home

wsvc.exe

WN Client Service

Wordinator

The application wsvc.exe by Wordinator has been detected as a potentially unwanted program by 6 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “WN 1.10.0.17 Client Service”. While running, it connects to the Internet address 125.235.4.59.adsl.viettel.vn on port 443.
Publisher:
WN  (signed by Wordinator)

Product:
WN Client Service

Version:
1.10.0.17

MD5:
6b1819348cc5d85d73ae56b37862ab02

SHA-1:
2c3f1078c8f1c7d41542f60a96de1db562d380bc

SHA-256:
778379a04eb2384b822b294f7d6221d57bfe11848cc9e54b4853226ccf4865c7

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
8/4/2025 5:40:55 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Vitruvian
2015.06.11

Baidu Antivirus
Adware.Win32.Vitruvian
4.0.3.15610

Dr.Web
Adware.Plugin.1011
9.0.1.05190

ESET NOD32
Win32/Adware.Vitruvian.F application
7.0.302.0

IKARUS anti.virus
PUA.Vitruvian
t3scan.1.9.5.0

VIPRE Antivirus
Threat.4761352
40828

File size:
272.1 KB (278,616 bytes)

Product version:
1.10.0.17

Copyright:
Copyright (C) 2015

Original file name:
wsvc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\wordinator_1.10.0.17\service\wsvc.exe

Digital Signature
Signed by:
Wordinator

Authority:
GlobalSign nv-sa

Valid from:
5/22/2015 10:04:49 PM

Valid to:
5/22/2017 10:04:49 PM

Subject:
E=support@wordinatorapp.com, CN=Wordinator, O=Wordinator, L=San Diego, S=California, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121F46109A06BF86659CDE9A599EBFF1652

File PE Metadata
Compilation timestamp:
6/3/2015 7:06:10 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
6144:GExuBLIJrXwV6lnQok/CTBEDw4u9d4YjO:GECLINX5lnzk/CTSju9d9O

Entry address:
0x21335

Entry point:
E8, B8, 64, 00, 00, E9, 7B, FE, FF, FF, CC, 8B, 4C, 24, 0C, 57, 85, C9, 0F, 84, 92, 00, 00, 00, 56, 53, 8B, D9, 8B, 74, 24, 14, F7, C6, 03, 00, 00, 00, 8B, 7C, 24, 10, 75, 0B, C1, E9, 02, 0F, 85, 85, 00, 00, 00, EB, 27, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 83, E9, 01, 74, 2B, 84, C0, 74, 2F, F7, C6, 03, 00, 00, 00, 75, E5, 8B, D9, C1, E9, 02, 75, 61, 83, E3, 03, 74, 13, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 84, C0, 74, 37, 83, EB, 01, 75, ED, 8B, 44, 24, 10, 5B, 5E, 5F, C3, F7, C7, 03, 00, 00, 00, 74...
 
[+]

Code size:
181 KB (185,344 bytes)

Service
Display name:
WN 1.10.0.17 Client Service

Service name:
wsvc_1.10.0.17

Description:
This service enables WN 1.10.0.17 on HTTP websites

Type:
Win32OwnProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to 125.235.4.59.adsl.viettel.vn  (125.235.4.59:443)

TCP (HTTP SSL):
Connects to unallocated.barefruit.co.uk  (92.242.134.28:443)

Remove wsvc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.