» WFini.exe
Overview
Analysis
File Details
Behaviors (1)

WFini.exe

WFini

Junyan Li

The application WFini.exe by Junyan Li has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “WFini WdMan Service”.

File name:

WFini.exe

Publisher:

WFini LIMITED (signed by Junyan Li)

Product:

WFini

Version:

20.0.0.2537

MD5:

7b072cc0b3d1a47fb603c77863ff1684

SHA-1:

6b6fc116e34c8a0d38631543f30826a691218066

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

3/10/2025 1:12:16 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Elex (M)

16.8.1.20

File size:

701.1 KB (717,911 bytes)

Product version:

20.0.0.2537

Original file name:

WFini.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\Application data\gwinpg\wfini.exe

Digital Signature

Signed by:

Junyan Li

Authority:

thawte, Inc.

Valid from:

7/24/2016 8:00:00 PM

Valid to:

6/2/2017 7:59:59 PM

Subject:

CN=Junyan Li, OU=Individual Developer, O=No Organization Affiliation, L=Baishan, S=Jilin, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

27B582A858241D806A51D34981155138

File PE Metadata

Compilation timestamp:

7/26/2016 3:25:37 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

12288:6E1hvaMy3f06vYUgoY6atXDSsBAdydyIGaM2lA9eWpw17LoQZwTaFOGH:R7aMGUjGaM2umRkdGx

Entry address:

0x4DA6D

Entry point:

BB, D3, F1, F5, C0, 93, E9, 20, 01, 00, 00, EA, 90, F3, EF, 9B, 1F, F3, EF, 5B, EB, 7B, 73, 73, F3, 73, 73, C0, 73, 73, 73, D2, A4, A9, A4, A3, A4, AC, AA, A9, 73, 73, 73, E7, D4, ED, D8, D5, D4, E0, D4, A1, D7, DF, DF, 73, 73, 73, 73, CF, 73, 73, 73, B9, E5, D8, D8, BF, DC, D5, E5, D4, E5, EC, 73, B6, E5, D8, D4, E7, D8, B7, DC, E5, D8, D6, E7, E2, E5, EC, B4, 73, 73, 73, 73, BA, D8, E7, CA, DC, E1, D7, E2, EA, E6, B7, DC, E5, D8, D6, E7, E2, E5, EC, B4, 73, 73, 73, 73, BA, D8, E7, C0, E2, D7, E8, DF, D8... 
[+]

Code size:

428 KB (438,272 bytes)

Service

Display name:

WFini WdMan Service

Service name:

WdMan

Type:

Win32OwnProcess

Remove WFini.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.