backgroundTaskHost.exe

  • File Path: C:\WINDOWS\SysWOW64\backgroundTaskHost.exe
  • Description: Background Task Host

Hashes

Type Hash
MD5 DD15DCECF4B1EF67B89FA0B603C7D413
SHA1 F84AC16AEBE0C7FF5C7823394AB9DEF50FB25F8C
SHA256 80898E0BA235C0B49DC7336F7079BD303302BE396CE14F05F8E2E5B969156301
SHA384 13DAD2DBC5799BBD8C3B1C6C1C1FFF0B02FC904CB7F79EE9BF5F196DD184981CAF21C0AD90CBF257A4EC2EB707296225
SHA512 AB8385063FD1E2DABFCCDBB57B4AE0B1D8C9568A0460B7027B7A44EAFA0BDD1696759FE7152CC8880713A46EC7411190206F59921D9F7D108D30CF056E74D6D4
SSDEEP 384:JB3rKpHXoQHWZWfGWNmXjDBRJ+lNFElZW:J1r0XNHWO0Xj1Pcv

Signature

  • Status: Signature verified.
  • Serial: 330000023241FB59996DCC4DFF000000000232
  • Thumbprint: FF82BC38E1DA5E596DF374C53E3617F7EDA36B06
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: backgroundTaskHost.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.18362.1 (WinBuild.160101.0800)
  • Product Version: 10.0.18362.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\Program Files (x86)\Common Files\microsoft shared\Ink\TabTip32.exe 36
C:\Windows\system32\backgroundTaskHost.exe 40
C:\WINDOWS\system32\backgroundTaskHost.exe 52
C:\Windows\system32\browser_broker.exe 32
C:\WINDOWS\system32\dllhost.exe 43
C:\Windows\system32\dllhost.exe 32
C:\Windows\system32\oobe\FirstLogonAnim.exe 41
C:\WINDOWS\system32\oobe\FirstLogonAnim.exe 44
C:\Windows\system32\prproc.exe 41
C:\WINDOWS\system32\prproc.exe 32
C:\Windows\system32\ScriptRunner.exe 32
C:\Windows\system32\SlideToShutDown.exe 36
C:\WINDOWS\system32\SlideToShutDown.exe 35
C:\Windows\SysWOW64\backgroundTaskHost.exe 54
C:\Windows\SysWOW64\CameraSettingsUIHost.exe 29
C:\WINDOWS\SysWOW64\CameraSettingsUIHost.exe 33
C:\WINDOWS\SysWOW64\dllhost.exe 35
C:\Windows\SysWOW64\dllhost.exe 30

Possible Misuse

The following table contains possible examples of backgroundTaskHost.exe being misused. While backgroundTaskHost.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma image_load_abusing_azure_browser_sso.yml - '\BackgroundTaskHost.exe' DRL 1.0
sigma proc_access_win_in_memory_assembly_execution.yml - '\backgroundTaskHost.exe' DRL 1.0
sigma proc_access_win_in_memory_assembly_execution.yml - 'C:\WINDOWS\system32\backgroundTaskHost.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.