home

bookfat.exe

Wei Liu

The application bookfat.exe by Wei Liu has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Protect Service(BookfatP)”.
Publisher:
Wei Liu  (signed and verified)

MD5:
6deb89de7d2cef1e8c0f22be1206ae9f

SHA-1:
efa663d1b26c71b00d1546b91385a0bb7c038cbf

SHA-256:
c0c988386e4a43138ce594093d5479f05dd48518de9eb1db89cbf5b5c0fae221

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 2:50:05 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex (M)
17.2.9.20

File size:
447.4 KB (458,104 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\bookfat\bookfat.exe

Digital Signature
Signed by:
Wei Liu

Authority:
thawte, Inc.

Valid from:
8/11/2016 3:00:00 AM

Valid to:
4/2/2017 1:59:59 AM

Subject:
CN=Wei Liu, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
6FB0DA01D52C77B4FC035FDC861155

File PE Metadata
Compilation timestamp:
8/11/2016 9:52:05 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x2B39F

Entry point:
E8, C8, 07, 00, 00, E9, 80, FE, FF, FF, FF, 25, 60, F3, 44, 00, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, F2, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 70, A0, 46, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, F2, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 70, A0, 46, 00, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45...
 
[+]

Entropy:
6.4641

Code size:
310 KB (317,440 bytes)

Service
Display name:
Protect Service(BookfatP)

Service name:
BookfatP

Description:
To ensure your Bookfat software integrity. If this service is disabled or stopped, your Bookfat software will not be kept integrity check. This service uninstalls itself when there is no Bookfat softw

Type:
Win32OwnProcess

Depends on:
RpcSs


Remove bookfat.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.