home

WinRoute.exe

Kerio WinRoute Firewall

Kerio Technologies, Inc.

It runs as a separate (within the context of its own process) windows Service named “Kerio WinRoute Firewall”.
Publisher:
Kerio Technologies  (signed by Kerio Technologies, Inc.)

Product:
Kerio WinRoute Firewall

Version:
6.4.1

MD5:
49ee774a39ea0ad08489104836eface7

SHA-1:
9b600572694271e44851ef2d10a1344e828c7bac

SHA-256:
0ebee32b94f510ec244ae9bed5ac4a066079f9bb09b13bb5b410b6340588e5fd

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/29/2024 10:40:57 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win32/IRCBot.worm.Gen
16.01.25

Prevx
Heuristic: Suspicious Backdoor
3.0.1

File size:
5.4 MB (5,646,184 bytes)

Product version:
6.4.1

Copyright:
© Kerio Technologies Inc. All rights reserved.

Original file name:
WinRoute.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\kerio\winroute firewall\winroute.exe

Digital Signature
Signed by:
Kerio Technologies, Inc.

Authority:
VeriSign, Inc.

Valid from:
2/23/2006 6:00:00 PM

Valid to:
2/24/2008 5:59:59 PM

Subject:
CN="Kerio Technologies, Inc.", OU=Development, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Kerio Technologies, Inc.", L=Santa Clara, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
09D5236FC7B38D7FE274CA2A81A2FCB9

File PE Metadata
Compilation timestamp:
12/7/2007 5:08:50 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
49152:uvKK5q5L/75WZc/L1rHshri/jEHBHqxAX77/78OWpyCIDSuuGcUU2Fmr28R0JSho:0whz5mOEIGqyboyIQukI0

Entry address:
0x189C05

Entry point:
E8, FE, 04, 00, 00, E9, D9, FC, FF, FF, CC, FF, 25, 90, 6C, 86, 00, FF, 25, 8C, 6C, 86, 00, FF, 25, 88, 6C, 86, 00, FF, 25, 84, 6C, 86, 00, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 10, 80, B2, 00, 89, 0D, 0C, 80, B2, 00, 89, 15, 08, 80, B2, 00, 89, 1D, 04, 80, B2, 00, 89, 35, 00, 80, B2, 00, 89, 3D, FC, 7F, B2, 00, 66, 8C, 15, 28, 80, B2, 00, 66, 8C, 0D, 1C, 80, B2, 00, 66, 8C, 1D, F8, 7F, B2, 00, 66, 8C, 05, F4, 7F, B2, 00, 66, 8C, 25, F0, 7F, B2, 00, 66, 8C, 2D, EC, 7F, B2, 00, 9C, 8F, 05, 20, 80, B2, 00...
 
[+]

Entropy:
6.4113

Code size:
4.4 MB (4,608,000 bytes)

Service
Display name:
Kerio WinRoute Firewall

Service name:
WinRoute

Type:
Win32OwnProcess


Scan WinRoute.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.