× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 50f2abb613df4813ce74f3b0df080497f689dfcad11f0fc7cd5ea4cdaf093bdf
File name: taskmgr.exe
Detection ratio: 0 / 43
Analysis date: 2012-03-05 12:18:45 UTC ( 5 years, 8 months ago ) View latest
Trusted source! This file belongs to the Microsoft Corporation software catalogue.
Antivirus Result Update
AVG 20120305
AhnLab-V3 20120305
AntiVir 20120305
Antiy-AVL 20120305
Avast 20120305
BitDefender 20120305
ByteHero 20120305
CAT-QuickHeal 20120305
ClamAV 20120305
Commtouch 20120304
Comodo 20120305
DrWeb 20120305
Emsisoft 20120305
F-Prot 20120304
F-Secure 20120305
Fortinet 20120305
GData 20120305
Ikarus 20120305
Jiangmin 20120301
K7AntiVirus 20120302
Kaspersky 20120305
McAfee 20120302
McAfee-GW-Edition 20120304
Microsoft 20120305
NOD32 20120305
Norman 20120304
PCTools 20120228
Panda 20120305
Prevx 20120305
Rising 20120305
SUPERAntiSpyware 20120302
Sophos AV 20120305
Symantec 20120305
TheHacker 20120305
TrendMicro 20120304
TrendMicro-HouseCall 20120305
VBA32 20120305
VIPRE 20120305
ViRobot 20120305
VirusBuster 20120304
eSafe 20120305
eTrust-Vet 20120305
nProtect 20120304
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name taskmgr.exe
Internal name taskmgr
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description Windows Task Manager
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-11-20 08:56:01
Entry Point 0x00008387
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
OpenThreadWaitChainSession
RegCloseKey
EventWrite
OpenServiceW
QueryServiceConfigW
ControlService
RegQueryValueExW
CloseServiceHandle
CreateWellKnownSid
OpenProcessToken
RegOpenKeyExW
EnumServicesStatusExW
SetTokenInformation
EventUnregister
GetTokenInformation
DuplicateTokenEx
IsValidSid
StartServiceW
AdjustTokenPrivileges
GetThreadWaitChain
RevertToSelf
EventRegister
RegSetValueExW
OpenSCManagerW
ImpersonateLoggedOnUser
CloseThreadWaitChainSession
Ord(337)
Ord(336)
Ord(328)
Ord(329)
Ord(334)
Ord(338)
ImageList_Create
Ord(331)
Ord(345)
ImageList_Remove
Ord(17)
CreateStatusWindowW
ImageList_SetIconSize
ImageList_ReplaceIcon
GetDeviceCaps
GetCurrentObject
LineTo
DeleteDC
CreateFontIndirectW
SetBkMode
MoveToEx
CreatePen
GetCharWidth32W
GetStockObject
SelectObject
SetTextColor
GetObjectW
BitBlt
SetBkColor
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
Rectangle
GetAdaptersAddresses
GetIfEntry2
NhGetInterfaceNameFromDeviceGuid
CreateToolhelp32Snapshot
OpenThread
HeapFree
lstrlenW
DelayLoadFailureHook
lstrlenA
GetModuleFileNameW
DeviceIoControl
WaitForSingleObject
TrySubmitThreadpoolCallback
SetEvent
GetThreadTimes
CompareStringW
GetTickCount
SetProcessShutdownParameters
InterlockedExchange
GetLogicalProcessorInformationEx
lstrcmpiW
GetCommandLineW
CreateThreadpoolCleanupGroup
DuplicateHandle
HeapSetInformation
GetCurrentProcess
GetPriorityClass
LoadLibraryExA
GetCurrentDirectoryW
QueryPerformanceCounter
GetCurrentProcessId
CloseThreadpoolCleanupGroupMembers
OpenProcess
LockResource
ProcessIdToSessionId
QueryFullProcessImageNameW
GetStartupInfoW
ReleaseMutex
UnhandledExceptionFilter
SetErrorMode
MultiByteToWideChar
HeapSize
ReadProcessMemory
GetProcAddress
InterlockedCompareExchange
GetLocaleInfoW
GetComputerNameW
GetTimeFormatW
CreateThread
LoadLibraryW
ExpandEnvironmentStringsW
GetExitCodeThread
SetUnhandledExceptionFilter
GetModuleHandleA
GetVersionExW
GetTempPathW
CreateMutexW
MulDiv
GetSystemTimeAsFileTime
GetErrorMode
Thread32Next
CloseThreadpoolCleanupGroup
Thread32First
HeapReAlloc
SetPriorityClass
FreeLibrary
LocalFree
FormatMessageW
IsWow64Process
CreateEventW
