× Çerezler devre dışı bırakılmış! Bu sitenin düzgün bir şekilde çalışabilmesi için çerezlerin açık olması gerekir.
SHA256: 1ca62477884f4afb49a2bdbb277b19f1c6c2b49c23c39777df7a3aa56e97483a
Dosya adı: taskmgr.exe
Tespit edilme orani 38 / 66
Analiz tarihi: 2017-12-22 18:13:21 UTC ( 3 hafta, 6 gün önce)
Antivirus Sonuç Güncelle
Ad-Aware Trojan.Generic.20258986 20171222
AhnLab-V3 PUP/Win64.BitCoinMiner.R203603 20171222
ALYac Trojan.Generic.20258986 20171222
Arcabit Trojan.Generic.D13520AA 20171222
Avast FileRepMetagen [PUP] 20171222
AVG FileRepMetagen [PUP] 20171222
AVware Trojan.Win32.Generic!BT 20171222
BitDefender Trojan.Generic.20258986 20171222
CAT-QuickHeal RiskTool.Generic 20171222
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20171222
Cyren W64/Trojan.SRWA-4321 20171222
Emsisoft Trojan.Generic.20258986 (B) 20171222
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win64/BitCoinMiner.BX potentially unsafe 20171222
F-Secure Trojan.Generic.20258986 20171222
Fortinet Adware/BitCoinMiner 20171222
GData Trojan.Generic.20258986 20171222
Ikarus PUA.Generic 20171222
Sophos ML heuristic 20170914
Jiangmin RiskTool.Generic.bip 20171221
K7AntiVirus Unwanted-Program ( 004fc8691 ) 20171222
K7GW Unwanted-Program ( 004fc8691 ) 20171222
Kaspersky not-a-virus:RiskTool.Win32.Generic 20171222
Malwarebytes Trojan.BitCoinMiner 20171222
MAX malware (ai score=80) 20171222
McAfee Artemis!B43C69B1EFF0 20171222
McAfee-GW-Edition BehavesLike.Win64.BrowseFox.rc 20171222
eScan Trojan.Generic.20258986 20171222
Panda Trj/CI.A 20171222
SentinelOne (Static ML) static engine - malicious 20171207
Symantec Trojan.Gen.2 20171222
TrendMicro TROJ_GEN.R002C0OII17 20171222
TrendMicro-HouseCall TROJ_GEN.R002C0OII17 20171222
VIPRE Trojan.Win32.Generic!BT 20171222
Yandex Riskware.Agent! 20171222
ZoneAlarm by Check Point not-a-virus:RiskTool.Win32.Generic 20171222
AegisLab 20171222
Alibaba 20171222
Avast-Mobile 20171222
Avira (no cloud) 20171222
Baidu 20171222
Bkav 20171222
ClamAV 20171222
CMC 20171222
Comodo 20171222
DrWeb 20171222
eGambit 20171222
F-Prot 20171222
Kingsoft 20171222
Microsoft 20171222
NANO-Antivirus 20171222
nProtect 20171222
Palo Alto Networks (Known Signatures) 20171222
Qihoo-360 20171222
Rising 20171222
Sophos AV 20171222
SUPERAntiSpyware 20171222
Symantec Mobile Insight 20171222
Tencent 20171222
TheHacker 20171219
TotalDefense 20171222
Trustlook 20171222
VBA32 20171222
ViRobot 20171222
WhiteArmor 20171204
Zillya 20171222
Zoner 20171222
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem that targets 64bit architectures.
ReversingLabs Taggant packer details
Validity
Valid taggant block

Full file hash
Valid

PKI chain
Valid

Packer VMProtect (3.0.629)
User
Validity Valid
Serial Number 43A6DFE3EC426DB8CC86D00ECDDE11CC
SPV
Validity Valid
Serial Number 25A28E418EF2D55B87EE715B42AFBEDB
PE header basic information
Target machine x64
Compilation timestamp 2016-12-30 04:35:28
Entry Point 0x00A3ADAB
Number of sections 8
PE sections
PE imports
CloseServiceHandle
EnumServicesStatusExW
RegQueryValueExA
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
GetNetworkParams
GetFileAttributesExW
LocalFree
GetCurrentProcess
GetProcessAffinityMask
LocalAlloc
GetModuleHandleA
GetModuleFileNameW
GetLastError
FreeLibrary
ExitProcess
Sleep
SetThreadAffinityMask
SetProcessAffinityMask
LoadLibraryA
GetCurrentThread
clCreateBuffer
CharUpperBuffW
MessageBoxW
WTSSendMessageW
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
AMD AMD64

FileTypeExtension
exe

TimeStamp
2016:12:30 05:35:28+01:00

FileType
Win64 EXE

PEType
PE32+

CodeSize
264704

LinkerVersion
11.0

EntryPoint
0xa3adab

InitializedDataSize
354304

SubsystemVersion
6.0

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 b43c69b1eff0efa63701e8311dd02d31
SHA1 db1ec2f1f699acdddde32cf914437fd0ca539368
SHA256 1ca62477884f4afb49a2bdbb277b19f1c6c2b49c23c39777df7a3aa56e97483a
ssdeep
98304:fVYOWugmRJJ7bMU62seFrH8AkSn2k8KHE3YlBn/C3SamXzerBT/3b:NfWugmmU62seFj8ADr8KHE3YlN/C1mXo

authentihash 99ad48c1816d5e74a4075c658a8a8ce88185dfe4eba0977195081e513eee7e62
imphash a4d07fe3540ccaab09cd2988b3ea2442
Dosya boyutu 4.5 MB ( 4700160 bytes )
Dosya türü Win32 EXE
Magic lafzı
PE32+ executable for MS Windows (console) Mono/.Net assembly

TrID Win64 Executable (generic) (87.3%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
Tags
64bits peexe assembly

VirusTotal metadata
First submission 2016-12-30 18:15:03 UTC ( 1 yıl önce)
Last submission 2017-06-24 12:55:19 UTC ( 6 ay, 4 hafta önce)
Dosya isimleri ZecMiner64.exe
dllhost.exe
ZecMiner64.exe
service.exe
taskmgr.exe
taskmgr.exe
taskmgr.exe
ZecMiner64.exe
ZecMiner64.exe
ZecMiner64.exe
ZecMiner64.exe
Yorum yok.. Henüz hiçbir VirusTotal Topluluğu üyesi bu öğeye yorum yapmadı.Bunu yapan ilk sen ol!

Yorum ekleyin...

?
Yorumu gönder.

Üye girişi yapmadınız..Sadece kayıtlı kullanıcılar yorum yapabilir.Sesinizi duyurmak için giriş yapın.

Oy yok.. Bu öğeyi daha önce hiç kimse oylamadı.Bunu yapan ilk sen ol!