taskmgr.exe

Suckmydick

google.com

The executable taskmgr.exe, “Suckmydick (google.com Launcher)” has been detected as malware by 5 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from callfor.info.
Publisher:
google.com

Product:
Suckmydick

Description:
Suckmydick (google.com Launcher)

Version:
9.1.0.0

MD5:
aa5aed0894f28637c1e65d007ea65657

SHA-1:
f1e7819ce30746efe7b00ba095eedc2af5addf0a

SHA-256:
bca0d5f00ecbd0de6ea9b8fbf1217c0146a650243dcc24f0cc91f23e285e09d3

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
12/28/2024 1:47:52 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Kryptik.DTRH (variant)
9.12107

F-Prot
W32/Agent.XL.gen
v6.4.7.1.166

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.1567

Malwarebytes
Backdoor.Bot.WYM
v2015.08.17.03

McAfee
Trojan.Artemis!AA5AED0894F2
17.6.569.0

File size:
389 KB (398,336 bytes)

Product version:
9.1.0.0

Copyright:
google.com

Trademarks:
google.com is a Trademark of Rare Ideas, LLC.

Original file name:
Suckmydick.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\sys\taskmgr.exe

File PE Metadata
Compilation timestamp:
8/17/2015 12:54:01 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:wZqM83myaVXGCadBjf2vf3KOW9H3WAnTQnF0x6J3lD6/jzbsIItkqwZxNJ9Q9dDO:wf83bHCwjf2vf6DHogbEdwF4NEdwM

Entry address:
0x369AC

Entry point:
E8, 60, 57, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 56, 57, 33, F6, BF, 08, 0C, 45, 00, 83, 3C, F5, 14, B1, 44, 00, 01, 75, 1E, 8D, 04, F5, 10, B1, 44, 00, 89, 38, 68, A0, 0F, 00, 00, FF, 30, 83, C7, 18, E8, D3, 57, 00, 00, 59, 59, 85, C0, 74, 0C, 46, 83, FE, 24, 7C, D2, 33, C0, 40, 5F, 5E, C3, 83, 24, F5, 10, B1, 44, 00, 00, 33, C0, EB, F1, 8B, FF, 53, 8B, 1D, 4C, 63, 44, 00, 56, BE, 10, B1, 44, 00, 57, 8B, 3E, 85, FF, 74, 13, 83, 7E, 04, 01, 74, 0D, 57, FF, D3, 57, E8, F0, 57, 00, 00, 83, 26, 00, 59, 83, C6...
 
[+]

Code size:
276 KB (282,624 bytes)

Policies Explorer Run
Name:
64484


The file taskmgr.exe has been seen being distributed by the following URL.

Remove taskmgr.exe - Powered by Reason Core Security