» task.exe
Overview
Analysis
File Details
Behaviors (1)
Network (30)

task.exe

Xin Zhou

The application task.exe by Xin Zhou has been detected as a potentially unwanted program by 3 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. While running, it connects to the Internet address server-54-192-14-80.ams1.r.cloudfront.net on port 80 using the HTTP protocol.

File name:

task.exe

Publisher:

Xin Zhou (signed and verified)

MD5:

fc19b250945a7a605aa02db5669d4085

SHA-1:

1c811ddeeebfae3a86c1cb446bb4341ea4832461

SHA-256:

0293043cbb3f77f0664f9ea1b4b00bec62d9b36677575da56674e6a578be6cbd

Scanner detections:

3 / 68

Status:

Potentially unwanted

Analysis date:

11/15/2024 2:04:44 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

W32/Virut.Gen

7.11.30.172

Dr.Web

Adware.Mutabaha.937

9.0.1.05190

Reason Heuristics

PUP.XinZhou (M)

16.2.8.12

File size:

333.7 KB (341,688 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\common update\task update\task.exe

Digital Signature

Signed by:

Xin Zhou

Authority:

thawte, Inc.

Valid from:

10/23/2015 5:30:00 AM

Valid to:

10/23/2016 5:29:59 AM

Subject:

CN=Xin Zhou, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

659A8A3384285135321373ABABE9503D

File PE Metadata

Compilation timestamp:

1/7/2016 8:25:35 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

6144:nq9mlw9EVlgIYtk2b4Os3+wThZKdU5ScmLtnB6:nq9mq9ErgJicIBX1mB6

Entry address:

0x21F76

Entry point:

E8, 29, A7, 00, 00, E9, 7F, FE, FF, FF, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 74, 15, 45, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 70, F7, 44, 00, 01, 0F, 82, 68, A8, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3... 
[+]

Entropy:

6.4551

Code size:

236.5 KB (242,176 bytes)

Scheduled Task

Task name:

task Update

Trigger:

Daily (Runs daily at 12:55 PM)

Description:

Enables the detection, download, and installation of updates for task and other programs. If this service is disabled, users of this computer will not

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-54-192-230-126.waw50.r.cloudfront.net (54.192.230.126:80)

TCP (HTTP):

Connects to server-54-192-230-153.waw50.r.cloudfront.net (54.192.230.153:80)

TCP (HTTP):

Connects to server-54-192-14-80.ams1.r.cloudfront.net (54.192.14.80:80)

TCP (HTTP):

Connects to server-54-230-206-241.atl50.r.cloudfront.net (54.230.206.241:80)

TCP (HTTP):

Connects to server-54-192-230-252.waw50.r.cloudfront.net (54.192.230.252:80)

TCP (HTTP):

Connects to server-54-192-230-214.waw50.r.cloudfront.net (54.192.230.214:80)

TCP (HTTP):

Connects to server-54-192-230-105.waw50.r.cloudfront.net (54.192.230.105:80)

TCP (HTTP):

Connects to server-52-84-126-167.iad16.r.cloudfront.net (52.84.126.167:80)

TCP (HTTP):

Connects to server-54-192-36-19.jfk1.r.cloudfront.net (54.192.36.19:80)

TCP (HTTP):

Connects to server-54-192-230-29.waw50.r.cloudfront.net (54.192.230.29:80)

TCP (HTTP):

Connects to server-54-192-230-216.waw50.r.cloudfront.net (54.192.230.216:80)

TCP (HTTP):

Connects to server-54-192-19-131.iad12.r.cloudfront.net (54.192.19.131:80)

TCP (HTTP):

Connects to server-52-84-126-227.iad16.r.cloudfront.net (52.84.126.227:80)

TCP (HTTP):

Connects to server-54-230-95-93.fra2.r.cloudfront.net (54.230.95.93:80)

TCP (HTTP):

Connects to server-54-230-216-76.mrs50.r.cloudfront.net (54.230.216.76:80)

TCP (HTTP):

Connects to server-54-230-216-36.mrs50.r.cloudfront.net (54.230.216.36:80)

TCP (HTTP):

Connects to server-54-230-216-229.mrs50.r.cloudfront.net (54.230.216.229:80)

TCP (HTTP):

Connects to server-54-230-216-15.mrs50.r.cloudfront.net (54.230.216.15:80)

TCP (HTTP):

Connects to server-54-230-216-101.mrs50.r.cloudfront.net (54.230.216.101:80)

TCP (HTTP):

Connects to server-54-230-206-150.atl50.r.cloudfront.net (54.230.206.150:80)

Remove task.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.