» RMTask.EXE
Overview
Analysis
File Details
Behaviors (2)
Programs (1)

RMTask.EXE

RestoreMaster

Chongqing XIA Software Technology, Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Sysrestore Pro’. This is installed with Sysrestore Pro.

File name:

RMTask.EXE

Publisher:

XIA Software Technology, Inc. (signed by Chongqing XIA Software Technology, Inc.)

Product:

RestoreMaster

Description:

RestoreMaster Schedule Task Module

Version:

3,4,0,1100

MD5:

c0bb17ad1f82ddf12653a487151c2185

SHA-1:

2ca9e4000612128efe494938e774f552f357fc67

SHA-256:

d3aff88a4da53b1955ee76a4cd4555c125fc6adf0f0d426725d05bf35fe89f90

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/24/2024 11:02:30 AM UTC (today)

File size:

339.2 KB (347,360 bytes)

Product version:

3,4,0,1100

Original file name:

RMTask.EXE

File type:

Executable application (Win32 EXE)

Language:

Chinees (Vereenvoudigd, China)

Common path:

C:\Program Files\sysnew\sysrestore pro\rmtask.exe

Digital Signature

Signed by:

Chongqing XIA Software Technology, Inc.

Authority:

VeriSign, Inc.

Valid from:

1/17/2012 1:00:00 AM

Valid to:

1/17/2013 12:59:59 AM

Subject:

CN="Chongqing XIA Software Technology, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Chongqing XIA Software Technology, Inc.", L=Chongqing, S=Yubei District, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

5E58F0DCAF2C9AC420FC74855A43F9DD

File PE Metadata

Compilation timestamp:

7/19/2012 10:57:34 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:yzi88gr5Dq+ci+U9RgpRN5M5GCPfzLVOjRvu4:khHFDrci+IRgTN5M0k7JOjhu4

Entry address:

0x16846

Entry point:

55, 8B, EC, 6A, FF, 68, 48, 8D, 41, 00, 68, AC, 6B, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, FF, 15, 28, 84, 41, 00, 59, 83, 0D, 2C, 65, 42, 00, FF, 83, 0D, 30, 65, 42, 00, FF, FF, 15, 24, 84, 41, 00, 8B, 0D, 20, 65, 42, 00, 89, 08, FF, 15, 20, 84, 41, 00, 8B, 0D, 1C, 65, 42, 00, 89, 08, A1, 1C, 84, 41, 00, 8B, 00, A3, 28, 65, 42, 00, E8, F4, 02, 00, 00, 39, 1D, C0, 51, 42, 00, 75, 0C, 68, A8, 6B, 41, 00, FF, 15... 
[+]

Code size:

92 KB (94,208 bytes)

Scheduled Task

Task name:

Sysrestore Pro 3.4

Trigger:

Logon (Runs on logon)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Sysrestore Pro

Command:

C:\Program Files\sysnew\sysrestore pro\rmtask.exe

The file RMTask.EXE has been discovered within the following program.

Sysrestore Pro by XIA Software Technology, Inc.

www.xia008.com

About 1% of users remove it

Scan RMTask.EXE - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.