» synctask.exe
Overview
Analysis
File Details
Behaviors (2)
Network (25)

synctask.exe

The application synctask.exe has been detected as a potentially unwanted program by 21 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. This is the uninstaller utility registered in the Windows Control Panel for the program Search Provided by Yahoo. While running, it connects to the Internet address geoip-zlb.vips.scl3.mozilla.com on port 443.

File name:

synctask.exe

MD5:

b0732c2304db0526b3d9a3304b004d5c

SHA-1:

a9a199a72990b859633d751d5a8d5bc225772825

SHA-256:

16049458c9752f6f8bbc4790684d081e9ad590274b8fc0b654796fc0afe2b169

Scanner detections:

21 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 7:02:40 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.4532789

-36

AhnLab V3 Security

PUP/Win32.DealPly.C1743210

3.8.3.16

Avira AntiVirus

ADWARE/DealPly.ykrbh

8.3.3.4

Arcabit

Trojan.Generic.D452A35

1.0.0.798

Bitdefender

Trojan.GenericKD.4532789

1.0.20.355

Emsisoft Anti-Malware

Trojan.GenericKD.4532789

8.17.03.12.03

Fortinet FortiGate

Riskware/PUP

3/12/2017

F-Secure

Trojan.GenericKD.4532789

11.2017-12-03_1

G Data

Trojan.GenericKD.4532789

17.3.A:25.11137B:25.9061

Kaspersky

not-a-virus:AdWare.Win32.DealPly

14.0.0.-1296

McAfee

PUP-FPD

5600.6108

MicroWorld eScan

Trojan.GenericKD.4532789

18.0.0.213

NANO AntiVirus

Riskware.Win32.DealPly.embizu

1.0.70.15657

Panda Antivirus

Trj/GdSda.A

17.03.12.03

Qihoo 360 Security

HEUR/QVM05.1.0000.Malware.Gen

1.0.0.1120

Quick Heal

Pua.Dealply

3.17.14.00

Reason Heuristics

PUP.Downloader.ICDP (L)

17.3.12.3

Rising Antivirus

Malware.Heuristic!ET#97% (rdm+)

23.00.65.17228

Trend Micro

TROJ_GEN.R01BC0ECA17

10.465.12

VIPRE Antivirus

Trojan.Win32.Generic

56578

ViRobot

Adware.Agent.2358272.AL[h]

2014.3.20.0

File size:

2.2 MB (2,358,272 bytes)

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

12/4/2016 11:16:02 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x204440

Entry point:

55, 8B, EC, 83, C4, F0, B8, 48, C6, 5F, 00, E8, 48, 9B, E0, FF, A1, 18, 9E, 60, 00, 8B, 00, E8, F0, 03, FD, FF, 8B, 0D, 88, 9D, 60, 00, A1, 18, 9E, 60, 00, 8B, 00, 8B, 15, 1C, D4, 5D, 00, E8, F0, 03, FD, FF, A1, 18, 9E, 60, 00, 8B, 00, E8, 40, 05, FD, FF, E8, 93, 4B, E0, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

2 MB (2,110,464 bytes)

Program Uninstaller

Program name:

Search Provided by Yahoo

Uninstall string:

"C:\users\{user}\appdata\local\{adb79beb-891f-f753-e487-d2bbc0ef2e23}\uninstall.exe" \uninstall \s \noun \delselfdir

Scheduled Task

Task name:

{B3D9C7CC-78EF-4E79-A86B-9D4441BD150B}

Trigger:

Daily (Runs daily at 2:11)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-107-20-201-65.compute-1.amazonaws.com (107.20.201.65:80)

TCP (HTTP):

Connects to s3-1-w.amazonaws.com (54.231.40.179:80)

TCP (HTTP):

Connects to ec2-54-225-212-5.compute-1.amazonaws.com (54.225.212.5:80)

TCP (HTTP):

Connects to ec2-23-23-110-40.compute-1.amazonaws.com (23.23.110.40:80)

TCP (HTTP):

Connects to ec2-23-21-246-202.compute-1.amazonaws.com (23.21.246.202:80)

TCP (HTTP SSL):

Connects to geoip-zlb.vips.scl3.mozilla.com (63.245.215.82:443)

TCP (HTTP):

Connects to server-54-230-191-140.maa3.r.cloudfront.net (54.230.191.140:80)

TCP (HTTP):

Connects to server-54-192-159-168.sin3.r.cloudfront.net (54.192.159.168:80)

TCP (HTTP):

Connects to server-54-192-159-141.sin3.r.cloudfront.net (54.192.159.141:80)

TCP (HTTP):

Connects to server-52-84-174-14.gru50.r.cloudfront.net (52.84.174.14:80)

TCP (HTTP):

Connects to ec2-54-69-114-228.us-west-2.compute.amazonaws.com (54.69.114.228:80)

TCP (HTTP):

Connects to ec2-54-225-136-136.compute-1.amazonaws.com (54.225.136.136:80)

TCP (HTTP):

Connects to ec2-52-50-196-247.eu-west-1.compute.amazonaws.com (52.50.196.247:80)

TCP (HTTP):

Connects to ec2-23-21-246-179.compute-1.amazonaws.com (23.21.246.179:80)

Remove synctask.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.