» wwtask.exe
Overview
Analysis
File Details
Behaviors (1)

wwtask.exe

Tz0

Aleste Participacoes e Empreendimentos Ltda

It runs as a windows Service named “Network Agent Driver Tz0”.

File name:

wwtask.exe

Publisher:

Aleste Technology (signed by Aleste Participacoes e Empreendimentos Ltda)

Product:

Tz0

Description:

Agent Driver

Version:

1.9.6.5

MD5:

209fdb31e937c3721db3bda8721009dc

SHA-1:

f2c7654d4d5113222be4027d7c6b3bea271b1f98

SHA-256:

3c9181ab11994a6475a75def25e8b451ec02752c36d573f854a8395885b3927f

Scanner detections:

3 / 68

Status:

Clean (3 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

5/4/2024 8:06:35 PM UTC (today)

Scan engine

Detection

Engine version

McAfee

Trojan.GenericR-CSG!ADAD74879C79

18.0.204.0

Sophos

PUA 'Tz0 Remote Control' (of type RemoteAdmin)

5.24

VIPRE Antivirus

Threat.4657539

48878

File size:

1015.5 KB (1,039,910 bytes)

Product version:

1.8.0

Aleste Technology

Trademarks:

Aleste Technology

Original file name:

wwtask.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Windows\System32\wwtask.exe

Digital Signature

Signed by:

Aleste Participacoes e Empreendimentos Ltda

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

3/23/2009 9:00:00 PM

Valid to:

3/24/2010 8:59:59 PM

Subject:

CN=Aleste Participacoes e Empreendimentos Ltda, OU=Aleste Montenegro, O=Aleste Participacoes e Empreendimentos Ltda, L=Montenegro, S=RS, C=BR

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

0DCB3A81C6409A51F796E51C6476D851

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:6uMf0Y9vJvloogP2RKsRnLPNLuIjhiKpW8XrddjY6ya7R:6uMf0YnCogeEsRnZyOiK7jB97R

Entry address:

0x1000

Entry point:

B8, 2C, E1, 79, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 13, 5F, AC, 93, F6, DA, 0E, 4A, 3E, 62, 1D, 64, 84, 49, A8, 0C, 99, B2, F5, 69, 35, D4, 52, AF, E7, 82, B9, EB, DF, 2D, 1B, DD, 5F, 55, ED, BE, 51, CB, BA, 79, 06, CE, B9, 06, C3, 57, 03, D8, 92, 66, 83, 3E, 63, CF, BF, AD, A3, E9, EF, F3, 52, AE, 0A, A5, DF, 59, 93, 9E, CE, E4, D8, D0, 15, 4F, 3E, 32, F6, F9, 2A, 83, D0, 95, A4, 50, B5, 67, D6, DD, 48, 2C, 15, 57, 27... 
[+]

Packer / compiler:

PECompact v2

Code size:

3.2 MB (3,403,264 bytes)

Service

Display name:

Network Agent Driver Tz0

Service name:

NetworkAgent

Description:

Manages objects protocols in the Network and Dial-Up synchronizations

Type:

Win32OwnProcess, InteractiveProcess

Group:

Network

Scan wwtask.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.