× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f689ee9af94b00e9e3f0bb072b34caaf207f32dcb4f5782fc9ca351df9a06c97
File name: mstsc.exe
Detection ratio: 0 / 67
Analysis date: 2018-01-17 03:03:22 UTC ( 2 days, 12 hours ago )
Trusted source! This file belongs to the Microsoft Corporation software catalogue.
Antivirus Result Update
ALYac 20180117
AVG 20180117
AVware 20180103
Ad-Aware 20180117
AegisLab 20180117
AhnLab-V3 20180116
Antiy-AVL 20180117
Arcabit 20180117
Avast 20180117
Avast-Mobile 20180116
Avira (no cloud) 20180116
Baidu 20180116
BitDefender 20180117
Bkav 20180116
CAT-QuickHeal 20180116
CMC 20180116
ClamAV 20180116
Comodo 20180117
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20180117
Cyren 20180117
DrWeb 20180117
ESET-NOD32 20180117
Emsisoft 20180117
Endgame 20171130
F-Prot 20180117
F-Secure 20180117
Fortinet 20180117
GData 20180117
Ikarus 20180116
Sophos ML 20170914
Jiangmin 20180117
K7AntiVirus 20180116
K7GW 20180116
Kaspersky 20180117
Kingsoft 20180117
MAX 20180117
Malwarebytes 20180117
McAfee 20180117
McAfee-GW-Edition 20180117
eScan 20180117
Microsoft 20180117
NANO-Antivirus 20180117
Palo Alto Networks (Known Signatures) 20180117
Panda 20180116
Qihoo-360 20180117
Rising 20180117
SUPERAntiSpyware 20180117
SentinelOne (Static ML) 20180115
Sophos AV 20180117
Symantec 20180116
Tencent 20180117
TheHacker 20180115
TrendMicro 20180117
TrendMicro-HouseCall 20180117
VBA32 20180116
VIPRE 20180117
ViRobot 20180116
Webroot 20180117
WhiteArmor 20180110
Yandex 20180112
Zillya 20180116
ZoneAlarm by Check Point 20180117
Zoner 20180117
eGambit 20180117
nProtect 20180117
Alibaba 20180117
Symantec Mobile Insight 20180117
Trustlook 20180117
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem that targets 64bit architectures.
FileVersionInfo properties
Copyright
Public Domain; Author Iain Patterson 2003-2014

Product NSSM 64-bit
File version 2.24
Description The non-sucking service manager
Comments http://nssm.cc/
PE header basic information
Target machine x64
Compilation timestamp 2014-08-31 15:34:28
Entry Point 0x000189A0
Number of sections 5
PE sections
PE imports
GetServiceKeyNameW
RegCreateKeyExW
RegCloseKey
LsaNtStatusToWinError
OpenServiceW
QueryServiceConfigW
ControlService
RegDeleteKeyW
DeleteService
RegQueryValueExW
LsaOpenPolicy
CloseServiceHandle
ChangeServiceConfig2W
RegisterEventSourceW
DeregisterEventSource
QueryServiceStatus
RegOpenKeyExW
EnumServicesStatusW
QueryServiceConfig2W
LsaEnumerateAccountRights
CreateServiceW
LsaLookupNames
SetServiceStatus
IsValidSid
GetSidIdentifierAuthority
LsaFreeMemory
LsaAddAccountRights
GetSidSubAuthority
GetSidSubAuthorityCount
IsTextUnicode
InitializeSid
GetServiceDisplayNameW
LsaLookupSids
RegDeleteValueW
StartServiceW
RegSetValueExW
FreeSid
GetSidLengthRequired
OpenSCManagerW
ReportEventW
AllocateAndInitializeSid
CheckTokenMembership
RegisterServiceCtrlHandlerExW
LsaClose
StartServiceCtrlDispatcherW
ChangeServiceConfigW
GetOpenFileNameW
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
EncodePointer
FlsGetValue
CreatePipe
GetCurrentProcess
CompareFileTime
GetConsoleMode
GetLocaleInfoA
LocalAlloc
ExitProcess
GetFileInformationByHandle
SetStdHandle
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
Thread32First
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
LoadResource
AllocConsole
TlsGetValue
MoveFileW
SetLastError
GetSystemTime
GetUserDefaultLangID
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlsSetValue
GetModuleFileNameA
FillConsoleOutputCharacterW
HeapSetInformation
SetConsoleCtrlHandler
RtlVirtualUnwind
UnhandledExceptionFilter
MultiByteToWideChar
SetProcessAffinityMask
RegisterWaitForSingleObject
CreateThread
SetEnvironmentVariableW
DeleteCriticalSection
SetUnhandledExceptionFilter
SetHandleInformation
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
SetEndOfFile
SetWaitableTimer
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetComputerNameW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
GetStartupInfoA
GetWindowsDirectoryW
DecodePointer
OpenProcess
GenerateConsoleCtrlEvent
GetProcAddress
FillConsoleOutputAttribute
GetProcessHeap
CreateWaitableTimerW
FreeEnvironmentStringsW
RtlLookupFunctionEntry
FreeConsole
Thread32Next
DuplicateHandle
RtlUnwindEx
GetProcessAffinityMask
CreateFileW
GetConsoleWindow
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
LeaveCriticalSection
GetLastError
IsValidCodePage
SystemTimeToFileTime
LCMapStringW
GetConsoleCP
LCMapStringA
GetProcessTimes
GetEnvironmentStringsW
Process32NextW
UnregisterWait
GetCurrentProcessId
GetCommandLineW
GetCPInfo
HeapSize
FlsAlloc
FlsFree
Process32FirstW
SetConsoleTitleW
ExpandEnvironmentStringsW
SetFilePointer
ReadFile
RtlCaptureContext
CloseHandle
GetACP
GetModuleHandleW
GetCurrentDirectoryW
HeapCreate
FindResourceExW
CreateProcessW
Sleep
GetOEMCP
ShellExecuteExW
PathFindExtensionW
PathUnquoteSpacesW
SetFocus
SetWindowLongPtrW
CreateDialogIndirectParamW
PostQuitMessage
EnumWindows
CheckRadioButton
GetMessageW
ShowWindow
SetWindowPos
GetWindowThreadProcessId
GetDesktopWindow
GetSystemMetrics
MessageBoxW
GetWindowRect
EnableWindow
MoveWindow
TranslateMessage
GetDlgItemTextW
PostMessageW
GetDlgItemInt
SetDlgItemTextW
DispatchMessageW
SendMessageW
SendDlgItemMessageW
GetWindowLongPtrW
GetDlgItem
EnableMenuItem
MessageBoxIndirectW
LoadImageW
IsDialogMessageW
SetDlgItemInt
PostThreadMessageW
GetSystemMenu
DestroyWindow
Number of PE resources by type
RT_DIALOG 42
RT_ICON 4
RT_MESSAGETABLE 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 17
FRENCH 15
ITALIAN 15
NEUTRAL 5
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
http://nssm.cc/

