home

schtasks.exe

The executable schtasks.exe has been detected as malware by 34 anti-virus scanners. While running, it connects to the Internet address cable-78-34-78-97.netcologne.de on port 48754.
MD5:
29846c62121ecf548b9b35645c25b422

SHA-1:
b7aa7f69911c22dfca2e6f7a7199e84313d9de23

SHA-256:
2a97a5e0bb6060156201cee7dc33bf58ad72d41cd9bda8ecaab87b7e13ea0708

Scanner detections:
34 / 68

Status:
Malware

Analysis date:
11/23/2024 6:23:26 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.6550
841

AegisLab AV Signature
Troj.W32.Gen
2.1.4+

Agnitum Outpost
Trojan.Agent
7.1.1

AhnLab V3 Security
Dropper/Win32.Necurs
2014.10.17

Avira AntiVirus
TR/Asterope.A.151
7.11.178.236

avast!
Win32:Malware-gen
141003-0

AVG
Found Win32/DH{fyB8ZA}
2014.0.4040

Baidu Antivirus
Trojan.Win32.Ropest
4.0.3.141016

Bitdefender
Gen:Variant.Kazy.6550
1.0.20.1445

Bkav FE
W32.VuschekpoLTF.Trojan
1.3.0.6185

Dr.Web
Trojan.Asterope.5
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Kazy.6550
14.10.16

ESET NOD32
Win32/Agent.VPS trojan
7.0.302.0

Fortinet FortiGate
W32/Agent.VPS!tr
10/16/2014

F-Prot
W32/new-malware
4.6.5.141

F-Secure
Gen:Variant.Kazy.6550
11.2014-16-10_5

G Data
Gen:Variant.Kazy.6550
14.10.24

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.8.3.0

K7 AntiVirus
Trojan
13.185.13866

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.3092

McAfee
Dropper-FLT!29846C62121E
5600.6975

Microsoft Security Essentials
Threat.Undefined
1.185.3420.0

MicroWorld eScan
Gen:Variant.Kazy.6550
15.0.0.867

NANO AntiVirus
Trojan.Win32.Asterope.dgslre
0.28.6.62995

Norman
Malware
11.20141016

Qihoo 360 Security
Win32/Trojan.236
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
14.11.29.20

Sophos
Mal/Generic-S
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Kazy
10296

Total Defense
Win32/Tnega.YEbaaHC
37.0.11260

Trend Micro House Call
TROJ_HIDEFIL.BMC
7.2.289

Trend Micro
TROJ_HIDEFIL.BMC
10.465.16

VIPRE Antivirus
Unnamed.Threat
33980

ViRobot
Trojan.Win32.Agent.101888.S
2011.4.7.4223

File size:
99.5 KB (101,888 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\Application data\microsoft\windows\ieupdate\schtasks.exe

File PE Metadata
Compilation timestamp:
10/15/2004 2:49:27 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

CTPH (ssdeep):
3072:99+tyyredjxXf6UQI2SBoBcI+fDclqxmTV52:27reJ1nQI2SBoBB+fDcHV

Entry address:
0x569E

Entry point:
55, 8B, EC, 83, E4, F8, 81, EC, 0C, 08, 00, 00, 53, 56, 57, E8, EE, BE, FF, FF, E8, 7E, F9, FF, FF, 33, F6, 84, C0, 0F, 84, F8, 02, 00, 00, 8D, 84, 24, 88, 06, 00, 00, 50, 68, 02, 02, 00, 00, FF, 15, 30, 53, 41, 00, 85, C0, 0F, 85, DD, 02, 00, 00, 8D, 44, 24, 14, 50, 6A, 0A, 89, 74, 24, 18, FF, 15, E8, 50, 41, 00, 50, FF, 15, 08, 50, 41, 00, 85, C0, 74, 23, 8D, 44, 24, 10, 50, 6A, 01, 6A, 02, 56, 68, 00, 00, 00, 02, FF, 74, 24, 28, FF, 15, 00, 50, 41, 00, FF, 74, 24, 14, E8, BE, 06, 00, 00, 59, 56, FF, 74...
 
[+]

Entropy:
6.6588

Developed / compiled with:
Microsoft Visual C++

Code size:
78.5 KB (80,384 bytes)

Scrnsave
Name:
schtasks.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ox-173-241-242-219.xv.dc.openx.org  (173.241.242.219:80)

TCP (HTTP):
Connects to mc.yandex.ru  (87.250.250.119:80)

TCP (HTTP):
Connects to jnb01s08-in-f0.1e100.net  (74.125.233.96:80)

TCP (HTTP):
Connects to hosted-by.sigmait.org  (195.20.141.146:8080)

TCP (HTTP):
Connects to hostby.echoromeonet.co.uk  (89.144.2.20:8080)

TCP (HTTP):
Connects to float.2417.bm-impbus.prod.ams1.adnexus.net  (37.252.163.78:80)

TCP:
Connects to cable-78-34-78-97.netcologne.de  (78.34.78.97:48754)

TCP (HTTP):
Connects to beacon-3.newrelic.com.cdn.cloudflare.net  (50.31.164.176:80)

TCP:
Connects to 36-238-3-77.dynamic-ip.hinet.net  (36.238.3.77:48754)

TCP (HTTP):
Connects to 198-57-190-177.unifiedlayer.com  (198.57.190.177:80)

TCP:
Connects to 117.210.104.27.unknown.m1.com.sg  (27.104.210.117:48754)

Remove schtasks.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.