsoft® Windows® Operating System

Description:
Windows Shutdown and Annotation Tool

 
Part of the Windows 7 Operating System

Version:
6.1.7600.16385 (win7_rtm.090713-1255)

MD5:
61739432482891f2dc5745cca0a67028

SHA-1:
653f119a403f4cda837321080fc08bb7f51b238f

SHA-256:
4f7ced626f7ddeeddbbfb242283c30d290532d7c9fd9e093b2234f51800e960d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/26/2024 12:16:48 AM UTC  (today)

File size:
30 KB (30,720 bytes)

Product version:
6.1.7600.16385

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
SHUTDOWN.EXE.MUI

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\syswow64\shutdown.exe

File PE Metadata
Compilation timestamp:
7/13/2009 7:34:09 PM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
384:1zHDPcb4Z9yCP21i0V7mwebWZbmix7nYzio5pAhIl+Ttvl1TXjiVHQDWVF+SWN3:tzc0nygwVKwMzVIFPTjMHn+Z

Entry address:
0x5CCA

Entry point:
E8, D3, 03, 00, 00, E9, C3, FD, FF, FF, CC, CC, CC, CC, CC, 3B, 0D, 3C, 70, 00, 01, 75, 03, C2, 00, 00, E9, 4F, 04, 00, 00, CC, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24, C3, 2D, 00, 10, 00, 00, 85, 00, EB, E9, CC, CC, CC, CC, CC, FF, 25, 70, 11, 00, 01, CC, CC, CC, CC, CC, 6A, 14, 68, A8, 62, 00, 01, E8, 1D, 02, 00, 00, A1, 18, 7F, 00, 01, 89, 45, E4, 83, F8, FF, 75, 0C, FF, 75, 08, FF, 15, A8...
 
[+]

Entropy:
6.1544

Code size:
24 KB (24,576 bytes)

The file shutdown.exe has been seen being distributed by the following 7 URLs.

http://www.dosya1.com/download.php?shortURL=x2mEDd

temp:shutdown.exe

http://s6212.chomikuj.pl/File.aspx?e=2lA04zWejv8lOxvSnKfuyNy5acbIp89SXH1EXToFD7cs8fimp6Hov4-4NA9ze_3c62MXuNjvNa_WMkzbyQjph6c-uJ409xyrjGL3ZSEqC0VCxlM2ivZZZaT69R96qZyJoamOjXwClJXTeAZmfyTAwA&pv=2

http://download1706.mediafire.com/z7fck9of6azg/.../Counter Strike 1.6 Updater.exe

http://download1805.mediafire.com/w3dvv13nm7vg/.../shutdown.exe

http://download1667.mediafire.com/75wgq10i6zfg/.../Autoclick Bunny.exe

https://mega.nz/temporary/.../t08nyaqa

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.