SrTasks.exe

  • File Path: C:\Windows\system32\SrTasks.exe
  • Description: Microsoft Windows System Protection background tasks.

Hashes

Type Hash
MD5 2694D2D28C368B921686FE567BD319EB
SHA1 ABE2F09702C05FFE19ACCD3F149C0FB1031AEA2A
SHA256 40E27A9039A2E4A731EA6A74291840FB13C679A1E8AE5B523016AA15727D8A58
SHA384 B3C982EE3809FD3E42707EC4455B46DF1DC51B1C6DB0BE3BB8FCCC670E3731F3E79269B061A580948E2E5E58509153BF
SHA512 BBFE17DEFAAEED42FFE12758462550ECD4FD0F31EA1E4B9ED0CB542C3342C5961FA35B54850EC90E277EF93EF1C9271B4121972C0F704AE27FCEB1B890EABA4C
SSDEEP 768:1Vcks2RjKYdOXvodptBQt9EXAKYuaXwdU27P7NEGsKCM8BcL+rarwpqt6xX/l+SB:nMvodptBQvoAKYuaOSBJracIto+ouUr
IMP DA5162FC74286D3065F624C6773BD09D
PESHA1 094EBF96BA4A038F07B31015181D785D9CDB161F
PE256 3DA2F0AD0B03F5D226AEBAF2D82A55D14BD6F05B99FEB357E291F6A502E85C02

Runtime Data

Loaded Modules:

Path
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\system32\SrTasks.exe

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: srtasks.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/75
  • VirusTotal Link: https://www.virustotal.com/gui/file/40e27a9039a2e4a731ea6a74291840fb13c679a1e8ae5b523016aa15727d8a58/detection

Possible Misuse

The following table contains possible examples of SrTasks.exe being misused. While SrTasks.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma image_load_suspicious_vss_ps_load.yml - '\srtasks.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.