tasksgr.exe

Process Service Windows

Windows Development Inc.

The executable tasksgr.exe has been detected as malware by 30 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Tasksgr(TM)’. While running, it connects to the Internet address unknown.prolexic.com on port 80 using the HTTP protocol.
Publisher:
Windows Development Inc.

Product:
Process Service Windows

Version:
10.1255.1011.1012

MD5:
9deecf0d2795b29b0716049337347e3d

SHA-1:
e683253b4d673f1c8f420007d3d4011af1388081

SHA-256:
5092e9cd912d5f176f479a4c37e7c40a0cf9c49425961b2c8d5cfd78920bd6a2

Scanner detections:
30 / 68

Status:
Malware

Analysis date:
5/25/2018 8:10:16 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.272624
697

Avira AntiVirus
TR/Kazy.272624
7.11.212.246

Antiy Labs AVL
Trojan/Win32.Tgenic
1.0.0.1

avast!
Win32:Downloader-UIE [Trj]
2014.9-150309

AVG
Inject
2016.0.3175

Baidu Antivirus
Trojan.MSIL.Agent
4.0.3.1539

Bitdefender
Gen:Variant.Kazy.272624
1.0.20.340

Comodo Security
UnclassifiedMalware
21245

Emsisoft Anti-Malware
Gen:Variant.Kazy.272624
8.15.03.09.02

ESET NOD32
MSIL/TrojanClicker.Agent.NDE (variant)
9.11249

Fortinet FortiGate
W32/Dx.CS3!tr
3/9/2015

F-Secure
Gen:Variant.Kazy.272624
11.2015-09-03_2

G Data
Gen:Variant.Kazy.272624
15.3.25

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.1915118

K7 Gateway Antivirus
Trojan
13.1915118

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.2372

Kingsoft AntiVirus
Win32.Troj.ADClicker.(kcloud)
331020.49267

Malwarebytes
Trojan.Downloader.MSIL
v2015.03.09.02

McAfee
Artemis!9DEECF0D2795
5600.6831

McAfee Web Gateway
Artemis!Trojan
7.6831

MicroWorld eScan
Gen:Variant.Kazy.272624
16.0.0.204

NANO AntiVirus
Trojan.Win32.Kazy.clhnkn
0.30.0.296

Norman
Suspicious_Gen4.FGLZE
11.20150309

Panda Antivirus
Trj/CI.A
15.03.09.02

Qihoo 360 Security
Win32/Trojan.Clicker.6b4
1.0.0.1015

Sophos
Mal/Generic-S
4.98

The Hacker
Trojan/Clicker.Agent.nde
6.8.0.5.530

VIPRE Antivirus
Trojan.Win32.Generic
38002

Zillya! Antivirus
Trojan.Agent.Win32.490356
2.0.0.2085

File size:
387 KB (396,288 bytes)

Product version:
10.1255.1011.1012

Copyright:
© Windows Corporation...

Trademarks:
© Windows Corporation...

Original file name:
tasksgr.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\java\system\tasksgr.exe

File PE Metadata
Compilation timestamp:
9/7/2013 8:42:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:Sx4XeLIMf1be1xN/9E8aZSiEITTY0qSv:Q44IO1i1xNVEFHTnqSv

Entry address:
0x5C0BE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
360.5 KB (369,152 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Tasksgr(TM)

Command:
C:\users\{user}\appdata\roaming\java\system\tasksgr.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to unknown.prolexic.com  (72.52.4.90:80)

TCP (HTTP):
Connects to sage.parklogic.com  (69.39.236.56:80)

TCP (HTTP):
Connects to vip1.g5.cachefly.net  (205.234.175.175:80)

TCP (HTTP):
Connects to c4.3e.559e.ip4.static.sl-reverse.com  (158.85.62.196:80)

TCP (HTTP):
Connects to mil04s25-in-f14.1e100.net  (216.58.205.78:80)

TCP (HTTP):
Connects to mil01s24-in-f3.1e100.net  (216.58.212.67:80)

TCP (HTTP):
Connects to mil01s24-in-f2.1e100.net  (216.58.212.66:80)

TCP (HTTP):
Connects to ham02s13-in-f19.1e100.net  (173.194.39.19:80)

Remove tasksgr.exe - Powered by Reason Core Security