» taskhost.rs
Overview
Analysis
File Details
Network (1)

taskhost.rs

Intel Graphics Properties

The file taskhost.rs has been detected as a potentially unwanted program by 23 anti-malware scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. While running, it connects to the Internet address mail.wonderpatch.org on port 8332.

File name:

taskhost.rs

Publisher:

Intel Corporation* (Invalid match)

Product:

Intel Graphics Properties

Description:

Updater service

Version:

8.15.10.2622

MD5:

fba97c4783551c68c6c72cc9581d0276

SHA-1:

186cdbbc91dc95890136268a1a9a3689d93a35fa

SHA-256:

dbe0296ffc6d560fff2e3121988c20afba829369349fa65d781f0b0452cc3d22

Scanner detections:

23 / 68

Status:

Potentially unwanted

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

4/26/2024 4:32:08 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Agent.AYXG

839

AhnLab V3 Security

HackTool/Win32.BitCoinMiner

2014.07.16

Avira AntiVirus

SPR/BitCoinMiner.J

7.11.160.234

avast!

Win32:BitCoinMiner-FR [PUP]

2014.9-141018

Baidu Antivirus

Hacktool.Win32.BitCoinMiner

4.0.3.141018

Bitdefender

Trojan.Agent.AYXG

1.0.20.1455

Comodo Security

UnclassifiedMalware

18864

Dr.Web

Tool.BtcMine.165

9.0.1.0291

Emsisoft Anti-Malware

Trojan.Agent.AYXG

8.14.10.18.02

ESET NOD32

Win32/BitCoinMiner

8.10101

Fortinet FortiGate

W32/BitCoinMiner.D

10/18/2014

F-Secure

Trojan.Agent.AYXG

11.2014-18-10_7

G Data

Trojan.Agent.AYXG

14.10.24

IKARUS anti.virus

possible-Threat.BitCoinMiner

t3scan.1.6.1.0

McAfee

RDN/Generic PUP.x!bbz

5600.6973

NANO AntiVirus

Riskware.Win32.BitCoinMiner.cqtnoz

0.28.2.60881

nProtect

Trojan.Agent.AYXG

14.07.15.01

Panda Antivirus

Trj/OCJ.D

14.10.18.02

Qihoo 360 Security

Win32/Virus.RiskTool.816

1.0.0.1015

Rising Antivirus

PE:Trojan.Win32.Generic.13F42748!334767944

23.00.65.141016

Trend Micro House Call

TROJ_GEN.R0CCC0EE814

7.2.291

Trend Micro

TROJ_GEN.R0CCC0EE814

10.465.18

VIPRE Antivirus

Trojan.Win32.Generic

31306

File size:

400.5 KB (410,112 bytes)

Product version:

8.15.10.2622

Trademarks:

Intel

Original file name:

igfxupdate.exe

Language:

Language Neutral

Common path:

C:\Windows\System32\taskhost.rs

File PE Metadata

Compilation timestamp:

10/18/2012 12:26:37 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

2.22

CTPH (ssdeep):

6144:ADNUGX2BQGt/Q2QtkqA15Cig/8dwQM/LHjMtvrQzfQ3SMEe+YFwbB:CmGX2zmtGtwQM3MtjQz4vwbB

Entry address:

0x12DD

Entry point:

55, 89, E5, 83, EC, 18, C7, 04, 24, 01, 00, 00, 00, A1, CC, A6, 46, 00, FF, D0, E8, 52, FF, FF, FF, 55, 89, E5, 83, EC, 18, C7, 04, 24, 02, 00, 00, 00, A1, CC, A6, 46, 00, FF, D0, E8, 39, FF, FF, FF, 55, 89, E5, 83, EC, 18, A1, 04, A7, 46, 00, 8B, 55, 08, 89, 14, 24, FF, D0, C9, C3, 55, 89, E5, 83, EC, 18, A1, E8, A6, 46, 00, 8B, 55, 08, 89, 14, 24, FF, D0, C9, C3, 90, 90, 90, 00, 00, 00, 00, 8B, 0D, 64, 49, 45, 00, 85, C9, 74, 38, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, 50, 45, 00, E8, 38, F5, 04, 00, 52... 
[+]

Code size:

327 KB (334,848 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP:

Connects to mail.wonderpatch.org (144.76.102.176:8332)

Remove taskhost.rs - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.