PCCNTMON.EXE

Trend Micro OfficeScan

Trend Micro, Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘OfficeScanNT Monitor’.
Scan PCCNTMON.EXE - Powered by Reason Core Security
Publisher:
Trend Micro Inc.  (signed by Trend Micro, Inc.)

Product:
Trend Micro OfficeScan

Description:
Trend Micro OfficeScan Monitor

Version:
10.6.0.3215

MD5:
598233a2418b48694a08eac054fafcd3

SHA-1:
ef86a4a41099443b4302812b8a42c8e0c834dade

SHA-256:
8b973f29066a0f660e2b98f4aca2a39ae99a4e9f58f28222bb2f045a37dc5963

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/3/2016 5:59:51 AM UTC  (today)

File size:
2.1 MB (2,230,088 bytes)

Product version:
10.6

Copyright:
Copyright (C) 1998 - 2012 Trend Micro Incorporated. All rights reserved.

Trademarks:
Copyright (C) Trend Micro Inc.

Original file name:
PCCNTMON.EXE

File type:
Executable application (Win64 EXE)

Language:
Spanish (Spain, International Sort)

Common path:
C:\Program Files\trend micro\officescan client\pccntmon.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
12/27/2011 1:00:00 AM

Valid to:
2/16/2013 12:59:59 AM

Subject:
CN="Trend Micro, Inc.", OU=RD, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Trend Micro, Inc.", L=Taipei, S=Taiwan, C=TW

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6326C00EAD256B6837EEB29B5EE84720

File PE Metadata
Compilation timestamp:
12/14/2012 8:09:47 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:HWrMlLchCv3fbOQbUZ2Ka+6xD82/CLEmHY/FnaK6Q3665pJtwy6K1EuqocUqXD:HWrMkCv3fbOEUZ1KB8653uJK1EMcUqX

Entry address:
0xCBE40

Entry point:
48, 83, EC, 28, E8, 97, D8, 00, 00, 48, 83, C4, 28, E9, 0E, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 0F, B7, 01, 66, 85, C0, 74, 12, 66, 3B, C2, 74, 12, 66, 8B, 41, 02, 48, 83, C1, 02, 66, 85, C0, 75, EE, 66, 39, 11, 75, 04, 48, 8B, C1, C3, 33, C0, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 4C, 8B, C1, 0F, B7, 01, 48, 83, C1, 02, 66, 85, C0, 75, F4, 90, 48, 83, E9, 02, 49, 3B, C8, 74, 09, 66, 39, 11, 75, F2, 48, 8B, C1, C3, 66, 39, 11, 75, 04, 48, 8B, C1, C3, 33, C0, C3, CC, CC...
 
[+]

Code size:
1.2 MB (1,237,504 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
OfficeScanNT Monitor

Command:
"C:\Program Files\trend micro\officescan client\pccntmon.exe" -hidewindow


Scan PCCNTMON.EXE - Powered by Reason Core Security