home

protectwindowsmanager.exe

Windows SysTool Svr

Cherished Technology Limited

The application protectwindowsmanager.exe by Cherished Technology Limited has been detected as adware by 10 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “WindowsMangerProtect Service”. This file is typically installed with the program WindowsMangerProtect20.0.0.502 by Fuyu LIMITED which is a potentially unwanted software program. While running, it connects to the Internet address c1.2f.6132.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
SysTool PasSame LIMITED  (signed by Cherished Technology Limited)

Product:
Windows SysTool Svr

Version:
20.0.0.2227

MD5:
8a8f5ebe2fd9c2e6325723209b9cdf32

SHA-1:
e5cdd06c50650131591dae0945340aa6adc55e02

SHA-256:
e37b844c02007c8688ba2a48c18969460618fa41768026ba292a6cc9cbf28bd9

Scanner detections:
10 / 68

Status:
Adware

Analysis date:
2/25/2025 12:25:54 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.182571
654

Baidu Antivirus
Adware.Win32.Elex
4.0.3.15421

Bitdefender
Gen:Variant.Graftor.182571
1.0.20.555

Bkav FE
W32.HfsAdware
1.3.0.6379

Emsisoft Anti-Malware
Gen:Variant.Graftor.182571
8.15.04.21.10

ESET NOD32
Win32/ELEX.Y potentially unwanted (variant)
9.11509

F-Secure
Gen:Variant.Graftor.182571
11.2015-21-04_3

G Data
Gen:Variant.Graftor.182571
15.4.25

MicroWorld eScan
Gen:Variant.Graftor.182571
16.0.0.333

Reason Heuristics
Threat.CherishedTechnology
15.4.21.18

File size:
329.2 KB (337,064 bytes)

Product version:
20.0.0.2227

Copyright:
Copyright (C) 2015

Original file name:
Windows SysTool.exe

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\ProgramData\windowsmangerprotect\protectwindowsmanager.exe

Digital Signature
Signed by:
Cherished Technology Limited

Authority:
GlobalSign nv-sa

Valid from:
4/20/2015 5:00:37 PM

Valid to:
10/21/2015 1:35:29 PM

Subject:
CN=Cherished Technology Limited, O=Cherished Technology Limited, L=香港, S=香港, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121273D65852CB14B6458650549E3C3366D

File PE Metadata
Compilation timestamp:
4/20/2015 8:35:16 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:i+CwWTOgSR4fK6JFZOpD3IJESUGdzTQ/3f+1lkXKXZ5xwv3ATQjgDD:i+rWTOb2ouUqo/f/s83LgP

Entry address:
0x188BE

Entry point:
E8, 57, D9, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 0C, 83, EC, 20, 56, 57, 6A, 08, 59, BE, 14, 5D, 43, 00, 8D, 7D, E0, F3, A5, 8B, 4D, 08, 5F, 5E, 85, C0, 74, 0D, F6, 00, 10, 74, 08, 8B, 01, 8B, 40, FC, 8B, 40, 18, 89, 4D, F8, 89, 45, FC, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, B0, 41, 43, 00, C9, C2, 08, 00, 55, 8B, EC, 56, FC, 8B, 75, 0C, 8B, 4E, 08, 33, CE, E8, 8A, D3, FF, FF, 6A, 00, 56, FF, 76, 14, FF, 76, 0C...
 
[+]

Entropy:
5.8523

Code size:
202.5 KB (207,360 bytes)

Service
Display name:
WindowsMangerProtect Service

Service name:
WindowsMangerProtect

Description:
WindowsMangerProtect service

Type:
Win32OwnProcess

Group:
SchedulerGroup


The file protectwindowsmanager.exe has been discovered within the following program.

WindowsMangerProtect20.0.0.502  by Fuyu LIMITED
Developed by Ma Lin this is a potentially unwanted software program that is typically installed without the user's consent and is billed as a security product but instead bundles additional unwanted software.
87% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 7d.a0.a86c.ip4.static.sl-reverse.com  (108.168.160.125:80)

TCP (HTTP):
Connects to c1.2f.6132.ip4.static.sl-reverse.com  (50.97.47.193:80)

TCP (HTTP):
Connects to a9.a2.a86c.ip4.static.sl-reverse.com  (108.168.162.169:80)

Remove protectwindowsmanager.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.