home

ctfmon_0713.exe

ctfmon

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable ctfmon_0713.exe, “Wmi provider host” has been detected as malware by 31 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “Network File Service”. According to AVG, this software downloads additional adware offers during setup.
Publisher:
Microsoft Corporation*  (Invalid match)

Product:
ctfmon

Description:
Wmi provider host

Version:
1.0.1.2

MD5:
07f05d93dfc97ae9bf64abcb81c1ba60

SHA-1:
06170ce302134ef3bfd7972102d83e6f1dae568c

SHA-256:
35882c25bfade53a684d9b3f88abb035d1dd169e6b2d51008b10f225feb06a58

Scanner detections:
31 / 68

Status:
Malware

Analysis date:
4/19/2024 5:04:20 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11617932
701

AhnLab V3 Security
HEUR/Fakedug
2014.12.31

Avira AntiVirus
TR/Proxy.Wonknod.A
7.11.198.192

avast!
Win32:Dropper-gen [Drp]
2014.9-150305

AVG
Downloader.Generic13
2016.0.3179

Baidu Antivirus
Trojan.Win32.Downloader
4.0.3.1535

Bitdefender
Trojan.Generic.11617932
1.0.20.320

Comodo Security
UnclassifiedMalware
20543

Dr.Web
Trojan.DownLoader11.37123
9.0.1.064

Emsisoft Anti-Malware
Trojan.Generic.11617932
8.15.03.05.09

ESET NOD32
Win32/TrojanDownloader.Agent.ASF
9.10947

Fortinet FortiGate
W32/SPNR.07HG14!tr
3/5/2015

F-Secure
Trojan.Generic.11617932
11.2015-05-03_5

G Data
Trojan.Generic.11617932
15.3.24

IKARUS anti.virus
Trojan-Downloader.Win32.Agent
t3scan.1.8.5.0

K7 AntiVirus
Trojan-Downloader
13.188.14496

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.2391

McAfee
RDN/Downloader.a!ty
5600.6835

Microsoft Security Essentials
TrojanProxy:Win32/Wonknod.A
1.11302

MicroWorld eScan
Trojan.Generic.11617932
16.0.0.192

NANO AntiVirus
Trojan.Win32.Agent.deuqor
0.30.0.64448

Norman
Troj_Generic.VPDNU
11.20150305

nProtect
Trojan.Generic.11617932
14.12.31.01

Panda Antivirus
Trj/OCJ.F
15.03.05.09

Qihoo 360 Security
Win32/Trojan.Dropper.c9f
1.0.0.1015

Quick Heal
TrojanProxy.Wonknod.r6
3.15.14.00

Rising Antivirus
PE:Trojan.Win32.Generic.172FA22B!388997675
23.00.65.15303

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_SPNR.07HG14
7.2.64

Trend Micro
TROJ_SPNR.07HG14
10.465.05

VIPRE Antivirus
Trojan.Win32.Generic
36242

File size:
681 KB (697,344 bytes)

Product version:
1.0.1.2

Copyright:
Microsoft Corporation. All rights reserved.

Original file name:
ctfmon.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\Program Files\ctfmon_0713\ctfmon_0713.exe

File PE Metadata
Compilation timestamp:
7/13/2014 7:52:40 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
12288:6Du7w8Y2fmAPjV3Do+HhL15K8dkmAaKPtscw4te+KylkCZSwA7qrIs0xU3LpWy7e:au7w8YIPd+88Y+KylkS0xUt7EmfT4V

Entry address:
0x63725

Entry point:
E8, F1, C4, 00, 00, E9, 95, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, A3, 10, 40, 4A, 00, 5D, C3, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, 40, 17, 4A, 00, 33, C5, 89, 45, FC, 53, 8B, 5D, 08, 57, 83, FB, FF, 74, 07, 53, E8, 53, C5, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 6A, 4C, 8D, 85, E4, FC, FF, FF, 6A, 00, 50, E8, C5, 04, 00, 00, 8D, 85, E0, FC, FF, FF, 89, 85, D8, FC, FF, FF, 8D, 85, 30, FD, FF, FF, 83, C4, 0C, 89, 85, DC, FC, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8...
 
[+]

Entropy:
6.6485

Code size:
542.5 KB (555,520 bytes)

Service
Display name:
Network File Service

Description:
Provides network file service for system.

Type:
Win32OwnProcess


Remove ctfmon_0713.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.