home

install_copytranscontrolcenter.exe

WindSolutions SA

The executable install_copytranscontrolcenter.exe has been detected as malware by 11 anti-virus scanners. This is a setup program which is used to install the application. Additionally, the file is typically installed by a number of programs including CopyTrans Control Center Uninstall Only by WindSolutions and Tar endast bort CopyTrans-Suite by WindSolutions.
Publisher:
WindSolutions  (signed by WindSolutions SA)

Version:
3.0.1.0

MD5:
77a39fc4171981f05fd234b2ef2698ef

SHA-1:
a4b68bd71601e34aa744c21825c4a80daa3a5fc5

SHA-256:
66f55db6a6604e45170b37212ca3fd72414832fb2d7c973d997c332bbedb20e8

Scanner detections:
11 / 68

Status:
Malware

Analysis date:
4/19/2024 12:24:55 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Sality.3
565

Avira AntiVirus
W32/Sality.AT
7.11.30.172

avast!
Win32:Sality
2014.9-150719

Dr.Web
Win32.Sector.22
9.0.1.0200

Emsisoft Anti-Malware
Win32.Sality
8.15.07.19.03

ESET NOD32
Win32/Sality.NBA virus
9.7.0.302.0

F-Prot
W32/Sality.gen2
v6.4.6.5.141

F-Secure
Win32.Sality.3
11.2015-19-07_1

Kaspersky
Virus.Win32.Sality
14.0.0.1712

Microsoft Security Essentials
Threat.Undefined
1.199.1982.0

VIPRE Antivirus
Threat.4721115
40830

File size:
5.6 MB (5,832,080 bytes)

Product version:
3.0.1.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\install_copytranscontrolcenter.exe

Digital Signature
Signed by:
WindSolutions SA

Authority:
COMODO CA Limited

Valid from:
4/28/2014 8:00:00 PM

Valid to:
4/28/2017 7:59:59 PM

Subject:
CN=WindSolutions SA, O=WindSolutions SA, STREET=Chemin de Bochat 11, L=Paudex, S=Vaud, PostalCode=1094, C=CH

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
59C5BCB858690CC038614FE3BC3AFCC3

File PE Metadata
Compilation timestamp:
4/15/2015 8:18:37 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
98304:Go24XW7QC8G6Z2fT4o5g1CQwRerMPtBxL72Oy+dCh/OHepz4J3PUg:GaIaLZ2sHwQtMPtvLKOy+ohO+ZOMg

Entry address:
0x1152000

Entry point:
56, 50, 53, E8, 01, 00, 00, 00, CC, 58, 89, C3, 40, 2D, 00, 10, 21, 00, 2D, 20, EC, 0C, 10, 05, 17, EC, 0C, 10, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, 58, 84, 8D, 33, 68, 78, B0, DB, 02, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 89, E5, 50, 53, 51, 56, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, 85, C9, 74, 0A, 31, 06, 01, 1E, 83, C6, 04, 49, EB, F2, 5E, 59, 5B, 58, C9, C2, 10, 00, AF, FE, B8, 3D, 1E, 2B, 91, F7, 2A, EA, DB, 6B, 67, 1A, 45, 12...
 
[+]

Entropy:
7.9819  (probably packed)

Code size:
10 MB (10,522,624 bytes)

The file install_copytranscontrolcenter.exe has been discovered within the following programs.

CopyTrans Control Center Uninstall Only  by WindSolutions
About 7% of users remove it
CopyTrans Suite Alleen Verwijderen  by WindSolutions
Publisher's description - “CopyTrans transfers: music, videos, apps, podcasts, audiobooks, smart playlists, artworks, ratings, playcounts, date added and many more! Backup iPod to PC and iPhone to iTunes the correct way!”
www.copytrans.net/copytrans.php
About 7% of users remove it
CopyTrans Suite Remove Only  by WindSolutions
Publisher's description - “CopyTrans makes it easy to recover iPod music and copies your iPhone content directly to your new or empty iTunes library. Run the application, connect your iPhone and start the backup.”
www.copytrans.net
About 2% of users remove it
Remover somente o pacote CopyTrans  by WindSolutions
About 3% of users remove it
Rimozione di CopyTrans Suite solamente  by WindSolutions
About 1% of users remove it
Tar endast bort CopyTrans-Suite  by WindSolutions
About 2% of users remove it
 
Powered by Should I Remove It?

The file install_copytranscontrolcenter.exe has been seen being distributed by the following 7 URLs.

q=http://www.copytrans.net/.../Install_CopyTrans_Suite.exe&redir_token=myes_9GidqbY-2fvk9wGvNe7oUN8MTQzMzI2NTgwN0AxNDMzMTc5NDA3

q=http://www.copytrans.net/.../Install_CopyTrans_Suite.exe&redir_token=G5ByARAWaDhj6X4fGBdWTQo5DNV8MTQzMDM2NTUwN0AxNDMwMjc5MTA3

http://ch2-www.copytrans.net/.../Install_CopyTransControlCenter.exe

q=http://www.copytrans.net/.../Install_CopyTrans_Suite.exe&redir_token=lPoNenVSD44_-vM7ojkmwYUTSbJ8MTQzMzI5MDk2N0AxNDMzMjA0NTY3

http://www.copytrans.net/.../Install_CopyTrans_Suite.exe

http://us2-www.copytrans.net/.../Install_CopyTransControlCenter.exe

http://www.copytrans.net/.../Install_CopyTransControlCenter.exe

Remove install_copytranscontrolcenter.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.