home

fltw.exe

Zimin Sergei Aleksandrovich IP

It runs as a separate (within the context of its own process) windows Service named “WtFilterServ”.
Publisher:
Zimin Sergei Aleksandrovich IP  (signed and verified)

MD5:
1052b1b000a7e4d67938e31a0916f10b

SHA-1:
5d754e0bf5d760f5ba0c1e3e643fe2c7825b1300

SHA-256:
59dd24faf40df082e520f4dec5b0a67d328efeeb9ca659e0782efa2c3a3e67b7

Scanner detections:
5 / 68

Status:
Clean  (5 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
12/26/2024 6:43:32 AM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
PUA.Packed.EnigmaProtector
0.98/18155

Trend Micro House Call
PAK_Generic.009
7.2.330

Trend Micro
PAK_Generic.009
10.465.25

Vba32 AntiVirus
Trojan.Scar.fdwt
3.12.16.4

VIPRE Antivirus
Trojan.Win32.Packer.EnigmaProtector1.1X-1.3X
11860

File size:
1.1 MB (1,183,032 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Windows\System32\fltw.exe

Digital Signature
Signed by:
Zimin Sergei Aleksandrovich IP

Authority:
The USERTRUST Network

Valid from:
1/24/2011 3:00:00 AM

Valid to:
1/25/2012 2:59:59 AM

Subject:
CN=Zimin Sergei Aleksandrovich IP, O=Zimin Sergei Aleksandrovich IP, STREET=34/6-36 Leningradskaya ul., L=Murom, S=Vladimir rgn., PostalCode=602205, C=RU

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
008E477F257A255CC19F18A2C51B64988E

File PE Metadata
Compilation timestamp:
1/12/2012 4:53:13 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:c0mjr3XXgqAafDf9I0Uwly/X+ChZhGoPBFUEDAIwlbx49GlRVAMsY:bm3n1Aaf20uThZhHJF9DAIrGSMsY

Entry address:
0x4799C

Entry point:
55, 8B, EC, 83, C4, F0, B8, 00, 10, 40, 00, E8, 01, 00, 00, 00, 9A, 83, C4, 10, 8B, E5, 5D, E9, F8, EB, 46, 00, FB, CE, 28, D3, 15, 55, A1, B1, CB, A9, B6, C2, 0C, 0B, 3C, 0D, 5A, 2F, 91, 00, 65, 12, 9E, 6C, 89, A5, FB, 54, EC, 7B, 0E, C1, 6D, EC, C1, A1, 38, 87, 0C, F3, 99, AD, E8, F3, 07, DE, CD, 86, BB, 42, 05, FA, 11, 3C, 07, BE, 30, AF, D5, 08, 15, A5, 2A, 0C, 39, 1F, 2A, CF, F2, 8E, 54, 41, EC, FC, 6A, EC, EF, A6, 03, DD, 9C, 1E, 11, 32, E5, 6D, DF, 0D, 66, B0, 76, AF, AA, DA, E8, 87, 81, 09, 22, 72...
 
[+]

Entropy:
7.9295

Developed / compiled with:
Microsoft Visual C++

Code size:
1 MB (1,057,792 bytes)

Service
Display name:
WtFilterServ

Service name:
wtflserv

Description:
{47F7E63E-262B-4533-8D97-5638988E0364}

Type:
Win32OwnProcess


Scan fltw.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.