backgroundTaskHost.exe

  • File Path: C:\WINDOWS\system32\backgroundTaskHost.exe
  • Description: Background Task Host

Hashes

Type Hash
MD5 E22E7BD6B146BDE93DC48643B772D8BB
SHA1 DC27F57A3BA5D13B476B1FD0872B8972744A01F8
SHA256 74B3323405CDFB85CFC9D5C1CD29C816C80361DF154801E44F14863C9058906E
SHA384 3C814427ED7AA87C36BC08CD58636E7ED6955777EE51D6BB1CD590242759BEA2C18DF411B39209CD9DFAD9F61177E541
SHA512 3587CCFFE80892E156927A0950F2F9E2DCA43DEE5F5BB6CA83F42337D8C698749644E0EDE3433CF72B6ED166991FA72EE63C57BD1A41CF1C35346B19A7FA7969
SSDEEP 384:K7uKvWPKpX7b7+qIJeQH4TWfGWBmXjDBRJ+lY1lxwM:K7Z+U6fLH4QQXj1P+0

Signature

  • Status: Signature verified.
  • Serial: 330000023241FB59996DCC4DFF000000000232
  • Thumbprint: FF82BC38E1DA5E596DF374C53E3617F7EDA36B06
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: backgroundTaskHost.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.18362.1 (WinBuild.160101.0800)
  • Product Version: 10.0.18362.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\Program Files (x86)\Common Files\microsoft shared\Ink\TabTip32.exe 38
C:\Windows\system32\backgroundTaskHost.exe 35
C:\Windows\system32\browser_broker.exe 33
C:\WINDOWS\system32\dllhost.exe 35
C:\Windows\system32\dllhost.exe 32
C:\Windows\system32\oobe\FirstLogonAnim.exe 33
C:\WINDOWS\system32\oobe\FirstLogonAnim.exe 43
C:\Windows\system32\prproc.exe 35
C:\WINDOWS\system32\prproc.exe 43
C:\Windows\system32\ScriptRunner.exe 38
C:\Windows\system32\SlideToShutDown.exe 35
C:\WINDOWS\system32\SlideToShutDown.exe 32
C:\WINDOWS\SysWOW64\backgroundTaskHost.exe 52
C:\Windows\SysWOW64\backgroundTaskHost.exe 40
C:\Windows\SysWOW64\CameraSettingsUIHost.exe 33
C:\WINDOWS\SysWOW64\CameraSettingsUIHost.exe 32
C:\WINDOWS\SysWOW64\dllhost.exe 30
C:\Windows\SysWOW64\dllhost.exe 30

Possible Misuse

The following table contains possible examples of backgroundTaskHost.exe being misused. While backgroundTaskHost.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma image_load_abusing_azure_browser_sso.yml - '\BackgroundTaskHost.exe' DRL 1.0
sigma proc_access_win_in_memory_assembly_execution.yml - '\backgroundTaskHost.exe' DRL 1.0
sigma proc_access_win_in_memory_assembly_execution.yml - 'C:\WINDOWS\system32\backgroundTaskHost.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.