home

WinCtrProc.exe

RetosProret

MicroNames Ltd.

The application WinCtrProc.exe by MicroNames has been detected as a potentially unwanted program by 22 anti-malware scanners. It is also typically executed from an Internet Explorer cache folder.
Publisher:
MicroNames  (signed by MicroNames Ltd.)

Product:
RetosProret

Version:
2.00

MD5:
c567eaa651f6568836ef5a3f023608bc

SHA-1:
a89f85d1acc1657f5389bc4a91b868da5fa5e2ca

SHA-256:
698b6bc33e18e01056b7a87b0ae48b09ad290413e969ffd7668ab29d1ad3f95a

Scanner detections:
22 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 2:34:54 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.116359
551

AhnLab V3 Security
PUP/Win32.MicroLab
2014.07.21

Avira AntiVirus
TR/VB.Downloader.Gen
7.11.164.228

AVG
MicroNames Ltd
2016.0.3029

Bitdefender
Gen:Variant.Adware.Graftor.116359
1.0.20.1070

Clam AntiVirus
Win.Trojan.Unicode.220_73_162_3
0.98/21411

Comodo Security
Application.Win32.Downware.KG
19042

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.116359
8.15.08.02.03

ESET NOD32
Win32/Adware.DownloadWare (variant)
9.10128

Fortinet FortiGate
Riskware/Hebogo
9/7/2015

F-Prot
W32/VB-Backdoor-HRS-based!Maxim
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Graftor.116359
11.2015-02-08_1

G Data
Gen:Variant.Adware.Graftor.116359
15.8.24

Malwarebytes
Adware.Korad
v2015.08.02.03

McAfee
Artemis!C567EAA651F6
5600.6685

MicroWorld eScan
Gen:Variant.Adware.Graftor.116359
16.0.0.642

Panda Antivirus
Trj/Genetic.gen
15.08.02.03

Qihoo 360 Security
HEUR/Malware.QVM03.Gen
1.0.0.1015

Reason Heuristics
PUP.MicroNames (M)
15.8.2.15

Sophos
Generic PUA KI
4.98

Trend Micro House Call
TROJ_GEN.R047H09H114
7.2.214

ViRobot
Adware.Agent.843264.C
2011.4.7.4223

File size:
823.5 KB (843,256 bytes)

Product version:
2.00

Original file name:
WinCtrProc.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\winctrproc.exe

Digital Signature
Signed by:
MicroNames Ltd.

Authority:
Thawte, Inc.

Valid from:
1/24/2014 9:00:00 AM

Valid to:
1/25/2016 8:59:59 AM

Subject:
CN=MicroNames Ltd., OU=IT, O=MicroNames Ltd., L=Guro-gu, S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6702F515CEC245718E8607ED18C16E63

File PE Metadata
Compilation timestamp:
8/1/2014 10:23:59 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:6A/FOAAuVJHaRMBwz1TuQanTA8iWoYMI0nijELEOUErt:r/FOAAtMBwzNcT06ELEOUErt

Entry address:
0x7238

Entry point:
68, 88, 83, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 55, 42, 5E, 6D, 58, AF, 62, 4B, BC, 52, 80, 91, 58, F5, A8, A9, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 65, 72, 74, 5F, 4C, 61, 4D, 46, 43, 6F, 6E, 76, 65, 72, 74, 50, 72, 6F, 00, 69, 22, 0D, 00, 00, 00, 00, FF, CC, 31, 00, 04, 22, DE, 66, 35, B6, 56, 34, 40, 98, FA, 4D, D6, 3D, 8C, F2, 60, 5B, 96, A7, 69, F1, 02, 2F, 4E, B5, 9A, 1B, AF, B1, 90, D9, 6A, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Entropy:
5.8126

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
804 KB (823,296 bytes)

Remove WinCtrProc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.