× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a459998290271d5ace51d623c6e88fba226d88d1c0fa905535f6203046d8330b
File name: WinPatrol Monitor
Detection ratio: 0 / 56
Analysis date: 2015-04-20 00:15:57 UTC ( 4 years ago )
Antivirus Result Update
Ad-Aware 20150420
AegisLab 20150420
Yandex 20150419
AhnLab-V3 20150419
Alibaba 20150420
ALYac 20150420
Antiy-AVL 20150419
Avast 20150419
AVG 20150419
AVware 20150420
Baidu-International 20150419
BitDefender 20150420
Bkav 20150417
ByteHero 20150420
CAT-QuickHeal 20150418
ClamAV 20150420
CMC 20150418
Comodo 20150419
Cyren 20150420
DrWeb 20150420
Emsisoft 20150420
ESET-NOD32 20150419
F-Prot 20150420
F-Secure 20150419
Fortinet 20150420
GData 20150420
Ikarus 20150420
Jiangmin 20150417
K7AntiVirus 20150419
K7GW 20150419
Kaspersky 20150419
Kingsoft 20150420
Malwarebytes 20150419
McAfee 20150420
McAfee-GW-Edition 20150419
Microsoft 20150420
eScan 20150420
NANO-Antivirus 20150420
Norman 20150419
nProtect 20150417
Panda 20150417
Qihoo-360 20150420
Rising 20150419
Sophos AV 20150420
SUPERAntiSpyware 20150419
Symantec 20150420
Tencent 20150420
TheHacker 20150417
TotalDefense 20150419
TrendMicro 20150420
TrendMicro-HouseCall 20150420
VBA32 20150418
VIPRE 20150420
ViRobot 20150419
Zillya 20150420
Zoner 20150417
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 1997-2013 BillP Studios

Publisher BillP Studios
Product WinPatrol Monitor
Internal name WinPatrol Monitor
File version 26.0.2013.0
Description WinPatrol System Monitor
Comments Let Scotty the Windows Watchdog patrol your system.
Signature verification Signed file, verified signature
Signing date 3:09 AM 12/10/2012
Signers
[+] BillP Studios
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 6/7/2012
Valid to 12:59 AM 6/8/2013
Valid usage Code Signing
Algorithm SHA1
Thumbprint F744C783FAA0156992A2CB18EA46CEB0EEE0057F
Serial number 00 B9 EF 7D 46 C7 F1 20 E2 83 74 F1 D5 76 77 A4 A6
[+] COMODO Code Signing CA 2
Status Valid
Issuer None
Valid from 1:00 AM 8/24/2011
Valid to 11:48 AM 5/30/2020
Valid usage Code Signing
Algorithm SHA1
Thumbprint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] UTN-USERFirst-Object
Status Valid
Issuer None
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm SHA1
Thumbprint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] USERTrust
Status Valid
Issuer None
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm SHA1
Thumbprint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Counter signers
[+] COMODO Time Stamping Signer
Status Valid
Issuer None
Valid from 1:00 AM 5/10/2010
Valid to 12:59 AM 5/11/2015
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 3DBB6DB5085C6DD5A1CA7F9CF84ECB1A3910CAC8
Serial number 47 8A 8E FB 59 E1 D8 3F 0C E1 42 D2 A2 87 07 BE
[+] UTN-USERFirst-Object
Status Valid
Issuer None
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm SHA1
Thumbrint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] USERTrust
Status Valid
Issuer None
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm SHA1
Thumbrint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-10 01:47:16
Entry Point 0x0001DC48
Number of sections 5
PE sections
PE imports
RegDeleteKeyA
RegCloseKey
OpenServiceA
RegQueryValueExA
ControlService
GetServiceKeyNameA
RegCreateKeyA
CloseServiceHandle
RegOpenKeyA
RegQueryValueA
QueryServiceStatus
GetServiceDisplayNameA
RegOpenKeyExA
RegDeleteValueA
RegEnumKeyA
RegEnumKeyExA
RegQueryInfoKeyA
QueryServiceStatusEx
RegSetValueExA
StartServiceA
RegEnumValueA
OpenSCManagerA
GetOpenFileNameA
CreateFontA
GetStockObject
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
EncodePointer
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
HeapSize
SetStdHandle
GetFileTime
GetTempPathA
GetCPInfo
lstrcmpiA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetOEMCP
LocalFree
MoveFileA
GetExitCodeProcess
GetEnvironmentVariableA
FindClose
InterlockedDecrement
FormatMessageA
SetLastError
GetModuleFileNameW
CopyFileA
HeapAlloc
FlushFileBuffers
RemoveDirectoryA
HeapSetInformation
WriteProfileStringA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
_lclose
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemDirectoryA
DecodePointer
GlobalMemoryStatus
GlobalAlloc
SearchPathA
GetCurrentThreadId
GetProcAddress
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
LeaveCriticalSection
MoveFileExA
GetFileSize
OpenProcess
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetStartupInfoW
GlobalLock
_lread
GetProcessHeap
lstrcmpA
FindFirstFileA
lstrcpyA
GetProfileStringA
CompareStringA
FindNextFileA
TerminateProcess
ExpandEnvironmentStringsA
CreateFileW
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
GetModuleFileNameA
GetShortPathNameA
OpenFile
FileTimeToLocalFileTime
GetCurrentProcessId
WideCharToMultiByte
WinExec
GetCommandLineA
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
CreateProcessA
IsValidCodePage
HeapCreate
Sleep
Ord(3)
Ord(2)
GetModuleFileNameExA
EnumProcesses
EnumProcessModules
ExtractIconA
ShellExecuteExA
ShellExecuteA
SHGetSpecialFolderPathA
Shell_NotifyIconA
GetMessageA
GetParent
UpdateWindow
EndDialog
PostQuitMessage
KillTimer
RegisterWindowMessageA
DefWindowProcA
ShowWindow
GetPropA
SetWindowPos
GetWindowThreadProcessId
MessageBoxExA
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
PostMessageA
ChildWindowFromPoint
SetWindowLongA
GetWindowLongA
TranslateMessage
IsWindowEnabled
InvalidateRect
SendDlgItemMessageA
GetCursorPos
CreatePopupMenu
FindWindowA
LoadStringA
SendMessageA
DialogBoxParamA
CreateWindowExA
GetDlgItem
RegisterClassA
TrackPopupMenuEx
wsprintfA
SetTimer
LoadCursorA
LoadIconA
SetWindowTextA
SetForegroundWindow
DestroyWindow
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
PlaySoundA
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
CoInitializeSecurity
CoTaskMemFree
sqlite3_free
sqlite3_close
sqlite3_exec
sqlite3_open
Number of PE resources by type
RT_ICON 48
RT_STRING 32
RT_GROUP_ICON 13
RT_DIALOG 11
WAVE 1
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 107
PE resources
ExifTool file metadata
FileDescription
WinPatrol System Monitor

