winpatrol.exe

WinPatrol Monitor

BillP Studios

The executable winpatrol.exe, “WinPatrol System Monitor” has been detected as malware by 4 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘WinPatrol’.
Publisher:
BillP Studios  (signed and verified)

Product:
WinPatrol Monitor

Description:
WinPatrol System Monitor

Version:
19.3.2010.0

MD5:
b27a78232e81d9dbb749627187abfc51

SHA-1:
ac16d94d13252237830c035aa1cac13512f001b6

SHA-256:
e58a92c44ca1060e69405d7faccc416623fd73d334961e4e93457e59cf1209e1

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
11/30/2024 3:24:43 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Crypt-SKC [Trj]
160216-0

Dr.Web
Win32.HLLP.Neshta
9.0.1.05190

McAfee
Virus.W32/HLLP.41472
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.7574.0

File size:
402.4 KB (412,040 bytes)

Product version:
19.3.2010.0

Copyright:
Copyright © 1997- 2010 BillP Studios

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\billp studios\winpatrol\winpatrol.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
5/12/2010 4:00:00 PM

Valid to:
6/10/2011 3:59:59 PM

Subject:
CN=BillP Studios, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=BillP Studios, L=Scotia, S=New York, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2CB9D8F0974B6E42054FC171E0C47C2A

File PE Metadata
Compilation timestamp:
11/4/2010 1:18:50 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
3072:Hr85Cq5+ByKKanQhnks4Cd8OcrxEz5TliuRMT/nmCK/44GiVAyD26uEmbrniFj1/:L9TBnQhne617i63GiVT1f9rh5grM5grk

Entry address:
0x16179

Entry point:
E8, E8, 36, 00, 00, E9, 16, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 78, 76, 42, 00, 89, 0D, 74, 76, 42, 00, 89, 15, 70, 76, 42, 00, 89, 1D, 6C, 76, 42, 00, 89, 35, 68, 76, 42, 00, 89, 3D, 64, 76, 42, 00, 66, 8C, 15, 90, 76, 42, 00, 66, 8C, 0D, 84, 76, 42, 00, 66, 8C, 1D, 60, 76, 42, 00, 66, 8C, 05, 5C, 76, 42, 00, 66, 8C, 25, 58, 76, 42, 00, 66, 8C, 2D, 54, 76, 42, 00, 9C, 8F, 05, 88, 76, 42, 00, 8B, 45, 00, A3, 7C, 76, 42, 00, 8B, 45, 04, A3, 80, 76, 42, 00, 8D, 45, 08, A3, 8C, 76, 42, 00, 8B...
 
[+]

Entropy:
6.0572

Code size:
120 KB (122,880 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
WinPatrol

Command:
C:\Program Files\billp studios\winpatrol\winpatrol.exe -expressboot


Remove winpatrol.exe - Powered by Reason Core Security