» RMTask.EXE
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

RMTask.EXE

RestoreMaster

Chongqing XIA Software Technology, Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Sysrestore’. This is installed with Sysrestore.

File name:

RMTask.EXE

Publisher:

XIA Software Technology, Inc. (signed by Chongqing XIA Software Technology, Inc.)

Product:

RestoreMaster

Description:

RestoreMaster Schedule Task Module

Version:

3,4,0,1098

MD5:

6bce9a8785383c838ba85175d806702e

SHA-1:

144d4beb59152cf126c154bbd197f9b4f61bd521

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/26/2024 9:45:28 AM UTC (today)

File size:

335.2 KB (343,256 bytes)

Product version:

3,4,0,1098

Original file name:

RMTask.EXE

File type:

Executable application (Win32 EXE)

Language:

Chinski (ChRL)

Common path:

C:\Program Files\sysnew\sysrestore\rmtask.exe

Digital Signature

Signed by:

Chongqing XIA Software Technology, Inc.

Authority:

VeriSign, Inc.

Valid from:

1/17/2012 1:00:00 AM

Valid to:

1/17/2013 12:59:59 AM

Subject:

CN="Chongqing XIA Software Technology, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Chongqing XIA Software Technology, Inc.", L=Chongqing, S=Yubei District, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

5E58F0DCAF2C9AC420FC74855A43F9DD

File PE Metadata

Compilation timestamp:

7/4/2012 5:33:04 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:PRWlJ2pIH701sYi8g+GJOGb/G1y4QfzUIM9WKdrvZcjJuv4Zmcu1wI:PklJTb01s/8gvIGbO1yPfzFgOjRvuP

Entry address:

0x164D6

Entry point:

55, 8B, EC, 6A, FF, 68, 48, 7D, 41, 00, 68, 3C, 68, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, FF, 15, 28, 74, 41, 00, 59, 83, 0D, E8, 53, 42, 00, FF, 83, 0D, EC, 53, 42, 00, FF, FF, 15, 24, 74, 41, 00, 8B, 0D, DC, 53, 42, 00, 89, 08, FF, 15, 20, 74, 41, 00, 8B, 0D, D8, 53, 42, 00, 89, 08, A1, 1C, 74, 41, 00, 8B, 00, A3, E4, 53, 42, 00, E8, F4, 02, 00, 00, 39, 1D, 80, 40, 42, 00, 75, 0C, 68, 38, 68, 41, 00, FF, 15... 
[+]

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

88 KB (90,112 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Sysrestore

Command:

C:\Program Files\sysnew\sysrestore\rmtask.exe

The file RMTask.EXE has been discovered within the following program.

Sysrestore by XIA Software Technology, Inc.

www.xia008.com

About 7% of users remove it

Scan RMTask.EXE - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.