Windows
Analysis Report
taskbarsystem.exe
Overview
General Information
Detection
Score: | 26 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
Analysis Advice
Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox |
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis |
- System is start
- taskbarsystem.exe (PID: 1796 cmdline:
"C:\Users\ alfredo\De sktop\task barsystem. exe" MD5: FA22EA3BCF63F1BFB0773DC5771B32AC) - taskbarsystem.tmp (PID: 1744 cmdline:
"C:\Users\ alfredo\Ap pData\Loca l\Temp\is- R7UCI.tmp\ taskbarsys tem.tmp" / SL5="$2038 6,5206136, 1060864,C: \Users\alf redo\Deskt op\taskbar system.exe " MD5: 9551767A6C00FC0A87EAEB6C4CF9CBFD)
- cleanup
There are no malicious signatures, click here to show all signatures.
Source: | Author: frack113: |
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Source: | Static PE information: |
Source: | Window detected: | ||
Source: | Window detected: | ||
Source: | Window detected: | ||
Source: | Window detected: | ||
Source: | Window detected: | ||
Source: | Window detected: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Key opened: |
Source: | Key opened: | ||
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Source: | File created: |
Source: | File created: |
Source: | Classification label: |
Source: | Key value created or modified: |
Source: | File read: | ||
Source: | File read: |
Source: | Key value created or modified: |
Source: | Window found: |
Source: | Window detected: |
Source: | Window detected: | ||
Source: | Window detected: | ||
Source: | Window detected: | ||
Source: | Window detected: | ||
Source: | Window detected: | ||
Source: | Window detected: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | Process created: |
Source: | Static PE information: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Process information queried: |
Source: | Key value queried: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Command and Scripting Interpreter | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Security Software Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 2 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 1 Non-Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 1 Deobfuscate/Decode Files or Information | Security Account Manager | 2 System Owner/User Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 2 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | 2 System Information Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 1 Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
1% | Virustotal | Browse | ||
4% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | Virustotal | Browse | ||
2% | ReversingLabs | |||
9% | Virustotal | Browse | ||
3% | Metadefender | Browse | ||
11% | ReversingLabs | ByteCode-MSIL.PUA.TaskbarSystem | ||
0% | Virustotal | Browse | ||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | Virustotal | Browse | ||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | Virustotal | Browse | ||
0% | Metadefender | Browse | ||
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
stats.taskbarsystem.com | 172.67.195.61 | true | false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.67.195.61 | stats.taskbarsystem.com | United States | 13335 | CLOUDFLARENETUS | false |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 592050 |
Start date and time: | 2022-03-18 14:19:11 +01:00 |
Joe Sandbox Product: | CloudBasic |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | taskbarsystem.exe |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Number of analysed new started processes analysed: | 19 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Detection: | SUS |
Classification: | sus26.winEXE@2/18@1/11 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.190.159.4, 20.190.159.23, 40.126.31.69, 20.190.159.2, 20.190.159.64, 40.126.31.71, 40.126.31.73, 20.190.159.0
- Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, login.live.com, login.msa.msidentity.com, www.tm.a.prd.aadg.trafficmanager.net, www.tm.lg.prod.aadmsa.trafficmanager.net
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Process: | C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 112640 |
Entropy (8bit): | 6.258980466280452 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Antivirus: | |
Reputation: | low |
Preview: |
Process: | C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 475136 |
Entropy (8bit): | 6.032338173466497 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Antivirus: | |
Reputation: | low |
