» wwtask.exe
Overview
Analysis
File Details
Behaviors (1)

wwtask.exe

Tz0

Aleste Participacoes e Empreendimentos Ltda

The application wwtask.exe by Aleste Participacoes e Empreendimentosa has been detected as a potentially unwanted program by 4 anti-malware scanners. It runs as a windows Service named “Network Agent Driver Tz0”.

File name:

wwtask.exe

Publisher:

Aleste Technology (signed by Aleste Participacoes e Empreendimentos Ltda)

Product:

Tz0

Description:

Agent Driver

Version:

1.10.0.20

MD5:

1a657bad7bd976998236ef0fcd066fdd

SHA-1:

b673b6fca29be49b4c7596007059094010d1a7d7

SHA-256:

efccd5adf11531e1042178b03494bba15b24f1219caf91b2a255c7ac374a2ee2

Scanner detections:

4 / 68

Status:

Potentially unwanted

Analysis date:

5/5/2024 6:33:45 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Trojan-gen

160203-0

Norman

Trojan.Generic.6736051

03.12.2014 13:20:04

Sophos

PUA 'Tz0 Remote Control' (of type RemoteAdmin)

5.23

VIPRE Antivirus

Threat.4150696

46830

File size:

1.1 MB (1,154,568 bytes)

Product version:

1.8.0

Aleste Technology

Trademarks:

Aleste Group

Original file name:

wwtask.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\windows\syswow64\wwtask.exe

Digital Signature

Signed by:

Aleste Participacoes e Empreendimentos Ltda

Authority:

VeriSign, Inc.

Valid from:

2/9/2010 12:00:00 AM

Valid to:

2/9/2011 11:59:59 PM

Subject:

CN=Aleste Participacoes e Empreendimentos Ltda, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Aleste Participacoes e Empreendimentos Ltda, L=Montenegro, S=Rio Grande do Sul, C=BR

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

3D00FA485D7A747C5E8E1CA5009BFF9A

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:VRskZAksmGXIYtZGjbsQBDCEkto1hC9Pl+YqUVH4:AGAks/HbGjbsQBDSNOTM4

Entry address:

0x1000

Entry point:

B8, 64, F6, 80, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 13, 5F, AC, 93, F6, DA, 0E, 4A, 3E, 62, 1D, 64, 84, 49, A8, 0C, 99, B2, F5, 69, 35, D4, 52, AF, E7, 82, B9, EB, DF, 2D, 1B, DD, 5F, 55, ED, BE, 51, CB, BA, 79, 06, CE, B9, 06, C3, 57, 03, D8, 92, 66, 83, 3E, 63, CF, BF, AD, A3, E9, EF, F3, 52, AE, 0A, A5, DF, 59, 93, 9E, CE, E4, D8, D0, 15, 4F, 3E, 32, F6, F9, 2A, 83, D0, 95, A4, 50, B5, 67, D6, DD, 48, 2C, 15, 57, 27... 
[+]

Packer / compiler:

PECompact v2

Code size:

3.6 MB (3,796,992 bytes)

Service

Display name:

Network Agent Driver Tz0

Service name:

NetworkAgent

Description:

Manages objects protocols in the Network and Dial-Up synchronizations

Type:

Win32OwnProcess, InteractiveProcess

Group:

Network

Remove wwtask.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.