home

RMTask.EXE

RestoreMaster

Chongqing XIA Software Technology, Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Sysrestore Pro’.
Publisher:
XIASOFT TECH CO.,LTD.  (signed by Chongqing XIA Software Technology, Inc.)

Product:
RestoreMaster

Description:
RestoreMaster Schedule Task Module

Version:
3, 4, 0, 1116

MD5:
dbb01ad45a60946d1ed2cec3ae624dbd

SHA-1:
cb09e328fc36a4d6f5e703c4b54d12753365ac8a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 6:56:20 PM UTC  (today)

File size:
340.9 KB (349,128 bytes)

Product version:
3, 4, 0, 1116

Copyright:
Copyright(C) XIASOFT TECH CO.,LTD. All Rights Reserved.

Original file name:
RMTask.EXE

File type:
Executable application (Win32 EXE)

Language:
Chinese (PRC)

Common path:
C:\Program Files\sysnew\sysrestore pro\rmtask.exe

Digital Signature
Signed by:
Chongqing XIA Software Technology, Inc.

Authority:
VeriSign, Inc.

Valid from:
9/10/2013 3:00:00 AM

Valid to:
9/7/2014 2:59:59 AM

Subject:
CN="Chongqing XIA Software Technology, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Chongqing XIA Software Technology, Inc.", L=ChongQing, S="Yubei District, ChongQing", C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
15460F15A5EB1B967F68E0513800E16C

File PE Metadata
Compilation timestamp:
11/1/2013 2:58:09 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:Call/6mDxPEjzO/uNg0912mH+mC4QfzUIy9d6orvZcjJuv4Zmcu1wP:Cil/XtPEjK/uWi12mHPCPfzstOjRvu8

Entry address:
0x16996

Entry point:
55, 8B, EC, 6A, FF, 68, 48, 8D, 41, 00, 68, FC, 6C, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, FF, 15, 28, 84, 41, 00, 59, 83, 0D, 4C, 67, 42, 00, FF, 83, 0D, 50, 67, 42, 00, FF, FF, 15, 24, 84, 41, 00, 8B, 0D, 40, 67, 42, 00, 89, 08, FF, 15, 20, 84, 41, 00, 8B, 0D, 3C, 67, 42, 00, 89, 08, A1, 1C, 84, 41, 00, 8B, 00, A3, 48, 67, 42, 00, E8, F4, 02, 00, 00, 39, 1D, E0, 53, 42, 00, 75, 0C, 68, F8, 6C, 41, 00, FF, 15...
 
[+]

Entropy:
5.4645

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
92 KB (94,208 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Sysrestore Pro

Command:
C:\Program Files\sysnew\sysrestore pro\rmtask.exe


The file RMTask.EXE has been discovered within the following program.

Sysrestore Pro  by XIA Software Technology, Inc.
www.xia008.com
About 1% of users remove it
 
Powered by Should I Remove It?

Scan RMTask.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.