» tasksgr.exe
Overview
Analysis
File Details
Behaviors (1)
Network (8)

tasksgr.exe

Process Service Windows

Windows Development Inc.

The executable tasksgr.exe has been detected as malware by 25 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Tasksgr(TM)’. While running, it connects to the Internet address unknown.prolexic.com on port 80 using the HTTP protocol.

File name:

tasksgr.exe

Publisher:

Windows Development Inc.

Product:

Process Service Windows

Version:

10.1255.1011.1012

MD5:

9deecf0d2795b29b0716049337347e3d

SHA-1:

e683253b4d673f1c8f420007d3d4011af1388081

SHA-256:

5092e9cd912d5f176f479a4c37e7c40a0cf9c49425961b2c8d5cfd78920bd6a2

Scanner detections:

25 / 68

Status:

Malware

Analysis date:

4/25/2024 10:11:26 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.272624

697

Avira AntiVirus

TR/Kazy.272624

7.11.212.246

avast!

Win32:Downloader-UIE [Trj]

2014.9-150309

AVG

Inject

2016.0.3175

Baidu Antivirus

Trojan.MSIL.Agent

4.0.3.1539

Bitdefender

Gen:Variant.Kazy.272624

1.0.20.340

Comodo Security

UnclassifiedMalware

21245

Emsisoft Anti-Malware

Gen:Variant.Kazy.272624

8.15.03.09.02

ESET NOD32

MSIL/TrojanClicker.Agent.NDE (variant)

9.11249

Fortinet FortiGate

W32/Dx.CS3!tr

3/9/2015

F-Secure

Gen:Variant.Kazy.272624

11.2015-09-03_2

G Data

Gen:Variant.Kazy.272624

15.3.25

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.8.6.0

K7 AntiVirus

Trojan

13.1915118

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.2372

Malwarebytes

Trojan.Downloader.MSIL

v2015.03.09.02

McAfee

Artemis!9DEECF0D2795

5600.6831

MicroWorld eScan

Gen:Variant.Kazy.272624

16.0.0.204

NANO AntiVirus

Trojan.Win32.Kazy.clhnkn

0.30.0.296

Norman

Suspicious_Gen4.FGLZE

11.20150309

Panda Antivirus

Trj/CI.A

15.03.09.02

Qihoo 360 Security

Win32/Trojan.Clicker.6b4

1.0.0.1015

Sophos

Mal/Generic-S

4.98

VIPRE Antivirus

Trojan.Win32.Generic

38002

Zillya! Antivirus

Trojan.Agent.Win32.490356

2.0.0.2085

File size:

387 KB (396,288 bytes)

Product version:

10.1255.1011.1012

Trademarks:

Original file name:

tasksgr.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\roaming\java\system\tasksgr.exe

File PE Metadata

Compilation timestamp:

9/7/2013 8:42:41 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:Sx4XeLIMf1be1xN/9E8aZSiEITTY0qSv:Q44IO1i1xNVEFHTnqSv

Entry address:

0x5C0BE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

360.5 KB (369,152 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Tasksgr(TM)

Command:

C:\users\{user}\appdata\roaming\java\system\tasksgr.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to unknown.prolexic.com (72.52.4.90:80)

TCP (HTTP):

Connects to sage.parklogic.com (69.39.236.56:80)

TCP (HTTP):

Connects to vip1.g5.cachefly.net (205.234.175.175:80)

TCP (HTTP):

Connects to c4.3e.559e.ip4.static.sl-reverse.com (158.85.62.196:80)

TCP (HTTP):

Connects to mil04s25-in-f14.1e100.net (216.58.205.78:80)

TCP (HTTP):

Connects to mil01s24-in-f3.1e100.net (216.58.212.67:80)

TCP (HTTP):

Connects to mil01s24-in-f2.1e100.net (216.58.212.66:80)

TCP (HTTP):

Connects to ham02s13-in-f19.1e100.net (173.194.39.19:80)

Remove tasksgr.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.