home

Wmiprvse.exe

WMI Provider Host

Microsoft Corporation

Publisher:
Microsoft Corporation

Product:
Microsoft® Windows® Operating System

Description:
WMI Provider Host

 
Part of the Windows Operating System

Version:
6.2.8063.0 (winmain.110804-1922)

MD5:
fd9ebd320b55904e43f69dba600bd5e4

SHA-1:
671ef332243cb3fbb102ddbaf50c77f8d15fb1bc

SHA-256:
b2a1ade057c07fd2c6064b81dac7a9c515b1a94137cc9322d07e67483990859f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/25/2024 11:36:08 PM UTC  (a few moments ago)

File size:
349.5 KB (357,888 bytes)

Product version:
6.2.8063.0

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
Wmiprvse.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\wbem\wmiprvse.exe

File PE Metadata
Compilation timestamp:
8/5/2011 12:33:35 AM

OS version:
6.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
10.10

CTPH (ssdeep):
6144:aF5g6M+aHDgNKIgiRDxCH8w3CuLisbeQjy0:S5gl+ayKI/DxCp3C8vauy

Entry address:
0x47F88

Entry point:
48, 83, EC, 28, E8, B3, 04, 00, 00, 48, 83, C4, 28, E9, B2, FD, FF, FF, CC, CC, CC, CC, CC, CC, 48, 83, EC, 28, E8, 17, 00, 00, 00, 48, F7, D8, 1B, C0, F7, D8, FF, C8, 48, 83, C4, 28, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, 40, 53, 48, 83, EC, 20, 48, 8B, D9, 48, 8B, 05, 08, CB, 00, 00, 48, 89, 44, 24, 38, 48, 83, F8, FF, 75, 08, FF, 15, 6F, 94, FB, FF, EB, 5D, B9, 08, 00, 00, 00, E8, 3D, 05, 00, 00, 90, 48, 8B, 05, E3, CA, 00, 00, 48, 89, 44, 24, 38, 48, 8B, 05, CF, CA, 00, 00, 48, 89, 44, 24, 40, 4C, 8D...
 
[+]

Entropy:
6.0537

Code size:
320.5 KB (328,192 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.