winpatrol.exe

WinPatrol Monitor

BillP Studios

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘WinPatrol’. This file is installed with the program WinPatrol.
Publisher:
BillP Studios  (signed and verified)

Product:
WinPatrol Monitor

Description:
WinPatrol System Monitor

Version:
19.1.2010.1

MD5:
bc227494fb9de401c881e68b75980ccf

SHA-1:
71d3dbd9e209a18c34ab9c1fc4098356c4bb621f

SHA-256:
edf6fc9c7e0602af49ce0da38ce2f1d258737d987c1d15d5c0b3b5cb00ccbf94

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/30/2024 3:45:46 PM UTC  (today)

Scan engine
Detection
Engine version

Norman
W32/Malware
11.20150319

File size:
321.4 KB (329,096 bytes)

Product version:
19.1.2010.1

Copyright:
Copyright © 1997- 2010 BillP Studios

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\billp studios\winpatrol\winpatrol.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
5/13/2010 5:30:00 AM

Valid to:
6/11/2011 5:29:59 AM

Subject:
CN=BillP Studios, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=BillP Studios, L=Scotia, S=New York, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2CB9D8F0974B6E42054FC171E0C47C2A

File PE Metadata
Compilation timestamp:
10/30/2010 4:14:18 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
3072:h3hUX80o+Y31HcqiSDJKPT4TH0VxjnH5T/iuRMT/nmCK/44GiVAyD26uEmbrAiFf:6807YZ034benFi63GiVT1QBr1

Entry address:
0x16307

Entry point:
E8, EA, 36, 00, 00, E9, 16, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 78, 76, 42, 00, 89, 0D, 74, 76, 42, 00, 89, 15, 70, 76, 42, 00, 89, 1D, 6C, 76, 42, 00, 89, 35, 68, 76, 42, 00, 89, 3D, 64, 76, 42, 00, 66, 8C, 15, 90, 76, 42, 00, 66, 8C, 0D, 84, 76, 42, 00, 66, 8C, 1D, 60, 76, 42, 00, 66, 8C, 05, 5C, 76, 42, 00, 66, 8C, 25, 58, 76, 42, 00, 66, 8C, 2D, 54, 76, 42, 00, 9C, 8F, 05, 88, 76, 42, 00, 8B, 45, 00, A3, 7C, 76, 42, 00, 8B, 45, 04, A3, 80, 76, 42, 00, 8D, 45, 08, A3, 8C, 76, 42, 00, 8B...
 
[+]

Entropy:
5.9954

Code size:
120 KB (122,880 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
WinPatrol

Command:
C:\Program Files\billp studios\winpatrol\winpatrol.exe -expressboot


The file winpatrol.exe has been discovered within the following program.

WinPatrol  by BillP Studios
Publisher's description - “WinPatrol monitors and exposes adware, keyloggers, spyware, worms, cookies, and other malicious software. This program puts you back in control of your computer with no need for constant updates.”
www.winpatrol.com
3% remove it
 
Powered by Should I Remove It?

Scan winpatrol.exe - Powered by Reason Core Security