home

msrtn32.exe

The application msrtn32.exe, “Wmi provider host” has been detected as a potentially unwanted program by 3 anti-malware scanners.
Description:
Wmi provider host

Version:
6.4.0.3

MD5:
1a221e5bf86a0b7b5c13dc1a3b909218

SHA-1:
2f9512eb2da784d06342593d39e359875ceceb38

SHA-256:
2871aaf828936ea3bcd03cb9478438d69f19ce363d9164d0ab9751d98c0c6fa6

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
4/18/2024 12:51:28 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Trojan.Win32.Clamtext
4.0.3.141121

ESET NOD32
Win32/TrojanClicker.Clamtext.B trojan
7.0.302.0

Reason Heuristics
Adware.Yelloader.Meta (M)
16.2.21.19

File size:
2.1 MB (2,157,056 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\msrtn32\msrtn32.exe

File PE Metadata
Compilation timestamp:
11/19/2014 4:38:59 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:jeOqfD6r7zu9u5XgEESwysLfhCzc7GQUT1zIz9uctZ:jeOqmzu9u1ASCLfhCzc7GbTup3

Entry address:
0xFA5BA

Entry point:
E8, EB, 04, 00, 00, E9, 1C, FD, FF, FF, FF, 25, AC, 72, 53, 00, FF, 25, B0, 72, 53, 00, FF, 25, B4, 72, 53, 00, FF, 25, B8, 72, 53, 00, FF, 25, BC, 72, 53, 00, FF, 25, C0, 72, 53, 00, FF, 25, C4, 72, 53, 00, FF, 25, C8, 72, 53, 00, FF, 25, CC, 72, 53, 00, FF, 25, D0, 72, 53, 00, FF, 25, D4, 72, 53, 00, FF, 25, D8, 72, 53, 00, FF, 25, DC, 72, 53, 00, FF, 25, E0, 72, 53, 00, FF, 25, E4, 72, 53, 00, FF, 25, E8, 72, 53, 00, FF, 25, EC, 72, 53, 00, FF, 25, F0, 72, 53, 00, FF, 25, F4, 72, 53, 00, FF, 25, F8, 72...
 
[+]

Entropy:
6.4688

Code size:
1.2 MB (1,266,688 bytes)

Remove msrtn32.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.