wssvc.exe

WS Client Service

Word Shark

The application wssvc.exe by Word Shark has been detected as a potentially unwanted program by 17 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “WS 1.10.0.20 Client Service”.
Publisher:
WS  (signed by Word Shark)

Product:
WS Client Service

Version:
1.10.0.20

MD5:
2a06de988bc7aac1d206e0804c4ffaab

SHA-1:
c71b258aa43ce3f1f888d03c1ba3d7cd7ae31796

SHA-256:
40423dee25100827b10930cf806542a900c899321721d769cb1a484c485cff8c

Scanner detections:
17 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 5:18:28 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Patched.Gen
7.11.30.172

avast!
Win32:Xpirat
2014.9-150810

AVG
Generic
2016.0.3053

Baidu Antivirus
Adware.Win32.Vitruvian
4.0.3.1579

Dr.Web
Adware.Plugin.1136, Win32.Expiro.80
9.0.1.0222

Emsisoft Anti-Malware
Win32.Expiro.Gen
8.15.08.10.06

ESET NOD32
Win32/Adware.Vitruvian (variant)
9.11912

F-Prot
W32/Expiro.BG
v6.4.6.5.141

F-Secure
Win32.Expiro.Gen.3
11.2015-10-08_2

Kaspersky
not-a-virus:AdWare.Win32.Vitruvian
14.0.0.1601

Malwarebytes
PUP.Optional.WordShark.A
v2015.07.09.08

McAfee
Virus.W32/Expiro.gen.p
5600.6677

Microsoft Security Essentials
Threat.Undefined
1.203.1482.0

Norman
Win32.Expiro.Gen.3
11.20150810

Reason Heuristics
PUP.WordShark (M)
15.7.9.20

Sophos
Virus 'W32/Expiro-S'
5.15

VIPRE Antivirus
InfoAtoms
41848

File size:
293.1 KB (300,120 bytes)

Product version:
1.10.0.20

Copyright:
Copyright (C) 2015

Original file name:
wssvc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\wordshark_1.10.0.20\service\wssvc.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
5/22/2015 3:07:42 PM

Valid to:
5/22/2017 3:07:42 PM

Subject:
E=support@wordsharkapp.com, CN=Word Shark, O=Word Shark, L=San Diego, S=California, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112198EB233B90E5F1DCEFA56D0BCF72B66C

File PE Metadata
Compilation timestamp:
7/6/2015 2:11:18 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
3072:kqXg3VSjMtjRTg5lKUCf6Zsms+lvhGS55hmaFRYdGVpcp9i6pnWXN+1zzdAzTBfJ:kqw3VFUwmJ7YdVzJWXNIxAzTBsa0iVd

Entry address:
0x253E5

Entry point:
E8, B8, 64, 00, 00, E9, 7B, FE, FF, FF, 55, 8B, EC, 53, 8B, 5D, 10, 57, 33, FF, 85, DB, 75, 14, E8, 1C, 1F, 00, 00, C7, 00, 16, 00, 00, 00, E8, 6A, 39, 00, 00, 33, C0, EB, 73, 56, 68, BC, 03, 00, 00, 6A, 01, E8, 44, 3B, 00, 00, 8B, F0, 59, 59, 85, F6, 74, 49, E8, C8, 30, 00, 00, FF, 70, 6C, 56, E8, 46, 31, 00, 00, 8B, 45, 14, 83, 4E, 04, FF, 89, 46, 58, 8B, 45, 1C, 59, 59, 89, 5E, 54, 85, C0, 75, 03, 8D, 45, 10, 50, FF, 75, 18, 56, 68, 4F, 55, 42, 00, FF, 75, 0C, FF, 75, 08, FF, 15, 48, 31, 43, 00, 85, C0...
 
[+]

Entropy:
6.3205

Code size:
198.5 KB (203,264 bytes)

Service
Display name:
WS 1.10.0.20 Client Service

Service name:
wssvc_1.10.0.20

Description:
This service enables WS 1.10.0.20 on HTTP websites

Type:
Win32OwnProcess


Remove wssvc.exe - Powered by Reason Core Security