» wcthelper.exe
Overview
Analysis
File Details
Programs (1)

wcthelper.exe

search core systems

The application wcthelper.exe, “Windows Core Toolbar Helper” by search core systems has been detected as adware by 4 anti-malware scanners. This file is typically installed with the program Windows Core Toolbar by Search Core Systems which is a potentially unwanted software program.

File name:

wcthelper.exe

Publisher:

search core systems (signed and verified)

Description:

Windows Core Toolbar Helper

Version:

1.0.0.1

MD5:

04ab6e74a2918d62d23f94c43845bc42

SHA-1:

921fc921b0e829e29c02f95c2ce7e95e3dc41329

SHA-256:

3a302989a4030add38f59aca792f3d9ce6ddd91e0e91a6f4bf2ddf666ed6d1e5

Scanner detections:

4 / 68

Status:

Adware

Analysis date:

4/26/2024 5:47:55 AM UTC (today)

Scan engine

Detection

Engine version

Comodo Security

UnclassifiedMalware

13738

ESET NOD32

Win32/Adware.Bonzuna

8.7543

Reason Heuristics

PUP.Toolbar.searchcoresystems.J

14.8.8.3

Trend Micro House Call

TROJ_GEN.F47V0927

7.2.141

File size:

690.5 KB (707,120 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\search core systems\windows core toolbar\wcthelper.exe

Digital Signature

Signed by:

search core systems

Authority:

GlobalSign nv-sa

Valid from:

1/13/2012 2:23:55 PM

Valid to:

1/13/2013 2:23:55 PM

Subject:

CN=search core systems, O=search core systems, C=CA

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112161BFE8B30B66C06A60ADF51015575814

File PE Metadata

Compilation timestamp:

2/21/2012 9:38:59 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:DMXKsKzRhxzpCuor8Aw4ShQofOttgt8Tjn2TJ4SlcU888888888888W88888888N:YXKsE7xzpVor848Yg8r2TJ4VWO

Entry address:

0x89888

Entry point:

55, 8B, EC, 83, C4, F0, 53, B8, 58, 85, 48, 00, E8, D7, DC, F7, FF, 8B, 1D, F0, F7, 48, 00, 8B, 03, E8, AE, AA, FE, FF, 8B, 03, 33, D2, E8, FD, C5, FE, FF, 8B, 03, C6, 40, 57, 00, 6A, EC, 8B, 03, 8B, 80, 70, 01, 00, 00, 50, E8, 9B, E9, F7, FF, 0D, 80, 00, 00, 00, 50, 6A, EC, 8B, 03, 8B, 80, 70, 01, 00, 00, 50, E8, BD, EB, F7, FF, 8B, 03, BA, 3C, 99, 48, 00, E8, 15, A5, FE, FF, 8B, 0D, 10, F6, 48, 00, 8B, 03, 8B, 15, 2C, FC, 47, 00, E8, 72, AA, FE, FF, 8B, 0D, AC, F8, 48, 00, 8B, 03, 8B, 15, 2C, 81, 48, 00... 
[+]

Entropy:

6.5512

Developed / compiled with:

Microsoft Visual C++

Code size:

544.5 KB (557,568 bytes)

The file wcthelper.exe has been discovered within the following program.

Windows Core Toolbar by Search Core Systems

Windows Core Toolbar is an adware web browser extension designed to take control of the user's browser in order to redirect web searches and inject advertising. In Internet Explorer the program run as a Browser Helper Object.

66% remove it

Remove wcthelper.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.