» wifiProtService.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (1)

wifiProtService.exe

WiFi Protector

Optimal Software s.r.o.

The application wifiProtService.exe, “WiFi Protector Service” by Optimal Software s.r.o has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “WiFi Protector Service”. This file is typically installed with the program WiFi Protector by Optimal Software s.r.o. While running, it connects to the Internet address google-public-dns-a.google.com on port 53.

File name:

wifiProtService.exe

Publisher:

Optimal Software s.r.o. (signed and verified)

Product:

WiFi Protector

Description:

WiFi Protector Service

Version:

1.138

MD5:

c964e403730469d3f8ddfea9be80107a

SHA-1:

db1896de007c9fe302df0b3ba0d5f6c8bd0c9f9c

SHA-256:

6b9fdd57c3b7b74fc3f1f81f6422e16a169be2a6cbb7e9336c761bee157e9ee2

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/5/2024 1:39:14 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Speedchecker.OptimalS.Meta (L)

16.6.10.12

File size:

1.6 MB (1,638,728 bytes)

Product version:

3.0.20.138

Original file name:

wifiProtService.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\wifi protector\wifiprotservice.exe

Digital Signature

Signed by:

Optimal Software s.r.o.

Authority:

DigiCert Inc

Valid from:

10/30/2012 10:00:00 PM

Valid to:

11/5/2014 10:00:00 AM

Subject:

CN=Optimal Software s.r.o., O=Optimal Software s.r.o., L=Český Těšín, C=CZ

Issuer:

CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

09DA6E35288E3A0431B971129CCF387A

File PE Metadata

Compilation timestamp:

10/17/2013 11:20:28 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

10.0

CTPH (ssdeep):

49152:wKHLxmKMiCfokyxA51QWSt52ZTw0rbqiw2LGEzjrR/Jpfu73jdGK2dtNYyuKTZnN:wKHYi2okgtoZk0rbqiJGYrR/Jpfu73ji

Entry address:

0xEDD8F

Entry point:

E8, A7, E0, 00, 00, E9, 95, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 48, FD, 52, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 3C, F1, 52, 00, C9, C2, 08, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00... 
[+]

Code size:

1.2 MB (1,233,408 bytes)

Service

Display name:

WiFi Protector Service

Service name:

wifiProtService

Type:

Win32OwnProcess

The file wifiProtService.exe has been discovered within the following program.

WiFi Protector by Optimal Software s.r.o

www.wifiprotector.com

About 5% of users remove it

The executing file has been seen to make the following network communication in live environments.

TCP:

Connects to google-public-dns-a.google.com (8.8.8.8:53)

Remove wifiProtService.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.