home

fltw.exe

WtFilterServ

Zimin Sergei Aleksandrovich IP

It runs as a separate (within the context of its own process) windows Service named “WtFilterServ”.
Publisher:
Zimin Sergei Aleksandrovich IP  (signed and verified)

Product:
WtFilterServ

Version:
3.1.0.0

MD5:
4e26d5632f17203c47ccc2ef438a8f2c

SHA-1:
14d86ea17d07deb70de613c8c997d1e48fed1043

SHA-256:
4a1b0c48c5f3b0083f0e1a4828fafc2abc08c583cbffac63f6b8a7547b672f29

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
12/26/2024 6:15:14 AM UTC  (today)

Scan engine
Detection
Engine version

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.8.6.0

File size:
1.4 MB (1,458,024 bytes)

Product version:
3.1.0.0

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\syswow64\fltw.exe

Digital Signature
Signed by:
Zimin Sergei Aleksandrovich IP

Authority:
VeriSign, Inc.

Valid from:
4/30/2013 3:00:00 AM

Valid to:
5/1/2015 2:59:59 AM

Subject:
CN=Zimin Sergei Aleksandrovich IP, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Zimin Sergei Aleksandrovich IP, L=Murom, S=Vladimir rgn., C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5B1C391BC214F05D57C5D22896BCB345

File PE Metadata
Compilation timestamp:
5/22/2013 11:10:38 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x60171

Entry point:
55, 8B, EC, 83, C4, F0, B8, 00, 10, 40, 00, E8, 01, 00, 00, 00, 9A, 83, C4, 10, 8B, E5, 5D, E9, 77, 14, 44, 00, 1B, 46, 3F, 80, 73, 26, DF, 72, 6F, 57, FD, 4F, BE, A8, 99, 6B, 6F, 55, 31, B2, BF, 71, 81, C4, 6F, E6, C7, 19, 06, 92, F7, 94, 11, BD, E7, 34, 38, 49, FF, 78, FA, 7F, 70, 2F, 28, 04, FD, A5, 96, 28, 56, 5E, 88, 2A, 6F, 1A, 8F, 18, 40, 50, 1A, 6E, 39, 14, 72, 99, CD, 6F, A7, A0, 7F, 6B, CC, 8B, E3, B8, 28, 43, A7, 03, 8E, B6, 33, A9, 57, F8, 7F, 6D, 8E, 9A, 8E, 23, 23, C0, 25, 27, 5C, 17, D7, 1A...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
1.1 MB (1,129,472 bytes)

Service
Display name:
WtFilterServ

Service name:
wtflserv

Type:
Win32OwnProcess


Scan fltw.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.