home

ControlSS.EXE

Control Screen Saver

Gianpaolo Bottin

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘ControlSSaver’.
Publisher:
Gianpaolo Bottin  (signed and verified)

Product:
Control Screen Saver

Version:
1, 6, 0, 0

MD5:
d6684847f26ea9f0b99d197c86dd75e1

SHA-1:
2e54fcd68af2a23bdab9e3642e3c5a4dd61214c1

SHA-256:
ecdfd78fbf845bc0795c462b9b8469c744ddd274a4f4b340f7eceb41e28883ef

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 2:28:49 PM UTC  (today)

File size:
274.1 KB (280,640 bytes)

Product version:
1, 6, 0, 0

Copyright:
Copyright (C) 2000

Original file name:
ControlSS.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\gphotoshow\controlss.exe

Digital Signature
Signed by:
Gianpaolo Bottin

Authority:
COMODO CA Limited

Valid from:
1/4/2012 12:00:00 AM

Valid to:
1/3/2015 11:59:59 PM

Subject:
CN=Gianpaolo Bottin, O=Gianpaolo Bottin, STREET=via Volvera 52, L=Bruino, S=TO, PostalCode=10090, C=IT

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
464EBFF89ECD66ADEE02DE702DBD7DCD

File PE Metadata
Compilation timestamp:
8/30/2013 11:04:50 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:0xG+6n5z1qf27/J89bZESPezpdp11OGkG:l9qYKm/Ao

Entry address:
0xB230

Entry point:
55, 8B, EC, 6A, FF, 68, 18, 96, 42, 00, 68, F8, 03, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 74, 62, 42, 00, 33, D2, 8A, D4, 89, 15, 4C, 60, 43, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 48, 60, 43, 00, C1, E1, 08, 03, CA, 89, 0D, 44, 60, 43, 00, C1, E8, 10, A3, 40, 60, 43, 00, 6A, 01, E8, F0, 3E, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, AC, 25, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Entropy:
5.8926

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
148 KB (151,552 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
ControlSSaver

Command:
C:\Program Files\gphotoshow\controlss.exe


Scan ControlSS.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.