» wrtproc.exe
Overview
Analysis
File Details

wrtproc.exe

NsWrtProc Application

The executable wrtproc.exe, “NsWrtProc Microsoft Base Clase Application” has been detected as malware by 37 anti-virus scanners.

File name:

wrtproc.exe

Product:

NsWrtProc Application

Description:

NsWrtProc Microsoft Base Clase Application

Version:

1, 0, 0, 1

MD5:

adc908aa7729ca8920a44f4aa1c73702

SHA-1:

d713fa1c320d587582e5185f18f045d7a802d111

SHA-256:

ac5917458f61ddfdabcf8e1e431a146c12a6791da3f7f65f88a250982a2a2936

Scanner detections:

37 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/25/2024 12:11:46 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Virtob.Gen.12

5876669

Agnitum Outpost

Win32.Virut.Y.Gen

7.1.1

AhnLab V3 Security

Win32/Virut.F

2015.08.03

Avira AntiVirus

W32/Virut.Gen

8.3.1.6

Arcabit

Win32.Virtob.Gen.12

1.0.0.425

avast!

Win32:Vitro

150717-0

AVG

Win32/Virut

2015.0.4355

Bitdefender

Win32.Virtob.Gen.12

1.0.20.1070

Bkav FE

W32.Vetor.PE

1.3.0.6979

Comodo Security

Virus.Win32.Virut.CE

22917

Dr.Web

Win32.Virut.56

9.0.1.05190

Emsisoft Anti-Malware

Win32.Virtob.Gen.12

10.0.0.5366

ESET NOD32

Win32/Virut.NBP virus

7.0.302.0

Fortinet FortiGate

W32/Virut.CE

8/2/2015

F-Prot

W32/Virut.AI!Generic

v6.4.7.1.166

F-Secure

Win32.Virtob.Gen.12

5.14.151

G Data

Win32.Virtob.Gen.12

15.8.25

IKARUS anti.virus

Virus.Win32.Virut

t3scan.1.9.5.0

K7 AntiVirus

Virus

13.207.16756

Kaspersky

Virus.Win32.Virut

15.0.0.543

McAfee

Virus.W32/Virut.n.gen

17.6.569.0

Microsoft Security Essentials

Threat.Undefined

1.203.968.0

MicroWorld eScan

Win32.Virtob.Gen.12

16.0.0.642

NANO AntiVirus

Virus.Win32.Virut.hpeg

0.30.24.2668

Norman

Win32.Virtob.Gen.12

07.07.2015 03:10:29

nProtect

Virus/W32.Virut.Gen

15.07.31.01

Panda Antivirus

W32/Sality.AO

15.08.02.02

Quick Heal

W32.Virut.G

8.15.14.00

Rising Antivirus

PE:Win32.Virut.cl!1523074

23.00.65.15731

Sophos

Virus 'W32/Scribble-B'

5.15

Total Defense

Win32/Virut.17408

37.1.62.1

Trend Micro House Call

PE_VIRUX.A-1

7.2.214

Trend Micro

PE_VIRUX.A-1

10.465.02

Vba32 AntiVirus

Virus.Virut.06

3.12.26.4

VIPRE Antivirus

Threat.4120919

41424

ViRobot

Win32.Virut.AM[h]

2014.3.20.0

File size:

44 KB (45,056 bytes)

Product version:

1, 0, 0, 1

Original file name:

NsWrtProc.EXE

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Common path:

C:\Windows\System32\spool\drivers\w32x86\3\wrtproc.exe

File PE Metadata

Compilation timestamp:

9/19/2006 3:05:31 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

384:HxmVVyeTkYHq851Iy7bhH772KFkyJaToykzYJppV573EOsdEqkPgkDo1zCbLsT1:RmxF/Fb7BFk8BYJXV5bEFEnPgkDcT

Entry address:

0x2402

Entry point:

8D, 0B, B8, 04, 41, 00, 00, E9, 2F, FF, FF, FF, 00, 73, 1D, 84, 82, 66, 8B, 2A, 5C, 08, B4, 33, F7, 88, 67, E5, DC, 00, 00, F5, 92, 95, BF, 00, 62, 7B, 00, 66, 09, CB, 00, 77, 00, 42, 2F, 96, D7, 13, 52, DD, 21, B9, B3, 0A, FD, C0, 00, 08, 00, 67, 48, 00, 6F, 00, B7, 00, 0D, 00, 0A, 42, 12, 00, EE, 46, 00, 3A, 0B, B0, 81, DF, D2, 68, 0E, FE, 00, E5, 9A, 00, 5E, 00, AE, 93, 44, A8, BC, E9, 51, 42, FA, 00, F2, 00, DC, 29, 00, 11, EE, AF, 00, 00, D6, 0C, 81, 40, 00, 00, 0A, B7, 80, 50, 3B, DE, 00, 96, AC, DD... 
[+]

Code size:

8 KB (8,192 bytes)

Remove wrtproc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.