Preview: |
Process: | C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 74240 |
Entropy (8bit): | 5.981707703937726 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Antivirus: | |
Reputation: | low |
Preview: |
Process: | C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 387408 |
Entropy (8bit): | 6.245055544213165 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 919184 |
Entropy (8bit): | 1.9927697535703082 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 919184 |
Entropy (8bit): | 1.9927697535703082 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | true |
Antivirus: | |
Reputation: | low |
Preview: |
Process: | C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 74240 |
Entropy (8bit): | 5.981707703937726 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 112640 |
Entropy (8bit): | 6.258980466280452 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 1740 |
Entropy (8bit): | 4.95649663761305 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 387408 |
Entropy (8bit): | 6.245055544213165 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 475136 |
Entropy (8bit): | 6.032338173466497 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 14318734 |
Entropy (8bit): | 6.346407401864903 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 14318734 |
Entropy (8bit): | 6.346407401864903 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 9080 |
Entropy (8bit): | 3.9898254273835287 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 23487 |
Entropy (8bit): | 3.2740823534345593 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 6144 |
Entropy (8bit): | 4.720366600008286 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Antivirus: | |
Reputation: | low |
Preview: |
Process: | C:\Users\alfredo\Desktop\taskbarsystem.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2866320 |
Entropy (8bit): | 6.058396404739907 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
C:\Users\alfredo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Taskbar system\Taskbar system.lnk
Download File
Process: | C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 1347 |
Entropy (8bit): | 4.879576017765195 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 7.78573574960863 |
TrID: |
|
File name: | taskbarsystem.exe |
File size: | 5928824 |
MD5: | fa22ea3bcf63f1bfb0773dc5771b32ac |
SHA1: | fd4893dfa4445626a797aaf520a4d7f3c76da1b8 |
SHA256: | 7f414d8546d87b96cd55148442265f31b6ab25bba3769cc0165ec2d66dabed9a |
SHA512: | 477abee07fd343dce7d3b17749a0db420c2fcadd3065ab0af90c13b988f8b7032a9efc0a0b47a303c7c7edf0df2d4d40e5b2d15d16b70eed6feb9539fc998163 |
SSDEEP: | 98304:AEq8+D0tnfpsz4uanSnxgZHxDZUKj4zyGEBHDW2vGCXL0eTGoFFgJPHD:N+DUxS4XnSniZ5ZFCjWHTAVo/oj |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
Icon Hash: | 00c4969696c4e001 |
Entrypoint: | 0x4b5eec |
Entrypoint Section: | .itext |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI, RELOCS_STRIPPED |
DLL Characteristics: | TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x5E6D1B8D [Sat Mar 14 17:59:41 2020 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 5a594319a0d69dbc452e748bcf05892e |
Signature Valid: | true |
Signature Issuer: | CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US |
Signature Validation Error: | The operation completed successfully |
Error Number: | 0 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 3809E917BD04B367FF13BF954C3E72F3 |
Thumbprint SHA-1: | D042AEC9E0D8D497818C2C3BD2E1CE562C04C3A5 |
Thumbprint SHA-256: | C37609CC35FCC90457CEBD4946CB4A8D4534065B6D3C487D9737065DA369F3A3 |
Serial: | 0DF8654B1E252E5E8C71E0CBA3666FFE |
Instruction |
---|
push ebp |
mov ebp, esp |
add esp, FFFFFFA4h |
push ebx |
push esi |
push edi |
xor eax, eax |
mov dword ptr [ebp-3Ch], eax |
mov dword ptr [ebp-40h], eax |
mov dword ptr [ebp-5Ch], eax |
mov dword ptr [ebp-30h], eax |
mov dword ptr [ebp-38h], eax |
mov dword ptr [ebp-34h], eax |
mov dword ptr [ebp-2Ch], eax |
mov dword ptr [ebp-28h], eax |
mov dword ptr [ebp-14h], eax |
mov eax, 004B10D8h |
call 00007F267C296625h |
xor eax, eax |
push ebp |
push 004B65DEh |
push dword ptr fs:[eax] |
mov dword ptr fs:[eax], esp |
xor edx, edx |
push ebp |
push 004B659Ah |
push dword ptr fs:[edx] |
mov dword ptr fs:[edx], esp |
mov eax, dword ptr [004BE634h] |
call 00007F267C338D37h |
call 00007F267C33888Eh |
lea edx, dword ptr [ebp-14h] |
xor eax, eax |
call 00007F267C2AC098h |
mov edx, dword ptr [ebp-14h] |
mov eax, 004C1D3Ch |
call 00007F267C291217h |
push 00000002h |
push 00000000h |
