wintaske.exe

Yupeng Zhang

The application wintaske.exe by Yupeng Zhang has been detected as a potentially unwanted program by 3 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named WinTaske triggered daily at a specified time. This file is typically installed with the program yessearches Uninstall by ELEX which is a potentially unwanted software program. While running, it connects to the Internet address server-54-230-122-133.dfw50.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Yupeng Zhang  (signed and verified)

MD5:
29415e74e5f491fd7b091dd66dd4d482

SHA-1:
41470812175f5f481c3db9dc1987e8fef797c6f5

SHA-256:
98ba8845228715e8c328f1dfee60f229cd485957fb109509c816428f662a8ee4

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 1:16:23 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
AdWare.W32.Agent
2.1.4+

Qihoo 360 Security
HEUR/QVM10.1.0000.Malware.Gen
1.0.0.1120

Reason Heuristics
Adware.SearchBeyond (M)
16.3.28.6

File size:
356.1 KB (364,600 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\searchestoyesbnd\wintaske.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
3/14/2016 4:00:00 AM

Valid to:
2/4/2017 3:59:59 AM

Subject:
CN=Yupeng Zhang, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
56ED9E7C28D4E65DF6EF0253265ACB11

File PE Metadata
Compilation timestamp:
3/23/2016 1:41:33 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:fIIQJQIcfiqkTY35+jw4Rlb49+/6zsLl/ciZolk/mqS5lHp:fIzFUgY3YjwTGWg9alk+qS5lHp

Entry address:
0x2588A

Entry point:
E8, 7E, 57, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 30, 61, 45, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, F8, 42, 45, 00, 01, 0F, 82, 92, 5C, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03...
 
[+]

Entropy:
6.4463

Code size:
260.5 KB (266,752 bytes)

Scheduled Task
Task name:
WinTaske

Trigger:
Daily (Runs daily at 15:29)

Description:
Enables the detection, download and installation of updates for WinTaske and other programs. If this service is disabled, users of this computer will


The file wintaske.exe has been discovered within the following program.

yessearches is a web browser search hijacker that modifies the assets of the user's web browser in order to redirect search results.
yessearches.com
88% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-52-84-7-45.ord54.r.cloudfront.net  (52.84.7.45:80)

TCP (HTTP):
Connects to server-54-230-206-241.atl50.r.cloudfront.net  (54.230.206.241:80)

TCP (HTTP):
Connects to server-52-84-63-58.ord51.r.cloudfront.net  (52.84.63.58:80)

TCP (HTTP):
Connects to server-54-230-95-149.fra2.r.cloudfront.net  (54.230.95.149:80)

TCP (HTTP):
Connects to server-54-230-163-254.jax1.r.cloudfront.net  (54.230.163.254:80)

TCP (HTTP):
Connects to server-54-230-51-133.jfk5.r.cloudfront.net  (54.230.51.133:80)

TCP (HTTP):
Connects to server-54-230-95-6.fra2.r.cloudfront.net  (54.230.95.6:80)

TCP (HTTP):
Connects to server-52-84-63-40.ord51.r.cloudfront.net  (52.84.63.40:80)

TCP (HTTP):
Connects to server-54-239-132-36.sfo9.r.cloudfront.net  (54.239.132.36:80)

TCP (HTTP):
Connects to server-54-230-95-233.fra2.r.cloudfront.net  (54.230.95.233:80)

TCP (HTTP):
Connects to server-54-230-81-195.mia50.r.cloudfront.net  (54.230.81.195:80)

TCP (HTTP):
Connects to server-54-230-81-17.mia50.r.cloudfront.net  (54.230.81.17:80)

TCP (HTTP):
Connects to server-54-230-81-127.mia50.r.cloudfront.net  (54.230.81.127:80)

TCP (HTTP):
Connects to server-54-230-216-101.mrs50.r.cloudfront.net  (54.230.216.101:80)

TCP (HTTP):
Connects to server-54-230-206-150.atl50.r.cloudfront.net  (54.230.206.150:80)

TCP (HTTP):
Connects to server-54-230-163-38.jax1.r.cloudfront.net  (54.230.163.38:80)

TCP (HTTP):
Connects to server-54-230-163-233.jax1.r.cloudfront.net  (54.230.163.233:80)

TCP (HTTP):
Connects to server-54-230-122-133.dfw50.r.cloudfront.net  (54.230.122.133:80)

TCP (HTTP):
Connects to server-54-192-55-17.jfk6.r.cloudfront.net  (54.192.55.17:80)

TCP (HTTP):
Connects to server-54-192-36-56.jfk1.r.cloudfront.net  (54.192.36.56:80)

Remove wintaske.exe - Powered by Reason Core Security