home

wmiprvse.exe

Windows Operating System

Microsoft Software Corporation

The executable wmiprvse.exe, “WMI Performance Reverse Adapter” has been detected as malware by 3 anti-virus scanners.
Publisher:
Foundation Corporation  (signed by Microsoft Software Corporation)

Product:
Windows® Operating System

Description:
WMI Performance Reverse Adapter

Version:
6.1.7600.16385 (win7_rtm.090713-1255)

MD5:
ce9fe1efea41476c7c6c2d0578b5004f

SHA-1:
97d11698125154a1ce4b8cbff38bbbf23c9734a4

SHA-256:
3ab590593c55471642b9ede49656b11ab952eefbf84343dee8b7919b4b08ae75

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
1/2/2026 11:50:09 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
RemoteAdmin
2015.0.3581

ESET NOD32
Win32/RemoteAdmin.RemoteUtilities (variant)
8.9321

Kaspersky
Trojan-Dropper.Win32.Kromeser
14.0.0.4402

File size:
4.5 MB (4,691,768 bytes)

Product version:
6.1.7600.16385

Copyright:
© Foundation Corporation. All rights reserved.

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\vmwarednd\54c6ada0\7zipsfx.000\wmiprvse.exe

Digital Signature
Signed by:
Microsoft Software Corporation

Authority:
Microsoft Software Corporation

Valid from:
10/23/2013 3:48:54 PM

Valid to:
1/1/2040 5:59:59 AM

Subject:
CN=Microsoft Software Corporation

Issuer:
CN=Microsoft Software Corporation

Serial number:
4559BCE5B18F238748894945FC1CEA73

File PE Metadata
Compilation timestamp:
5/21/2013 4:25:27 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:YQa9iq5axTLmzT+JOovfC5SKd+BQ2utH4mLKRRggdUamcPC3efTGTrv2cd57xN9p:YQa9bv+JO5DVs4amcP+h1

Entry address:
0x3BBDA4

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, 0C, 60, 7A, 00, E8, 93, 34, C5, FF, 8B, 1D, 8C, 0B, 7D, 00, A1, 80, 04, 7D, 00, 83, 38, 06, 7C, 05, E8, 0A, 8C, C5, FF, E8, ED, A1, FE, FF, 8B, 03, B2, 01, E8, 20, 81, E4, FF, 8B, 03, E8, F9, 63, E4, FF, 8B, 03, BA, 44, BE, 7B, 00, E8, E9, 5D, E4, FF, 8B, 03, C6, 40, 5F, 00, 8B, 0D, 8C, 07, 7D, 00, 8B, 03, 8B, 15, B0, C4, 79, 00, E8, EC, 63, E4, FF, 8B, 0D, 18, 08, 7D, 00, 8B, 03, 8B, 15, 08, C2, 70, 00, E8, D9, 63, E4, FF, 8B, 0D, CC, 11, 7D, 00, 8B, 03, 8B, 15, A8, 06, 75...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
3.7 MB (3,910,144 bytes)

Remove wmiprvse.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.