home

tasksgr.exe

Process Service Windows

Windows Development Inc.

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Tasksgr(TM)’.
Publisher:
Windows Development Inc.

Product:
Process Service Windows

Version:
10.1255.1011.1012

MD5:
ba25c097dc5c08859c2a055a1420014f

SHA-1:
7f550073a3428d24d21ba79df93dcee5df86440e

SHA-256:
8499a2d57e37420271473c7ba1f73fa43dff1f91d652392aab1a2da07f5b1f97

Scanner detections:
5 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/19/2024 3:40:36 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Downloader-UIE [Trj]
2014.9-131224

AVG
Luhe.Fiha.A
2014.0.3616

G Data
Win32.Trojan.Agent.0TFQ76
13.12.22

Panda Antivirus
Suspicious file
13.12.24.11

Trend Micro House Call
TROJ_GEN.F47V0917
7.2.358

File size:
669 KB (685,056 bytes)

Product version:
10.1255.1011.1012

Copyright:
© Windows Corporation...

Trademarks:
© Windows Corporation...

Original file name:
tasksgr.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\java\system\tasksgr.exe

File PE Metadata
Compilation timestamp:
9/14/2013 11:13:10 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:RHNIMf1be1xN/9E8aZSiEITTY3kKUr6kKUr:XIO1i1xNVEFHTXdFd

Entry address:
0x78FBE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 66, D1, 34, 52, 00, 00, 00, 00, 02, 00, 00, 00, 5F, 00, 00, 00, 1C, A0, 07, 00, 1C, 74, 07, 00, 52, 53, 44, 53, 62, 4B, 4D, 57, 0F, 09, 5A, 46, A0, 29, 01, A4, B5, 8C, 5D, DB, 01, 00, 00, 00, 43, 3A, 5C, 55, 73, 65, 72, 73, 5C, 53...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
476 KB (487,424 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Tasksgr(TM)

Command:
C:\users\{user}\appdata\roaming\java\system\tasksgr.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to static.177.23.9.5.clients.your-server.de  (5.9.23.177:80)

TCP (HTTP):
Connects to static.164.83.9.5.clients.your-server.de  (5.9.83.164:80)

TCP (HTTP):
Connects to p3nlhg636c1636.shr.prod.phx3.secureserver.net  (50.62.101.1:80)

TCP (HTTP):
Connects to muc03s01-in-f13.1e100.net  (173.194.35.141:80)

TCP (HTTP):
Connects to mpr7.ngd.vip.ch1.yahoo.com  (217.163.21.40:80)

TCP (HTTP):
Connects to mil02s06-in-f2.1e100.net  (173.194.40.2:80)

TCP (HTTP):
Connects to float.847.bm-impbus.prod.ams1.adnexus.net  (68.67.179.155:80)

TCP (HTTP):
Connects to float.373.bm-impbus.prod.ams1.adnexus.net  (68.67.179.215:80)

TCP (HTTP):
Connects to float.371.bm-impbus.prod.ams1.adnexus.net  (68.67.179.211:80)

TCP (HTTP):
Connects to float.1071.bm-impbus.prod.ams1.adnexus.net  (68.67.185.196:80)

TCP (HTTP):
Connects to float.1069.bm-impbus.prod.ams1.adnexus.net  (68.67.185.194:80)

TCP (HTTP):
Connects to -entry  (94.75.230.225:80)

TCP (HTTP):
Connects to ec2-23-23-112-187.compute-1.amazonaws.com  (23.23.112.187:80)

Scan tasksgr.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.