» spoolw.exe
Overview
Analysis
File Details
Behaviors (1)

spoolw.exe

The application spoolw.exe has been detected as a potentially unwanted program by 17 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘spoolw’.

File name:

spoolw.exe

MD5:

13c9aa4e6bce70919dfb54ea53f49a17

SHA-1:

5c5844d7fba06e5c2860bf77b433180c100c6133

Scanner detections:

17 / 68

Status:

Potentially unwanted

Analysis date:

4/29/2024 1:39:36 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Agent.14958

7.9.0.143

avast!

Win32:Nurech-AO

2014.9-170311

Bitdefender

Generic.Malware.Sdld!.7F6F82D4

1.0.20.350

Dr.Web

Trojan.DownLoader.origin

9.0.1.070

ESET NOD32

Win32/TrojanDownloader.Agent.NRO (variant)

11.4009

Fortinet FortiGate

W32/Poison.BG!tr.bdr

3/11/2017

F-Prot

W32/Heuristic-210

v6.4.4.4.56

F-Secure

Suspicious:W32/Malware!Gemini

11.2017-11-03_7

G Data

Generic.Malware.Sdld!.7F6F82D4

17.3.19

K7 AntiVirus

not-a-virus:AdWare.Win32.JumpGate.c

13.7.10.703

Kaspersky

Heur.Trojan.Generic

14.0.0.-1293

Microsoft Security Essentials

TrojanDownloader:Win32/Small.NCN

1.163.1557.0

Prevx

High Risk Information Stealer

Quick Heal

(Suspicious) - DNAScan

3.17.10.00

Rising Antivirus

Trojan.DL.Win32.Downloader.GEN

23.00.65.17309

Sophos

Mal/Packer

4.40

Trend Micro

PAK_Generic.001

10.465.11

File size:

14.6 KB (14,958 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Windows\System32\spoolw.exe

File PE Metadata

Compilation timestamp:

9/16/2003 4:24:55 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.12

Entry address:

0x5000

Entry point:

E8, 04, 00, 00, 00, 83, 60, EB, 0C, 5D, EB, 05, 45, 55, EB, 04, B8, EB, F9, 00, C3, E8, 00, 00, 00, 00, 5D, EB, 01, 00, 81, ED, 5E, 1F, 40, 00, EB, 02, 83, 09, 8D, B5, EF, 1F, 40, 00, EB, 02, 83, 09, BA, A3, 11, 00, 00, EB, 01, 00, 8D, 8D, 92, 31, 40, 00, 8B, 09, E8, 14, 00, 00, 00, 83, EB, 01, 00, 8B, FE, E8, 00, 00, 00, 00, 58, 83, C0, 07, 50, C3, 00, EB, 04, 58, 40, 50, C3, 8A, 06, 46, EB, 01, 00, D0, C8, E8, 14, 00, 00, 00, 83, EB, 01, 00, 2A, C2, E8, 00, 00, 00, 00, 5B, 83, C3, 07, 53, C3, 00, EB, 04... 
[+]

Packer / compiler:

ARM Protector v0.1 by SMoKE

Code size:

2.5 KB (2,560 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

spoolw

Command:

C:\Windows\System32\spoolw.exe

Remove spoolw.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.