» fontcache.exe
Overview
Analysis
File Details
Behaviors (1)

fontcache.exe

Microsoft @ Windows @ Operation System

Hefei Hejunzhengce Info Tech Co., Ltd.

The executable fontcache.exe, “Windows Font Cache Service” has been detected as malware by 1 anti-virus scanner. It runs as a windows Service named “Windows Font Cache Service (R1)”.

File name:

fontcache.exe

Publisher:

Hefei Hejunzhengce Info Tech Co., Ltd. (signed and verified)

Product:

Microsoft @ Windows @ Operation System

Description:

Windows Font Cache Service

Version:

1.7.9.3

MD5:

d3f1d528b2eb45379fba7a0b2a6bfc07

SHA-1:

4b6f64d650184cbfe2e85b3bae30ac187b051b8b

SHA-256:

cb7212837f2c4226ca659f3ab42e4c4899b9c082292b8eba58c93bf5c4c2d9a6

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

11/16/2024 7:35:02 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

16.8.24.6

File size:

3.6 MB (3,751,000 bytes)

Product version:

1.7.9.3

Hefei Hejunzhengce Info Tech Co., Ltd.

Original file name:

Windows Font Cache Service

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\windows fontcache\r1\fontcache.exe

Digital Signature

Signed by:

Hefei Hejunzhengce Info Tech Co., Ltd.

Authority:

WoSign CA Limited

Valid from:

3/5/2015 11:35:27 PM

Valid to:

12/29/2016 11:35:27 PM

Subject:

CN="Hefei Hejunzhengce Info Tech Co., Ltd.", O="Hefei Hejunzhengce Info Tech Co., Ltd.", L=Hefei, S=Anhui, C=CN

Issuer:

CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

3312D0B8D4D7941DF85AA59F134E7719

File PE Metadata

Compilation timestamp:

4/7/2015 5:41:39 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:6Ee1RXcSQRCi7zACIHsKth9yF3ZSaPDCdgMRH3AWrTrTTvgI9DpS9k7:6Ee4os/dDCdgMOUQC

Entry address:

0x311E44

Entry point:

55, 8B, EC, 83, C4, F0, 53, B8, 0C, 38, 70, 00, E8, 0F, A3, CF, FF, A1, 34, 0C, 72, 00, 8B, 00, 80, 78, 38, 00, 74, 10, A1, 34, 0C, 72, 00, 8B, 00, E8, 56, 25, E2, FF, 84, C0, 74, 0C, A1, 34, 0C, 72, 00, 8B, 00, 8B, 10, FF, 52, 44, 8B, 0D, 18, 08, 72, 00, A1, 34, 0C, 72, 00, 8B, 00, 8B, 15, E0, 32, 70, 00, 8B, 18, FF, 53, 40, A1, 34, 0C, 72, 00, 8B, 00, 8B, 10, FF, 52, 48, 5B, E8, AC, 58, CF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.6498

Developed / compiled with:

Microsoft Visual C++

Code size:

3.1 MB (3,214,336 bytes)

Service

Display name:

Windows Font Cache Service (R1)

Service name:

FontCache_R1

Description:

Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade applicatio

Type:

Win32OwnProcess, InteractiveProcess

Remove fontcache.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.