» wssvc.exe
Overview
Analysis
File Details
Behaviors (1)

wssvc.exe

The application wssvc.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “WS 1.10.0.20 Client Service”. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages.

File name:

wssvc.exe

MD5:

a4561efbc2c5289705b9be0d3d5ed3ca

SHA-1:

d5ff205d26e83739e37b22015c4357b3aadc566b

SHA-256:

efbc9c84b8025b648064bea85d35918dd640637ef62fa5d1ba1b1e0665d5702a

Scanner detections:

14 / 68

Status:

Potentially unwanted

Analysis date:

1/14/2025 10:21:22 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Generic.1451198

502

Avira AntiVirus

TR/Trash.Gen

8.3.1.6

avast!

Win32:Vitruvian-B [PUP]

2014.9-150921

Emsisoft Anti-Malware

Application.Generic.1451198

8.15.09.21.11

F-Prot

W32/Vitruvian.A

v6.4.6.5.141

F-Secure

Riskware.Application.Generic.1451198

11.2015-21-09_2

herdProtect (fuzzy)

variant of ppsvc.exe

2015.9.21.11

IKARUS anti.virus

PUA.SearchProtect

t3scan.1.9.5.0

Kaspersky

Packed.Win32.Krap

14.0.0.1598

McAfee

Virus.W32/Expiro.gen.p

5600.6636

Microsoft Security Essentials

Threat.Undefined

1.203.1482.0

Reason Heuristics

Threat.Win.Reputation.IMP

15.8.11.7

Sophos

Virus 'W32/Expiro-S'

5.15

VIPRE Antivirus

Backdoor.Win32.Bifrose.fsi

42080

File size:

293.1 KB (300,120 bytes)

File type:

Executable application (Win16 EXE)

Common path:

C:\Program Files\wordshark_1.10.0.20\service\wssvc.exe

File PE Metadata

Compilation timestamp:

7/6/2015 2:11:18 PM

OS version:

5.1

OS bitness:

Win16

Subsystem:

Windows Console

Linker version:

11.0

CTPH (ssdeep):

3072:kqXg3VSjMtjRTg5lKUCf6Zsms+lvhGS55hmaFRYdGVpcp9i6pnWXN+1zzdAzTBfJ:kqw3VFUwmJ7YdVzJWXNIxAzTBsa0iVd

Entry address:

0x253E5

Entry point:

E8, B8, 64, 00, 00, E9, 7B, FE, FF, FF, 55, 8B, EC, 53, 8B, 5D, 10, 57, 33, FF, 85, DB, 75, 14, E8, 1C, 1F, 00, 00, C7, 00, 16, 00, 00, 00, E8, 6A, 39, 00, 00, 33, C0, EB, 73, 56, 68, BC, 03, 00, 00, 6A, 01, E8, 44, 3B, 00, 00, 8B, F0, 59, 59, 85, F6, 74, 49, E8, C8, 30, 00, 00, FF, 70, 6C, 56, E8, 46, 31, 00, 00, 8B, 45, 14, 83, 4E, 04, FF, 89, 46, 58, 8B, 45, 1C, 59, 59, 89, 5E, 54, 85, C0, 75, 03, 8D, 45, 10, 50, FF, 75, 18, 56, 68, 4F, 55, 42, 00, FF, 75, 0C, FF, 75, 08, FF, 15, 48, 31, 43, 00, 85, C0... 
[+]

Entropy:

6.3206

Code size:

198.5 KB (203,264 bytes)

Service

Display name:

WS 1.10.0.20 Client Service

Service name:

wssvc_1.10.0.20

Description:

This service enables WS 1.10.0.20 on HTTP websites

Type:

Win32OwnProcess

Remove wssvc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.