home

RtWLan.EXE

RtWLan Application

Realtek Semiconductor Corp.

The executable RtWLan.EXE, “RtWLan ( For Vista / Win7) Application(External Registrar)” has been detected as malware by 38 anti-virus scanners. According to the AV engines that detect this, it is a detection for a file infected by members of the Win32/Ramnit malware family and may drop and load other malware.
Publisher:
Realtek Semiconductor Corp.

Product:
RtWLan Application

Description:
RtWLan ( For Vista / Win7) Application(External Registrar)

Version:
700, 1604, 108, 2010

MD5:
c39c84d365d5825a119b099fff778cde

SHA-1:
1d4137eb59213e57dde8822ce342e6f8f49d3f36

SHA-256:
e03c32894ecbfcd969f8dca3ec703274beda764a950f7df62bbb891be6a0a6d2

Scanner detections:
38 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/23/2024 7:50:24 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Ramnit
827

AegisLab AV Signature
W32.Nimnul
2.1.4+

Agnitum Outpost
Win32.Ramnit.Gen.3
7.1.1

AhnLab V3 Security
Win32/Ramnit.B
2014.10.31

Avira AntiVirus
W32/Ramnit.A
7.11.30.172

avast!
Win32:RmnDrp
2014.9-141030

AVG
Win32/Ramnit.A
2015.0.3305

Baidu Antivirus
Virus.Win32.Nimnul.$a
4.0.3.141030

Bitdefender
Win32.Ramnit
1.0.20.1515

Bkav FE
W32.RammitNNA.PE
1.3.0.6185

Comodo Security
Virus.Win32.Ramnit.A
19945

Dr.Web
Win32.Rmnet
9.0.1.0303

Emsisoft Anti-Malware
Win32.Ramnit
8.14.10.30.08

ESET NOD32
Win32/Ramnit
8.10646

Fortinet FortiGate
W32/Ramnit.C
10/30/2014

F-Prot
W32/Ramnit.B
4.6.5.141

F-Secure
Win32.Ramnit
11.2014-30-10_5

G Data
Win32.Ramnit
14.10.24

IKARUS anti.virus
Virus.Win32.Ramnit
t3scan.1.8.3.0

K7 AntiVirus
Virus
13.185.13853

Kaspersky
Virus.Win32.Nimnul
14.0.0.3021

Malwarebytes
Virus.Ramnit
v2014.10.30.08

McAfee
W32/Ramnit.a
5600.6961

Microsoft Security Essentials
Threat.Undefined
1.187.957.0

MicroWorld eScan
Win32.Ramnit
15.0.0.909

NANO AntiVirus
Virus.Win32.Nimnul.bpchjo
0.28.6.62995

Norman
Krap.XK
11.20141030

nProtect
Win32.Ramnit
14.10.30.01

Qihoo 360 Security
Virus.Win32.Ramnit.B
1.0.0.1015

Quick Heal
W32.Ramnit.A
10.14.14.00

Rising Antivirus
PE:Win32.Ramnit.a!1590234
23.00.65.141028

Sophos
W32/Patched-I
4.98

Total Defense
Win32/Ramnit.A
37.0.11255

Trend Micro House Call
PE_RAMNIT.H
7.2.303

Trend Micro
PE_RAMNIT.H
10.465.30

Vba32 AntiVirus
Virus.Win32.Nimnul.a
3.12.26.3

ViRobot
Win32.Ramnit.E
2011.4.7.4223

Zillya! Antivirus
Virus.Nimnul.Win32.2
2.0.0.1973

File size:
1.1 MB (1,179,648 bytes)

Product version:
700, 1604, 108, 2010

Copyright:
Copyright (C) 2003-2010

Original file name:
RtWLan.EXE

File type:
Executable application (Win32 EXE)

Language:
Chinese (Traditional, Taiwan)

Common path:
C:\Program Files\realtek\rtl8187 wireless lan utility\rtwlan.exe

File PE Metadata
Compilation timestamp:
1/8/2010 9:15:22 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:SlAfFEZ0KtRfHRc519fBztuP4aziH+8dg6ZN2U:SlAfMRfHRc5/TC4aR8d

Entry address:
0x121000

Entry point:
60, E8, 00, 00, 00, 00, 5D, 8B, C5, 81, ED, 32, 6F, 01, 20, 2B, 85, 50, 72, 01, 20, 89, 85, 4C, 72, 01, 20, B0, 00, 86, 85, 9E, 74, 01, 20, 3C, 01, 0F, 85, DE, 02, 00, 00, 8B, 85, 4C, 72, 01, 20, 2B, 85, 58, 72, 01, 20, 8B, 00, 89, 85, EA, 73, 01, 20, 8B, 85, 4C, 72, 01, 20, 2B, 85, 5C, 72, 01, 20, 8B, 00, 89, 85, F2, 73, 01, 20, 83, BD, F2, 73, 01, 20, 00, 0F, 84, A9, 02, 00, 00, 83, BD, EA, 73, 01, 20, 00, 0F, 84, 9C, 02, 00, 00, 8D, 85, 8D, 74, 01, 20, 50, FF, 95, EA, 73, 01, 20, 83, F8, 00, 0F, 84, 86...
 
[+]

Entropy:
6.3709

Packer / compiler:
ASPack v1.08.04

Code size:
744 KB (761,856 bytes)

Remove RtWLan.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.