» winlogin.exe
Overview
Analysis
File Details

winlogin.exe

The application winlogin.exe has been detected as a potentially unwanted program by 28 anti-malware scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power.

File name:

winlogin.exe

MD5:

1907fabc566a1c3134915b914078077c

SHA-1:

e334340af3765aa58c71b34c82df6dacb49d10f7

SHA-256:

dd0b7f4eeb4d4b4865f7f9878f64f4a88828f81f3e6169b5f7d9131143c195cd

Scanner detections:

28 / 68

Status:

Potentially unwanted

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

4/26/2024 12:21:35 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.BitCoinMiner.BK

1001

Agnitum Outpost

RiskTool.BitCoinMiner

7.1.1

Avira AntiVirus

SPR/BitCoinMiner.CG

7.11.133.70

avast!

Win32:Miner-B [PUP]

2014.9-140510

AVG

Skodna.BitCoinMiner

2015.0.3479

Baidu Antivirus

Trojan.Win32.BitCoinMiner

4.0.3.14510

Bitdefender

Application.BitCoinMiner.BK

1.0.20.650

Bkav FE

HW32.CDB

1.3.0.4924

Comodo Security

ApplicUnsaf.Win32.Renos.~FAT

17828

Dr.Web

Tool.BtcMine.130

9.0.1.0130

Emsisoft Anti-Malware

Gen:Variant.Kazy.326437

8.14.05.10.10

ESET NOD32

Win32/BitCoinMiner.BB

8.9458

F-Secure

Application.BitCoinMiner.BK

11.2014-10-05_7

G Data

Application.BitCoinMiner.BK

14.5.24

IKARUS anti.virus

Application.BitCoinMiner

t3scan.2.2.29

K7 AntiVirus

Trojan

13.176.11239

Kaspersky

not-a-virus:RiskTool.Win32.BitCoinMiner

14.0.0.3888

Malwarebytes

Trojan.BitMiner

v2014.05.10.10

McAfee

RDN/Generic PUP.x!b2x

5600.7135

MicroWorld eScan

Application.BitCoinMiner.BK

15.0.0.390

NANO AntiVirus

Riskware.Win32.BtcMine.cqmhnd

0.28.0.57630

Panda Antivirus

Trj/CI.A

14.05.10.10

Sophos

Generic PUA OD

4.97

Trend Micro House Call

TROJ_GEN.R0CBC0OB414

7.2.130

Trend Micro

TROJ_GEN.R0CBC0OB414

10.465.10

Vba32 AntiVirus

TrojanPSW.Ruftar

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Generic

26738

XVirus List

Win32.Detected

2.5.10

File size:

588 KB (602,112 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\oapja\winlogin.exe

File PE Metadata

Compilation timestamp:

7/18/2013 4:00:44 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

2.23

CTPH (ssdeep):

12288:/E3cPGoSJa8InM2cIdGxDycZgWFqTdTHgCLtDWxLeFt6z4WmAHY1lkrpp2Z:/OcP3nMnIdG7ZgWFqT9gzxKLWmAHMlk6

Entry address:

0x35A10

Entry point:

60, BE, 00, 70, 42, 00, 8D, BE, 00, A0, FD, FF, C7, 87, 60, E3, 02, 00, B7, DF, BB, 86, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, D4, 37, 03, 00, 57, 83, C3, 04, 53, 68, 0C, EA, 00, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9... 
[+]

Code size:

64 KB (65,536 bytes)

Remove winlogin.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.