home

winprotector.exe

HD革命/WinProtector Version 5.0.4

Ark Information Systems inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘PwfCtrl’.
Publisher:
アーク情報システム  (signed by Ark Information Systems inc.)

Product:
HD革命/WinProtector Version 5.0.4

Version:
5.0.4.0

MD5:
f59427d494c0785f69211e6ca420fb1f

SHA-1:
d8c14d33a9cd0dc3056dc6f758bc44057044b0a3

SHA-256:
981b595e2baa22cbae1041451f4a4c82b32800fb48b7f76c4442bc2514cbe36f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/2/2024 12:59:17 AM UTC  (today)

File size:
1.6 MB (1,648,136 bytes)

Product version:
5.0.4.0

Copyright:
Copyright (C) 2016 株式会社 アーク情報システム

Trademarks:
HD革命(R)

Original file name:
WinProtector

File type:
Executable application (Win64 EXE)

Common path:
C:\Program Files\ark information systems inc\winprotector\winprotector.exe

Digital Signature
Signed by:
Ark Information Systems inc.

Authority:
DigiCert Inc

Valid from:
12/17/2015 9:00:00 AM

Valid to:
2/22/2017 9:00:00 PM

Subject:
CN=Ark Information Systems inc., O=Ark Information Systems inc., L=Chiyoda-ku, S=Tokyo, C=JP, PostalCode=102-0076, STREET=4-2 Go-bancho, SERIALNUMBER=0100 01 009637, OID.1.3.6.1.4.1.311.60.2.1.3=JP, OID.2.5.4.15=Private Organization

Issuer:
CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0301D7C05F2DA0E0741922C4F7ED9051

File PE Metadata
Compilation timestamp:
5/30/2016 5:47:12 PM

OS version:
6.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x52364

Entry point:
48, 83, EC, 28, E8, 53, 07, 00, 00, 48, 83, C4, 28, E9, F2, FD, FF, FF, FF, 25, CC, 50, 00, 00, 48, 8B, C4, 48, 89, 58, 08, 48, 89, 68, 10, 48, 89, 70, 18, 48, 89, 78, 20, 41, 56, 48, 83, EC, 20, 49, 8B, 59, 38, 48, 8B, F2, 4D, 8B, F0, 48, 8B, E9, 4C, 8D, 43, 04, 49, 8B, D1, 48, 8B, CE, 49, 8B, F9, E8, 24, 01, 00, 00, 44, 8B, 5B, 04, 44, 8B, 55, 04, 41, 8B, C3, 41, 83, E3, 02, 41, B8, 01, 00, 00, 00, 41, 23, C0, 41, 80, E2, 66, 44, 0F, 44, D8, 45, 85, DB, 74, 14, 4C, 8B, CF, 4D, 8B, C6, 48, 8B, D6, 48, 8B...
 
[+]

Entropy:
5.6084

Code size:
342.5 KB (350,720 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
PwfCtrl

Command:
"C:\Program Files\ark information systems inc\winprotector\winprotector.exe" autorun


Scan winprotector.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.