× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b59df8fa575f593f655adccffceeb619887e25ca499080556f2a537a85108451
File name: hK9QBC.exe
Detection ratio: 8 / 43
Analysis date: 2012-09-19 12:12:34 UTC ( 6 years, 6 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Zbot 20120918
BitDefender Gen:Variant.Strictor.7728 20120919
DrWeb Trojan.PWS.Panda.2363 20120919
Fortinet W32/Kryptik.WDV!tr 20120919
McAfee PWS-Zbot.gen.aln 20120919
Norman W32/Krypt.FV 20120918
Panda Suspicious file 20120919
Rising Trojan.Zbot!4918 20120919
Yandex 20120919
AntiVir 20120919
Antiy-AVL 20120911
Avast 20120919
AVG 20120919
ByteHero 20120918
CAT-QuickHeal 20120918
ClamAV 20120919
Commtouch 20120919
Comodo 20120919
Emsisoft 20120919
eSafe 20120919
ESET-NOD32 20120919
F-Prot 20120919
F-Secure 20120919
GData 20120919
Ikarus 20120919
Jiangmin 20120919
K7AntiVirus 20120918
Kaspersky 20120919
Kingsoft 20120918
McAfee-GW-Edition 20120919
Microsoft 20120919
nProtect 20120919
PCTools 20120919
Sophos AV 20120919
SUPERAntiSpyware 20120911
Symantec 20120919
TheHacker 20120918
TotalDefense 20120919
TrendMicro 20120919
TrendMicro-HouseCall 20120919
VBA32 20120919
VIPRE 20120919
ViRobot 20120919
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) Microsoft Corp. 1991-1999

