ntcontrolsvc.exe

Atom Security OOO

The application ntcontrolsvc.exe, “Network Maintenance Service” by Atom Security OOO has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “NtControlSvc”.
Publisher:
RapidLights, Inc.  (signed by Atom Security OOO)

Description:
Network Maintenance Service

Version:
2.2.4.6

MD5:
1bbc811f4f8d7eea6a0d24a041bf6cd9

SHA-1:
c181b6b9d6d90eeab9a4a678e3200d61497f9d0d

SHA-256:
3158d927690cfec4d2efa490755f93387020c8d341f7845d88c39a45cb5f65ce

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/28/2024 4:49:35 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.AtomSecu.Service
17.3.16.0

File size:
3.6 MB (3,726,016 bytes)

Product version:
2.2.4.6

Copyright:
Copyright (C) 2016 RapidLights, Inc.

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\windows\syswow64\timecontrolsvc\proxy\ntcontrolsvc.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
6/4/2015 8:00:00 AM

Valid to:
6/4/2018 7:59:59 AM

Subject:
CN=Atom Security OOO, OU=development, O=Atom Security OOO, STREET="Academician Koptyuga Prospect, 4,office 158", L=Novosibirsk, S=nso, PostalCode=630090, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2F74D159839B911DB6F1DFF991E70893

File PE Metadata
Compilation timestamp:
11/3/2016 10:17:23 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x142C16

Entry point:
E8, F7, ED, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 75, 0B, FF, 75, 0C, E8, 34, D3, FF, FF, 59, 5D, C3, 56, 8B, 75, 0C, 85, F6, 75, 0D, FF, 75, 08, E8, B5, D3, FF, FF, 59, 33, C0, EB, 4D, 57, EB, 30, 85, F6, 75, 01, 46, 56, FF, 75, 08, 6A, 00, FF, 35, 18, BE, 77, 00, FF, 15, 54, 0D, 78, 00, 8B, F8, 85, FF, 75, 5E, 39, 05, 1C, BE, 77, 00, 74, 40, 56, E8, A1, 18, 00, 00, 59, 85, C0, 74, 1D, 83, FE, E0, 76, CB, 56, E8, 91, 18, 00, 00, 59, E8, 75, EC, FF, FF, C7, 00, 0C, 00, 00, 00, 33...
 
[+]

Entropy:
5.8612

Code size:
2.8 MB (2,942,464 bytes)

Service
Display name:
NtControlSvc

Description:
NtControlSvc's Redirector service

Type:
Win32OwnProcess

Depends on:
RPCSS


Remove ntcontrolsvc.exe - Powered by Reason Core Security