home

winthruster64.exe

WinThruster

Installer Wizard

The application winthruster64.exe, “WinThruster for Registry Cleaner” by Installer Wizard has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program WinThruster by Solvusoft Corporation. While running, it connects to the Internet address web40.cluster.spamfighter.com on port 80 using the HTTP protocol.
Publisher:
Solvusoft Corporation  (signed by Installer Wizard)

Product:
WinThruster

Description:
WinThruster for Registry Cleaner

Version:
2.3.125.113

MD5:
89341365d4b2abb3f2db48cd98a368dc

SHA-1:
a35a9d3cd146e17adf5bef00cd51568afd0b31ec

SHA-256:
81ad2fcbaf1d4a9d8cfc39625b83f801dcc7fe6e5d11b2b6dfba9b9f4a479b10

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 2:34:31 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Solvusoft.Installer.Meta (L)
15.10.3.23

File size:
13.1 MB (13,707,712 bytes)

Product version:
2.3.125.113

Copyright:
(c) Solvusoft Corporation. All rights reserved.

Original file name:
WinThruster.exe

File type:
Executable application (Win64 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\solvusoft\winthruster\winthruster64.exe

Digital Signature
Signed by:
Installer Wizard

Authority:
COMODO CA Limited

Valid from:
8/27/2013 10:00:00 AM

Valid to:
8/27/2016 9:59:59 AM

Subject:
CN=Installer Wizard, O=Installer Wizard, STREET=848 N. Rainbow Blvd., STREET="#3321", L=Las Vegas, S=NV, PostalCode=89107, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00936840633163DBE99483CEE1F9B95E45

File PE Metadata
Compilation timestamp:
10/30/2014 4:49:24 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
393216:P1GJhccccccccccccccccccccccccccccccFccccccccccccccccccccccccccct:P1kcZ

Entry address:
0x167978

Entry point:
48, 83, EC, 28, E8, AB, 83, 00, 00, 48, 83, C4, 28, E9, 1A, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, C9, 64, 19, 00, 75, 11, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 02, F3, C3, 48, C1, C9, 10, E9, 21, 84, 00, 00, CC, E9, DB, 85, 00, 00, CC, CC, CC, 48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8D, 05, 8F, DB, 0B, 00, 8B, DA, 48, 8B, F9, 48, 89, 01, E8, 46, 85, 00, 00, F6, C3, 01, 74, 08, 48, 8B, CF, E8, B1, 4E, FD, FF, 48, 8B, C7, 48, 8B...
 
[+]

Entropy:
4.3373

Code size:
2.1 MB (2,200,064 bytes)

Scheduled Task
Task name:
WinThruster64-Bob-Startup

Trigger:
Logon (Runs on logon)


The file winthruster64.exe has been discovered within the following program.

WinThruster  by Solvusoft Corporation
Publisher's description - “WinThruster detects and repairs hundreds of PC errors, optimizes performance settings, and speeds up your PC. It repairs PC problems, decrease program load time, removes PC clutter, extends your computer's life, and restores system performance.”
solvusoft.com
40% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to web40.cluster.spamfighter.com  (91.192.52.195:80)

TCP (HTTP):
Connects to web20.cluster.spamfighter.com  (91.192.52.198:80)

TCP (HTTP):
Connects to web30.cluster.spamfighter.com  (91.192.52.205:80)

Remove winthruster64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.