home

synctask.exe

It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. This is the uninstaller utility registered in the Windows Control Panel for the program Search Provided by Yahoo.
MD5:
927a9b597a86d1a8e4008ac93281dd41

SHA-1:
7bcd80a3b841d88756e2aedb8f9fb1e73750a3db

SHA-256:
67ea38862b8ad19064f412be7c7249353aba9e34b00ff77c0b196366763738b2

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/24/2024 1:58:20 PM UTC  (today)

Scan engine
Detection
Engine version

McAfee
PUP-FPD
5600.6116

Qihoo 360 Security
HEUR/QVM05.1.0000.Malware.Gen
1.0.0.1120

Rising Antivirus
Malware.Heuristic!ET#87% (rdm+)
23.00.65.17220

File size:
2.1 MB (2,220,544 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
4/24/2014 7:49:13 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x1E82C8

Entry point:
55, 8B, EC, 83, C4, F0, B8, 48, 08, 5E, 00, E8, B8, 59, E2, FF, A1, 08, DE, 5E, 00, 8B, 00, E8, F0, C6, FB, FF, 8B, 0D, 30, DE, 5E, 00, A1, 08, DE, 5E, 00, 8B, 00, 8B, 15, 00, F3, 5A, 00, E8, F0, C6, FB, FF, A1, 08, DE, 5E, 00, 8B, 00, E8, 48, C8, FB, FF, E8, 93, 0A, E2, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
1.9 MB (1,995,264 bytes)

Program Uninstaller
Program name:
Search Provided by Yahoo

Uninstall string:
"C:\users\{user}\appdata\local\{ed45db19-c9ed-b7a1-a475-9249801d6ed1}\uninstall.exe" \uninstall \s \noun \delselfdir


Scheduled Task
Task name:
{E8542A76-A998-4E56-AC00-5B8ECDECCF89}

Trigger:
Daily (Runs daily at 09:19 a.m.)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-23-21-246-202.compute-1.amazonaws.com  (23.21.246.202:80)

TCP (HTTP):
Connects to ec2-54-225-212-5.compute-1.amazonaws.com  (54.225.212.5:80)

TCP (HTTP):
Connects to ec2-107-20-201-65.compute-1.amazonaws.com  (107.20.201.65:80)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (52.216.225.16:80)

TCP (HTTP):
Connects to ec2-23-23-110-40.compute-1.amazonaws.com  (23.23.110.40:80)

TCP (HTTP):
Connects to server-52-85-173-249.fra6.r.cloudfront.net  (52.85.173.249:80)

TCP (HTTP):
Connects to ec2-54-225-136-136.compute-1.amazonaws.com  (54.225.136.136:80)

TCP (HTTP SSL):
Connects to geoip-zlb.vips.scl3.mozilla.com  (63.245.215.82:443)

TCP (HTTP):
Connects to ec2-54-243-162-184.compute-1.amazonaws.com  (54.243.162.184:80)

TCP (HTTP):
Connects to ec2-107-21-228-208.compute-1.amazonaws.com  (107.21.228.208:80)

TCP (HTTP):
Connects to server-54-230-191-140.maa3.r.cloudfront.net  (54.230.191.140:80)

TCP (HTTP):
Connects to server-54-230-149-250.sin2.r.cloudfront.net  (54.230.149.250:80)

TCP (HTTP):
Connects to server-54-192-75-112.hkg50.r.cloudfront.net  (54.192.75.112:80)

TCP (HTTP):
Connects to server-54-192-159-165.sin3.r.cloudfront.net  (54.192.159.165:80)

TCP (HTTP):
Connects to server-52-85-167-158.gig50.r.cloudfront.net  (52.85.167.158:80)

TCP (HTTP):
Connects to server-52-84-174-12.gru50.r.cloudfront.net  (52.84.174.12:80)

TCP (HTTP):
Connects to ec2-54-83-207-70.compute-1.amazonaws.com  (54.83.207.70:80)

TCP (HTTP):
Connects to ec2-54-69-114-228.us-west-2.compute.amazonaws.com  (54.69.114.228:80)

TCP (HTTP):
Connects to ec2-52-25-199-9.us-west-2.compute.amazonaws.com  (52.25.199.9:80)

TCP (HTTP):
Connects to ec2-23-21-246-179.compute-1.amazonaws.com  (23.21.246.179:80)

Scan synctask.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.