Comments
Let Scotty the Windows Watchdog patrol your system.

InitializedDataSize
259584

ImageVersion
0.0

ProductName
WinPatrol Monitor

FileVersionNumber
26.0.2013.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Windows, Latin1

LinkerVersion
10.0

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
26.0.2013.0

TimeStamp
2012:12:10 02:47:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WinPatrol Monitor

ProductVersion
26.0.2013.0

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 1997-2013 BillP Studios

MachineType
Intel 386 or later, and compatibles

CompanyName
BillP Studios

CodeSize
144896

FileSubtype
0

ProductVersionNumber
26.0.2013.0

EntryPoint
0x1dc48

ObjectFileType
Executable application

File identification
MD5 aca142e3e26d1780a283a7bc0f8c1146
SHA1 590edfa67262ff2c66f73e1a496f68e047e459e3
SHA256 a459998290271d5ace51d623c6e88fba226d88d1c0fa905535f6203046d8330b
ssdeep
3072:POMRMelWGywRQnWmTUJkQQNONz54I3K7SSGXx4UXHPrNuRMT/nmCK/44GiVAyD2m:PUWCrUkQJ3gSSGXxLp63GiVT1o

authentihash f91a747832d82a233a7cbddf4a668c475aeefbbfb00bd8f0ab67e525d53965cc
imphash d3655db2b5ca3bd7a3a8d21e953c33cb
File size 355.2 KB ( 363752 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe signed

VirusTotal metadata
First submission 2012-12-13 12:44:16 UTC ( 6 years, 4 months ago )
Last submission 2013-02-03 13:16:11 UTC ( 6 years, 2 months ago )
File names winpatrol.exe
WinPatrol.exe
file-4883278_exe
winpatrol.exe
winpatrol.exe
WinPatrol.exe
WinPatrol.exe
winpatrol.exe
WinPatrol.exe
WinPatrol.exe
winpatrol.exe
winpatrol.exe
WinPatrol Monitor
vt-upload-XBLndm
WinPatrol.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!