home

taskinst2000.exe

Search Safer Inc.

The application taskinst2000.exe by Search Safer has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from d2kfsynn8a76li.cloudfront.net.
Publisher:
Search Safer Inc.  (signed and verified)

MD5:
d0738fe6bd0d0dc31333282531c8d579

SHA-1:
33556492bf28c6c8a8a33f94498d510040229460

SHA-256:
2fa61f1cbbec4790a1658c8d28131f567ee3568b8d28e8492e84574d4d620c32

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/24/2024 7:17:06 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.SearchSafer.M
14.8.8.0

File size:
1.3 MB (1,400,792 bytes)

File type:
Executable application (Win64 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\taskinst2000.exe

Digital Signature
Signed by:
Search Safer Inc.

Subject:
CN=Search Safer Inc., O=Search Safer Inc., L=San Francisco, S=California, C=US, PostalCode=94107, STREET=665 3rd st, STREET=suite 150, SERIALNUMBER=5189473, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization

Serial number:
0A4669F7321BBB3215A68123F91E80BD

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
24576:jT7NfJDkpmCy3VQs9MtLjTgfa3kon9FaOdEz/mrPjToDYKpj3PJf:nDks9ocS3qOm8PfoDYKj/Jf

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
6.6612

Packer / compiler:
Nullsoft install system v2.x

The file taskinst2000.exe has been seen being distributed by the following URL.

https://d2kfsynn8a76li.cloudfront.net/.../taskinst2000.exe

Remove taskinst2000.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.