» protect.exe
Overview
Analysis
File Details
Behaviors (1)

protect.exe

Shanghai Yuntong Technology Co., Ltd.

The application protect.exe by Shanghai Yuntong Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Protect Service(jIxmRfR_protect)”.

File name:

protect.exe

Publisher:

Shanghai Yuntong Technology Co., Ltd. (signed and verified)

Version:

50.2.2661.78

MD5:

a814c85e283106af0ba1b09db92a1746

SHA-1:

164fb5f1cd87d6c6e12b90d0d6de52d357a28fee

SHA-256:

be0fea0724689ce764fd5667ed0f33a7c81fbb3d584f2b2798226b612a2d0983

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/16/2024 12:49:40 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Elex (M)

17.1.18.3

File size:

295.9 KB (303,016 bytes)

Product version:

50.2.2661.78

File type:

Executable application (Win32 EXE)

Common path:

C:\ProgramData\jixmrfr\protect\protect.exe

Digital Signature

Signed by:

Shanghai Yuntong Technology Co., Ltd.

Authority:

thawte, Inc.

Valid from:

2/25/2016 2:00:00 AM

Valid to:

2/25/2017 1:59:59 AM

Subject:

CN="Shanghai Yuntong Technology Co., Ltd.", O="Shanghai Yuntong Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

491B7E1C9CD5BF733143F00DD556D161

File PE Metadata

Compilation timestamp:

4/21/2016 12:00:56 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

Entry address:

0x1A548

Entry point:

E8, 35, CC, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, 3C, F5, A0, 24, 44, 00, 00, 75, 13, 56, E8, 71, 00, 00, 00, 59, 85, C0, 75, 08, 6A, 11, E8, 2B, 66, 00, 00, 59, FF, 34, F5, A0, 24, 44, 00, FF, 15, A4, 40, 43, 00, 5E, 5D, C3, 56, 57, BE, A0, 24, 44, 00, 8B, FE, 53, 8B, 1F, 85, DB, 74, 17, 83, 7F, 04, 01, 74, 11, 53, FF, 15, 04, 41, 43, 00, 53, E8, A5, CE, FF, FF, 83, 27, 00, 59, 83, C7, 08, 81, FF, C0, 25, 44, 00, 7C, D8, 5B, 83, 3E, 00, 74, 0E, 83, 7E, 04, 01, 75, 08, FF, 36, FF, 15... 
[+]

Entropy:

6.4570

Code size:

201 KB (205,824 bytes)

Service

Display name:

Protect Service(jIxmRfR_protect)

Service name:

jIxmRfR_protect

Description:

To ensure your jIxmRfR software integrity. If this service is disabled or stopped, your jIxmRfR software will not be kept integrity check. This service uninstalls itself when there is no jIxmRfR softw

Type:

Win32OwnProcess

Depends on:

RpcSs

Remove protect.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.