Should I block it?

No, this file is 100% safe to run.

Additional versions

6.2.9200.16384 (win8_rtm.120725-1247)	0.21%
6.2.9200.16384 (win8_rtm.120725-1247)	0.21%
6.1.7600.16385 (win7_rtm.090713-1255)	0.82%
6.1.7600.16385 (win7_rtm.090713-1255)	0.82%
6.0.6000.16386 (vista_rtm.061101-2205)	0.21%
6.0.6000.16386 (vista_rtm.061101-2205)	0.21%
5.2.3790.1830 (srv03_sp1_rtm.050324-1447)	0.21%
5.1.2600.5512 (xpsp.080413-2105)	62.27%
5.1.2600.5512 (xpsp.080413-2105)	1.65%
5.1.2600.5512 (xpsp.080413-2105)	1.44%
5.1.2600.5512 (xpsp.080413-2105)	0.62%
5.1.2600.5512 (xpsp.080413-2105)	1.86%
5.1.2600.5512 (xpsp.080413-2105)	2.27%
5.1.2600.5512 (xpsp.080413-2105)	0.41%
5.1.2600.5512 (xpsp.080413-2105)	0.62%
5.1.2600.5512 (xpsp.080413-2105)	0.21%
5.1.2600.5512 (xpsp.080413-2105)	0.21%
5.1.2600.5512 (xpsp.080413-2105)	0.21%
5.1.2600.5512 (xpsp.080413-2105)	0.21%
5.1.2600.5512 (xpsp.080413-2105)	0.21%
5.1.2600.5512 (xpsp.080413-2105)	2.06%
5.1.2600.5512 (xpsp.080413-2105)	0.62%
5.1.2600.5512 (xpsp.080413-2105)	0.21%
5.1.2600.5512 (xpsp.080413-2105)	1.03%
5.1.2600.5512 (xpsp.080413-2105)	1.65%
View more
5.1.2600.5512 (xpsp.080413-2105)	1.03%
5.1.2600.5512 (xpsp.080413-2105)	0.21%
5.1.2600.5512 (xpsp.080413-2105)	0.41%
5.1.2600.5512 (xpsp.080413-2105)	0.21%
5.1.2600.5512 (xpsp.080413-2105)	0.62%
5.1.2600.5512 (xpsp.080413-2105)	0.21%
5.1.2600.5512 (xpsp.080413-2105)	0.62%
5.1.2600.5512 (xpsp.080413-2105)	0.62%
5.1.2600.5512 (xpsp.080413-2105)	0.21%
5.1.2600.5512 (xpsp.080413-2105)	0.21%
5.1.2600.5512 (xpsp.080413-2105)	0.21%
5.1.2600.5512 (xpsp.080413-2105)	0.21%
5.1.2600.5512 (xpsp.080413-2105)	0.21%
5.1.2600.5512 (xpsp.080413-2105)	0.21%
5.1.2600.5512 (xpsp.080413-2105)	0.21%
5.1.2600.3311 (xpsp.080212-0004)	0.41%
5.1.2600.3300 (xpsp.080125-2028)	0.21%
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	11.96%
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	0.21%
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	0.41%
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	0.21%
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	0.21%
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	0.21%
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	0.21%
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	0.21%

Relationships

PE file structure

Show functions

Import table

advapi32.dll

RegDeleteValueA, RegOpenKeyExA, RegCloseKey, RegSetValueExA, RegCreateKeyA, RegCreateKeyExA

kernel32.dll

lstrcpynA, lstrlenA, GetSystemDirectoryA, GetSystemWindowsDirectoryA, GetVersionExA, GetACP, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, LocalFree, CloseHandle, ResetEvent, OpenEventA, CreateProcessA, lstrcatA, GetSystemInfo, lstrcmpiA, FreeLibrary, LoadLibraryA, CreateEventA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, LocalAlloc, GetProcAddress, RegisterApplicationRestart, GetModuleHandleW, GetCommandLineW, GetStartupInfoW, InterlockedCompareExchange, Sleep, InterlockedExchange

msctf.dll

TF_InitSystem, TF_GetGlobalCompartment, TF_InvalidAssemblyListCacheIfExist, TF_InvalidAssemblyListCache, TF_PostAllThreadMsg, TF_CreateCicLoadMutex, TF_UninitSystem

msctfmonitor.dll

DoMsCtfMonitor

msutb.dll

ClosePopupTipbar, GetPopupTipbar

msvcrt.dll

DllMain

user32.dll

EnumWindows, GetClassNameA, FindWindowA, PostMessageA, SetTimer, KillTimer, MsgWaitForMultipleObjects, PeekMessageA, TranslateMessage, DispatchMessageA, GetMessageA, SetWindowPos, LoadCursorA, RegisterClassExA, DefWindowProcA, PostQuitMessage, CreateWindowExA, GetSystemMetrics

CTFMON.exe

CTF Loader by Microsoft

Remove CTFMON.exe

Version:	5.1.2600.5512 (xpsp.080413-2105)
MD5:	f089e5f41489a3161f068b61b8484712
SHA1:	aeac6a5716248b89afe001df8ff2399526d48071
SHA256:	446aea426b90dc521428f779ddea6ab678e6a6c4a5d195d0f48200ae5cefd400

This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is CTFMON.exe?

CTF Loader, a Microsoft Windows process relating to the ctfmon.exe file, which monitors active windows and provides text support for speech and handwriting recognition, keyboard, translation, and other technologies.

Overview

ctfmon.exe executes as a process with the local user's privileges. It is set to be run when the PC boots and the user logs into Windows (added to the Run registry key for the current user). It has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. This version is installed on Windows XP. Note, some antivirus scanners have flagged this file, however it is not necessarily considered malware (see below for details).

Details

File name:	ctfmon.exe
Publisher:	Microsoft Corporation
Product name:	CTF Loader
Description:	Microsoft® Windows® Operating System
Typical file path:	C:\Windows\System32\ctfmon.exe
File version:	5.1.2600.5512 (xpsp.080413-2105)
Product version:	5.1.2600.5512
Size:	39.5 KB (40,448 bytes)
Digital DNA
PE subsystem:	Windows GUI
Entropy:	6.118468
File packed:	No
Code language:	Microsoft Visual C++
.NET CLR:	No

More details

Behaviors

Startup files (user) run

Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'

'ctfmon.exe' → C:\WINDOWS\system32\ctfmon.exe

Windows firewall allowed programs

Exceptions allow programs to access to the Internet through an outbound connections

Firewall exception for 'C:\WINDOWS\system32\ctfmon.exe'

Distribution by Windows OS

OS version	distribution
Microsoft Windows XP	97.00%
Windows 7 Home Premium	1.00%
Windows Vista Home Premium	1.00%
Windows 7 Home Basic	0.50%
Windows 8 Pro with Media Center	0.50%

Distribution by country

United States installs about 29.23% of CTF Loader.

Distribution by PC manufacturer

PC Manufacturer	distribution
Dell	30.33%
Intel	12.30%
Toshiba	10.66%
American Megatrends	9.84%
Hewlett-Packard	6.97%
GIGABYTE	6.56%
Compaq	6.56%
ASUS	4.92%
Sahara	3.69%
Lenovo	3.28%
Gateway	2.46%
Acer	1.64%
Sony	0.82%

Remove Adware and Spyware Programs, FREE Download!