× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2b14990e4806c1c00158800b24ee5a7f5dfe8b3f8d634bacb461ee18ca54cfae
File name: 815cf807f6744c150cf8dda8b0e1d227.virus
Detection ratio: 51 / 56
Analysis date: 2016-02-24 08:20:40 UTC ( 2 years, 12 months ago ) View latest
Antivirus Result Update
Ad-Aware Worm.Generic.403516 20160224
AegisLab Worm.MSIL.Autorun.of!c 20160224
Yandex Patched.Sality.AT 20160221
AhnLab-V3 HEUR/Fakon.mwf 20160224
ALYac Worm.Generic.403516 20160224
Antiy-AVL Worm/MSIL.Autorun 20160224
Arcabit Worm.Generic.D6283C 20160224
Avast Win32:GenMaliciousA-THX [Trj] 20160224
AVG Worm/Generic2.AZWY 20160224
Avira (no cloud) WORM/Shaskooth.A 20160223
AVware Trojan.Win32.Generic!BT 20160224
Baidu-International Worm.MSIL.AutoRun.of 20160223
BitDefender Worm.Generic.403516 20160224
Bkav W32.FakeW7Folder.Fam.Trojan 20160223
CAT-QuickHeal Worm.MSIL.r3 20160224
ClamAV Win.Trojan.Agent-125040 20160224
CMC Worm.MSIL.Autorun!O 20160223
Comodo UnclassifiedMalware 20160224
Cyren W32/Patched.Y.gen!Eldorado 20160224
DrWeb Trojan.MulDrop4.30700 20160224
Emsisoft Worm.Generic.403516 (B) 20160224
ESET-NOD32 a variant of MSIL/Autorun.Agent.AD 20160224
F-Prot W32/Patched.Y.gen!Eldorado 20160224
F-Secure Worm.Generic.403516 20160224
Fortinet MSIL/AutoRun.AD!worm 20160224
GData Worm.Generic.403516 20160224
Ikarus Worm.Win32.Msil 20160224
Jiangmin Worm.MSIL.oa 20160224
K7AntiVirus NetWorm ( 00207a071 ) 20160224
K7GW Trojan ( 00207a071 ) 20160224
Kaspersky Worm.MSIL.Autorun.of 20160224
Malwarebytes Worm.AutoRun 20160224
McAfee Artemis!815CF807F674 20160224
McAfee-GW-Edition Artemis!Virus 20160224
Microsoft Worm:MSIL/Shaskooth.A 20160224
eScan Worm.Generic.403516 20160224
NANO-Antivirus Trojan.Win32.Autorun.dcmsvd 20160224
nProtect Worm/W32.Agent.70144.Q 20160223
Panda Trj/CI.A 20160223
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20160224
Sophos AV Mal/MSIL-JD 20160224
SUPERAntiSpyware Trojan.Agent/Gen-Autorun 20160224
Symantec W32.SillyFDC 20160223
Tencent Msil.Worm.Autorun.Dxwm 20160224
TotalDefense Win32/FakeFLDR_i 20160223
TrendMicro TROJ_GEN.R034E01GH15 20160224
VBA32 Worm.MSIL.Autorun 20160224
VIPRE Trojan.Win32.Generic!BT 20160224
ViRobot Trojan.Win32.S.Agent.70144.MT[h] 20160224
Zillya Worm.AutoRun.Win32.112173 20160223
Zoner Trojan.Generic 20160224
Alibaba 20160224
ByteHero 20160224
Qihoo-360 20160224
TheHacker 20160222
TrendMicro-HouseCall 20160224
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Microsoft 2010

Product taskhost system 32
Original name taskhost system 32.exe
Internal name taskhost system 32.exe
File version 1.0.0.0
Description taskhost system 32
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-11-12 05:28:35
Entry Point 0x000052CE
Number of sections 3
.NET details
Module Version ID dbee40de-d766-4c09-b493-366a2ee293d9
TypeLib ID a9fcc030-0220-474f-909c-3d1951500189
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 10
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 13
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
56320

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

EntryPoint
0x52ce

OriginalFileName
taskhost system 32.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright Microsoft 2010

FileVersion
1.0.0.0

TimeStamp
2010:11:12 06:28:35+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
taskhost system 32.exe

ProductVersion
1.0.0.0

FileDescription
taskhost system 32

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft

CodeSize
13312

ProductName
taskhost system 32

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 815cf807f6744c150cf8dda8b0e1d227
SHA1 154b88dd3bb529502ca37b84527c6f889228b5d0
SHA256 2b14990e4806c1c00158800b24ee5a7f5dfe8b3f8d634bacb461ee18ca54cfae
ssdeep
1536:L33PxmKXA9Rsw33i6EBXR2n7dqnfiVDIHMPV0+l/sLOUp:LPxs9hzeiVD+EmUsLOUp

authentihash c0470d51197600c181e56465ae9b5f3d0a845e6bc197d437eb1d3d46984df2db
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 68.5 KB ( 70144 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (82.9%)
Win32 Dynamic Link Library (generic) (7.4%)
Win32 Executable (generic) (5.1%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2015-06-01 17:46:21 UTC ( 3 years, 8 months ago )
Last submission 2015-06-01 17:46:21 UTC ( 3 years, 8 months ago )
File names 815cf807f6744c150cf8dda8b0e1d227.virus
taskhost system 32.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!