GetNumaHighestNodeNumber
LoadResource
FindResourceExW
CreateFileW
CreateProcessW
CallbackMayRunLong
Sleep
TerminateProcess
GetLastError
HeapAlloc
GetCurrentThreadId
GetProcessHeap
lstrcmpW
GetNumberFormatW
SetLastError
CloseHandle
Ord(75)
Ord(100)
Ord(61)
ShellAboutW
Ord(245)
DuplicateIcon
SHOpenFolderAndSelectItems
ShellExecuteExW
SHParseDisplayName
Shell_NotifyIconW
CommandLineToArgvW
Ord(348)
Ord(618)
Ord(158)
Ord(437)
PathAppendW
Ord(16)
PathAddExtensionW
StrStrW
StrFormatByteSizeW
PathRemoveExtensionW
GetUserNameExW
RedrawWindow
GetForegroundWindow
DrawTextW
EnumDesktopsW
DestroyMenu
GetGuiResources
SetWindowPos
GetNextDlgTabItem
IsWindow
OpenIcon
AppendMenuW
DispatchMessageW
GetCursorPos
CharLowerBuffW
GetDlgCtrlID
HungWindowFromGhostWindow
SendMessageW
GhostWindowFromHungWindow
GetClassInfoW
AllowSetForegroundWindow
SetMenuDefaultItem
SetScrollPos
GetThreadDesktop
LoadImageW
GetWindowTextW
GetWindowTextLengthW
MsgWaitForMultipleObjects
DestroyWindow
GetParent
UpdateWindow
PostQuitMessage
SetProcessDPIAware
GetMessageW
ShowWindow
PeekMessageW
EnableWindow
ShowWindowAsync
TranslateMessage
SetThreadDesktop
GetWindow
InternalGetWindowText
LoadAcceleratorsW
RegisterClassW
OpenDesktopW
IsZoomed
LoadStringW
SetWindowLongW
IsHungAppWindow
IsIconic
TrackPopupMenuEx
GetSubMenu
SetTimer
IsDialogMessageW
SwitchToThisWindow
MonitorFromPoint
DeferWindowPos
GetDialogBaseUnits
CreateWindowExW
GetWindowLongW
SetFocus
RegisterWindowMessageW
GetMonitorInfoW
DefWindowProcW
KillTimer
CheckMenuRadioItem
ChangeWindowMessageFilterEx
MapWindowPoints
GetSystemMetrics
EnableMenuItem
GetWindowRect
EnumDesktopWindows
GetProcessWindowStation
GetScrollInfo
CreateDialogParamW
CheckMenuItem
GetClassLongW
GetLastActivePopup
SetWindowTextW
GetDlgItem
PostMessageW
PostThreadMessageW
IsDlgButtonChecked
CheckDlgButton
GetDesktopWindow
LoadCursorW
LoadIconW
GetMenuItemID
FillRect
SetForegroundWindow
GetMenuItemInfoW
ReleaseDC
EndDialog
FindWindowW
EndTask
GetShellWindow
MessageBeep
LoadMenuW
RemoveMenu
GetWindowThreadProcessId
GetSysColorBrush
BeginDeferWindowPos
MessageBoxW
GetMenu
SetMenu
MoveWindow
DialogBoxParamW
CascadeWindows
GetFocus
GetSysColor
SetDlgItemTextW
SetScrollInfo
GetKeyState
EndDeferWindowPos
DestroyIcon
IsWindowVisible
TileWindows
SystemParametersInfoW
GetDC
SetRect
DeleteMenu
InvalidateRect
CallWindowProcW
GetClassNameW
GetClientRect
CloseDesktop
SendMessageTimeoutW
TranslateAcceleratorW
SetCursor
IsThemeActive
SetWindowTheme
VDMTerminateTaskWOW
VDMEnumTaskWOWEx
CredUIPromptForCredentialsW
__p__fmode
__wgetmainargs
memset
_ftol2
_wcsicmp
swscanf_s
_vsnwprintf
_amsg_exit
?terminate@@YAXXZ
??2@YAPAXI@Z
memcpy
_wcsdup
_ftol2_sse
exit
towlower
strrchr
__setusermatherr
_controlfp
_XcptFilter
_cexit
_i64tow_s
__p__commode
??3@YAXPAX@Z
free
_except_handler4_common
_wtol
memmove
wcsrchr
_ui64tow_s
wcsstr
_initterm
_exit
_wcmdln
__set_app_type
RtlNtStatusToDosError
RtlInitUnicodeString
NtOpenProcessToken
NtOpenFile
RtlDeleteCriticalSection
NtSetInformationProcess
NtSetInformationFile
RtlTimeToElapsedTimeFields
NtOpenThread
NtOpenThreadToken
NtQueryTimerResolution
NtQueryInformationToken
RtlTryEnterCriticalSection
WinSqmAddToStream
RtlInitializeCriticalSection
RtlLeaveCriticalSection
RtlEnterCriticalSection
NtQuerySystemInformation
NtQueryInformationProcess
NtClose
PcwCreateQuery
PcwCollectData
PcwAddQueryItem
EvtClose
EvtSubscribe
Number of PE resources by type
RT_ICON 53
RT_GROUP_ICON 17
RT_BITMAP 3
RT_MANIFEST 1
WEVT_TEMPLATE 1
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 77
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.1

