home

winsere.exe

Yan Jiang

The application winsere.exe by Yan Jiang has been detected as a potentially unwanted program by 4 anti-malware scanners. It runs as a windows Service named “Winsere”.
Publisher:
Yan Jiang  (signed and verified)

MD5:
1a6ee659663977fafb448204113e4a8e

SHA-1:
005b3877c450ef712216847fc6d63f70ede18672

SHA-256:
d80eca6096ba221277125cb3f9e3a2afed1bb270b1bf5b5c5ff0c41f35f80f91

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
12/30/2024 8:37:46 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Dropper-gen [Drp]
150717-0

Dr.Web
Adware.Mutabaha.1057
9.0.1.05190

Microsoft Security Essentials
Threat.Undefined
1.217.2259.0

Reason Heuristics
PUP.ELEX.YanJiang (M)
16.4.29.13

File size:
296 KB (303,104 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\winsere\winsere\winsere.exe

Digital Signature
Signed by:
Yan Jiang

Authority:
thawte, Inc.

Valid from:
11/26/2015 12:00:00 AM

Valid to:
11/25/2016 11:59:59 PM

Subject:
CN=Yan Jiang, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
5DA147CD5813DFB43C70C7FD0A1B8461

File PE Metadata
Compilation timestamp:
2/2/2016 12:13:29 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:D8ZhdRoz3rw/uGE8WgfCNpv5nNicQg6TNnG:DghdRO3rkuF8TfC5nNuxnG

Entry address:
0x1C2FE

Entry point:
E8, E1, 53, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, AC, 70, 44, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 70, 54, 44, 00, 01, 0F, 82, F9, 58, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83...
 
[+]

Entropy:
6.4973

Code size:
214.5 KB (219,648 bytes)

Service
Display name:
Winsere

Description:
Enables the detection, download, and installation of updates for Winsere and other programs. If this service is disabled, users of this computer will not be able to use Winsere Update or its automatic

Type:
Win32OwnProcess, InteractiveProcess


Remove winsere.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.