CTFMON.exe
CTF Loader by Microsoft
Version: | 5.1.2600.5512 (xpsp.080413-2105) |
MD5: | e98a8c802cdb31fcf4121d9dfbea3677 |
SHA1: | 1f88d868f7edfec74edfe56893c785eac8186241 |
SHA256: | 1908876439723be634fe5469698d4f14ed3c345bfd07143a6841e50e332182cb |
This is a Windows system installed file with Windows File Protection (WFP) enabled.
What is CTFMON.exe?
CTF Loader, a Microsoft Windows process relating to the ctfmon.exe file, which monitors active windows and provides text support for speech and handwriting recognition, keyboard, translation, and other technologies.
Overview
ctfmon.exe executes as a process with the local user's privileges. It is set to be run when the PC boots and the user logs into Windows (added to the Run registry key for the current user). It has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. This version is installed on Windows XP and is compiled as a 32 bit program.
Details
File name: | ctfmon.exe |
Publisher: | Microsoft Corporation |
Product name: | CTF Loader |
Description: | Microsoft® Windows® Operating System |
Typical file path: | C:\Windows\System32\ctfmon.exe |
File version: | 5.1.2600.5512 (xpsp.080413-2105) |
Product version: | 5.1.2600.5512 |
Size: | 15 KB (15,360 bytes) |
Digital DNA |
PE subsystem: | Windows GUI |
Entropy: | 6.118468 |
File packed: | No |
Code language: | Microsoft Visual C++ |
.NET CLR: | No |
More details
Behaviors
Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'ctfmon.exe' → C:\WINDOWS\system32\ctfmon.exe
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
- Firewall exception for 'C:\WINDOWS\system32\ctfmon.exe'
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
CPU |
Total CPU: | 0.00162365% | |
Kernel CPU: | 0.00093099% | |
User CPU: | 0.00069266% | |
Kernel CPU time: | 125 ms/min | |
Context switches: | 5/sec | |
Memory |
Private memory: | 1.04 MB | |
Private (maximum): | 3.59 MB | |
Private (minimum): | 816 KB | |
Non-paged memory: | 1.04 MB | |
Virtual memory: | 33.81 MB | |
Virtual memory (peak): | 35.43 MB | |
Working set: | 908 KB | |
Working set (peak): | 3.59 MB | |
Resource allocations |
Threads: | 1 | |
Handles: | 85 | |
GUI GDI count: | 28 | |
GUI USER count: | 11 | |
Process properties
Integrety level: | Undefined |
Platform: | 32-bit |
Command line: | ctfmon.exe |
Owner: | User |
Distribution by Windows OS
OS version | distribution |
Microsoft Windows XP |
97.00% |
|
Windows 7 Home Premium |
1.00% |
|
Windows Vista Home Premium |
1.00% |
|
Windows 7 Home Basic |
0.50% |
|
Windows 8 Pro with Media Center |
0.50% |
|
Distribution by country
United States installs about 29.23% of CTF Loader.
Distribution by PC manufacturer
PC Manufacturer | distribution |
Dell |
30.33% |
|
Intel |
12.30% |
|
Toshiba |
10.66% |
|
American Megatrends |
9.84% |
|
Hewlett-Packard |
6.97% |
|
GIGABYTE |
6.56% |
|
Compaq |
6.56% |
|
ASUS |
4.92% |
|
Sahara |
3.69% |
|
Lenovo |
3.28% |
|
Gateway |
2.46% |
|
Acer |
1.64% |
|
Sony |
0.82% |
|