» taskmgr.exe
Overview
Analysis
File Details
Downloads (1)
Network (2)

taskmgr.exe

The application taskmgr.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. This is a setup program which is used to install the application. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. The file has been seen being downloaded from callfor.info. While running, it connects to the Internet address static.178.147.9.176.clients.your-server.de on port 45550.

File name:

taskmgr.exe

MD5:

7ba630fec0b0f4a480de87e4ab49e124

SHA-1:

65e68ce1016fd75f9ad3ea5669c3689a9f58a0b8

SHA-256:

26fd4b20ff0d33f9db902335a996b040a4b43f0c1002540584d81b79852af633

Scanner detections:

14 / 68

Status:

Potentially unwanted

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

11/16/2024 12:26:34 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.Agent

7.1.1

AhnLab V3 Security

Trojan/Win64.ADH

2015.07.08

avast!

Win64:Malware-gen

2014.9-150712

Baidu Antivirus

Hacktool.Win64.BitCoinMiner

4.0.3.15712

ESET NOD32

Win64/BitCoinMiner.AN potentially unsafe (variant)

9.11904

Fortinet FortiGate

W32/Generic.AN!tr

7/12/2015

G Data

Win64.Trojan.Agent.2SWF9I

15.7.25

K7 AntiVirus

Unwanted-Program

13.205.16489

Kaspersky

Trojan.Win64.BitMiner

14.0.0.1746

McAfee

Artemis!7BA630FEC0B0

5600.6706

Panda Antivirus

Generic Suspicious

15.07.12.08

Reason Heuristics

Threat.Win.Reputation.IMP

15.7.12.20

VIPRE Antivirus

Trojan.Win32.Generic

41800

ViRobot

Trojan.Win32.S.Agent.4451840[h]

2014.3.20.0

File size:

4.2 MB (4,451,840 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\windows\sys\taskmgr.exe

File PE Metadata

Compilation timestamp:

6/27/2014 7:23:30 PM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows Console

Linker version:

2.23

CTPH (ssdeep):

49152:CKc0MsJkoq4eyCy1PcSxX5dap2eoScfEoCMj5xlvHnvGAsrww5k7nA6oYV86ZpZr:AHy7PJ5w5fSz1Zv

Entry address:

0x14C0

Entry point:

48, 83, EC, 28, C7, 05, 22, 1B, 44, 00, 00, 00, 00, 00, E8, 5D, 8D, 26, 00, E8, A8, FC, FF, FF, 90, 90, 48, 83, C4, 28, C3, 90, C3, 90, 66, 66, 66, 66, 66, 66, 2E, 0F, 1F, 84, 00, 00, 00, 00, 00, 66, 66, 66, 66, 66, 66, 2E, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 83, EC, 38, 48, 8B, 05, BD, DB, 43, 00, 48, 8D, 54, 24, 2F, 48, 8D, 48, E8, E8, 27, 63, 30, 00, 90, 48, 83, C4, 38, C3, 90, 48, 83, EC, 38, 48, 8B, 05, 95, DB, 43, 00, 48, 8D, 54, 24, 2F, 48, 8D, 48, E8, E8, 07, 63, 30, 00, 90, 48, 83, C4, 38, C3, 90... 
[+]

Code size:

3.3 MB (3,489,280 bytes)

The file taskmgr.exe has been seen being distributed by the following URL.

http://callfor.info/taskmgr.exe

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to static.243.47.9.176.clients.your-server.de (176.9.47.243:45550)

TCP:

Connects to static.178.147.9.176.clients.your-server.de (176.9.147.178:45550)

Remove taskmgr.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.