wrupdate327406.exe

Webroot SecureAnywhere

Webroot Inc.

This is a setup program which is used to install the application. It runs as a separate (within the context of its own process) windows Service named “WRSVC”. This is installed with Webroot SecureAnywhere. The file has been seen being downloaded from anywhere.webrootcloudav.com.
Publisher:
Webroot  (signed by Webroot Inc.)

Product:
Webroot SecureAnywhere

Version:
9.0.10.19

MD5:
e68ee4b7b042cba1a25df1cfb1c2c7eb

SHA-1:
df616b195d28b24ec7d5009701f3caec6abcd8bc

SHA-256:
efab2c49d370ac6febe751ee1c6142aecb61779e72f2185d126b481c012dc0a1

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/25/2024 3:42:27 PM UTC  (today)

File size:
876 KB (896,984 bytes)

Product version:
9.0.10.19

Copyright:
(c) Webroot 2006-2016

Original file name:
WRSA.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\wrupdate327406.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
12/22/2015 4:00:00 PM

Valid to:
3/23/2019 4:59:59 PM

Subject:
CN=Webroot Inc., O=Webroot Inc., L=Broomfield, S=Colorado, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6FBB6E1D2367DC6BD38B1C8FA0BF6637

File PE Metadata
Compilation timestamp:
7/5/2016 3:29:40 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:w87lmO9CVapHpb3bkgC1k0xt+10Jdl09PMxac:w8ZmO8ypbHC+0ndJdG94a

Entry address:
0x299AE0

Entry point:
60, BE, 00, D0, 1C, 01, 8D, BE, 00, 40, E3, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, F6, 7B, 29, 00, 57, 83, C3, 04, 53, 68, DD, CA, 0C, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Entropy:
7.9811  (probably packed)

Code size:
824 KB (843,776 bytes)

Service
Display name:
WRSVC

Description:
Webroot SecureAnywhere Internet Security Plus v9.0.10.19

Type:
Win32OwnProcess

Group:
System Bus Extender


The file wrupdate327406.exe has been discovered within the following programs.

Publisher's description - “Webroot SecureAnywhere uses a radically new cloud-based approach to online security that protects you against the latest threats as soon as they emerge. And it does so at blazing fast speeds, typically taking two minutes or less after the initial scan of your PC.”
www.webroot.com/En_US/consumer-products-secureanywhere-complete.html
25% remove it
 
Powered by Should I Remove It?

The file wrupdate327406.exe has been seen being distributed by the following URL.

Scan wrupdate327406.exe - Powered by Reason Core Security