× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d845899d437639a34d5c88384b3429437d2547d8ef8e8a32c9c5ce3ed8b14be6
File name: TaskScheduler
Detection ratio: 0 / 53
Analysis date: 2014-08-18 18:39:18 UTC ( 4 years, 3 months ago )
Antivirus Result Update
Ad-Aware 20140818
AegisLab 20140818
Yandex 20140818
AhnLab-V3 20140818
AntiVir 20140818
Antiy-AVL 20140818
Avast 20140818
AVG 20140818
AVware 20140818
Baidu-International 20140818
BitDefender 20140818
Bkav 20140818
ByteHero 20140818
CAT-QuickHeal 20140818
ClamAV 20140818
CMC 20140818
Commtouch 20140818
Comodo 20140818
DrWeb 20140818
Emsisoft 20140818
ESET-NOD32 20140818
F-Prot 20140818
F-Secure 20140818
Fortinet 20140818
GData 20140818
Ikarus 20140818
Jiangmin 20140815
K7AntiVirus 20140818
K7GW 20140818
Kaspersky 20140818
Kingsoft 20140818
Malwarebytes 20140818
McAfee 20140818
McAfee-GW-Edition 20140818
Microsoft 20140818
eScan 20140818
NANO-Antivirus 20140818
Norman 20140818
nProtect 20140818
Panda 20140818
Qihoo-360 20140818
Rising 20140818
Sophos AV 20140818
SUPERAntiSpyware 20140818
Symantec 20140818
Tencent 20140818
TheHacker 20140817
TotalDefense 20140818
TrendMicro 20140818
TrendMicro-HouseCall 20140818
VBA32 20140818
VIPRE 20140818
ViRobot 20140818
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© ?????????? ??????????. ??? ????? ????????.

Publisher ?????????? ??????????
Product ???????????? ??????? Microsoft® Windows®
Original name mstask.dll
Internal name TaskScheduler
File version 5.1.2600.5512 (xpsp.080413-2108)
Description ?????????? ?????????? ???????????? ???????
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-04-14 16:12:04
Entry Point 0x00001748
Number of sections 4
PE sections
PE imports
SetSecurityDescriptorOwner
RegCloseKey
LookupAccountSidW
AccessCheck
OpenServiceW
AdjustTokenPrivileges
ControlService
LookupPrivilegeValueW
RegDeleteKeyW
GetSecurityInfo
RegQueryValueExW
CloseServiceHandle
GetFileSecurityW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
QueryServiceStatus
RegConnectRegistryW
RegOpenKeyExW
GetTokenInformation
GetUserNameW
ImpersonateSelf
RegEnumKeyExW
OpenThreadToken
SetSecurityInfo
SetEntriesInAclW
RevertToSelf
StartServiceW
RegSetValueExW
FreeSid
OpenSCManagerW
AllocateAndInitializeSid
CheckTokenMembership
ImageList_SetOverlayImage
ImageList_Destroy
ImageList_AddMasked
DestroyPropertySheetPage
CreatePropertySheetPageW
ImageList_Create
ImageList_Remove
Ord(17)
PropertySheetW
ImageList_GetIcon
InitCommonControlsEx
ImageList_ReplaceIcon
GetDeviceCaps
DeleteDC
CreateFontIndirectW
SelectObject
CreatePalette
GetStockObject
CreateDIBitmap
SelectPalette
GetObjectW
BitBlt
CreateCompatibleDC
DeleteObject
RealizePalette
GetDriveTypeW
FileTimeToSystemTime
DeactivateActCtx
GetFileAttributesW
lstrcmpW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
UnhandledExceptionFilter
SetErrorMode
GetLocaleInfoW
GetFileTime
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
LocalFree
FormatMessageW
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
GetFullPathNameW
GetEnvironmentVariableW
IsBadWritePtr
GetUserDefaultUILanguage
GetSystemTime
LoadLibraryExA
GetUserDefaultLCID
ActivateActCtx
GetVolumeInformationW
SetFileAttributesW
CreateThread
SetUnhandledExceptionFilter
MulDiv
ExitThread
TerminateProcess
SearchPathW
SetCurrentDirectoryW
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
DisableThreadLibraryCalls
lstrcmpiW
GetFileSize
OpenProcess
GetDateFormatW
CreateDirectoryW
DeleteFileW
GlobalLock
GetComputerNameW
CompareStringW
GlobalReAlloc
ExpandEnvironmentStringsW
lstrcmpA
FindNextFileW
GetComputerNameExW
FindFirstFileW
DuplicateHandle
GetProcAddress
CreateFileMappingW
CreateFileW
GetFileType
InterlockedIncrement
GetLastError
LocalReAlloc
SystemTimeToFileTime
CreateWaitableTimerW
GlobalFree
GetTimeFormatW
GlobalUnlock
lstrlenW
CancelWaitableTimer
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCurrentActCtx
GetCurrentThread
lstrcpynW
MapViewOfFile
SetFilePointer
ReadFile
CloseHandle
SetWaitableTimer
IsBadStringPtrW
CompareFileTime
UnmapViewOfFile
FindResourceW
Sleep
WNetGetConnectionW
WNetGetResourceInformationW
WNetGetNetworkInformationW
DsMakeSpnW
RpcEpResolveBinding
RpcBindingFree
NdrClientCall2
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
UuidCreate
RpcStringFreeW
DragQueryFileW
Ord(152)
Ord(155)
SHChangeNotify
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
Ord(196)
Ord(67)
SHExtractIconsW
Ord(2)
Ord(73)
Ord(4)
Ord(174)
SHGetFolderPathW
Ord(18)
Ord(28)
PathRemoveFileSpecW
PathFindExtensionW
PathFindFileNameW
GetUserNameExW
SetFocus
RegisterWindowMessageW
GetForegroundWindow
GetParent
GetWindow
EndDialog
SystemParametersInfoW
EnumWindows
DefWindowProcW
FindWindowW
CheckRadioButton
KillTimer
DestroyMenu
DialogBoxParamW
ShowWindow
MessageBeep
LoadMenuW
MapWindowPoints
RemoveMenu
GetWindowThreadProcessId
GetSystemMetrics
SetWindowLongW
MessageBoxW
DestroyIcon
GetWindowRect
EnableWindow
IsWindow
SwitchToThisWindow
GetDC
EnumChildWindows
SetWindowPos
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
SetMenuItemInfoW
GetDlgItemInt
CheckDlgButton
GetMenuItemID
GetKeyState
ReleaseDC
CheckMenuItem
SendMessageW
RegisterClassW
WinHelpW
LoadStringW
GetClassInfoW
GetMenuItemInfoW
GetDlgItem
SetMenuDefaultItem
SetDlgItemTextW
EnableMenuItem
InvalidateRect
GetSubMenu
SetTimer
LoadImageW
GetClassNameW
TrackPopupMenu
GetMenuItemCount
IsDlgButtonChecked
SetWindowTextW
GetWindowTextW
RegisterClipboardFormatW
ValidateRect
LoadCursorW
GetWindowTextLengthW
CreateWindowExW
GetWindowLongW
SetForegroundWindow
GetClientRect
DestroyWindow
GetLastActivePopup
SetCursor
UnloadUserProfile
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
WSAStartup
WSACleanup
inet_addr
WSAGetLastError
gethostbyaddr
GetOpenFileNameW
CommDlgExtendedError
_purecall
rand
malloc
setlocale
wcstoul
wcschr
_vsnwprintf
_except_handler3
??2@YAPAXI@Z
wcslen
wcscmp
_itow
mbstowcs
wcsrchr
_adjust_fdiv
_wcsicmp
wcspbrk
iswctype
_wcsnicmp
wcsncpy
??3@YAXPAX@Z
free
wcsncmp
memmove
wcsspn
wcstombs
wcsstr
_initterm
CoGetCallContext
OleUninitialize
OleSetClipboard
OleInitialize
ReleaseStgMedium
CoCreateInstance
OleGetClipboard
CoTaskMemFree
CoTaskMemAlloc
PE exports
Number of PE resources by type
RT_STRING 35
RT_ICON 33
RT_DIALOG 17
RT_MENU 8
RT_GROUP_ICON 4
RT_BITMAP 3
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 102
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
192000

