wrupdate438140.exe

Webroot SecureAnywhere

Webroot Inc.

This is a setup program which is used to install the application. It runs as a separate (within the context of its own process) windows Service named “WRSVC”. This is installed with Webroot SecureAnywhere. The file has been seen being downloaded from downbox.webrootanywhere.com.
Publisher:
Webroot  (signed by Webroot Inc.)

Product:
Webroot SecureAnywhere

Version:
9.0.8.100

MD5:
4de4201f16ace4327c7ff85972fdfa21

SHA-1:
e08dc75ba9614878ed8c56969a646c4fce53dedb

SHA-256:
274b8cdee654f800342a55461b11ae9b68ad66391d1ceb4f82b7e1913fbe73e3

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/25/2024 5:34:26 PM UTC  (today)

File size:
855.7 KB (876,200 bytes)

Product version:
9.0.8.100

Copyright:
(c) Webroot 2006-2016

Original file name:
WRSA.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\wrupdate438140.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
12/22/2015 4:00:00 PM

Valid to:
3/23/2019 4:59:59 PM

Subject:
CN=Webroot Inc., O=Webroot Inc., L=Broomfield, S=Colorado, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6FBB6E1D2367DC6BD38B1C8FA0BF6637

File PE Metadata
Compilation timestamp:
5/16/2016 3:54:39 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:0zm3dkCUdxSuIteUC7LWmSp3elTzTBi0n3:0QsIteH7SN+zTB

Entry address:
0x253B00

Entry point:
60, BE, 00, C0, 18, 01, 8D, BE, 00, 50, E7, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 40, 1B, 25, 00, 57, 83, C3, 04, 53, 68, F3, 7A, 0C, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Entropy:
7.9807  (probably packed)

Code size:
804 KB (823,296 bytes)

Service
Display name:
WRSVC

Description:
Webroot SecureAnywhere Antivirus v9.0.8.100

Type:
Win32OwnProcess

Group:
System Bus Extender


The file wrupdate438140.exe has been discovered within the following program.

Publisher's description - “Webroot SecureAnywhere uses a radically new cloud-based approach to online security that protects you against the latest threats as soon as they emerge. And it does so at blazing fast speeds, typically taking two minutes or less after the initial scan of your PC.”
www.webroot.com/En_US/consumer-products-secureanywhere-complete.html
25% remove it
 
Powered by Should I Remove It?

The file wrupdate438140.exe has been seen being distributed by the following URL.

Scan wrupdate438140.exe - Powered by Reason Core Security