home

commandcon3.exe

conhost3

Buster Ind Com Imp e Exp de Acessorios P Autos Ltda

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Host3’.
Publisher:
Snap  (signed by Buster Ind Com Imp e Exp de Acessorios P Autos Ltda)

Product:
conhost3

Version:
51.1.9.1

MD5:
260d856f2f7c12b34ba3c7b57c8f2039

SHA-1:
d76c9a845793dd8ae6d144788b120ec4a0bbbb3f

SHA-256:
39351e88043a03f7b21961f99106ab4d971573661990f025a23964e5ab23636d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/26/2024 8:22:35 PM UTC  (today)

File size:
12.6 MB (13,169,840 bytes)

Product version:
51.1.9.1

Copyright:
Copyright (C) Microsoft, Co. 2015

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\commandcon3.exe

Digital Signature
Signed by:
Buster Ind Com Imp e Exp de Acessorios P Autos Ltda

Authority:
thawte, Inc.

Valid from:
8/10/2015 9:00:00 PM

Valid to:
4/12/2016 8:59:59 PM

Subject:
CN=Buster Ind Com Imp e Exp de Acessorios P Autos Ltda, O=Buster Ind Com Imp e Exp de Acessorios P Autos Ltda, L=GOIANIA, S=GOIAS, C=BR

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
6D97EBF730F3EDE9784B2135AB016A79

File PE Metadata
Compilation timestamp:
1/4/1972 5:38:29 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
3.99

CTPH (ssdeep):
196608:QJTx011v2UFu7yBMgl13SPXgKbG/fH1kEMT5AxZUB+fNuJOf2bJxw:QJksUFuwMgWfgAxmZw+1uJOb

Entry address:
0x1000

Entry point:
EB, 08, 43, 35, 00, 00, 00, 00, 00, 00, 72, 00, 68, 7A, FC, 38, 53, 50, 74, 00, 53, 75, 00, 51, 73, 00, 52, 73, 00, 56, 73, 00, 57, 75, 00, 55, 31, D8, F7, E6, F9, 0F, 83, EC, 06, 00, 00, 2D, 05, 22, 00, 00, 09, C2, 75, 00, 29, F2, 81, CB, 81, 02, 00, 00, 66, 98, F7, DB, F7, C2, E0, 05, 00, 00, 01, CB, 46, 81, F9, 2B, 22, 00, 00, BE, CB, 0A, 00, 00, 81, E1, 92, 06, 00, 00, 05, 40, 0D, 00, 00, 81, F2, 3C, 1C, 00, 00, 81, E3, 66, 03, 00, 00, C1, E8, A0, 85, DA, B9, 00, 00, 00, 00, F3, A4, 81, CE, DD, 3D, 00...
 
[+]

Code size:
22.5 MB (23,642,112 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Host3

Command:
C:\windows\commandcon3.exe


Scan commandcon3.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.