Product Microsoft(R) Windows (R) 2000 Operating System
Original name taskmgr.exe
Internal name taskmgr
File version 5.00.2137.1
Description Windows TaskManager
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 5:33 PM 2/2/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-09-19 10:20:07
Entry Point 0x000016A0
Number of sections 7
PE sections
Overlays
MD5 2a39ccdfd013a8048b5d2ba9722e36eb
File type data
Offset 405504
Size 49032
Entropy 4.75
PE imports
RegOpenKeyExW
EngFindResource
SetICMProfileA
CombineRgn
GetViewportOrgEx
GetObjectType
GetMetaFileW
GetTextExtentPointA
EngQueryLocalTime
EngUnicodeToMultiByteN
GetTextFaceW
MirrorRgn
cGetTTFFromFOT
FONTOBJ_pQueryGlyphAttrs
SwapBuffers
GetGlyphIndicesA
GdiGetLocalFont
UnloadNetworkFonts
GetTextCharsetInfo
DeleteEnhMetaFile
PATHOBJ_vEnumStart
GetEnhMetaFileW
OffsetViewportOrgEx
GdiConvertDC
RemoveFontResourceExA
EngQueryEMFInfo
EngLockSurface
GdiGetLocalBrush
RemoveFontResourceExW
GetLogColorSpaceA
FillRgn
SelectPalette
EngDeleteSemaphore
GdiEntry8
PolyTextOutA
GdiEntry4
SetDIBColorTable
GetTextColor
EngCreateSemaphore
GdiPrinterThunk
UpdateICMRegKeyW
GetCharWidth32A
PolyTextOutW
GetWindowExtEx
PatBlt
EngPaint
GdiConvertEnhMetaFile
Rectangle
GetObjectA
XLATEOBJ_iXlate
InvertRgn
CreateHatchBrush
EndFormPage
CreatePatternBrush
GdiReleaseLocalDC
PlayEnhMetaFile
GdiPlayPrivatePageEMF
RoundRect
CreateColorSpaceA
GetTextExtentPoint32A
CreateColorSpaceW
SetTextCharacterExtra
GdiTransparentBlt
XFORMOBJ_bApplyXform
GdiFullscreenControl
CreateICA
CreateICW
RemoveFontMemResourceEx
XLATEOBJ_piVector
SetMapperFlags
GetBitmapDimensionEx
FillPath
FontIsLinked
EnumObjects
MoveToEx
SetViewportOrgEx
EngMultiByteToUnicodeN
GetDCPenColor
EngGetDriverName
EngEraseSurface
StrokeAndFillPath
GdiAddGlsRecord
EngUnlockSurface
FlattenPath
SelectObject
StartDocA
SetPolyFillMode
CopyMetaFileW
GdiGetSpoolFileHandle
GdiRealizationInfo
AddFontResourceExW
HT_Get8BPPFormatPalette
CreateJobObjectW
GetFileAttributesW
FreeEnvironmentStringsA
SetErrorMode
FreeEnvironmentStringsW
lstrcatW
SetCommTimeouts
GetThreadContext
ReadFileScatter
WideCharToMultiByte
WriteFile
GetProfileIntW
MoveFileA
GetLogicalDriveStringsW
FindClose
HeapDestroy
OutputDebugStringA
PeekNamedPipe
GetWriteWatch
LocalLock
UpdateResourceW
GetNumberOfConsoleInputEvents
SetConsoleOutputCP
SetConsoleScreenBufferSize
QueueUserAPC
FoldStringA
EnumCalendarInfoA
GetPrivateProfileStringA
WriteProfileStringA
GetVolumeInformationW
LockFileEx
SetCalendarInfoA
CreateThread
SetNamedPipeHandleState
ConvertDefaultLocale
IsProcessorFeaturePresent
SetThreadContext
GlobalMemoryStatus
FindCloseChangeNotification
AllocateUserPhysicalPages
RtlFillMemory
ChangeTimerQueueTimer
SetCurrentDirectoryA
GetSystemTime
LoadLibraryW
FindVolumeClose
CreateMailslotW
ReadConsoleInputA
TlsAlloc
GetWindowsDirectoryW
GetFileSize
GetPrivateProfileIntA
SetProcessPriorityBoost
GetWindowsDirectoryA
GenerateConsoleCtrlEvent
LoadModule
SetVolumeMountPointW
GetProcAddress
GetComputerNameExA
CreateHardLinkA
CreateDirectoryW
EnumResourceNamesA
GetProcessWorkingSetSize
FindFirstFileW
EnumDateFormatsExW
LocalSize
ReadDirectoryChangesW
GetCurrencyFormatA
CreateFileW
GetCurrencyFormatW
FindFirstVolumeW
InterlockedIncrement
BuildCommDCBA
Heap32ListFirst
VirtualAllocEx
lstrlenA
GlobalFree
GetConsoleAliasesLengthW
LockFile
CreateNamedPipeA
lstrlenW
GetShortPathNameA
GetQueuedCompletionStatus
CancelWaitableTimer
FileTimeToLocalFileTime
BuildCommDCBAndTimeoutsA
FindNextVolumeW
GetCPInfo
HeapSize
EnumSystemCodePagesW
SuspendThread
TlsFree
HeapUnlock
GetAtomNameA
DeleteAtom
SetThreadExecutionState
GetConsoleAliasExesLengthA
ResetWriteWatch
CreateProcessW
GetConsoleAliasExesLengthW
WritePrivateProfileStringA
OpenEventA
DnsHostnameToComputerNameA
ExtractIconA
SHQueryRecycleBinW
ExtractAssociatedIconExW
SHBrowseForFolderW
SHBindToParent
Shell_NotifyIconW
ExtractIconW
SHGetDiskFreeSpaceA
SHBrowseForFolderA
SHPathPrepareForWriteW
ShellHookProc
DragQueryFileA
SHFileOperationA
SHGetFileInfoA
SHGetFolderLocation
SHGetDiskFreeSpaceExW
DuplicateIcon
ExtractIconEx
SHGetSpecialFolderLocation
SHGetIconOverlayIndexW
SHGetFileInfoW
WOWShellExecute
SHGetPathFromIDListA
SHGetMalloc
SHGetDataFromIDListA
SHLoadInProc
DragQueryFile
SHFormatDrive
DragAcceptFiles
SHIsFileAvailableOffline
SHGetSpecialFolderPathA
ExtractAssociatedIconW
SHFreeNameMappings
ExtractAssociatedIconA
SHCreateProcessAsUserW
SHGetSpecialFolderPathW
FindExecutableA
SHGetFolderPathW
CheckEscapesW
SHGetDataFromIDListW
SHAddToRecentDocs
DragFinish
