» wcthelper.exe
Overview
Analysis
File Details
Programs (1)

wcthelper.exe

search core systems

The application wcthelper.exe, “Windows Core Toolbar Helper” by search core systems has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Windows Core Toolbar by Search Core Systems which is a potentially unwanted software program.

File name:

wcthelper.exe

Publisher:

search core systems (signed and verified)

Description:

Windows Core Toolbar Helper

Version:

1.0.0.1

MD5:

aab02b1903e92a2171045325e84b4d92

SHA-1:

5cb18f0f425771222bc020df1acfd334bfc2cf8b

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/19/2024 5:15:21 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.searchcoresystems.Toolbar (M)

16.2.13.16

File size:

687.5 KB (704,048 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\core systems\windows core toolbar\wcthelper.exe

Digital Signature

Signed by:

search core systems

Authority:

GlobalSign nv-sa

Valid from:

1/13/2012 11:23:55 AM

Valid to:

1/13/2013 11:23:55 AM

Subject:

CN=search core systems, O=search core systems, C=CA

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112161BFE8B30B66C06A60ADF51015575814

File PE Metadata

Compilation timestamp:

2/12/2012 11:41:31 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:Sw9pph2TWy4OVTaW5SWyCnjytUu5AC+xCVugJN3I90iSfTutvfE+KanmTNYPfcUF:j9pphsWy4kTaWMWyCnjytUu5AxCxw90u

Entry address:

0x88880

Entry point:

55, 8B, EC, 83, C4, F0, 53, B8, E4, 79, 48, 00, E8, DF, EC, F7, FF, 8B, 1D, AC, E7, 48, 00, 8B, 03, E8, 7A, BA, FE, FF, 8B, 03, 33, D2, E8, C9, D5, FE, FF, 8B, 03, C6, 40, 57, 00, 6A, EC, 8B, 03, 8B, 80, 70, 01, 00, 00, 50, E8, A3, F9, F7, FF, 0D, 80, 00, 00, 00, 50, 6A, EC, 8B, 03, 8B, 80, 70, 01, 00, 00, 50, E8, C5, FB, F7, FF, 8B, 03, BA, 34, 89, 48, 00, E8, E1, B4, FE, FF, 8B, 0D, E4, E5, 48, 00, 8B, 03, 8B, 15, CC, FA, 47, 00, E8, 3E, BA, FE, FF, 8B, 0D, 60, E8, 48, 00, 8B, 03, 8B, 15, B8, 75, 48, 00... 
[+]

Entropy:

6.5479

Developed / compiled with:

Microsoft Visual C++

Code size:

542 KB (555,008 bytes)

The file wcthelper.exe has been discovered within the following programs.

Windows Core Toolbar by Search Core Systems

Windows Core Toolbar is an adware web browser extension designed to take control of the user's browser in order to redirect web searches and inject advertising. In Internet Explorer the program run as a Browser Helper Object.

66% remove it

Remove wcthelper.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.