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.24.0.74

LanguageCode
English (U.S.)

FileFlagsMask
0x0003

CharacterSet
Unicode

InitializedDataSize
198144

EntryPoint
0x189a0

MIMEType
application/octet-stream

LegalCopyright
Public Domain; Author Iain Patterson 2003-2014

FileVersion
2.24

TimeStamp
2014:08:31 16:34:28+01:00

FileType
Win64 EXE

PEType
PE32+

SubsystemVersion
5.2

ProductVersion
2.24

FileDescription
The non-sucking service manager

OSVersion
5.2

FileOS
Win32

Subsystem
Windows command line

MachineType
AMD AMD64

CodeSize
132096

ProductName
NSSM 64-bit

ProductVersionNumber
2.24.0.74

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 beceae2fdc4f7729a93e94ac2ccd78cc
SHA1 47c112c23c7bdf2af24a20bd512f91ff6af76bc6
SHA256 f689ee9af94b00e9e3f0bb072b34caaf207f32dcb4f5782fc9ca351df9a06c97
ssdeep
6144:yejl5QCuDlXW4+DiErv2yKU9pclGrDkXNBe:vl5QCKdW4+DiNlXNBe

authentihash 93188c042377de964d7275ad39ddff5da85bac8d1a77687b541319c1a6c3b5c1
imphash e14388498639688dc750895bc5ef963a
File size 323.5 KB ( 331264 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (console) Mono/.Net assembly

TrID Win64 Executable (generic) (87.3%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
Tags
64bits peexe assembly trusted via-tor

Trusted verdicts
This file belongs to the Microsoft Corporation software catalogue. The file is often found with 1019.dll as its name.
VirusTotal metadata
First submission 2014-09-03 07:47:30 UTC ( 3 years, 4 months ago )
Last submission 2018-01-17 03:03:22 UTC ( 2 days, 12 hours ago )
File names f9806
sbs_ve_ambr_20170517181650.234_ 11934
taskhost_old.exe
nssm.exe.5816_6.232584.partial
TaskHost.exe$
f10008
WindowsSocket.exe
f8328
f8326
0
taskhost.exe
a36747c5-ff38-be6c-e5b0-9cca078d235a_1d28557501a2dea
nssm.exe
nssm.exe.10880_4.120070.partial
f689ee9af94b00e9_taskmon.exe
b57a48df-a147-8d3c-67dc-c28b0951321b_1d2737e732b1e7b
nssm-x64.exe
nssm.exe.4712_2.75294.partial
SpiceworksEventProcessor.exe
svchost.exe
appnodemodulesnssmexe
TaskHost.exe
TaskHost.exe
csrssv.exe
taskhost.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!