× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 04443c70d34ded7f17d3a00b0f3f7309291dbcb7957a1c5664aab6c7886b17be
File name: e028a2ae-7e6b-11e7-8e96-80e65024849a.file
Detection ratio: 55 / 64
Analysis date: 2017-08-17 12:43:39 UTC ( 6 days, 10 hours ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.246964 20170817
AegisLab Troj.W32.Generic!c 20170817
AhnLab-V3 Win-Trojan/Malpacked3.Gen 20170817
ALYac Gen:Variant.Zusy.246964 20170817
Antiy-AVL Trojan/Win32.AGeneric 20170817
Arcabit Trojan.Zusy.D3C4B4 20170817
Avast Win32:Malware-gen 20170817
AVG Win32:Malware-gen 20170817
Avira (no cloud) TR/Dropper.Gen 20170817
AVware Trojan.Win32.Generic!BT 20170817
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20170817
BitDefender Gen:Variant.Zusy.246964 20170817
Bkav W32.DakusarDRAB.Trojan 20170817
CAT-QuickHeal Trojan.Generic 20170817
ClamAV Win.Trojan.Generic-6335446-0 20170817
Comodo UnclassifiedMalware 20170817
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20170804
Cylance Unsafe 20170817
Cyren W32/Trojan.JLIT-0133 20170817
DrWeb Trojan.KillProc.46747 20170817
Emsisoft Gen:Variant.Zusy.246964 (B) 20170817
Endgame malicious (high confidence) 20170721
ESET-NOD32 a variant of Win32/CoinMiner.ACF 20170817
F-Secure Gen:Variant.Zusy.246964 20170817
GData Gen:Variant.Zusy.246964 20170817
Ikarus Trojan.Win32.CoinMiner 20170817
Sophos ML heuristic 20170817
Jiangmin Trojan.Invader.awh 20170817
K7AntiVirus Trojan ( 005002ce1 ) 20170817
K7GW Trojan ( 005002ce1 ) 20170817
Kaspersky HEUR:Trojan.Win32.Generic 20170817
Malwarebytes Backdoor.Bot 20170817
MAX malware (ai score=100) 20170817
McAfee RDN/Generic.hbg 20170817
McAfee-GW-Edition BehavesLike.Win32.Downloader.bc 20170817
Microsoft Trojan:Win32/CoinMiner.BN!bit 20170817
eScan Gen:Variant.Zusy.246964 20170817
NANO-Antivirus Trojan.Win32.KillProc.erplzo 20170817
Palo Alto Networks (Known Signatures) generic.ml 20170817
Panda Trj/GdSda.A 20170817
Qihoo-360 Win32/Trojan.97a 20170817
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/Generic-S 20170817
SUPERAntiSpyware Backdoor.Bot/Variant 20170817
Symantec Trojan.Gen 20170817
Tencent Win32.Trojan.Inject.Auto 20170817
TrendMicro TROJ_GEN.R0C1C0DGN17 20170817
TrendMicro-HouseCall TROJ_COINMINE.SM6 20170817
VBA32 Trojan.BitMiner 20170817
VIPRE Trojan.Win32.Generic!BT 20170817
ViRobot Trojan.Win32.Z.Zusy.747520.Y 20170817
Webroot W32.Trojan.Gen 20170817
Yandex Trojan.Agent!GCprnzW0edQ 20170815
Zillya Trojan.CoinMiner.Win32.5156 20170817
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170817
Alibaba 20170817
CMC 20170817
F-Prot 20170817
Fortinet 20170817
Kingsoft 20170817
nProtect 20170817
Rising 20170817
Symantec Mobile Insight 20170816
TheHacker 20170817
Trustlook 20170817
WhiteArmor 20170817
Zoner 20170817
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-06-19 18:25:00
Entry Point 0x00001505
Number of sections 4
PE sections
PE imports
HeapFree
GetSystemInfo
GetModuleHandleA
VirtualFree
HeapAlloc
ExitProcess
LoadLibraryA
VirtualAlloc
SetThreadExecutionState
GetProcessHeap
MessageBoxA
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:06:19 19:25:00+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
2048

LinkerVersion
14.0

EntryPoint
0x1505

InitializedDataSize
744448

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 07f1fa24a6fcb3708ab0689a2706ad8c
SHA1 5da69784e467f242b4f0318fed2b3aed988c6466
SHA256 04443c70d34ded7f17d3a00b0f3f7309291dbcb7957a1c5664aab6c7886b17be
ssdeep
12288:mVdzEB7yi84pUHYtKFm/lXvsMi0IvVVWbrz5rDO350wC2TexDf:mVmBeLqtKFm/lX8vVVWbfBDO35LtTe

authentihash a40c47e51d89fe1717f563435771d6ac4c1c5d848b48e44c8f7ab62d00483814
imphash 26b219d1dd54c9d6e3ddb575675aafc3
File size 730.0 KB ( 747520 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-07-23 16:06:06 UTC ( 1 month ago )
Last submission 2017-08-17 12:43:39 UTC ( 6 days, 10 hours ago )
File names 07f1fa24a6fcb3708ab0689a2706ad8c
07f1fa24a6fcb3708ab0689a2706ad8c
e028a2ae-7e6b-11e7-8e96-80e65024849a.file
taskmana.exe
07f1fa24a6fcb3708ab0689a2706ad8c.exe.bin
taskmana.exe
output.111838636.txt
taskmana.exe.ubqu
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Terminated processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications