» killtask.exe
Overview
Analysis
File Details
Downloads (5)

killtask.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from dm930xmxv1gqs.cloudfront.net and multiple other hosts.

File name:

killtask.exe

MD5:

f77448094503fd29c6b9aa423ba16dd3

SHA-1:

74a5e220cd566e41c6f9c2725494f2fabd00bc9d

SHA-256:

e3ea224e71d569249ac319b77f920092ffa900df872dec024fce00270e14d38d

Scanner detections:

2 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

11/27/2024 2:41:03 AM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

HW32.Laneul

1.3.0.4246

Dr.Web

Trojan.AVKill.25353

9.0.1.052

File size:

462.5 KB (473,600 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\killtask.exe

File PE Metadata

Compilation timestamp:

11/6/2012 9:28:07 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

9.0

CTPH (ssdeep):

6144:Gzevy5VE0L6KH6qXecdHqJa7TCxVXXbsdlF0zn1sRxlYshOqvb7:FvWVE0oqXecdH0AuxVKF0BsDp5

Entry address:

0x2CBEA

Entry point:

E9, 91, 3B, 00, 00, E9, 6C, A5, 02, 00, E9, BF, 6A, 05, 00, E9, 52, 34, 00, 00, E9, 91, 6A, 05, 00, E9, 48, 99, 02, 00, E9, C3, 91, 00, 00, E9, DE, 9E, 03, 00, E9, E9, 0D, 04, 00, E9, B8, 69, 05, 00, E9, 7F, D8, 02, 00, E9, FA, 32, 05, 00, E9, F5, 98, 02, 00, E9, D0, E1, 01, 00, E9, 9B, 43, 05, 00, E9, D6, 86, 01, 00, E9, C1, 8C, 02, 00, E9, EC, BC, 02, 00, E9, F7, 38, 00, 00, E9, A2, A4, 02, 00, E9, FD, 87, 01, 00, E9, 98, 8D, 02, 00, E9, 73, A4, 01, 00, E9, AE, BB, 04, 00, E9, C9, C1, 02, 00, E9, 64, 4B... 
[+]

Code size:

361 KB (369,664 bytes)

The file killtask.exe has been seen being distributed by the following 5 URLs.

http://dm930xmxv1gqs.cloudfront.net/bundles/.../killtask.exe

http://d3d6wi7c7pa6m0.cloudfront.net/bundles/.../killtask.exe

http://d1s8azhe8rpvoz.cloudfront.net/bundles/.../killtask.exe

http://d1t653m828c3x8.cloudfront.net/bundles/.../killtask.exe

http://d3emsmln8xfj03.cloudfront.net/bundles/.../killtask.exe

Scan killtask.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.