Risk analysis for taskmgr.exe MD5:362c669eb5045d9d33036f32ded97088 - Threat analysis: Malicious

File extenstion shows this is a exe file.

Analysis MD5: 362c669eb5045d9d33036f32ded97088

Analysis of the file classifies it as a class E- (Malicious). The file is malicious, do not use it. The trust index of this analysis is 98 % (very high).

D+

D-

E+

E-

Description

taskmgr.exe is a process from Windows Task Manager. by Microsoft Corporation and part of Besturingssysteem Microsoft� Windows�. This file is an important and required part of the Windows Operating system

Filename:	taskmgr.exe (Windows Task Manager.)
Threat analysis:	Malicious
Analysis trust:	98%
Recent activity:
First seen:	17 Aug, 2013
Last seen:	17 Aug, 2013
Last analysis:	11 Dec, 2017
Possible infection:	Trojan:Win32/Zbot.GT

taskmgr.exe Windows Task Manager.

Application:	Besturingssysteem Microsoft� Windows�
Developer:	Microsoft Corporation
Stability:	97%
File version:	5.0.2137.1
File size:	297472 bytes (291 KB.)
Recent activity:
Historic activity:
CRC32 hash:	4279680885
MD5 hash:	362c669eb5045d9d33036f32ded97088
SHA1 hash:	531784f796a17c86af0a2f984163efdf3cd0388e
SHA256 hash:	d088cf9286a373ad682ccb4d757aaed03dcf46c94540d6b900610918f0c1cfc6

Signature verification

Unsigned

This file has no digital signature. The publisher of this file could not be verified.

Publisher	2q3wet Corporation
Product	2q3wet(R) Windows (R) 2000 Operating System
Description	Windows TaskManager
Signingdate	0000-00-00 00:00:00
Publisher warning	The publishers name has been found in other malware.

D+

File entropy

File entropy match: Encrypted

Parts of this file are encrypted. The reasons might be benign but it makes the analysis more difficult.

| 0 b.297472 b. |

Plain Data Text Code Compressed Encrypted Random

File signature

Borland Delphi - 2.0 - 7.0

Delphi is an integrated development environment (IDE) for console, desktop graphical, web, and mobile applications. It is based on Pascal.

The determination of a file type is done with a signature or magic-numbers. Files are identified using by comparing the first set of bytes in the file header. Using this method type of files are recognised no matter the extension used. This information is useful to for example recognise executable files cloaked as images or movies.

D-

Malicious code scan

Suspicious code found

Agics makes een analysis of the source code of the file. We look for comparisons with known malicious source code. This is a good way to detect new malicious files which are in fact variations of existing, and known malicious files.

Scan results:

50 %

Online virus scanners

Detection ration:

94 %

E-

VirusShare.com

Available on virusshare.com

VirusShare.com is a repository of malware samples to provide security researchers, incident responders, forensic analysts, and the morbidly curious access to samples of live malicious code. Presence of the sample on this site indicates that the file is (Once considered) being malicious.
Website: virusshare.com

National Software Reference Library

Not on the nsrl list

The NSRL contains a collection of digital signatures of known, traceable software applications. There are application hash values in the hash set which may be considered malicious, i.e. steganography tools and hacking scripts.
Website: www.nsrl.nist.gov

Behaviour

Sandbox behaviour analysis:

The file is executed in a safe environment to track its behaviour. The behaviour analysis can help with detecting new malware which is not recognized by virusscanners yet. However it has a high chance on a false-positive, especially with installers, uninstallers and virusscanners.

Network activity

No internet connection

Dropped files

File name	md5

Statistic analysis

Statistic analysis of the file

	Deviates from other files with the same name (imitation)
	No certificate
	Other files with the same name do not have a certificate as well
	This is not a common file
	Normal code

Neural network analysis

Analysis: Malicious

A neural network is a type of artificial intelligence. It recognized patterns nog clear for a human viewer. Our neural network is surprisingly accurate in recognizing dangerous files. The value below is the predicted chance the file is malicious.

94 %

User feedback

Read feedback on this file from other users. Help other users by providing feedback yourself.

You can earn reputation points !

You are currently not logged in. Login, or Create an account

Feedback users:

There has been no user feedback provided yet.

You are not logged in. Only registered users can provide feedback. Login and help other users.

Login Create an account