» mlgopiut.scr
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Downloads (1)

mlgopiut.scr

Webroot SecureAnywhere

Webroot Inc.

It runs as a separate (within the context of its own process) windows Service named “WRSVC”. This is installed with Webroot SecureAnywhere. The file has been seen being downloaded from anywhere.webrootcloudav.com.

File name:

mlgopiut.scr

Publisher:

Webroot (signed by Webroot Inc.)

Product:

Webroot SecureAnywhere

Version:

8.0.6.28

MD5:

1059ba958126df693ca5d1da697ab507

SHA-1:

a047b2cc102a71dfdb16b0021dd7e60cd55d387d

SHA-256:

a3e44c7fb9fb5ed7e5e0c0b8bdc54ddc3c2e36bb43e829a74b2ca80fcaf60c08

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/26/2024 11:47:40 AM UTC (today)

File size:

752.7 KB (770,728 bytes)

Product version:

8.0.6.28

Original file name:

WRSA.exe

Language:

English (United States)

Common path:

C:\Program Files\hhlmdjbu\mlgopiut.scr

Digital Signature

Signed by:

Webroot Inc.

Authority:

VeriSign, Inc.

Valid from:

12/22/2013 4:00:00 PM

Valid to:

2/21/2016 3:59:59 PM

Subject:

CN=Webroot Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Webroot Inc., L=Broomfield, S=Colorado, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0F93940D35AB8B900B117F5574BA1090

File PE Metadata

Compilation timestamp:

12/9/2014 2:38:26 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:hDk8o7J+RrwcSRMaGdgwJgPiv3uZtdpwMEbVvjhLurlLguOvbUOEsLMDHoSae:hwdJ+RkaaGdZdveZtdjcvjc8uO4OHMDo

Entry address:

0x2158E0

Entry point:

60, BE, 00, 30, 16, 01, 8D, BE, 00, E0, E9, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, E9, 3D, 21, 00, 57, 83, C3, 04, 53, 68, D7, 28, 0B, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Entropy:

7.9807 (probably packed)

Code size:

720 KB (737,280 bytes)

Service

Display name:

WRSVC

Description:

Webroot SecureAnywhere Internet Security Plus v8.0.6.28

Type:

Win32OwnProcess

Group:

System Bus Extender

The file mlgopiut.scr has been discovered within the following program.

Webroot SecureAnywhere by Webroot

Publisher's description - “Webroot SecureAnywhere uses a radically new cloud-based approach to online security that protects you against the latest threats as soon as they emerge. And it does so at blazing fast speeds, typically taking two minutes or less after the initial scan of your PC.”

www.webroot.com/En_US/consumer-products-secureanywhere-complete.html

25% remove it

The file mlgopiut.scr has been seen being distributed by the following URL.

http://anywhere.webrootcloudav.com/.../wsaretail.exe

Scan mlgopiut.scr - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.