home

fltw.exe

Zimin Sergei Aleksandrovich IP

It runs as a separate (within the context of its own process) windows Service named “WtFilterServ”.
Publisher:
Zimin Sergei Aleksandrovich IP  (signed and verified)

MD5:
56e2c2b289a06bc2de8053f171cfef6c

SHA-1:
bfe88c141d297fecac43632069365b2e98eee0a8

SHA-256:
c121ed60bacfa624ff68d391d644b5ec6dbe1fef26e3d87669b1ec861675eb33

Scanner detections:
5 / 68

Status:
Clean  (5 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
12/26/2024 5:58:01 AM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
PUA.Packed.EnigmaProtector
0.98/18155

Trend Micro House Call
PAK_Generic.009
7.2.322

Trend Micro
PAK_Generic.009
10.465.17

Vba32 AntiVirus
Trojan.Scar.fdwt
3.12.16.4

VIPRE Antivirus
Trojan.Win32.Packer.EnigmaProtector1.1X-1.3X
11463

File size:
1.1 MB (1,185,080 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\syswow64\fltw.exe

Digital Signature
Signed by:
Zimin Sergei Aleksandrovich IP

Authority:
The USERTRUST Network

Valid from:
1/24/2011 5:00:00 AM

Valid to:
1/25/2012 4:59:59 AM

Subject:
CN=Zimin Sergei Aleksandrovich IP, O=Zimin Sergei Aleksandrovich IP, STREET=34/6-36 Leningradskaya ul., L=Murom, S=Vladimir rgn., PostalCode=602205, C=RU

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
008E477F257A255CC19F18A2C51B64988E

File PE Metadata
Compilation timestamp:
1/12/2012 6:52:34 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:NxW69xRAFemPMreL2aIN7Hy/X+FIrg5cvVgwsuxP2WdVWQsey9:NF9xR1mPWeLVkMOIrg5I+wsux7O

Entry address:
0x230D6

Entry point:
55, 8B, EC, 83, C4, F0, B8, 00, 10, 40, 00, E8, 01, 00, 00, 00, 9A, 83, C4, 10, 8B, E5, 5D, E9, 4A, 35, 49, 00, 47, 27, CB, 35, E2, 26, 14, 00, 64, 24, BD, 08, 25, 77, 12, 39, FF, 5D, 03, EF, 9E, FE, 8F, 88, E6, 0E, 22, 1A, 49, EE, FF, 8A, 06, 67, 23, 40, 28, CE, 21, 01, 4F, 22, 5F, 4F, 05, B0, 0C, 1C, 6B, 14, A9, 71, 3D, BA, CB, 05, 3D, 71, 54, 76, FF, E4, A4, 2B, 9F, 7F, 87, 91, F2, A2, D6, 25, 7D, 14, 8E, 5E, 2F, C8, F0, 98, A2, 61, BB, 16, 90, FE, 92, 24, 0E, 89, 02, DC, 0A, 24, 02, 33, F2, E4, 3D, 20...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
1 MB (1,058,304 bytes)

Service
Display name:
WtFilterServ

Service name:
wtflserv

Description:
{47F7E63E-262B-4533-8D97-5638988E0364}

Type:
Win32OwnProcess


Scan fltw.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.