home

wincheck.exe

The application wincheck.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘WinCheck’. This file is typically installed with the program WinCheck which is a potentially unwanted software program.
MD5:
f215aee95c5e88aea20e64c152360e34

SHA-1:
d5f498702499743ed4ccd59b416a93f63974c42e

SHA-256:
6bc017d643cec788afbba5e8a25340ddd6f5d2e39e51581bffc5f84cca8ca60e

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 9:42:48 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.ConvertAd
4.0.3.15418

ESET NOD32
Win32/Adware.ConvertAd (variant)
9.11104

Reason Heuristics
Threat.Adware.WinCheck.Startup
15.4.13.11

File size:
516.5 KB (528,896 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\Application data\wincheck\wincheck.exe

File PE Metadata
Compilation timestamp:
1/5/2015 7:20:03 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:RM0P06527UDJW+wuWsUGk2gHcStXyJcV8Ybkw/D3cq:465y0hwzX2gHF5yJcVp7Qq

Entry address:
0x57601

Entry point:
E8, 40, 87, 00, 00, E9, 89, FE, FF, FF, B8, 8B, 08, 46, 00, A3, 60, DE, 47, 00, C7, 05, 64, DE, 47, 00, 81, FF, 45, 00, C7, 05, 68, DE, 47, 00, 35, FF, 45, 00, C7, 05, 6C, DE, 47, 00, 6E, FF, 45, 00, C7, 05, 70, DE, 47, 00, D7, FE, 45, 00, A3, 74, DE, 47, 00, C7, 05, 78, DE, 47, 00, 03, 08, 46, 00, C7, 05, 7C, DE, 47, 00, F3, FE, 45, 00, C7, 05, 80, DE, 47, 00, 55, FE, 45, 00, C7, 05, 84, DE, 47, 00, E1, FD, 45, 00, C3, 8B, FF, 55, 8B, EC, E8, 96, FF, FF, FF, 83, 7D, 08, 00, 74, 05, E8, 51, 92, 00, 00, DB...
 
[+]

Entropy:
6.5089

Code size:
433 KB (443,392 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
WinCheck

Command:
C:\Documents and Settings\{user}\Application data\wincheck\wincheck.exe


The file wincheck.exe has been discovered within the following program.

WinCheck  by WinCheck
This is adware that displays several types of advertising in the user's web browser, including but not limited to: - Sponsored links - Video targeted ads (which are displayed when you view a video).
81% remove it
 
Powered by Should I Remove It?

Remove wincheck.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.