» logracengntask.exe
Overview
Analysis
File Details
Behaviors (1)

logracengntask.exe

The application logracengntask.exe has been detected as a potentially unwanted program by 23 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 10829 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.

File name:

logracengntask.exe

MD5:

15b85bc75453594bd48dece3554219b1

SHA-1:

da762ac38b69779e164bcfa3c7f4a63a1667f63c

SHA-256:

74ebcc3d2a29e3680ada8bb88250de8f88b80bce85df295b54b080989c1fb832

Scanner detections:

23 / 68

Status:

Potentially unwanted

Analysis date:

4/24/2024 9:42:11 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.129792

701

Agnitum Outpost

PUA.Tirrip

7.1.1

AhnLab V3 Security

Adware/Win32.Tirrip

2015.03.06

Avira AntiVirus

Adware/Tirrip.452096

7.11.214.34

avast!

Win32:Adware-gen [Adw]

2014.9-150305

AVG

Generic6

2016.0.3179

Baidu Antivirus

Adware.Win32.Pirrit

4.0.3.1535

Bitdefender

Gen:Variant.Zusy.129792

1.0.20.320

Emsisoft Anti-Malware

Gen:Variant.Zusy.129792

8.15.03.05.10

ESET NOD32

Win32/Adware.Pirrit.T application

9.7.0.302.0

F-Prot

W32/S-b71f1a7a

v6.4.7.1.166

F-Secure

Gen:Variant.Zusy.129792

11.2015-05-03_5

G Data

Gen:Variant.Zusy.129792

15.3.25

herdProtect (fuzzy)

variant of memoryocrgui.exe

2015.6.12.15

K7 AntiVirus

Adware

13.200.15204

Kaspersky

not-a-virus:AdWare.Win32.Tirrip

15.0.0.543

Malwarebytes

PUP.Optional.Pirrit.A

v2015.03.05.11

MicroWorld eScan

Gen:Variant.Zusy.129792

16.0.0.192

NANO AntiVirus

Trojan.Win32.Generic.dorcyv

0.30.0.296

Panda Antivirus

Trj/Genetic.gen

15.03.05.11

Reason Heuristics

Threat.Win.Reputation.IMP

15.3.5.22

VIPRE Antivirus

Threat.4150696

37788

Zillya! Antivirus

Adware.Tirrip.Win32.81

2.0.0.2091

File size:

441.5 KB (452,096 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\finderprivacydrv\logracengntask.exe

File PE Metadata

Compilation timestamp:

2/24/2015 7:10:30 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:U+sLfIBvOWMlkakUsxnjUeX3QOdMds+Bx:rB4kakUsxnYzs+Bx

Entry address:

0x15DB6

Entry point:

E8, 98, 04, 00, 00, E9, 63, FD, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 78, 64, 46, 00, 89, 0D, 74, 64, 46, 00, 89, 15, 70, 64, 46, 00, 89, 1D, 6C, 64, 46, 00, 89, 35, 68, 64, 46, 00, 89, 3D, 64, 64, 46, 00, 66, 8C, 15, 90, 64, 46, 00, 66, 8C, 0D, 84, 64, 46, 00, 66, 8C, 1D, 60, 64, 46, 00, 66, 8C, 05, 5C, 64, 46, 00, 66, 8C, 25, 58, 64, 46, 00, 66, 8C, 2D, 54, 64, 46, 00, 9C, 8F, 05, 88, 64, 46, 00, 8B, 45, 00, A3, 7C, 64, 46, 00, 8B, 45, 04, A3, 80, 64, 46, 00, 8D, 45, 08, A3, 8C, 64, 46... 
[+]

Entropy:

6.4351

Code size:

337.5 KB (345,600 bytes)

Local Proxy Server

Proxy for:

Internet Settings

Local host address:

http://127.0.0.1:10829/

Local host port:

10829

Default credentials:

Remove logracengntask.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.