home

winpatrol.exe

WinPatrol Monitor

BillP Studios

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘WinPatrol’. This is installed with multiple programs including WinPatrol.
Publisher:
BillP Studios  (signed and verified)

Product:
WinPatrol Monitor

Description:
WinPatrol System Monitor

Version:
24.5.2012.0

MD5:
f6f938c8d91c88b2e3536d4f4cdc8e91

SHA-1:
eb927b30cf69b0e1f71eec6bf14731c6180b1540

SHA-256:
2718c62b52ff2e32db2c2890a9d0ff9da6f1c0cf04de4c66e98019358308bc33

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 7:09:09 PM UTC  (today)

File size:
321.6 KB (329,312 bytes)

Product version:
24.5.2012.0

Copyright:
Copyright © 1997-2012 BillP Studios

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\billp studios\winpatrol\winpatrol.exe

Digital Signature
Signed by:
BillP Studios

Authority:
VeriSign, Inc.

Valid from:
5/8/2011 7:00:00 PM

Valid to:
6/9/2012 6:59:59 PM

Subject:
CN=BillP Studios, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=BillP Studios, L=Scotia, S=New York, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1C98855D8F3819C2E18DE5A65F7AD3FB

File PE Metadata
Compilation timestamp:
3/25/2012 1:12:25 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:gRPCShKoNzIw1OosnYekeqcB63GiVT1LX:gRPCELzIw1FsYekeL4GW1r

Entry address:
0x1765

Entry point:
E8, 65, 35, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, D8, 64, 42, 00, 89, 0D, D4, 64, 42, 00, 89, 15, D0, 64, 42, 00, 89, 1D, CC, 64, 42, 00, 89, 35, C8, 64, 42, 00, 89, 3D, C4, 64, 42, 00, 66, 8C, 15, F0, 64, 42, 00, 66, 8C, 0D, E4, 64, 42, 00, 66, 8C, 1D, C0, 64, 42, 00, 66, 8C, 05, BC, 64, 42, 00, 66, 8C, 25, B8, 64, 42, 00, 66, 8C, 2D, B4, 64, 42, 00, 9C, 8F, 05, E8, 64, 42, 00, 8B, 45, 00, A3, DC, 64, 42, 00, 8B, 45, 04, A3, E0, 64, 42, 00, 8D, 45, 08, A3, EC, 64, 42...
 
[+]

Entropy:
6.1498

Code size:
115.5 KB (118,272 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
WinPatrol

Command:
C:\Program Files\billp studios\winpatrol\winpatrol.exe -expressboot


The file winpatrol.exe has been discovered within the following programs.

WinPatrol  by BillP Studios
Publisher's description - “WinPatrol monitors and exposes adware, keyloggers, spyware, worms, cookies, and other malicious software. This program puts you back in control of your computer with no need for constant updates.”
www.winpatrol.com
3% remove it
Yahoo! Install Manager  by Yahoo! Inc.
Yahoo Install Manager manages Yahoo program downloads and installations. The install manager keeps track of such programs and assists in the installations to put things in their proper places.
www.yahoo.com
20% remove it
 
Powered by Should I Remove It?

Scan winpatrol.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.