» taskhost.exe
Overview
Analysis
File Details
Behaviors (1)

taskhost.exe

ViewDrive

The executable taskhost.exe has been detected as malware by 25 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Windows Task Host’.

File name:

taskhost.exe

Publisher:

ViewDrive

Product:

ViewDrive

Version:

1.0.0.0

MD5:

7c7b2b8079e0b0d6684a5b3512d9c76a

SHA-1:

1eb73a70ea7aeea67d27614f381f3dcfb505a379

SHA-256:

2fccf04835fed6e9261e89d5c3cb0cc9f46ccc93004ad7644362b237b22bac69

Scanner detections:

25 / 68

Status:

Malware

Analysis date:

4/3/2025 4:51:08 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Worm.Autorun

7.1.1

Avira AntiVirus

Worm/Autorun.hge

7.11.46.132

avast!

Win32:AutoRun-BSO [Trj]

2014.9-170315

AVG

Suspicion: unknown virus

2018.0.2438

Bitdefender

Trojan.Autorun.AZY

1.0.20.370

ESET NOD32

Win32/AutoRun.Agent.AEO

11.7596

Fortinet FortiGate

W32/AutoRun!tr

3/15/2017

F-Prot

W32/Agent.NI.gen

v6.4.6.5.141

F-Secure

Trojan.Autorun.AZY

11.2017-15-03_4

G Data

Trojan.Autorun.AZY

17.3.22

IKARUS anti.virus

Worm.Win32.AutoRun

t3scan.1.1.122.0

K7 AntiVirus

Riskware

13.153.7739

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.-1314

McAfee

W32/Autorun.worm.gu

5600.6094

Microsoft Security Essentials

Worm:Win32/Autorun.AAL

1.163.1557.0

MicroWorld eScan

Trojan.Autorun.AZY

18.0.0.222

Norman

W32/Suspicious_Gen2.PSOPI

11.20170315

nProtect

Trojan/W32.Scar.3078376

12.10.17.01

Quick Heal

Trojan.Autorun.AA3

3.17.12.00

Rising Antivirus

Worm.Win32.Autorun.twu

23.00.65.17313

Sophos

W32/AutoRun-BSY

4.81

Total Defense

Win32/Autorun.AX

37.0.10123

Trend Micro House Call

TROJ_SPNR.22I212

7.2.74

Trend Micro

TROJ_SPNR.22I212

10.465.15

VIPRE Antivirus

Trojan.Win32.Generic.pak!cobra

13560

File size:

2.9 MB (3,078,376 bytes)

Original file name:

ExploreDrive.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\taskhost.exe

File PE Metadata

Compilation timestamp:

10/31/2007 10:23:19 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

Entry address:

0x167C1A

Entry point:

E8, F7, 52, 00, 00, E9, 16, FE, FF, FF, C3, B8, 37, DA, 56, 00, A3, 70, 0A, 5B, 00, C7, 05, 74, 0A, 5B, 00, 33, D1, 56, 00, C7, 05, 78, 0A, 5B, 00, F1, D0, 56, 00, C7, 05, 7C, 0A, 5B, 00, 25, D1, 56, 00, C7, 05, 80, 0A, 5B, 00, 9B, D0, 56, 00, A3, 84, 0A, 5B, 00, C7, 05, 88, 0A, 5B, 00, B1, D9, 56, 00, C7, 05, 8C, 0A, 5B, 00, B1, D0, 56, 00, C7, 05, 90, 0A, 5B, 00, 1B, D0, 56, 00, C7, 05, 94, 0A, 5B, 00, AA, CF, 56, 00, C3, E8, 9B, FF, FF, FF, E8, 2E, 5E, 00, 00, 83, 7C, 24, 04, 00, A3, 30, 0A, 5F, 00, 74... 
[+]

Entropy:

6.3355

Code size:

1.5 MB (1,548,288 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Windows Task Host

Command:

C:\users\{user}\appdata\roaming\taskhost.exe

Remove taskhost.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.