× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1328bd220d9b4baa8a92b8d3f42f0d123762972d1dfc4b1fd4b4728d67b01dfc
File name: 1328bd220d9b4baa_taskhost.exe
Detection ratio: 36 / 66
Analysis date: 2018-07-07 11:22:46 UTC ( 1 week, 4 days ago )
Antivirus Result Update
Ad-Aware Application.TcpScan.E 20180707
AegisLab Troj.W32.Gen.mkC0 20180707
AhnLab-V3 HackTool/Win32.Agent.C949053 20180707
Antiy-AVL HackTool[NetTool]/Win32.TCPScan 20180707
Avira (no cloud) HEUR/AGEN.1011596 20180706
AVware Trojan.Win32.Generic!BT 20180707
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180706
BitDefender Application.TcpScan.E 20180707
Bkav W32.DuvisarDFE.Trojan 20180706
CAT-QuickHeal Trojan.IGENERIC 20180706
ClamAV Win.Trojan.Agent-867774 20180707
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20180530
Cybereason malicious.43d3cb 20180225
Cylance Unsafe 20180707
Cyren W32/Trojan.GIYQ-3062 20180707
Emsisoft Application.TcpScan.E (B) 20180707
Endgame malicious (high confidence) 20180612
ESET-NOD32 Win32/NetTool.TCPScan.AC potentially unsafe 20180707
Fortinet W32/NetTool_TCPScan.AC 20180707
GData Application.TcpScan.E 20180707
K7AntiVirus RemoteTool ( 004a4e6e1 ) 20180707
K7GW RemoteTool ( 004a4e6e1 ) 20180707
Kingsoft Win32.Troj.flat.a.(kcloud) 20180707
Malwarebytes Trojan.ShadowBrokers 20180707
MAX malware (ai score=99) 20180707
eScan Application.TcpScan.E 20180707
NANO-Antivirus Trojan.Win32.Graftor.cthfwe 20180707
Panda Trj/Genetic.gen 20180707
SUPERAntiSpyware Hack.Tool/Gen-PortScan 20180707
Symantec Hacktool 20180706
TotalDefense Win32/Tnega.XAWO!suspicious 20180707
TrendMicro-HouseCall TROJ_EQUATED.J 20180707
VIPRE Trojan.Win32.Generic!BT 20180707
Webroot W32.Malware.Gen 20180707
Yandex Riskware.NetTool!6KU6my6ElUc 20180706
ZoneAlarm by Check Point not-a-virus:NetTool.Win32.Portscan.lt 20180707
ALYac 20180707
Arcabit 20180707
Avast 20180707
Avast-Mobile 20180707
AVG 20180707
Babable 20180406
CMC 20180707
Comodo 20180707
DrWeb 20180707
eGambit 20180707
F-Prot 20180707
F-Secure 20180707
Sophos ML 20180601
Jiangmin 20180707
McAfee 20180707
McAfee-GW-Edition 20180707
Microsoft 20180707
Palo Alto Networks (Known Signatures) 20180707
Qihoo-360 20180707
Rising 20180707
SentinelOne (Static ML) 20180701
Sophos AV 20180707
TACHYON 20180707
Tencent 20180707
TheHacker 20180628
TrendMicro 20180707
Trustlook 20180707
VBA32 20180705
ViRobot 20180707
Zillya 20180706
Zoner 20180706
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-04-11 04:19:52
Entry Point 0x00001DEA
Number of sections 1
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
GetStdHandle
EnterCriticalSection
lstrlenA
lstrcmpiA
WaitForSingleObject
QueryPerformanceCounter
ExitProcess
GetVersionExA
GetLocalTime
DeleteCriticalSection
SetConsoleCtrlHandler
CreateSemaphoreA
GetCommandLineA
ReleaseSemaphore
CreateThread
SetFilePointer
lstrcpyA
CloseHandle
lstrcpynA
WriteConsoleA
WriteFile
VirtualFree
Sleep
CreateFileA
GetTickCount
VirtualAlloc
LeaveCriticalSection
wsprintfA
htonl
ioctlsocket
WSAStartup
connect
htons
select
closesocket
ntohl
inet_addr
send
ntohs
WSAGetLastError
__WSAFDIsSet
WSACleanup
gethostbyname
inet_ntoa
recv
WSAIoctl
setsockopt
socket
bind
sendto
GetBestInterface
GetIpAddrTable
strchr
_vsnprintf
strstr
memset
atoi
strcpy
_strnicmp
_chkstk
memcpy
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:04:11 05:19:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
14336

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
0

SubsystemVersion
4.0

EntryPoint
0x1dea

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 c097fd043d3cbabcada0878505c7afa5
SHA1 966a60028a3a24268c049ffadbe1a07b83de24ce
SHA256 1328bd220d9b4baa8a92b8d3f42f0d123762972d1dfc4b1fd4b4728d67b01dfc
ssdeep
384:FbvAEV1n+LNA8tmWsejswNlqL9Yql+FgB6BjiMxFV:V3Se+F

authentihash 363b335516e2a5464b66f9eacba6d29abfc9e1a4818ebb0934b1a58a117b5d03
imphash 9daa2077796c1e1eebb7432dbfbf9100
File size 14.5 KB ( 14848 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2012-08-18 10:09:49 UTC ( 5 years, 11 months ago )
Last submission 2018-07-04 13:28:53 UTC ( 2 weeks ago )
File names taskhost.exe
s.exe
1328bd220d9b4baa_1433open.dll
s.exe
s.exe
s.exe
ss (1).exe
ss.exe
alg.exe
s.exe
taskhost.exe
spoolsv.exe
s.exe
s.exe
1328bd220d9b4baa_360rp.exe
1328bd220d9b4baa_ss.exe
1328bd220d9b4baa_spoolsv.exe
1328bd220d9b4baa_taskhost.exe
s.exe_00000000001535789636
C097FD043D3CBABCADA0878505C7AFA5.bin
1328bd220d9b4baa_jvav.exe
ss.exe
1328bd220d9b4baa_svshost.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.