home

taskmgr.exe

Диспетчер задач Windows

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable taskmgr.exe, “Диспетчер задач Windows” has been detected as malware by 17 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from callfor.info and multiple other hosts.
Publisher:
Microsoft Corporation*  (Invalid match)

Product:
Microsoft® Windows® Operating System

Description:
Диспетчер задач Windows

Version:
6.1.7600.16385

MD5:
12b5cc4cbfef68704f713d8ebf8bdf78

SHA-1:
ff412a09e7d3f401b60603a1c91a00b8168e8007

SHA-256:
9bc68547a6bb8eb014f585fbf7463d57d8d6ae47780f10d15f75ff3abc49290f

Scanner detections:
17 / 68

Status:
Malware

Analysis date:
11/16/2024 12:40:48 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.15115885
470

AhnLab V3 Security
Malware/Gen.Generic
2015.10.07

Arcabit
Trojan.Generic.DE6A66D
1.0.0.576

AVG
Generic36
2016.0.2948

Bitdefender
Trojan.Generic.15115885
1.0.20.1480

Emsisoft Anti-Malware
Trojan.Generic.15115885
8.15.10.23.02

F-Secure
Trojan.Generic.15115885
11.2015-23-10_6

G Data
Trojan.Generic.15115885
15.10.25

IKARUS anti.virus
Trojan.Win32.BitMin
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.210.17446

Kaspersky
Trojan.Win32.BitMin
14.0.0.1406

Malwarebytes
Trojan.FakeMS
v2015.10.23.02

McAfee
Artemis!12B5CC4CBFEF
5600.6604

MicroWorld eScan
Trojan.Generic.15115885
16.0.0.888

nProtect
Trojan.Generic.15115885
15.10.06.01

Panda Antivirus
Generic Suspicious
15.09.18.06

Qihoo 360 Security
Win32/Trojan.bd4
1.0.0.1015

File size:
72.5 KB (74,240 bytes)

Product version:
6.1.7600.16385

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
taskmgr.exe

File type:
Executable application (Win64 EXE)

Common path:
C:\windows\taskmgr.exe

File PE Metadata
Compilation timestamp:
8/9/2015 12:09:22 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
2.50

CTPH (ssdeep):
1536:YRbGqZFpX2/DI0EimRkN8hwkbWjNdGz7h9r:YRb0/DI/tRkN8GtpdG/h9r

Entry address:
0x1000

Entry point:
48, 83, EC, 28, 49, C7, C0, F8, 01, 00, 00, 48, 31, D2, 48, B9, D4, 48, 01, 40, 01, 00, 00, 00, E8, E3, 3F, 00, 00, 48, 31, C9, E8, E7, 3F, 00, 00, 48, 89, 05, B0, 38, 01, 00, 4D, 31, C0, 48, C7, C2, 00, 10, 00, 00, 48, 31, C9, E8, D4, 3F, 00, 00, 48, 89, 05, 8F, 38, 01, 00, E8, B6, D5, 00, 00, E8, 01, D4, 00, 00, E8, 6C, B1, 00, 00, E8, 6B, A9, 00, 00, E8, 22, 9F, 00, 00, E8, A1, 9A, 00, 00, E8, 98, 98, 00, 00, E8, BF, 96, 00, 00, E8, 26, 96, 00, 00, E8, 89, 7F, 00, 00, E8, CC, 6B, 00, 00, E8, D3, 57, 00...
 
[+]

Code size:
54.5 KB (55,808 bytes)

The file taskmgr.exe has been seen being distributed by the following 2 URLs.

http://callfor.info/taskmgr.exe

http://goodbe.co/taskmgr.exe

Remove taskmgr.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.