ExtractIconExA
SHGetFileInfo
DragQueryPoint
ExtractIconExW
SHGetInstanceExplorer
FindExecutableW
SHAppBarMessage
SHGetPathFromIDList
SHFileOperation
StrStrA
StrCmpNW
StrRChrW
StrRChrIW
StrRStrIA
StrChrIW
StrStrIW
StrRChrA
StrCmpNIA
StrStrW
StrChrIA
StrCmpNA
StrRStrIW
StrChrW
EnumDesktopsA
DdeReconnect
ChangeDisplaySettingsA
GetGuiResources
DdeDisconnect
OemToCharBuffA
DispatchMessageA
VkKeyScanA
GetMessageTime
CharLowerBuffW
GetDlgCtrlID
GetClassInfoA
GetClipCursor
UnregisterClassA
SendMessageA
DialogBoxParamA
PackDDElParam
SetMenuDefaultItem
SetScrollPos
DdeQueryStringW
ShowCursor
EnumClipboardFormats
LockWindowUpdate
MsgWaitForMultipleObjects
UpdateWindow
EqualRect
SetClassLongA
SetWindowsHookA
SetPropW
ValidateRgn
SetMessageQueue
GetTabbedTextExtentA
InsertMenuItemW
ChildWindowFromPoint
SetThreadDesktop
ActivateKeyboardLayout
GetIconInfo
GetClipboardViewer
SendNotifyMessageW
CloseWindow
DrawMenuBar
EnumDisplayDevicesW
OpenDesktopA
GetKeyboardLayout
FlashWindow
GetSysColorBrush
GetDialogBaseUnits
TabbedTextOutW
GetUpdateRect
GetUserObjectSecurity
DragDetect
MapVirtualKeyA
DefWindowProcW
ChangeMenuW
keybd_event
GetClipboardOwner
CharPrevW
ToUnicodeEx
EnumDisplaySettingsExA
DdeAddData
GetLastActivePopup
CreateIconIndirect
CloseWindowStation
LoadCursorA
GetMenuItemInfoA
IsDlgButtonChecked
FindWindowExW
FillRect
EmptyClipboard
DrawTextExW
LoadMenuA
SendInput
CreateDialogIndirectParamA
MessageBoxExA
UnhookWindowsHookEx
SetRectEmpty
LoadKeyboardLayoutW
GetCursor
GetClassWord
MsgWaitForMultipleObjectsEx
GetTitleBarInfo
IsCharAlphaNumericA
UpdateLayeredWindow
MenuItemFromPoint
GetWindowModuleFileNameA
DestroyIcon
GetAltTabInfoA
UnionRect
GetKeyNameTextW
CreateIcon
IsChild
UnregisterDeviceNotification
IsMenu
wsprintfW
__lconv_init
_fpclass
_spawnlpe
_pclose
_mbctoupper
_fmode
strtol
fputc
__p__mbctype
_close
_atoldbl
_ismbbprint
_CIlog
_putw
_j0
__p__wpgmptr
_snwprintf
memmove
_wfindfirst64
_mbctokata
_mkdir
_adj_fdiv_m16i
toupper
_lfind
_endthread
_tell
_msize
_wcslwr
_setmode
__winitenv
_Strftime
_local_unwind2
__unguarded_readlc_active
_mbsspnp
modf
_wstrtime
vwprintf
ferror
_strcmpi
free
labs
_cgets
__p___argc
_getmbcp
cos
_longjmpex
__badioinfo
_read
_wfsopen
_exit
_getcwd
_access
_memicmp
_itoa
raise
_abnormal_termination
_mbscmp
_ismbckata
isalpha
_wstat64
_wtoi64
vprintf
__p__commode
getenv
vfprintf
_mbcasemap
_y0
_futime
_spawnvpe
vsprintf
__p__amblksiz
rename
__wgetmainargs
__iscsym
srand
_getche
_c_exit
__p__fileinfo
_utime64
getc
_wutime
_beep
_ismbcl2
rewind
_fullpath
isgraph
_toupper
_strset
_CIlog10
_copysign
_mbsrev
iswprint
difftime
_except_handler2
_flsbuf
_wchmod
CoRegisterPSClsid
CoUninitialize
HMETAFILEPICT_UserUnmarshal
CoGetInstanceFromFile
GetHGlobalFromILockBytes
HBITMAP_UserMarshal
MonikerCommonPrefixWith
CLIPFORMAT_UserSize
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
CoGetApartmentID
CLSIDFromProgIDEx
OleDraw
StgCreateDocfile
CoGetTreatAsClass
MonikerRelativePathTo
DllDebugObjectRPCHook
CreatePointerMoniker
CoSetCancelObject
CoInitialize
CoCreateInstanceEx
HACCEL_UserUnmarshal
StgCreatePropStg
CoRegisterSurrogate
ReadFmtUserTypeStg
IsAccelerator
OleSetContainedObject
OleConvertOLESTREAMToIStorageEx
HMENU_UserFree
WdtpInterfacePointer_UserMarshal
HWND_UserUnmarshal
HMETAFILEPICT_UserFree
HENHMETAFILE_UserMarshal
HBRUSH_UserFree
OleDuplicateData
CLSIDFromString
StgOpenPropStg
CoInitializeWOW
CoGetCallContext
StgSetTimes
CoRegisterClassObject
IsEqualGUID
HBRUSH_UserSize
OleNoteObjectVisible
OleGetIconOfFile
CoTaskMemRealloc
StgConvertVariantToProperty
OleRegEnumVerbs
HMETAFILE_UserUnmarshal
STGMEDIUM_UserMarshal
SNB_UserSize
OleRegEnumFormatEtc
CoGetStandardMarshal
HWND_UserFree
HICON_UserSize
CreateStdProgressIndicator
OleQueryCreateFromData
WriteClassStg
CoGetObjectContext
OleCreateEmbeddingHelper
WriteOleStg
CoRevertToSelf
HMENU_UserMarshal
OleFlushClipboard
CoRevokeClassObject
HMENU_UserSize
OleSaveToStream
OleIsRunning
HMETAFILEPICT_UserMarshal
CoRevokeMallocSpy
CoFreeUnusedLibraries
HDC_UserSize
HMETAFILEPICT_UserSize
GetHGlobalFromStream
HWND_UserSize
WdtpInterfacePointer_UserUnmarshal
CoAllowSetForegroundWindow
WdtpInterfacePointer_UserFree
CoGetClassVersion
CreateFileMoniker
MkParseDisplayName
OleGetIconOfClass
OleBuildVersion
WriteFmtUserTypeStg
HGLOBAL_UserMarshal
Number of PE resources by type
RT_ICON 16
RT_STRING 14
RT_GROUP_ICON 14
RT_BITMAP 8
RT_DIALOG 7
RT_MENU 7
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 68
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
2.5

