home

Watchclient.exe

Beijing VRV Software Corporation Limited.

It runs as a windows Service named “VRVWatchServer”.
Publisher:
Beijing VRV Software Co.,Ltd  (signed by Beijing VRV Software Corporation Limited.)

Description:
Watchclient.exe

Version:
6, 6, 24, 92

MD5:
5256efb5720e88e941e9889a07850b2f

SHA-1:
33d57ac3428fd1e714fca1cfc8277fd0ac91ad43

SHA-256:
2a9edc4f6793e226d22c1d60d5ef39c4316fe751700ad996b68f9d9739cc044a

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/20/2024 5:03:50 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
BACKDOOR.Trojan
9.0.1.0339

File size:
111.5 KB (114,216 bytes)

Product version:
6, 6, 24, 92

Copyright:
VRV Corporation. All Rights Reserved.

Original file name:
Watchclient.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\syswow64\watchclient.exe

Digital Signature
Signed by:
Beijing VRV Software Corporation Limited.

Authority:
VeriSign, Inc.

Valid from:
11/21/2011 8:00:00 AM

Valid to:
12/30/2014 7:59:59 AM

Subject:
CN=Beijing VRV Software Corporation Limited., OU=VDP, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Beijing VRV Software Corporation Limited., L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
64097E22331CF5F73B1F1F9BF806B6B2

File PE Metadata
Compilation timestamp:
4/23/2014 5:01:19 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:kcRUnSGe8ZvvNzoRGJRbTyqBqBKw1s58jEDtqCnJDsHtUi7HW:dWDe8ZneRGJRm038jEDtqCnJDsHtD72

Entry address:
0x9EAD

Entry point:
55, 8B, EC, 6A, FF, 68, 20, 13, 41, 00, 68, 00, D7, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 84, 11, 41, 00, 33, D2, 8A, D4, 89, 15, 30, 7F, 41, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 2C, 7F, 41, 00, C1, E1, 08, 03, CA, 89, 0D, 28, 7F, 41, 00, C1, E8, 10, A3, 24, 7F, 41, 00, 6A, 01, E8, 90, 37, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, 9F, 10, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Entropy:
5.5964

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
64 KB (65,536 bytes)

Service
Display name:
VRVWatchServer

Type:
Win32OwnProcess, InteractiveProcess

Group:
TDI


Scan Watchclient.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.