× Çerezler devre dışı bırakılmış! Bu sitenin düzgün bir şekilde çalışabilmesi için çerezlerin açık olması gerekir.
SHA256: 1ca62477884f4afb49a2bdbb277b19f1c6c2b49c23c39777df7a3aa56e97483a
Dosya adı: taskmgr.exe
Tespit edilme orani 40 / 68
Analiz tarihi: 2018-06-12 14:28:40 UTC ( 1 hafta, 4 gün önce)
Antivirus Sonuç Güncelle
Ad-Aware Trojan.Generic.20258986 20180612
AhnLab-V3 PUP/Win64.BitCoinMiner.R203603 20180612
ALYac Trojan.Generic.20258986 20180612
Antiy-AVL RiskWare[RiskTool]/Win32.AGeneric 20180612
Arcabit Trojan.Generic.D13520AA 20180612
Avast FileRepMetagen [PUP] 20180612
AVG FileRepMetagen [PUP] 20180612
AVware Trojan.Win32.Generic!BT 20180612
BitDefender Trojan.Generic.20258986 20180612
Bkav W32.PaiticadLTY.Trojan 20180612
CAT-QuickHeal RiskTool.Generic 20180612
Comodo .ApplicUnwnt 20180612
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180530
Cylance Unsafe 20180612
Cyren W64/Trojan.SRWA-4321 20180612
Emsisoft Trojan.Generic.20258986 (B) 20180612
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win64/CoinMiner.BX potentially unwanted 20180612
F-Secure Trojan.Generic.20258986 20180612
Fortinet W32/CoinMiner.EAD6!tr 20180612
GData Trojan.Generic.20258986 20180612
Ikarus PUA.CoinMiner 20180612
Sophos ML heuristic 20180601
Jiangmin RiskTool.Generic.bip 20180612
K7AntiVirus Unwanted-Program ( 004fc8691 ) 20180612
K7GW Unwanted-Program ( 004fc8691 ) 20180612
Kaspersky not-a-virus:RiskTool.Win32.Generic 20180612
Malwarebytes Trojan.BitCoinMiner 20180612
MAX malware (ai score=99) 20180612
McAfee Artemis!B43C69B1EFF0 20180612
McAfee-GW-Edition BehavesLike.Win64.CoinMiner.rc 20180612
eScan Trojan.Generic.20258986 20180612
Panda Trj/CI.A 20180612
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Claymore's ZCash Miner (PUA) 20180612
Symantec Trojan.Gen.2 20180612
VIPRE Trojan.Win32.Generic!BT 20180612
Webroot W32.Trojan.Gen 20180612
Yandex Riskware.Agent! 20180609
ZoneAlarm by Check Point not-a-virus:RiskTool.Win32.Generic 20180612
AegisLab 20180612
Alibaba 20180612
Avast-Mobile 20180612
Avira (no cloud) 20180612
Babable 20180406
Baidu 20180612
ClamAV 20180612
CMC 20180612
Cybereason 20180308
DrWeb 20180612
eGambit 20180612
F-Prot 20180612
Kingsoft 20180612
Microsoft 20180612
NANO-Antivirus 20180612
Palo Alto Networks (Known Signatures) 20180612
Qihoo-360 20180612
Rising 20180612
SUPERAntiSpyware 20180612
Symantec Mobile Insight 20180605
TACHYON 20180612
Tencent 20180612
TheHacker 20180608
TotalDefense 20180612
TrendMicro 20180612
TrendMicro-HouseCall 20180612
Trustlook 20180612
VBA32 20180612
ViRobot 20180612
Zillya 20180611
Zoner 20180612
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem that targets 64bit architectures.
ReversingLabs Taggant packer details
Validity
Valid taggant block

Full file hash
Valid

PKI chain
Valid

Packer VMProtect (3.0.629)
User
Validity Valid
Serial Number 43A6DFE3EC426DB8CC86D00ECDDE11CC
SPV
Validity Valid
Serial Number 25A28E418EF2D55B87EE715B42AFBEDB
PE header basic information
Target machine x64
Compilation timestamp 2016-12-30 04:35:28
Entry Point 0x00A3ADAB
Number of sections 8
PE sections
PE imports
CloseServiceHandle
EnumServicesStatusExW
RegQueryValueExA
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
GetNetworkParams
GetFileAttributesExW
LocalFree
GetCurrentProcess
GetProcessAffinityMask
LocalAlloc
GetModuleHandleA
GetModuleFileNameW
GetLastError
FreeLibrary
ExitProcess
Sleep
SetThreadAffinityMask
SetProcessAffinityMask
LoadLibraryA
GetCurrentThread
clCreateBuffer
CharUpperBuffW
MessageBoxW
WTSSendMessageW
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
AMD AMD64

FileTypeExtension
exe

TimeStamp
2016:12:30 05:35:28+01:00

FileType
Win64 EXE

PEType
PE32+

CodeSize
264704

LinkerVersion
11.0

EntryPoint
0xa3adab

InitializedDataSize
354304

SubsystemVersion
6.0

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 b43c69b1eff0efa63701e8311dd02d31
SHA1 db1ec2f1f699acdddde32cf914437fd0ca539368
SHA256 1ca62477884f4afb49a2bdbb277b19f1c6c2b49c23c39777df7a3aa56e97483a
ssdeep
98304:fVYOWugmRJJ7bMU62seFrH8AkSn2k8KHE3YlBn/C3SamXzerBT/3b:NfWugmmU62seFj8ADr8KHE3YlN/C1mXo

authentihash 99ad48c1816d5e74a4075c658a8a8ce88185dfe4eba0977195081e513eee7e62
imphash a4d07fe3540ccaab09cd2988b3ea2442
Dosya boyutu 4.5 MB ( 4700160 bytes )
Dosya türü Win32 EXE
Magic lafzı
PE32+ executable for MS Windows (console) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
64bits peexe assembly

VirusTotal metadata
First submission 2016-12-30 18:15:03 UTC ( 1 yıl, 5 ay önce)
Last submission 2017-06-24 12:55:19 UTC ( 12 ay önce)
Dosya isimleri ZecMiner64.exe
dllhost.exe
ZecMiner64.exe
service.exe
taskmgr.exe
taskmgr.exe
taskmgr.exe
ZecMiner64.exe
ZecMiner64.exe
ZecMiner64.exe
ZecMiner64.exe
Yorum yok.. Henüz hiçbir VirusTotal Topluluğu üyesi bu öğeye yorum yapmadı.Bunu yapan ilk sen ol!

Yorum ekleyin...

?
Yorumu gönder.

Üye girişi yapmadınız..Sadece kayıtlı kullanıcılar yorum yapabilir.Sesinizi duyurmak için giriş yapın.

Oy yok.. Bu öğeyi daha önce hiç kimse oylamadı.Bunu yapan ilk sen ol!