» b5b67e6927c94108989bef7befbcced0
Overview
Analysis
File Details

b5b67e6927c94108989bef7befbcced0

Windows Task Controller

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The file b5b67e6927c94108989bef7befbcced0, “Microsoft Windows Task Controller” has been detected as a potentially unwanted program by 15 anti-malware scanners.

File name:

Publisher:

Microsoft Corporation* (Invalid match)

Product:

Windows Task Controller

Description:

Microsoft Windows Task Controller

Version:

6.0.1.2

MD5:

b5b67e6927c94108989bef7befbcced0

SHA-1:

999998b8ff542e05fedc01af429bb442e72fc3a6

SHA-256:

1c694dbfde4b8eafc29a7fdbacf4370015bfeec5f3986db45308500871860fe3

Scanner detections:

15 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 9:04:47 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.SchwarzeSonne

7.1.1

Avira AntiVirus

TR/Agent.654336.14

7.11.187.70

avast!

Win32:Malware-gen

2014.9-141123

AVG

BackDoor.Delf

2015.0.3282

Baidu Antivirus

Trojan.Win32.Dapato

4.0.3.141123

Dr.Web

Trojan.DownLoad3.33692

9.0.1.0327

ESET NOD32

Win32/Injector.BNFQ (variant)

8.10748

K7 AntiVirus

Unwanted-Program

13.185.14071

Kaspersky

Trojan-Dropper.Win32.Dapato

14.0.0.2903

McAfee

Artemis!B5B67E6927C9

5600.6938

NANO AntiVirus

Trojan.Win32.DownLoad3.dgigqu

0.28.6.63474

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R047H07KJ14

7.2.327

Vba32 AntiVirus

TrojanDropper.Dapato

3.12.26.3

File size:

639 KB (654,336 bytes)

Product version:

6.0.1.0

Original file name:

stub.exe

Language:

English (United States)

Common path:

C:\users\{user}\downloads\91\b5b67e6927c94108989bef7befbcced0

File PE Metadata

Compilation timestamp:

10/5/2014 3:06:33 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

12288:RpPz2IQmRXAuYtbCSiRO4SOsCMNm3lrc5wSo9SljGI:jbpQmRXADbaOxOsJQ3lrc5wH9o

Entry address:

0x5960

Entry point:

E8, 39, 2F, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 40, 59, 41, 00, E8, EA, 1A, 00, 00, E8, 6F, 0E, 00, 00, 0F, B7, F0, 6A, 02, E8, CC, 2E, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, A5, 28, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.8946 (probably packed)

Code size:

57.5 KB (58,880 bytes)

Remove b5b67e6927c94108989bef7befbcced0 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.