home

taskxc.exe

g

VLC media player

The executable taskxc.exe has been detected as malware by 3 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from hellifex.net. While running, it connects to the Internet address srv2.folgner.eu on port 2095.
Publisher:
VLC media player

Product:
g

Description:
Besainti anthr

Version:
1.35.0085

MD5:
78533bb81b703eee0216a0ef666d610d

SHA-1:
3d324deb048a02dfb843510fb8617fd7211259d7

SHA-256:
a590ac9fe9af8912a7da8999a930ab88be26a2b633a4b3c7a2e10913744cee33

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
4/19/2024 7:15:46 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Generik.KCJRWEQ (variant)
8.9633

Malwarebytes
Trojan.Zbot.FKC
v2014.04.03.11

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.14401

File size:
144 KB (147,456 bytes)

Product version:
1.35.0085

Copyright:
Undersca prosser discreat 2013

Original file name:
Viperfis.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Traditional, Taiwan)

Common path:
C:\users\{user}\downloads\taskxc.exe

File PE Metadata
Compilation timestamp:
4/1/2014 1:53:53 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:d1Hs4nHaEZmj2pzbznN4xB0QOzT53eODujbXvOJOn:dn/mjQzeMzT9eQsXvOQn

Entry address:
0x133C

Entry point:
68, 5C, 14, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 88, 6F, E2, 99, 5C, FC, FE, 42, 9B, 89, 66, AB, A1, 4B, 8F, 70, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 41, 69, 6F, 6E, 69, 61, 6C, 36, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 01, 0D, 52, C9, B4, 9C, EC, FB, 49, 96, A6, 97, 4E, A4, FA, F8, EF, 21, 6F, FE, D2, 2E, 1C, AF, 4B, A4, 78, E8, CE, 8F, 7D, E3, 02, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Entropy:
6.9470

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
120 KB (122,880 bytes)

The file taskxc.exe has been seen being distributed by the following URL.

http://hellifex.net/.../taskxc.exe

The executing file has been seen to make the following network communication in live environments.

TCP:
Connects to srv2.folgner.eu  (31.220.25.178:2095)

Remove taskxc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.