push 00000001h |
mov ecx, dword ptr [004C1D3Ch] |
mov dl, 01h |
mov eax, dword ptr [004237A4h] |
call 00007F267C2AD0FFh |
mov dword ptr [004C1D40h], eax |
xor edx, edx |
push ebp |
push 004B6546h |
push dword ptr fs:[edx] |
mov dword ptr fs:[edx], esp |
call 00007F267C338DBFh |
mov dword ptr [004C1D48h], eax |
mov eax, dword ptr [004C1D48h] |
cmp dword ptr [eax+0Ch], 01h |
jne 00007F267C33F3BAh |
mov eax, dword ptr [004C1D48h] |
mov edx, 00000028h |
call 00007F267C2AD9F4h |
mov edx, dword ptr [004C1D48h] |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0xc4000 | 0x9a | .edata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xc2000 | 0xf36 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xc7000 | 0x48e00 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x5a3ee8 | 0x3890 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0xc6000 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xc22e4 | 0x244 | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0xc3000 | 0x1a4 | .didata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xb3604 | 0xb3800 | False | 0.344847612726 | data | 6.35432911534 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.itext | 0xb5000 | 0x1684 | 0x1800 | False | 0.544596354167 | data | 5.97090156552 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0xb7000 | 0x37a4 | 0x3800 | False | 0.361049107143 | data | 5.04216206778 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.bss | 0xbb000 | 0x6da0 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.idata | 0xc2000 | 0xf36 | 0x1000 | False | 0.3681640625 | data | 4.89870464796 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.didata | 0xc3000 | 0x1a4 | 0x200 | False | 0.345703125 | data | 2.75636286825 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.edata | 0xc4000 | 0x9a | 0x200 | False | 0.2578125 | data | 1.87222286659 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.tls | 0xc5000 | 0x18 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rdata | 0xc6000 | 0x5d | 0x200 | False | 0.189453125 | data | 1.38389437522 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0xc7000 | 0x48e00 | 0x48e00 | False | 0.0310221912521 | data | 1.35701040177 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0xc74c8 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xc7930 | 0x10a8 | dBase III DBT, version number 0, next free block index 40 | English | United States |
RT_ICON | 0xc89d8 | 0x25a8 | dBase III DBT, version number 0, next free block index 40 | English | United States |
RT_ICON | 0xcaf80 | 0x42028 | dBase III DBT, version number 0, next free block index 40 | English | United States |
RT_STRING | 0x10cfa8 | 0x360 | data | ||
RT_STRING | 0x10d308 | 0x260 | data | ||
RT_STRING | 0x10d568 | 0x45c | data | ||
RT_STRING | 0x10d9c4 | 0x40c | data | ||
RT_STRING | 0x10ddd0 | 0x2d4 | data | ||
RT_STRING | 0x10e0a4 | 0xb8 | data | ||
RT_STRING | 0x10e15c | 0x9c | data | ||
RT_STRING | 0x10e1f8 | 0x374 | data | ||
RT_STRING | 0x10e56c | 0x398 | data | ||
RT_STRING | 0x10e904 | 0x368 | data | ||
RT_STRING | 0x10ec6c | 0x2a4 | data | ||
RT_RCDATA | 0x10ef10 | 0x10 | data | ||
RT_RCDATA | 0x10ef20 | 0x2c4 | data | ||
RT_RCDATA | 0x10f1e4 | 0x2c | data | ||
RT_GROUP_ICON | 0x10f210 | 0x3e | data | English | United States |
RT_VERSION | 0x10f250 | 0x584 | data | English | United States |
RT_MANIFEST | 0x10f7d4 | 0x62c | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States |
DLL | Import |
---|---|
kernel32.dll | GetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale |
comctl32.dll | InitCommonControls |
version.dll | GetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW |
user32.dll | CreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW |
oleaut32.dll | SysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate |
netapi32.dll | NetWkstaGetInfo, NetApiBufferFree |
advapi32.dll | RegQueryValueExW, AdjustTokenPrivileges, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW |
Name | Ordinal | Address |
---|---|---|
TMethodImplementationIntercept | 3 | 0x454058 |
__dbk_fcall_wrapper | 2 | 0x40d0a0 |
dbkFCallWrapperAddr | 1 | 0x4be63c |
Description | Data |
---|---|
LegalCopyright | Copyright 2020 Taskbar system |
FileVersion | 1.0.0.0 |
CompanyName | Taskbar system |
Comments | This installation was built with Inno Setup. |
ProductName | Taskbar system |
ProductVersion | 1.0.0.0 |
FileDescription | Taskbar system Setup |
OriginalFileName | |
Translation | 0x0000 0x04b0 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |