home

wefat.exe

Wefat

Shanghai Yuntong Technology Co., Ltd.

The application wefat.exe by Shanghai Yuntong Technology Co. has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Protect Service(WefatP)”.
Publisher:
Shanghai Yuntong Technology Co., Ltd.  (signed and verified)

Product:
Wefat

Version:
1.0.0.1

MD5:
d96f015a86865a5faea6ff6addcc798f

SHA-1:
1fe042459efbd0f591cebee136944315caf424b5

SHA-256:
1ba381751b412bdc73f44ffb2441f10f2bf66cfbe1e3645344686fd29231d045

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 12:33:29 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/ELEX.IL potentially unwanted application
8.0.319.0

Reason Heuristics
Adware.Elex (M)
16.6.26.12

File size:
409.9 KB (419,720 bytes)

Product version:
51.14.2704.63

Copyright:
Copyright (C) 2016 Wefat Authors

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\wefat\wefat.exe

Digital Signature
Signed by:
Shanghai Yuntong Technology Co., Ltd.

Authority:
thawte, Inc.

Valid from:
6/1/2016 5:00:00 AM

Valid to:
2/25/2017 3:59:59 AM

Subject:
CN="Shanghai Yuntong Technology Co., Ltd.", O="Shanghai Yuntong Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
089B3119C4FAB31D5BFDE2D2D5785A16

File PE Metadata
Compilation timestamp:
6/15/2016 2:32:32 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
6144:5ksE1BCvTV1/NpM0fEfIjmMkLHk9LFQB9mC1iyU2uUHuzVsb/wOvIqn8QXsBlI6O:51VpMkEgZO6IQUOzVsbvvln8Q8BlpWD

Entry address:
0x2CB4E

Entry point:
AD, C2, 6E, 00, 00, B3, C5, 99, 96, B6, 84, 7F, 0D, B4, 2D, 00, F0, 17, B1, 03, E0, 44, 00, 00, 00, 00, 30, 16, 24, 04, 1E, EC, 8C, 14, 2A, A8, 86, 37, 0D, B6, 4E, 00, 00, 00, 00, C4, 3F, 7E, 49, 4C, 0D, 6D, 77, 09, 13, 30, E0, 61, F0, B2, E4, DB, 78, 0F, 00, 69, 80, 37, 96, 3C, 87, 9D, 45, 9B, 96, B6, 84, A5, C8, 22, 9D, 2D, D8, 00, 00, 00, 00, BB, B8, 0A, 21, 98, 5C, 00, 00, 00, 00, EA, 2D, 6D, 77, 71, 21, 43, 65, 1A, 2D, 0D, CC, 4F, E2, A1, DA, E6, 54, 21, 00, 7A, BE, 0A, CC, 02, 99, B6, 0E, A6, 82, 22...
 
[+]

Code size:
302 KB (309,248 bytes)

Service
Display name:
Protect Service(WefatP)

Service name:
WefatP

Description:
To ensure your Wefat software integrity. If this service is disabled or stopped, your Wefat software will not be kept integrity check. This service uninstalls itself when there is no Wefat software us

Type:
Win32OwnProcess

Depends on:
RpcSs


Remove wefat.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.