home

P-CON.exe

P-CON

DOTPITCH.INC

The application P-CON.exe by DOTPITCH.INC has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in.
Publisher:
DOTPITCH.INC  (signed and verified)

Product:
P-CON

Version:
1.0.0.5

MD5:
904f2d5dbafc5e867af7745c7b19bafa

SHA-1:
67610797c224555106181bda963b47f3f633be44

SHA-256:
fb3e8ac7d372022e6e0fbe740b28bb648b15f615d8be17cabf2f3a0f23a70ebc

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/4/2024 10:36:25 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.10.10.19

File size:
2.4 MB (2,562,808 bytes)

Product version:
1.0.0.0

Copyright:
Copyright (C) 2015 DOTPITCH.INC All rights reserved.

Original file name:
P-CON.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\p-con\p-con.exe

Digital Signature
Signed by:
DOTPITCH.INC

Authority:
thawte, Inc.

Valid from:
4/21/2015 3:00:00 AM

Valid to:
6/20/2016 2:59:59 AM

Subject:
CN=DOTPITCH.INC, OU=IT Team, O=DOTPITCH.INC, L=Gangnam, S=SEOUL, C=KR

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
793669C3DA3B76A97751C9F1D1D7B76C

File PE Metadata
Compilation timestamp:
6/29/2015 11:20:18 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:f3m+/J90tP0Zpittz9tl+s+H3VB+SmQ0R/dsIIACu2scz22iBQmZ4y9bkMywC73i:suiBM3VwSjGsXqczPyNkMzCjuTwEp/h

Entry address:
0x21BE20

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, 4C, 02, 61, 00, E8, 37, FB, DE, FF, 68, C4, BE, 61, 00, 6A, FF, 6A, 00, E8, ED, 30, DF, FF, 8B, D8, 85, DB, 74, 77, E8, 12, 32, DF, FF, 3D, B7, 00, 00, 00, 74, 6B, A1, 98, 6C, 62, 00, 8B, 00, E8, D3, 9A, F1, FF, A1, 98, 6C, 62, 00, 8B, 00, 33, D2, E8, C5, B7, F1, FF, A1, 98, 6C, 62, 00, 8B, 00, C6, 40, 5F, 00, 8B, 0D, D8, 6F, 62, 00, A1, 98, 6C, 62, 00, 8B, 00, 8B, 15, DC, AC, 60, 00, E8, BA, 9A, F1, FF, 8B, 0D, C8, 6E, 62, 00, A1, 98, 6C, 62, 00, 8B, 00, 8B, 15, 30, EF, 60...
 
[+]

Entropy:
6.5398

Developed / compiled with:
Microsoft Visual C++

Code size:
2.1 MB (2,207,744 bytes)

Scheduled Task
Task name:
P-CON

Trigger:
Logon (Runs on logon)


Remove P-CON.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.