ctrl2cap.exe

  • File Path: C:\SysinternalsSuite\ctrl2cap.exe

Hashes

Type Hash
MD5 C100EA4F0C45C916C795860FD1EB74CC
SHA1 545F885F31333D1207F7CCA593B6FF3C0DFFD89A
SHA256 E7F3E98C6E61E7E6FE363855B0ED67D6952683077DCDA3A08FD181069B96126D
SHA384 B710D182F7AED23FF8C876B32E115036F07B5FA0261ECD45B87A0BE6FB918926573FE4A41EF7400313662D866A027941
SHA512 BF855DAFBC0603CF1F46191F6A9004A2764037F371FC54290BA39FD351368E21A5F20A6A9B2540A0DDA01E9F2733974CB017D8A1982F1C1074EBE514B94A2B08
SSDEEP 768:ocQih4O9ndwNjMI9JTPHrZHQQ0ooGSg/nS5ltpm5gQAv1hezge9ZZ1Zt8R1UYYRa:o9KwNjMI9h1SoodVdkmVnTA6uvXHaeWh
IMP 30DEEC6579F48261855708CBA9A37FD6
PESHA1 E7C3FDD16B3727738DF5DE365956811087843593
PE256 0EA9C6C046C7AB9342D5F6E51F33F491897D8EBCB10D66407DCB17B7B6A4D2B5

Runtime Data

Usage (stdout):


Ctrl2cap Installation Applet
Copyright (C) 1999-2006 Mark Russinovich
Sysinternals - www.sysinternals.com

usage: C:\SysinternalsSuite\ctrl2cap.exe [/install | /uninstall]


Loaded Modules:

Path
C:\SysinternalsSuite\ctrl2cap.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

  • Status: Signature verified.
  • Serial: 61469ECB000400000065
  • Thumbprint: 564E01066387F26C912010D06BD78D3CF1E845AB
  • Issuer: CN=Microsoft Code Signing PCA, OU=Copyright (c) 2000 Microsoft Corp., O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename:
  • Product Name:
  • Company Name:
  • File Version:
  • Product Version:
  • Language:
  • Legal Copyright:
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 1/69
  • VirusTotal Link: https://www.virustotal.com/gui/file/e7f3e98c6e61e7e6fe363855b0ed67d6952683077dcda3a08fd181069b96126d/detection/

File Similarity (ssdeep match)

File Score
C:\SysinternalsSuite\AccessEnum.exe 41
C:\SysinternalsSuite\adrestore.exe 46
C:\SysinternalsSuite\Cacheset.exe 46
C:\SysinternalsSuite\Diskmon.exe 29
C:\SysinternalsSuite\efsdump.exe 43
C:\SysinternalsSuite\ldmdump.exe 49
C:\SysinternalsSuite\pagedfrg.exe 40

Possible Misuse

The following table contains possible examples of ctrl2cap.exe being misused. While ctrl2cap.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_false_sysinternalsuite.yml - '\ctrl2cap.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.