home

winsptgt.exe

winseptr

The executable winsptgt.exe has been detected as malware by 12 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler named winspt triggered to execute each time a user logs in.
Product:
winseptr

Version:
1.0.0.0

MD5:
002fa51dfede3b4152db8f845f30625c

SHA-1:
14de492901bf1d757c850e28c9d3a30122316e5a

SHA-256:
74aec565fc94807f1ba99564a12012847f78fd3e517afe0ef89c59ae2debe9da

Scanner detections:
12 / 68

Status:
Malware

Analysis date:
4/19/2024 8:44:51 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.540877
738

Avira AntiVirus
TR/Downloader.A.10940
7.11.205.68

avast!
Win32:Malware-gen
2014.9-150128

Baidu Antivirus
Trojan.MSIL.ExtenBro
4.0.3.15128

Bitdefender
Gen:Variant.Kazy.540877
1.0.20.140

Emsisoft Anti-Malware
Gen:Variant.Kazy.540877
8.15.01.28.10

ESET NOD32
MSIL/ExtenBro.AK
9.11074

Fortinet FortiGate
MSIL/ExtenBro.AK!tr
1/28/2015

F-Secure
Gen:Variant.Kazy.540877
11.2015-28-01_4

G Data
Gen:Variant.Kazy.540877
15.1.24

MicroWorld eScan
Gen:Variant.Kazy.540877
16.0.0.84

Trend Micro House Call
TROJ_GEN.R011H09AQ15
7.2.28

File size:
588.5 KB (602,624 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2015

Original file name:
eklenti.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\winsptgt.exe

File PE Metadata
Compilation timestamp:
1/23/2015 5:57:54 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:xcm8q72xUXce4frmAkxduicBKI+FQl/epc41h5uGXEXSecEiP/3IWVE/uxPciMS:Wm8q72xUXnu9+FQl/ZSnXu/e

Entry address:
0x9112E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.1219

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
572.5 KB (586,240 bytes)

Scheduled Task
Task name:
winspt

Trigger:
Logon (Runs on logon)


Remove winsptgt.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.