fontcache.exe

Microsoft @ Windows @ Operation System

Hefei Hejunzhengce Info Tech Co., Ltd.

It runs as a windows Service named “Windows Font Cache Service (R2)”.
Publisher:

Product:
Microsoft @ Windows @ Operation System

Description:
Windows Font Cache Service

Version:
1.7.9.4

MD5:
311f71b412d8610625a91622e20364bc

SHA-1:
d2215f4bc30f1e559b01926b7873dd501abcc744

SHA-256:
d3c9d2acdaf987bcc358c4a414548946c744bce4701c2e7de23976b53a17a52e

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/16/2024 3:43:34 PM UTC  (today)

Scan engine
Detection
Engine version

K7 AntiVirus
Riskware
13.204.15977

Microsoft Security Essentials
SoftwareBundler:Win32/WinOptimizer
1.1.11701.0

Sophos
WinOptimizer
4.98

Trend Micro House Call
Suspicious_GEN.F47V0514
7.2.143

File size:
3.6 MB (3,751,000 bytes)

Product version:
1.7.9.4

Copyright:
Hefei Hejunzhengce Info Tech Co., Ltd.

Original file name:
Windows Font Cache Service

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\windows fontcache\r2\fontcache.exe

Digital Signature
Authority:
WoSign CA Limited

Valid from:
3/6/2015 12:35:27 AM

Valid to:
12/30/2016 12:35:27 AM

Subject:
CN="Hefei Hejunzhengce Info Tech Co., Ltd.", O="Hefei Hejunzhengce Info Tech Co., Ltd.", L=Hefei, S=Anhui, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
3312D0B8D4D7941DF85AA59F134E7719

File PE Metadata
Compilation timestamp:
4/19/2015 9:37:14 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:2IeZFXcSQROi7zACgfcu1h9yF3ZbHEcap/byX1kTOTvvgI9DpnPtEkg:2IeYUczZlapT0zHPmx

Entry address:
0x311E44

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, 78, 38, 70, 00, E8, 0F, A3, CF, FF, A1, 34, 0C, 72, 00, 8B, 00, 80, 78, 38, 00, 74, 10, A1, 34, 0C, 72, 00, 8B, 00, E8, 56, 25, E2, FF, 84, C0, 74, 0C, A1, 34, 0C, 72, 00, 8B, 00, 8B, 10, FF, 52, 44, 8B, 0D, BC, 08, 72, 00, A1, 34, 0C, 72, 00, 8B, 00, 8B, 15, 4C, 33, 70, 00, 8B, 18, FF, 53, 40, A1, 34, 0C, 72, 00, 8B, 00, 8B, 10, FF, 52, 48, 5B, E8, AC, 58, CF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.6500

Developed / compiled with:
Microsoft Visual C++

Code size:
3.1 MB (3,214,336 bytes)

Service
Display name:
Windows Font Cache Service (R2)

Service name:
FontCache_R2

Description:
Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade applicatio

Type:
Win32OwnProcess, InteractiveProcess


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 8a.eb.6132.ip4.static.sl-reverse.com  (50.97.235.138:80)

Scan fontcache.exe - Powered by Reason Core Security