tskmgr.exe

RecA

The executable tskmgr.exe has been detected as malware by 1 anti-virus scanner. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in.
Publisher:
RecA  (signed and verified)

MD5:
02e62c702c5cc7685b66b9c2c9fc76bf

SHA-1:
f85c65aec3537d7d6ecb1c77e438a1cfb5fecf8f

SHA-256:
e37f5821313bb44a8b23ca73ae1ea4c1374cfc0645c2c175fd7a6dc0bec26317

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/26/2024 5:40:45 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.8.3.21

File size:
7.3 MB (7,697,856 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\taskmgr\tskmgr.exe

Digital Signature
Signed by:

Authority:
RecA

Valid from:
7/2/2016 10:12:39 PM

Valid to:
7/3/2026 10:12:39 PM

Subject:
E=owner@reca.net, CN=www.reca.net, OU=Support Dept, O=RecA, L=Cologne, S=Sortil, C=DE

Issuer:
E=owner@reca.net, CN=www.reca.net, OU=Support Dept, O=RecA, L=Cologne, S=Sortil, C=DE

Serial number:
008FE7E51E617A60CF

File PE Metadata
Compilation timestamp:
7/3/2016 4:41:15 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
196608:hBS/8DoOQbV/n6brOfNjE2FEqHxlIMEpywekW+4//lI3/88ACgDVRRVRLRRRRiRl:hBS/8DoOoVw6VjE2F8HpyD1qPSC4K

Entry address:
0x7289FE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
7.2 MB (7,499,776 bytes)

Scheduled Task
Task name:
tskmgr.exe

Trigger:
Logon (Runs on logon)


Remove tskmgr.exe - Powered by Reason Core Security