home

wintaske.exe

Yupeng Zhang

The application wintaske.exe by Yupeng Zhang has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler named WinTaske triggered daily at a specified time. This file is typically installed with the program yessearches Uninstall by ELEX which is a potentially unwanted software program.
Publisher:
Yupeng Zhang  (signed and verified)

MD5:
29415e74e5f491fd7b091dd66dd4d482

SHA-1:
38bd3acaa4e8f6002743266a4caffbe17eecf9c5

SHA-256:
98ba8845228715e8c328f1dfee60f229cd485957fb109509c816428f662a8ee4

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 5:43:10 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Zhang (M)
16.7.24.5

File size:
356.1 KB (364,600 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\wintaske\wintaske\wintaske.exe

Digital Signature
Signed by:
Yupeng Zhang

Authority:
thawte, Inc.

Valid from:
3/13/2016 9:00:00 PM

Valid to:
2/3/2017 7:59:59 PM

Subject:
CN=Yupeng Zhang, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
56ED9E7C28D4E65DF6EF0253265ACB11

File PE Metadata
Compilation timestamp:
3/23/2016 6:41:33 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:fIIQJQIcfiqkTY35+jw4Rlb49+/6zsLl/ciZolk/mqS5lHp:fIzFUgY3YjwTGWg9alk+qS5lHp

Entry address:
0x2588A

Entry point:
E8, 7E, 57, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 30, 61, 45, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, F8, 42, 45, 00, 01, 0F, 82, 92, 5C, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03...
 
[+]

Entropy:
6.4463

Code size:
260.5 KB (266,752 bytes)

Scheduled Task
Task name:
WinTaske

Trigger:
Daily (Runs daily at 3:48 AM)

Description:
Enables the detection, download, and installation of updates for WinTaske and other programs. If this service is disabled, users of this computer will


The file wintaske.exe has been discovered within the following program.

yessearches Uninstall  by ELEX
yessearches is a web browser search hijacker that modifies the assets of the user's web browser in order to redirect search results.
yessearches.com
88% remove it
 
Powered by Should I Remove It?

Remove wintaske.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.