» winsere.exe
Overview
Analysis
File Details
Behaviors (1)

winsere.exe

Yan Jiang

The application winsere.exe by Yan Jiang has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a windows Service named “Winsere”.

File name:

winsere.exe

Publisher:

Yan Jiang (signed and verified)

MD5:

68084b96bee2704e0c585562785387cd

SHA-1:

02a08d26395c0ade2ec9f5bfd9ba235f50086987

SHA-256:

7327ca74ae99e203110ab03ccb944df2e7e4b7001cfabb7ddd5cf8b636636757

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

1/16/2025 8:37:11 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.ELEX.YanJiang (M)

16.5.26.15

File size:

372.1 KB (381,055 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\winsere\winsere\winsere.exe

Digital Signature

Signed by:

Yan Jiang

Authority:

thawte, Inc.

Valid from:

11/26/2015 8:00:00 AM

Valid to:

11/26/2016 7:59:59 AM

Subject:

CN=Yan Jiang, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

5DA147CD5813DFB43C70C7FD0A1B8461

File PE Metadata

Compilation timestamp:

2/2/2016 2:43:29 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

6144:d8ZhdQiz3rw/uGE8Wg6CNpv5nNicQg6TNnGmBV+UdvrEFp7hKwYp:dghdQM3rkuF8T6C5nNuxnGmBjvrEH79K

Entry address:

0x1C2FE

Entry point:

E9, 94, F7, FE, FF, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, AC, 70, 44, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 70, 54, 44, 00, 01, 0F, 82, F9, 58, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83... 
[+]

Entropy:

6.9449

Packer / compiler:

Xtreme-Protector v1.05

Code size:

214.5 KB (219,648 bytes)

Service

Display name:

Winsere

Description:

Enables the detection, download, and installation of updates for Winsere and other programs. If this service is disabled, users of this computer will not be able to use Winsere Update or its automatic

Type:

Win32OwnProcess, InteractiveProcess

Remove winsere.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.