× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b99c3cc1acbb085c9a895a8c3510f6daaf31f0d2d9ccb8477c7fb7119376f57b
File name: taskmgr.exe
Detection ratio: 52 / 64
Analysis date: 2017-07-03 21:27:07 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4860868 20170707
AegisLab Troj.W32.Gen!c 20170707
AhnLab-V3 HackTool/Win32.Shadowbrokers.C1914486 20170707
ALYac Trojan.GenericKD.4860868 20170707
Antiy-AVL Trojan/Win32.ShadowBrokers 20170707
Arcabit Trojan.Generic.D4A2BC4 20170707
Avast Win32:Malware-gen 20170707
AVG Win32:Malware-gen 20170707
Avira (no cloud) TR/ShadowBrokers.D 20170707
AVware Trojan.Win32.Generic!BT 20170707
BitDefender Trojan.GenericKD.4860868 20170707
CAT-QuickHeal Hacktool.ShadowB 20170707
ClamAV Win.Trojan.Agent-6288233-0 20170707
Comodo TrojWare.Win32.Exploit.EQUATION 20170707
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170420
Cylance Unsafe 20170707
Cyren W32/ShadowBroker.A.gen!Eldorado 20170707
DrWeb Trojan.Equation.22 20170707
Emsisoft Trojan.GenericKD.4860868 (B) 20170707
ESET-NOD32 a variant of Win32/Exploit.Equation.EternalRomance.A 20170707
F-Prot W32/ShadowBroker.A.gen!Eldorado 20170707
F-Secure Trojan.GenericKD.4860868 20170707
Fortinet W32/Equation_EternalRomance.A!tr 20170629
GData Win32.Exploit.EqEternalRomance.A 20170707
Ikarus Trojan.Win32.Eqtonex 20170707
K7AntiVirus Exploit ( 0050b71b1 ) 20170707
K7GW Exploit ( 0050b71b1 ) 20170707
Kaspersky Trojan.Win32.ShadowBrokers.f 20170707
Malwarebytes Exploit.Agent.NS 20170707
MAX malware (ai score=85) 20170707
McAfee HackTool-Shadowbrokers 20170707
McAfee-GW-Edition HackTool-Shadowbrokers 20170706
Microsoft Trojan:Win32/Eqtonex.F 20170707
eScan Trojan.GenericKD.4860868 20170707
NANO-Antivirus Trojan.Win32.ShadowBrokers.eoguja 20170707
nProtect Trojan/W32.ShadowBrokers.44032 20170707
Palo Alto Networks (Known Signatures) generic.ml 20170707
Panda Trj/GdSda.A 20170707
Qihoo-360 Trojan.Generic 20170707
Rising Exploit.Equation!8.E0BD (ktse) 20170707
Sophos AV Troj/Equatio-B 20170707
Symantec Hacktool 20170707
Tencent Win32.Hacktool.Shadowbrokers.Dlzm 20170707
TrendMicro TROJ_ETERNALROM.A 20170707
TrendMicro-HouseCall TROJ_ETERNALROM.A 20170707
VBA32 Trojan.ShadowBrokers 20170707
VIPRE Trojan.Win32.Generic!BT 20170707
ViRobot Trojan.Win32.S.ShadowBrokers.44032 20170707
Webroot W32.Hacktool.Equation 20170707
Yandex Trojan.ShadowBrokers! 20170706
Zillya Trojan.ShadowBrokers.Win32.1 20170707
ZoneAlarm by Check Point Trojan.Win32.ShadowBrokers.f 20170707
Alibaba 20170707
Baidu 20170707
Bkav 20170706
CMC 20170707
Endgame 20170706
Sophos ML 20170607
Jiangmin 20170707
Kingsoft 20170707
SentinelOne (Static ML) 20170516
SUPERAntiSpyware 20170707
Symantec Mobile Insight 20170707
TheHacker 20170704
TotalDefense 20170707
Trustlook 20170707
WhiteArmor 20170706
Zoner 20170707
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-05-18 18:31:23
Entry Point 0x000079CD
Number of sections 5
PE sections
PE imports
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
RtlUnwind
GetCurrentProcessId
GetModuleHandleA
InterlockedExchange
QueryPerformanceCounter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
Sleep
GetCurrentThreadId
InterlockedCompareExchange
inet_addr
coli_setCleanup
coli_create
coli_setProcess
coli_delete
coli_setValidate
mainWrapper
coli_setID
_amsg_exit
?terminate@@YAXXZ
memset
__p__fmode
_exit
_adjust_fdiv
__setusermatherr
strcmp
memcpy
_cexit
memcmp
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
strlen
__p__commode
__set_app_type
TbFreeInt
TbPutByte
TbWinsockStartup
TbSetRemoteSocketData
TbDoSmbTreeDisconnect
TbInitStruct
TbDoRpcBind
TbPutLong
TbPutShort
TbDoSmbEcho
TbFreeStructBuffers
TbDoSmbTreeConnectAndX
TbSetAuthenticationDataExU
TbCloseStructSockets
TbRecvSmb
TbDoSmbPacket
TbCleanSB
TbPutArg
TbSetAuthenticationData
TbDoSmbNtCreateAndX
TbDoRpcRequestEx
TbPutPointer
TbMalloc
TbMakeSmbHeader
TbPutBuff
TbPutLongAligned
TbPutTransact
TbDoSmbStartup
TbMakeSocket
Parameter_Socket_setValue
Parameter_Boolean_getValue
Parameter_U8_getValue
Parameter_U16_getValue
Params_findParamchoice
Parameter_IPv4_getValue
Parameter_U32_getValue
Paramchoice_getValue
Parameter_getType
Parameter_String_setValue
Parameter_S16_getValue
Params_findParameter
Parameter_U8_setValue
Parameter_Port_getValue
Parameter_Buffer_getValue
Parameter_String_getValue
Parameter_LocalFile_getValue
TfRandomInt
TfReadFileIntoBuffer
TfRandomizeBuffer
TfRandomByte
TfFillRandom
TfStrICmp
TcLog
TcLogBuffer
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:05:18 19:31:23+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
14336

SubsystemVersion
5.0

EntryPoint
0x79cd

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 4420f8917dc320a78d2ef14136032f69
SHA1 06cd886586835b2bf0d25fba4c898b69e362ba6d
SHA256 b99c3cc1acbb085c9a895a8c3510f6daaf31f0d2d9ccb8477c7fb7119376f57b
ssdeep
384:JoviO9v8ev1gHVXNuxqmwA6vAbCm2qu09mEwj7Bh+GQKOtGvMuSeU2dl4el4xP:QiO9y0xqm6vAGmXHTnKOMBbl8P

authentihash a761cc4e3e8f3a8e08d7b99e673fcd68922c732f3f320e55031a12dee606b7b5
imphash 85e3107e7b1b6dce6f76f3013d278f88
File size 43.0 KB ( 44032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-04-14 09:49:48 UTC ( 4 months ago )
Last submission 2017-05-24 09:09:17 UTC ( 2 months, 3 weeks ago )
File names Eternalromance-1.4.0.exe
Eternalromance-1.4.0.exe
taskmgr.exe
taskmgr.exe
Eternalromance-1.4..exe
Eternalromance-1.4.0.exe
Eternalromance-1.4.0.exe
eternalromance-1.4.0.exe
Eternalromance-1.4.0.exe
Eternalromance-1.4.0.exe
Eternalromance-1.4.0.exe
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!