LinkerVersion
9.0

ImageVersion
6.1

FileSubtype
0

FileVersionNumber
6.1.7601.17514

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
110592

EntryPoint
0x8387

OriginalFileName
taskmgr.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2010:11:20 09:56:01+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
taskmgr

ProductVersion
6.1.7601.17514

FileDescription
Windows Task Manager

OSVersion
6.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
118784

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7601.17514

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
PE resource-wise parents
Overlay parents
Compressed bundles
File identification
MD5 545bf7eaa24a9e062857d0742ec0b28a
SHA1 d748d5b325e5dd4fadeb837a59f61e55d2636d31
SHA256 50f2abb613df4813ce74f3b0df080497f689dfcad11f0fc7cd5ea4cdaf093bdf
ssdeep
3072:pH2eGGLRntP8pp24NtkoOhlowctY4FNCFvj0mUXx5WNLqZz/JevbRcMhA:pHepEi7Oh+txfj0Lq+TeMm

authentihash 8b1deca198e078a887b29bcb71b1f409968327b8671a6566624b9faca5773c8f
imphash c8e0b2ae275fc85dcd34a3b111fe1eb4
File size 222.0 KB ( 227328 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe trusted via-tor

Trusted verdicts
This file belongs to the Microsoft Corporation software catalogue. The file is often found with taskmgr.exe as its name.
VirusTotal metadata
First submission 2011-01-17 11:57:27 UTC ( 6 years, 10 months ago )
Last submission 2017-11-18 08:47:52 UTC ( 3 days, 17 hours ago )
File names 083649fa32d2644586465a9b25eacde2.tmp
d748d5b325e5dd4fadeb837a59f61e55d2636d31.exe
9ff16b1f124ef44cb703000352669f39.tmp
e85ca3.tmpscan
654a4f3b06e2ec4dbb8673bd4255075c.tmp
d2cdc267f878e241a4bf48aee1f4d3d5.tmp
taskmgr(1433).exe
taskmgr_w7_classic_x32.exe
taskmgr(1315).exe
446e79ef3747c045925aee978dfbd5ba.tmp
taskmgr.exe.63812
51ec77.tmpscan
taskmgr-{4b3334b3-9849-41f5-9d81-491efdc84dfb}-v2912128.exe
4c2338b11476b04b993aabaaefd1b7f9.tmp
0154cfab2ce4364ca864a52a53215251.tmp
f378dd1.tmpscan
f0e70e91af144d4f83d6713bceaef144.tmp
f98aff8c81d7a54c8b7debbdc953c225.tmp
23910c48e478ab4190f85358f3453b33.tmp
fdda26d63dd44643a33bf52f4c1736cd.tmp
9c7d493ace71444ea8a289ab8e5a4dd7.tmp
7a35d.tmpscan
58a4b25813ee474f97bc0053c4fb4f4a.tmp
myfile.exe
972a8e1c4c86bc4bb8b572463a2650f9.tmp
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!