home

ncpmon.exe

NCP Secure Client

NCP engineering GmbH

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘NcpMonitor’.
Publisher:
NCP engineering GmbH  (signed and verified)

Product:
NCP Secure Client

Description:
NCP Client Monitor

Version:
9.23.0.0

MD5:
5db8295f2876cf50fa7c583fb13afa53

SHA-1:
32faf5c2fc9dd2bbda8c1534d5eff10b25160b97

SHA-256:
2549992e0b0d7ea8e9f2f8a8e2f175a283604eeebae2a40535f82e5628e272e0

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 4:30:49 AM UTC  (today)

File size:
6.5 MB (6,789,200 bytes)

Product version:
9.23.0.0

Copyright:
Copyright (c) 2010

Original file name:
ncpmon.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\deutsche telekom\telekom secure client\ncpmon.exe

Digital Signature
Signed by:
NCP engineering GmbH

Authority:
VeriSign, Inc.

Valid from:
3/11/2010 1:00:00 AM

Valid to:
3/18/2013 12:59:59 AM

Subject:
CN=NCP engineering GmbH, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=NCP engineering GmbH, L=Nuernberg, S=Bavaria, C=DE

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
09FBFDD3C42535FCB523AED327717E24

File PE Metadata
Compilation timestamp:
6/16/2011 2:42:31 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:f5Hzd0yu+Jk3YSsIJB0jzPATrqi0CwUe940vnMgmB32TlzPE6Ly87QSEvoJBa/03:f5Hzd+0jEnqSa40vMgmZJGQS5NQBf2

Entry address:
0x30EED8

Entry point:
55, 8B, EC, B9, 0A, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, B8, 80, 55, 70, 00, E8, 3C, C9, CF, FF, 33, C0, 55, 68, C4, F4, 70, 00, 64, FF, 30, 64, 89, 20, 33, DB, E8, 87, DE, CF, FF, 8B, F0, 8B, C6, E8, 6A, 75, D0, FF, 3D, FA, 00, 00, 00, 0F, 87, 67, 05, 00, 00, E8, B2, 64, FF, FF, 84, C0, 75, 20, 8D, 55, EC, B8, 01, 00, 00, 00, E8, 65, 57, CF, FF, 8B, 45, EC, BA, E0, F4, 70, 00, E8, 10, 94, CF, FF, 0F, 85, 3E, 05, 00, 00, E8, 89, A8, EA, FF, 8B, F0, B9, 50, E6, 71, 00, BA, F8, F4, 70, 00, B8...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
3.1 MB (3,204,608 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
NcpMonitor

Command:
"C:\Program Files\deutsche telekom\telekom secure client\ncpmon.exe" autorun


Scan ncpmon.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.