ImageVersion
5.1

ProductName
Microsoft Windows

FileVersionNumber
5.1.2600.5512

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
7.1

OriginalFilename
mstask.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.1.2600.5512 (xpsp.080413-2108)

TimeStamp
2008:04:14 17:12:04+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
TaskScheduler

FileAccessDate
2014:08:18 19:33:39+01:00

ProductVersion
5.1.2600.5512

SubsystemVersion
4.0

OSVersion
5.1

FileCreateDate
2014:08:18 19:33:39+01:00

FileOS
Windows NT 32-bit

LegalCopyright
. .

MachineType
Intel 386 or later, and compatibles

CodeSize
142336

FileSubtype
0

ProductVersionNumber
5.1.2600.5512

EntryPoint
0x1748

ObjectFileType
Dynamic link library

File identification
MD5 59780dfa08a4058626ebf5e5e4f926c5
SHA1 01f07d3f86f532ae5f8e362d3b3414b12b0bc1ee
SHA256 d845899d437639a34d5c88384b3429437d2547d8ef8e8a32c9c5ce3ed8b14be6
ssdeep
3072:kxxoHmIqxzGuBlPI24iN01MSeJRcGirwlqtbQrwtmvf3cs3oP9g4ZOSy+Jdlh0w:tHm3xq4lPGiN0kzVwavf3csCj1/kj

imphash 51b7585e7747e4f5d399a6235ea3b7ce
File size 327.5 KB ( 335360 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID DirectShow filter (93.0%)
Win32 Dynamic Link Library (generic) (3.0%)
Win32 Executable (generic) (2.0%)
Generic Win/DOS Executable (0.9%)
DOS Executable Generic (0.9%)
Tags
pedll

VirusTotal metadata
First submission 2012-05-05 14:32:06 UTC ( 6 years, 7 months ago )
Last submission 2014-03-23 16:47:12 UTC ( 4 years, 8 months ago )
File names mstask.dll
TaskScheduler
mstask.dll
avz00001.dta
vt-upload-BVi2ue
mstask.dll
mstask.dll
mstask.dll
mstask.dll
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!