wintaske.exe

Yupeng Zhang

The application wintaske.exe by Yupeng Zhang has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler named WinTaske triggered daily at a specified time. This file is typically installed with the program yessearches Uninstall by ELEX which is a potentially unwanted software program.
Publisher:
Yupeng Zhang  (signed and verified)

MD5:
01ba6097dc9b7031cf0a4438a1f02d3d

SHA-1:
3db01e988888ed11bea6cb686a72aa8bc3fa6ce9

SHA-256:
a9815da2891948ca81b38a68cd25b31481c089ea58781e23a56e13aa89787306

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/30/2024 9:58:05 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Zhang (M)
16.8.31.1

File size:
348.6 KB (356,920 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\wintaske\wintaske\wintaske.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
3/14/2016 1:00:00 AM

Valid to:
2/4/2017 12:59:59 AM

Subject:
CN=Yupeng Zhang, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
56ED9E7C28D4E65DF6EF0253265ACB11

File PE Metadata
Compilation timestamp:
3/29/2016 5:50:58 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:8a/Pneo2vdgxChjeTAzP8M5HGAQKCazCe7WGGwqTYyfpzW:V3neoa60X78KHBQKCazCTTTYyfpzW

Entry address:
0x25089

Entry point:
E8, 33, 57, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 6C, 41, 45, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 00, 23, 45, 00, 01, 0F, 82, 46, 5C, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10...
 
[+]

Entropy:
6.4684

Code size:
258.5 KB (264,704 bytes)

Scheduled Task
Task name:
WinTaske

Trigger:
Daily (Runs daily at 12:47 AM)

Description:
Enables the detection, download, and installation of updates for WinTaske and other programs. If this service is disabled, users of this computer will


The file wintaske.exe has been discovered within the following program.

yessearches is a web browser search hijacker that modifies the assets of the user's web browser in order to redirect search results.
yessearches.com
88% remove it
 
Powered by Should I Remove It?

Remove wintaske.exe - Powered by Reason Core Security