» Windesk Winsearch.exe
Overview
Analysis
File Details
Behaviors (1)

Windesk Winsearch.exe

PC Software

The application Windesk Winsearch.exe by PC Software has been detected as a potentially unwanted program by 3 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Windesk Winsearch’. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup.

File name:

Publisher:

Windesk Winsearch (signed by PC Software)

Product:

Windesk Winsearch

Version:

1.0.0.0

MD5:

9a03eb27e4d115b969c57db9427be2e3

SHA-1:

735488f5c79d91f78a2461c0be39c353c5590828

SHA-256:

452624a0e2c7395e03bfa4c98740032ad17ab45f6866aa64d938c8f4c3002b43

Scanner detections:

3 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

11/6/2024 5:25:19 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.PCSoftware (M)

16.1.15.0

Trend Micro House Call

Suspicious_GEN.F47V0426

7.2.120

VIPRE Antivirus

InstallMonetizer

39802

File size:

1 MB (1,060,744 bytes)

Product version:

1.0.0.0

Trademarks:

Windesk Winsearch

Original file name:

Windesk Winsearch.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\windeskwinsearch\windesk winsearch.exe

Digital Signature

Signed by:

PC Software

Authority:

COMODO CA Limited

Valid from:

9/10/2014 2:00:00 AM

Valid to:

9/11/2015 1:59:59 AM

Subject:

CN=PC Software, O=PC Software, STREET=5655 Silver Creek Valley Road, L=San Jose, S=CA, PostalCode=95138, C=US

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00FFFC8D338C67107439C065EF8036902F

File PE Metadata

Compilation timestamp:

4/8/2015 12:42:09 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

24576:8w+r/iMgCBNtew+r/iMgCBNtHE+rvi8gCBNt:8w+r6MgENtew+r6MgENtHE+rK8gENt

Entry address:

0xB259E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 06, 25, 55, 00, 00, 00, 00, 02, 00, 00, 00, 85, 00, 00, 00, 1C, 40, 0B, 00, 1C, 0A, 0B, 00, 52, 53... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

705.5 KB (722,432 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Windesk Winsearch

Command:

C:\Program Files\windeskwinsearch\windesk winsearch.exe

Remove Windesk Winsearch.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.