Windesk Winsearch.exe

PC Software

The application Windesk Winsearch.exe by PC Software has been detected as a potentially unwanted program by 3 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Windesk Winsearch’. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup.
Publisher:
Windesk Winsearch  (signed by PC Software)

Product:
Windesk Winsearch

Version:
1.0.0.0

MD5:
9a03eb27e4d115b969c57db9427be2e3

SHA-1:
735488f5c79d91f78a2461c0be39c353c5590828

SHA-256:
452624a0e2c7395e03bfa4c98740032ad17ab45f6866aa64d938c8f4c3002b43

Scanner detections:
3 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
11/27/2024 3:44:38 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.PCSoftware (M)
16.1.15.0

Trend Micro House Call
Suspicious_GEN.F47V0426
7.2.120

VIPRE Antivirus
InstallMonetizer
39802

File size:
1 MB (1,060,744 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2015

Trademarks:
Windesk Winsearch

Original file name:
Windesk Winsearch.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\windeskwinsearch\windesk winsearch.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
9/10/2014 2:00:00 AM

Valid to:
9/11/2015 1:59:59 AM

Subject:
CN=PC Software, O=PC Software, STREET=5655 Silver Creek Valley Road, L=San Jose, S=CA, PostalCode=95138, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00FFFC8D338C67107439C065EF8036902F

File PE Metadata
Compilation timestamp:
4/8/2015 12:42:09 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:8w+r/iMgCBNtew+r/iMgCBNtHE+rvi8gCBNt:8w+r6MgENtew+r6MgENtHE+rK8gENt

Entry address:
0xB259E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 06, 25, 55, 00, 00, 00, 00, 02, 00, 00, 00, 85, 00, 00, 00, 1C, 40, 0B, 00, 1C, 0A, 0B, 00, 52, 53...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
705.5 KB (722,432 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Windesk Winsearch

Command:
C:\Program Files\windeskwinsearch\windesk winsearch.exe


Remove Windesk Winsearch.exe - Powered by Reason Core Security