picexasvc.exe

Picexa Viewer

Taiwan Shui Mu Chih Ching Technology Limited

The application picexasvc.exe by Taiwan Shui Mu Chih Ching Technology Limited has been detected as adware by 14 anti-malware scanners. This file is typically installed with the program Picexa by Taiwan Shui Mu Chih Ching Technology Limited.. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address 8.81.6132.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:

Product:
Picexa Viewer

Description:
Picexa service

Version:
2.1.76.376

MD5:
7e15f72a2108137ced2e0ec1d17b6366

SHA-1:
c3208b7870ba7cd09bda9d7a12b513ca44509d03

SHA-256:
7a7e8d006becee47cc38bc443e66bb753b2f4042fe9c74b69c41239b63379c99

Scanner detections:
14 / 68

Status:
Adware

Analysis date:
12/24/2024 3:22:51 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
TR/Trash.Gen
8.3.1.6

Baidu Antivirus
Adware.Win32.Elex
4.0.3.15129

Bkav FE
W32.HfsAdware
1.3.0.7062

Dr.Web
Adware.Mutabaha.229
9.0.1.0343

ESET NOD32
Win32/ELEX.CK potentially unwanted (variant)
9.11965

Fortinet FortiGate
Riskware/Elex
12/9/2015

IKARUS anti.virus
PUA.SearchProtect
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.207.16611

McAfee
Artemis!393DAC4043B7
5600.6557

Panda Antivirus
PUP/Winzipper
15.12.09.07

Reason Heuristics
PUP.Thinknice.TaiwanShuiMuChihChingTechnology (M)
15.12.9.7

Trend Micro House Call
Suspicious_GEN.F47V0515
7.2.343

Zillya! Antivirus
Adware.ELEX.Win32.1
2.0.0.2301

File size:
714.6 KB (731,784 bytes)

Product version:
2.1.76.376

Copyright:
Copyright (c)Taiwan Shui Mu Chih Ching Technology Limited. All Rights Reserved.

Original file name:
Picexa.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\picexasvc.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
3/6/2015 5:19:12 PM

Valid to:
3/4/2016 8:26:37 PM

Subject:
CN=Taiwan Shui Mu Chih Ching Technology Limited, O=Taiwan Shui Mu Chih Ching Technology Limited, L=Taipei City, S=Taiwan, C=TW

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112127474DE010DA49D31D0EE8193EAC2D0E

File PE Metadata
Compilation timestamp:
12/9/2015 3:47:15 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:723+1VcGYJWlBFbeH5dRP0AKuUsey7cjRVGkutB0EabL4hXeW/q+vY6R8X7KvHJz:7G+7OAujSaHFT0Z50sRg1EXT0wLpA

Entry address:
0x551B3

Entry point:
E8, FF, DA, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, 83, 3D, 50, 12, 4A, 00, 01, 72, 5F, 0F, B6, 44, 24, 08, 8B, D0, C1, E0, 08, 0B, D0, 66, 0F, 6E, DA, F2, 0F, 70, DB, 00, 0F, 16, DB, 8B, 54, 24, 04, B9, 0F, 00, 00, 00, 83, C8, FF, 23, CA, D3, E0, 2B, D1, F3, 0F, 6F, 0A, 66, 0F, EF, D2, 66, 0F, 74, D1, 66, 0F, 74, CB, 66, 0F, EB, D1, 66, 0F, D7, CA, 23, C8, 75, 08, 83, C8, FF, 83, C2, 10, EB, DC, 0F, BC, C1, 03, C2, 66, 0F, 7E, DA, 33, C9, 3A, 10, 0F, 45, C1, C3, 33, C0, 8A, 44, 24, 08, 53, 8B, D8, C1, E0...
 
[+]

Entropy:
5.9976

Code size:
460 KB (471,040 bytes)

The file picexasvc.exe has been discovered within the following program.

Picexa  by Taiwan Shui Mu Chih Ching Technology Limited.
About 2% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 8.81.6132.ip4.static.sl-reverse.com  (50.97.129.8:80)

TCP (HTTP):
Connects to cd.f6.0bc6.ip4.static.sl-reverse.com  (198.11.246.205:80)

TCP (HTTP):
Connects to dd.d3.a86c.ip4.static.sl-reverse.com  (108.168.211.221:80)

Remove picexasvc.exe - Powered by Reason Core Security