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.0.2137.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows TaskManager

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
68096

EntryPoint
0x16a0

OriginalFileName
taskmgr.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) Microsoft Corp. 1991-1999

FileVersion
5.00.2137.1

TimeStamp
2012:09:19 11:20:07+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
taskmgr

ProductVersion
5.00.2137.1

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
336896

ProductName
Microsoft(R) Windows (R) 2000 Operating System

ProductVersionNumber
5.0.2137.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 e06c6eaab528697406577eada8c6702e
SHA1 22ed06be2e3c340033f6d3850fa55d623218ee70
SHA256 b59df8fa575f593f655adccffceeb619887e25ca499080556f2a537a85108451
ssdeep
6144:Ubzzv2J/j3/I/qtPW1yzF3ty5w9GhxQqdaV2i/eRoBJ5ln6ZdTHaSe2K:LgSQMz8QqdXi/eRoBThl

authentihash dd5fe48643ad884f308ff4a8b684a44bc74edddc3cdfd80bc3b3804ce95f64fb
imphash 1f755c31f0bbd9cb277d88bd6526dfd5
File size 443.9 KB ( 454536 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (32.5%)
Win32 Executable MS Visual C++ (generic) (23.6%)
Win64 Executable (generic) (20.9%)
Windows screen saver (9.9%)
Win32 Dynamic Link Library (generic) (4.9%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-09-19 12:12:34 UTC ( 6 years, 6 months ago )
Last submission 2019-02-02 16:38:28 UTC ( 1 month, 2 weeks ago )
File names hK9QBC.exe
aa
UMXl.exe
output.2252898.txt
taskmgr.exe
e06c6eaab528697406577eada8c6702e
b59df8fa575f593f655adccffceeb619887e25ca499080556f2a537a85108451.bin
e06c6eaab528697406577eada8c6702e.exe
taskmgr
2252898
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.