winsere.exe

Yupeng Zhang

The application winsere.exe by Yupeng Zhang has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a windows Service named “Winsere”.
Publisher:
Yupeng Zhang  (signed and verified)

MD5:
0c13e71a6d9268cb0ea12eb563922243

SHA-1:
42c70fdee5a33fa61e53a4a3634998fd403be568

SHA-256:
93a2e22a1ccb2c55d840b3fa2ea0f5960344f37c867f4ff8c452bbe4bd0fd2e7

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/29/2024 6:29:32 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Zhang.YupengZh.Meta (M)
16.7.12.7

File size:
385.5 KB (394,751 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\winsere\winsere\winsere.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
3/14/2016 8:00:00 AM

Valid to:
2/4/2017 7:59:59 AM

Subject:
CN=Yupeng Zhang, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
56ED9E7C28D4E65DF6EF0253265ACB11

File PE Metadata
Compilation timestamp:
3/29/2016 11:51:01 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:upvvRqWCR4L69URygbd4iYUDcdZrUnv65BxLKsDBV+UdvrEFp7hKm:u+W1LlfBQZk65BxLKsDBjvrEH7p

Entry address:
0x1F06A

Entry point:
E9, 5A, 6D, FF, FF, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 10, B0, 44, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, F8, 92, 44, 00, 01, 0F, 82, C0, 5B, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03...
 
[+]

Entropy:
6.9185

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
226.5 KB (231,936 bytes)

Service
Display name:
Winsere

Description:
Enables the detection, download, and installation of updates for Winsere and other programs. If this service is disabled, users of this computer will not be able to use Winsere Update or its automatic

Type:
Win32OwnProcess, InteractiveProcess


Remove winsere.exe - Powered by Reason Core Security