» wmiprvse.exe
Overview
Analysis
File Details

wmiprvse.exe

Windows Operating System

Microsoft Software Corporation

The application wmiprvse.exe, “WMI Performance Reverse Adapter” by Microsoft Software has been detected as a potentially unwanted program by 12 anti-malware scanners.

File name:

wmiprvse.exe

Publisher:

Foundation Corporation (signed by Microsoft Software Corporation)

Product:

Windows® Operating System

Description:

WMI Performance Reverse Adapter

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

MD5:

05d0cfe482410f0dfff8cff504130e57

SHA-1:

3d425107d044021294c547ca6736db586c2ee981

SHA-256:

157e4190023fb690997c0aee5e7a2eb5b2a03b4cb98847fab1fea5f6c40bd28b

Scanner detections:

12 / 68

Status:

Potentially unwanted

Analysis date:

1/2/2026 1:55:53 PM UTC (today)

Scan engine

Detection

Engine version

AVG

RemoteAdmin

2017.0.2684

Baidu Antivirus

Trojan.Win32.Kromeser

4.0.3.16713

ESET NOD32

Win32/RemoteAdmin.RemoteUtilities (variant)

10.9410

Fortinet FortiGate

W32/Kromeser.A!tr

7/13/2016

IKARUS anti.virus

Trojan-Dropper.Win32.Kromeser

t3scan.2.2.29

Kaspersky

Trojan-Dropper.Win32.Kromeser

14.0.0.-87

McAfee

Artemis!05D0CFE48241

5600.6340

NANO AntiVirus

Riskware.Win32.RemoteAdmin.crnukb

0.28.0.57630

Sophos

Generic PUA DN

4.97

Trend Micro House Call

TROJ_GEN.R021H07B914

7.2.195

Vba32 AntiVirus

TrojanDropper.Kromeser

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Generic

26358

File size:

4.5 MB (4,691,768 bytes)

Product version:

6.1.7600.16385

File type:

Executable application (Win32 EXE)

Common path:

C:\windows\dotcom\wmiprvse.exe

Digital Signature

Signed by:

Microsoft Software Corporation

Authority:

Microsoft Software Corporation

Valid from:

10/23/2013 3:32:07 PM

Valid to:

1/1/2040 5:59:59 AM

Subject:

CN=Microsoft Software Corporation

Issuer:

CN=Microsoft Software Corporation

Serial number:

E7A219EEA485B7844E3D178D91D06B69

File PE Metadata

Compilation timestamp:

5/21/2013 4:25:27 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:DQa9iq5axTLmzT+JOovfC5SKd+BQ2utH4mLKRRggdUamcPC3efTGTrv2cd57xN9d:DQa9bv+JO5DVs4amcP+hB

Entry address:

0x3BBDA4

Entry point:

55, 8B, EC, 83, C4, F0, 53, B8, 0C, 60, 7A, 00, E8, 93, 34, C5, FF, 8B, 1D, 8C, 0B, 7D, 00, A1, 80, 04, 7D, 00, 83, 38, 06, 7C, 05, E8, 0A, 8C, C5, FF, E8, ED, A1, FE, FF, 8B, 03, B2, 01, E8, 20, 81, E4, FF, 8B, 03, E8, F9, 63, E4, FF, 8B, 03, BA, 44, BE, 7B, 00, E8, E9, 5D, E4, FF, 8B, 03, C6, 40, 5F, 00, 8B, 0D, 8C, 07, 7D, 00, 8B, 03, 8B, 15, B0, C4, 79, 00, E8, EC, 63, E4, FF, 8B, 0D, 18, 08, 7D, 00, 8B, 03, 8B, 15, 08, C2, 70, 00, E8, D9, 63, E4, FF, 8B, 0D, CC, 11, 7D, 00, 8B, 03, 8B, 15, A8, 06, 75... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

3.7 MB (3,910,144 bytes)

Remove wmiprvse.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.