home

wencrnt4.sys

Psaltech (WinEncrypt)

It runs as a Windows kernel mode device driver named “WENCRNT4”.
Publisher:
Psaltech (WinEncrypt)  (signed and verified)

MD5:
116de98d2bf2371fcf83065e842063f3

SHA-1:
7ede397093def72a776d910f160844d03ef8ed6f

SHA-256:
969f53608fd7aa584173c1a5ed3d13f43e278d7e3855aac77b8b08df9b88738b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 4:53:28 PM UTC  (today)

File size:
119.5 KB (122,368 bytes)

File type:
Driver (Win32 SYS)

Common path:
C:\Windows\System32\drivers\wencrnt4.sys

Digital Signature
Signed by:
Psaltech (WinEncrypt)

Authority:
GlobalSign nv-sa

Valid from:
1/23/2007 4:54:38 PM

Valid to:
1/23/2008 4:54:38 PM

Subject:
E=support@psaltech.com, CN=Psaltech (WinEncrypt), O=Psaltech (WinEncrypt), C=IN

Issuer:
CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:
010000000001104E60E822

File PE Metadata
Compilation timestamp:
1/20/2007 2:17:57 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
6.0

CTPH (ssdeep):
1536:MICS4AeF0LX1gRHqIHKgVERSnjE1bJtczrjje/LmmfAeN5gLapj14WiD:nLX1gRqIHK4nj+9f3bzHm

Entry address:
0x1AEA0

Entry point:
55, 8B, EC, 8B, 45, 08, C7, 40, 38, 80, 3C, 01, 00, 8B, 4D, 08, C7, 41, 40, 80, 3C, 01, 00, 8B, 55, 08, C7, 82, 80, 00, 00, 00, 80, 3C, 01, 00, 8B, 45, 08, C7, 40, 5C, 80, 3C, 01, 00, 8B, 4D, 08, C7, 41, 78, 80, 3C, 01, 00, 8B, 55, 08, C7, 42, 44, 80, 3C, 01, 00, 8B, 45, 08, C7, 40, 48, 80, 3C, 01, 00, 8B, 4D, 08, C7, 41, 70, 80, 3C, 01, 00, 8B, 55, 08, C7, 42, 34, 20, 55, 01, 00, 6A, 01, 68, 80, AE, 02, 00, FF, 15, 60, 02, 01, 00, 8B, 45, 08, 50, E8, 52, 00, 00, 00, 5D, C2, 08, 00, CC, CC, CC, CC, CC, CC...
 
[+]

Entropy:
6.9420

Developed / compiled with:
Microsoft Visual C++

Code size:
94.9 KB (97,216 bytes)

Driver
Display name:
WENCRNT4

Type:
Kernel device driver (KernelDriver)


The file wencrnt4.sys has been discovered within the following program.

CryptArchiver Personal Edition  by WinEncrypt
WinEncrypt.com
About 4% of users remove it
 
Powered by Should I Remove It?

Scan wencrnt4.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.