» winlog.exe
Overview
Analysis
File Details

winlog.exe

CCleaner

Piriform Ltd

The executable winlog.exe has been detected as malware by 30 anti-virus scanners.

File name:

winlog.exe

Publisher:

Piriform Ltd

Product:

CCleaner

Version:

3, 5, 0, 1409

MD5:

96641c80d70c5120bfc4d56cc6230daf

SHA-1:

489b7e36a4a27e41267e0c9003731d2a39b68c49

SHA-256:

81f44a20624e3bc8f84a40ff91fcf1ea80f6ac55b8725963ddc6ba3f3da547fd

Scanner detections:

30 / 68

Status:

Malware

Analysis date:

4/27/2024 2:00:00 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.VBKrypt

7.1.1

AhnLab V3 Security

Trojan/Win32.VBKrypt

2012.12.26

Avira AntiVirus

TR/Dropper.Gen

7.11.54.216

avast!

Win32:Malware-gen

2014.9-150125

AVG

Dropper.Generic5

2016.0.3219

Bitdefender

Trojan.Generic.KDV.535286

1.0.20.125

Comodo Security

TrojWare.Win32.VB.JEF

14682

Dr.Web

Trojan.VbCrypt.66

9.0.1.025

Emsisoft Anti-Malware

Trojan.Generic.KDV.535286

8.15.01.25.01

ESET NOD32

Win32/Injector.ITO (variant)

9.7835

Fortinet FortiGate

W32/VBKrypt.BBBQ!tr

1/25/2015

F-Secure

Trojan.Generic.KDV.535286

11.2015-25-01_1

G Data

Trojan.Generic.KDV.535286

15.1.22

IKARUS anti.virus

Trojan.Win32.VBKrypt

t3scan.1.1.122.0

K7 AntiVirus

Riskware

13.155.8034

Kaspersky

Trojan.Win32.VBKrypt

14.0.0.2590

McAfee

Generic.dx!bd3w

5600.6875

Microsoft Security Essentials

VirTool:Win32/VBInject.UG

1.163.1557.0

NANO AntiVirus

Trojan.Win32.Jorik.wginb

0.20.4.48163

Norman

W32/VBKrypt.BKW

11.20150125

nProtect

Trojan.Generic.KDV.535286

12.12.26.01

Panda Antivirus

Generic Malware

15.01.25.01

Quick Heal

Trojan.VBKrypt.jefz

1.15.12.00

Sophos

Mal/EncPk-DV

4.84

Total Defense

Win32/VBNA.A!generic

37.0.10224

Trend Micro House Call

TROJ_SPNR.15DJ12

7.2.25

Trend Micro

TROJ_SPNR.15DJ12

10.465.25

Vba32 AntiVirus

Trojan.VBKrypt.kbqx

3.12.18.4

VIPRE Antivirus

Trojan.Win32.Generic

14680

ViRobot

Trojan.Win32.A.VBKrypt.615442

2011.4.7.4223

File size:

601 KB (615,442 bytes)

Product version:

3, 5, 0, 1409

Original file name:

ccleaner.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\microsoft\winlog.exe

File PE Metadata

Compilation timestamp:

2/14/2012 7:39:44 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:Z3ITIX9ZqaWddFt2VOWCHVuT6TFxrPqjyAG99yECUSaXUgy3:EQ7Eddkug63E1G99BHkg4

Entry address:

0x13D8

Entry point:

68, 34, 15, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, B9, 61, 03, 05, 21, 79, 03, 4F, B2, 9E, C8, 68, 6B, 8E, EC, D5, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 67, 29, 0D, 0A, 0D, 0A, 61, 72, 61, 79, 00, 68, 7A, 0D, 00, 00, 00, 00, 07, 00, 00, 00, 80, 2A, 40, 00, 07, 00, 00, 00, 38, 1E, 40, 00, 07, 00, 00, 00, D8, 1D, 40, 00, 07, 00, 00, 00, 8C, 1D, 40, 00, 07, 00, 00, 00, 40, 1D, 40, 00, 07, 00, 00, 00, E8, 1C, 40, 00, 07, 00, 00, 00, 90, 1C, 40, 00... 
[+]

Entropy:

3.9464

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

352 KB (360,448 bytes)

Remove winlog.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.