» WinCtrCon.exe
Overview
Analysis
File Details
Behaviors (1)

WinCtrCon.exe

ConvertConPrc

MICRONAMES

The application WinCtrCon.exe has been detected as a potentially unwanted program by 19 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘WinCtrCon’.

File name:

WinCtrCon.exe

Publisher:

MICRONAMES

Product:

ConvertConPrc

Version:

1.00

MD5:

9c53acd11b19d6d9e502fc66bded598f

SHA-1:

9aacf4e08839c004fb991c6baa2a6053e0bb755f

SHA-256:

e27db8824a74bde27d8a9f51274ea2806296df3b33aeb35f85be8c88ee5b40b0

Scanner detections:

19 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 7:46:41 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.147201

5706895

AhnLab V3 Security

PUP/Win32.MicroLab

2015.07.02

Avira AntiVirus

TR/VB.Downloader.Gen

8.3.1.6

Arcabit

Trojan.Zusy.D23F01

1.0.0.425

avast!

Win32:Adware-ADK [PUP]

150602-1

AVG

MicroNames Ltd

2016.0.3061

Bitdefender

Gen:Variant.Zusy.147201

1.0.20.910

Comodo Security

ApplicUnwnt.Win32.AdWare.Hebogo.STA

22638

Dr.Web

Adware.Hebogo.3, Trojan.VbCrypt.250

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Zusy.147201

10.0.0.5366

ESET NOD32

Win32/Adware.Hebogo application

7.0.302.0

F-Secure

Gen:Variant.Zusy.147201

5.14.151

G Data

Gen:Variant.Zusy.147201

15.7.25

K7 AntiVirus

Adware

13.205.16429

Kaspersky

not-a-virus:AdWare.Win32.Hebogo

15.0.0.543

MicroWorld eScan

Gen:Variant.Zusy.147201

16.0.0.546

Norman

Gen:Variant.Zusy.147201

02.06.2015 14:23:46

Panda Antivirus

Trj/Genetic.gen

15.07.01.11

Quick Heal

Adware.Hebogo.A3

7.15.14.00

File size:

111.5 KB (114,208 bytes)

Product version:

1.00

Original file name:

WinCtrCon.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\winctrview\engin\proversion\winctrcon.exe

File PE Metadata

Compilation timestamp:

6/24/2015 11:29:23 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:J9MX52O6epqxc9i42Kuc5ceotKU2ELRXPrdTXInU:J9MX8s8xc9i42xddTz

Entry address:

0x2210

Entry point:

68, CC, 2D, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, C3, 21, F9, F4, 01, D2, 67, 4E, A9, F5, EB, 3A, B8, 9E, 18, 63, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 20, 20, 20, 0D, 0A, 0D, 43, 6F, 6E, 43, 74, 72, 50, 72, 63, 00, 0D, 0A, 0D, 0A, 45, 6E, 00, 00, 00, 00, FF, CC, 31, 00, 02, A9, 72, 9B, 4E, 86, 74, 03, 42, A8, 45, AB, EA, 95, 55, A1, 0A, A1, 23, 12, 89, B0, 84, 8B, 4D, 86, 1A, 42, AA, 72, 04, A3, D5, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00... 
[+]

Entropy:

5.8307

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

88 KB (90,112 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

WinCtrCon

Command:

C:\users\{user}\appdata\roaming\winctrview\engin\proversion\winctrcon.exe -hcsjxh

Remove WinCtrCon.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.