PCCNTMON.EXE

Trend Micro OfficeScan

Trend Micro, Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘OfficeScanNT Monitor’.
Publisher:
Trend Micro Inc.  (signed by Trend Micro, Inc.)

Product:
Trend Micro OfficeScan

Description:
趋势科技防毒墙网络版监控程序

Version:
10.0.0.2874

MD5:
bb732298854d223208100931ea723918

SHA-1:
2e0fe19f9951924c76353705476460d526064592

SHA-256:
1f0b1d13cfddd3ae45516b2fcab9e3cff4861472d47ebdc8ab98a35b874ace64

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/25/2024 3:41:20 AM UTC  (today)

File size:
1.3 MB (1,366,936 bytes)

Product version:
10.0

Copyright:
Copyright (C) 1998-2011 Trend Micro Incorporated. All rights reserved.

Trademarks:
Copyright (C) Trend Micro Inc.

Original file name:
PCCNTMON.EXE

File type:
Executable application (Win64 EXE)

Common path:
C:\Program Files\trend micro\officescan client\pccntmon.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
1/31/2011 8:00:00 AM

Valid to:
2/17/2012 7:59:59 AM

Subject:
CN="Trend Micro, Inc.", OU=RD, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Trend Micro, Inc.", L=Taipei, S=Taiwan, C=TW

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
24E3D70B86ED54D0B22C3450B960984E

File PE Metadata
Compilation timestamp:
3/24/2011 3:23:42 AM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

Entry address:
0xA6B50

Entry point:
48, 83, EC, 28, E8, 47, CF, 00, 00, 48, 83, C4, 28, E9, 0E, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 0F, B7, 01, 66, 85, C0, 74, 12, 66, 3B, C2, 74, 12, 66, 8B, 41, 02, 48, 83, C1, 02, 66, 85, C0, 75, EE, 66, 39, 11, 75, 04, 48, 8B, C1, C3, 33, C0, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 4C, 8B, C1, 0F, B7, 01, 48, 83, C1, 02, 66, 85, C0, 75, F4, 90, 48, 83, E9, 02, 49, 3B, C8, 74, 09, 66, 39, 11, 75, F2, 48, 8B, C1, C3, 66, 39, 11, 75, 04, 48, 8B, C1, C3, 33, C0, C3, CC, CC...
 
[+]

Entropy:
6.1067

Code size:
860 KB (880,640 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
OfficeScanNT Monitor

Command:
"C:\Program Files\trend micro\officescan client\pccntmon.exe" -hidewindow


Scan PCCNTMON.EXE - Powered by Reason Core Security