» ctfmon.exe
Overview
Analysis
File Details

ctfmon.exe

TRADE-VAN

The executable ctfmon.exe has been detected as malware by 17 anti-virus scanners.

File name:

ctfmon.exe

Publisher:

TRADE-VAN (signed and verified)

MD5:

7ce5b9e3835656c9a3822c84fe4b9995

SHA-1:

911d56bb818f5ebc554d93ece382cf775e4588a0

SHA-256:

32cd3a7dd20fb656a7f461b79213066e4202b869dbe7bd37c9ae06c96796a0ea

Scanner detections:

17 / 68

Status:

Malware

Analysis date:

4/19/2024 4:56:52 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Graftor.70261.1

7.11.80.48

avast!

Win32:Malware-gen

2014.9-151016

Bitdefender

Gen:Variant.Graftor.70261

1.0.20.1445

Comodo Security

UnclassifiedMalware

16334

Dr.Web

Trojan.Click2.41018

9.0.1.0289

Emsisoft Anti-Malware

Gen:Variant.Graftor.70261

8.15.10.16.07

Fortinet FortiGate

Malware_fam.NB

10/16/2015

F-Secure

Gen:Variant.Graftor.70261

11.2015-16-10_6

G Data

Gen:Variant.Graftor.70261

15.10.22

IKARUS anti.virus

Virus.Win32.Nemim

t3scan.2.0.0.0

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.1268

Microsoft Security Essentials

Virus:Win32/Nemim.gen!A

1.163.1557.0

Norman

Suspicious_Gen5.QFPD

11.20151016

Panda Antivirus

Trj/CI.A

15.10.16.07

Sophos

Mal/Generic-S

4.89

Trend Micro House Call

TROJ_GEN.RC1CDDR

7.2.289

Trend Micro

TROJ_GEN.RC1CDDR

10.465.16

File size:

241.3 KB (247,064 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\microsoft\display\ctfmon.exe

Digital Signature

Signed by:

TRADE-VAN

Authority:

TAIWAN-CA.COM Inc.

Valid from:

7/2/2010 2:34:05 AM

Valid to:

7/17/2011 11:59:59 AM

Subject:

CN=www.esupplychain.com.tw, OU=TRADE-VAN, O=TRADE-VAN, L=Taipei, S=Taipei, C=TW

Issuer:

CN=TaiCA Secure CA, OU=SSL Certification Service Provider, O=TAIWAN-CA.COM Inc., C=TW

Serial number:

65C80810

File PE Metadata

Compilation timestamp:

6/2/2012 3:30:50 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:V8R5jrWPANjmttEMPflxJT9vfAY2fKtp/l/l4S5n1tNBj72FgYW:V8D8ANjmtGMPfTJpHA7KtpNdf1BjIgH

Entry address:

0xF161

Entry point:

E8, 01, 92, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, CF, F1, 40, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, 33, 28, 01, 00, 8B, 45, 0C, 8B, 40, 04, 83, E0, FD, 8B, 4D, 0C, 89, 41, 04, 64, 8B, 3D... 
[+]

Entropy:

6.6365

Code size:

139 KB (142,336 bytes)

Remove ctfmon.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.