» wincontrolhost.exe
Overview
Analysis
File Details

wincontrolhost.exe

C S S CORPORATIVO SISTEMAS E SOLUCOES LTDA ME

The executable wincontrolhost.exe has been detected as malware by 15 anti-virus scanners.

File name:

wincontrolhost.exe

Publisher:

C S S CORPORATIVO SISTEMAS E SOLUCOES LTDA ME (signed and verified)

MD5:

4cbfcbc0e0d04894fb3427023130fe7e

SHA-1:

fee70b6954594e72fef1a0fe5f0952aec4ca7564

SHA-256:

80dd24cd4e5df0627eed65b5e13d2c78602eba8226e279863087b97965325264

Scanner detections:

15 / 68

Status:

Malware

Analysis date:

11/29/2024 9:30:43 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1951008

Avira AntiVirus

TR/Rogue.1099352

7.11.183.128

avast!

Win32:Malware-gen

2014.9-170112

AVG

PSW.Banker6

2018.0.2500

Bitdefender

Trojan.GenericKD.1951008

1.0.20.60

Emsisoft Anti-Malware

Trojan.GenericKD.1951008

8.17.01.12.11

ESET NOD32

Win32/Spy.Banker.ABEO (variant)

11.10682

Fortinet FortiGate

W32/Delp.SCD!tr

1/12/2017

F-Secure

Trojan.GenericKD.1951008

11.2017-12-01_5

G Data

Trojan.GenericKD.1951008

17.1.24

IKARUS anti.virus

Trojan-Spy.Agent

t3scan.1.8.3.0

McAfee

Artemis!4CBFCBC0E0D0

5600.6156

Norman

Banker.GLCO

11.20170112

nProtect

Trojan.GenericKD.1951008

14.11.06.01

VIPRE Antivirus

Trojan.Win32.Generic

34566

File size:

1 MB (1,099,352 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\30102014\wincontrolhost.exe

Digital Signature

Signed by:

C S S CORPORATIVO SISTEMAS E SOLUCOES LTDA ME

Authority:

Thawte, Inc.

Valid from:

8/11/2014 9:00:00 PM

Valid to:

8/12/2015 8:59:59 PM

Subject:

CN=C S S CORPORATIVO SISTEMAS E SOLUCOES LTDA ME, OU=software, O=C S S CORPORATIVO SISTEMAS E SOLUCOES LTDA ME, L=CRICIUMA, S=SANTA CATARINA, C=BR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

20BE615B9C56F97B0FFA3EA9711B19AD

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x9D980

Entry point:

55, 8B, EC, 83, C4, F0, B8, 68, D6, 49, 00, E8, BC, 93, F6, FF, E8, 5F, 2C, FD, FF, A1, 38, 3B, 4A, 00, 8B, 00, E8, C7, BB, FB, FF, 8B, 0D, 8C, 3C, 4A, 00, A1, 38, 3B, 4A, 00, 8B, 00, 8B, 15, 7C, FE, 46, 00, E8, C7, BB, FB, FF, 8B, 0D, 88, 38, 4A, 00, A1, 38, 3B, 4A, 00, 8B, 00, 8B, 15, 0C, D5, 49, 00, E8, AF, BB, FB, FF, A1, 38, 3B, 4A, 00, 8B, 00, C6, 40, 5B, 00, A1, 38, 3B, 4A, 00, 8B, 00, E8, 18, BC, FB, FF, E8, 57, 6C, F6, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

626.5 KB (641,536 bytes)

Remove wincontrolhost.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.