» Taskbar.exe
Overview
Analysis
File Details
Network (17)

Taskbar.exe

CertFreeCertificateContext

Bicoastal Interactive

The file Taskbar.exe by Bicoastal Interactive has been detected as a potentially unwanted program by 21 anti-malware scanners.

File name:

Taskbar.exe

Publisher:

Bicoastal Interactive (signed and verified)

Product:

CertFreeCertificateContext

Version:

9.14.157.518

MD5:

9c3342369a2756d3b91a45621eebd60e

SHA-1:

b9449c516880cda2724cdf16adae6e0fe30f55ae

SHA-256:

0e83ddd2196209185deddb92543db2fe6513347b595ee9d1deb2f809776279fe

Scanner detections:

21 / 68

Status:

Potentially unwanted

Analysis date:

5/28/2024 1:10:25 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.20478496

-25

AhnLab V3 Security

PUP/Win32.DownloadAdmin.R195114

3.8.3.16

Avira AntiVirus

TR/Siggen.gkdsw

8.3.3.4

Arcabit

Trojan.Generic.D1387A20

1.0.0.795

avast!

Win32:Rootkit-gen [Rtk]

2014.9-170301

Baidu Antivirus

Win32.Trojan.WisdomEyes.16070401.9500

4.0.3.1731

Bitdefender

Trojan.Generic.20478496

1.0.20.300

Bkav FE

W32.HfsAdware

1.3.0.8876

Comodo Security

Application.Win32.DownloadAdmin.Y

26678

Dr.Web

Trojan.Siggen7.10262

9.0.1.060

Emsisoft Anti-Malware

Application.AdLoad

8.17.03.01.07

F-Secure

Trojan.Generic.20478496

11.2017-01-03_4

G Data

Trojan.Generic.20478496

17.3.25

IKARUS anti.virus

PUA.DownloadAdmin.Aa

0.2.1.2

McAfee

GenericRXAZ-EG!9C3342369A27

5600.6109

MicroWorld eScan

Trojan.Generic.20478496

18.0.0.180

Qihoo 360 Security

HEUR/QVM10.1.0000.Malware.Gen

1.0.0.1120

Reason Heuristics

PUP.DownloadAdmin (M)

17.3.1.7

SUPERAntiSpyware

PUP.DownloadAdmin/Variant

8562

Vba32 AntiVirus

Signed-Downware.DownloadAdmin

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

56322

File size:

139.8 KB (143,144 bytes)

Product version:

7.12.96.910

Original file name:

Taskbar.exe

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\29ca.tmp

Digital Signature

Signed by:

Bicoastal Interactive

Authority:

GoDaddy.com, Inc.

Valid from:

5/20/2016 3:50:40 AM

Valid to:

5/20/2017 3:50:40 AM

Subject:

CN=Bicoastal Interactive, O=Bicoastal Interactive, L=San Francisco, S=California, C=US

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

0096C56AE03C38A570

File PE Metadata

Compilation timestamp:

11/30/2016 12:25:48 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

Entry address:

0x79BD

Entry point:

E8, BC, 36, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, EC, C4, 41, 00, FF, 15, D0, 50, 41, 00, 85, C0, 75, 18, 56, E8, 0E, 10, 00, 00, 8B, F0, FF, 15, BC, 50, 41, 00, 50, E8, 13, 10, 00, 00, 59, 89, 06, 5E, 5D, C3, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, CC, B8, 41, 00, 33, C5, 89, 45, FC, 83, 7D, 08, FF, 57, 74, 09, FF, 75, 08, E8, C3, 3D, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 8D, 85, E4, FC, FF, FF, 6A, 4C, 6A, 00, 50, E8, B7, 3D, 00, 00, 8D, 85, E0, FC... 
[+]

Entropy:

6.4836

Code size:

77.5 KB (79,360 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-52-6-18-250.compute-1.amazonaws.com (52.6.18.250:80)

TCP (HTTP):

Connects to a23-205-118-148.deploy.static.akamaitechnologies.com (23.205.118.148:80)

TCP (HTTP):

Connects to a173-223-11-177.deploy.static.akamaitechnologies.com (173.223.11.177:80)

TCP (HTTP):

Connects to post.securestudies.com (165.193.78.234:80)

TCP (HTTP):

Connects to net-inst-ash.opera.com (37.228.108.239:80)

TCP (HTTP):

Connects to host-213.158.175.73.tedata.net (213.158.175.73:80)

TCP (HTTP):

Connects to a96-7-54-17.deploy.akamaitechnologies.com (96.7.54.17:80)

TCP (HTTP SSL):

Connects to a184-86-109-222.deploy.static.akamaitechnologies.com (184.86.109.222:443)

TCP (HTTP):

Connects to a173-223-11-176.deploy.static.akamaitechnologies.com (173.223.11.176:80)

TCP (HTTP):

Connects to a104-83-4-24.deploy.static.akamaitechnologies.com (104.83.4.24:80)

TCP (HTTP):

Connects to s3-1-w.amazonaws.com (52.216.81.0:80)

TCP (HTTP):

Connects to host-213.158.175.90.tedata.net (213.158.175.90:80)

TCP (HTTP):

Connects to a88-221-144-49.deploy.akamaitechnologies.com (88.221.144.49:80)

TCP (HTTP):

Connects to a88-221-144-27.deploy.akamaitechnologies.com (88.221.144.27:80)

TCP (HTTP):

Connects to a23-205-118-155.deploy.static.akamaitechnologies.com (23.205.118.155:80)

TCP (HTTP):

Connects to a104-83-4-9.deploy.static.akamaitechnologies.com (104.83.4.9:80)

Remove Taskbar.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.