» winsere.exe
Overview
Analysis
File Details
Behaviors (1)

winsere.exe

Yupeng Zhang

The application winsere.exe by Yupeng Zhang has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a windows Service named “Winsere”.

File name:

winsere.exe

Publisher:

Yupeng Zhang (signed and verified)

MD5:

0c13e71a6d9268cb0ea12eb563922243

SHA-1:

42c70fdee5a33fa61e53a4a3634998fd403be568

SHA-256:

93a2e22a1ccb2c55d840b3fa2ea0f5960344f37c867f4ff8c452bbe4bd0fd2e7

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/27/2024 5:45:53 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Zhang.YupengZh.Meta (M)

16.7.12.7

File size:

385.5 KB (394,751 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\winsere\winsere\winsere.exe

Digital Signature

Signed by:

Yupeng Zhang

Authority:

thawte, Inc.

Valid from:

3/14/2016 8:00:00 AM

Valid to:

2/4/2017 7:59:59 AM

Subject:

CN=Yupeng Zhang, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

56ED9E7C28D4E65DF6EF0253265ACB11

File PE Metadata

Compilation timestamp:

3/29/2016 11:51:01 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

6144:upvvRqWCR4L69URygbd4iYUDcdZrUnv65BxLKsDBV+UdvrEFp7hKm:u+W1LlfBQZk65BxLKsDBjvrEH7p

Entry address:

0x1F06A

Entry point:

E9, 5A, 6D, FF, FF, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 10, B0, 44, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, F8, 92, 44, 00, 01, 0F, 82, C0, 5B, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03... 
[+]

Entropy:

6.9185

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

226.5 KB (231,936 bytes)

Service

Display name:

Winsere

Description:

Enables the detection, download, and installation of updates for Winsere and other programs. If this service is disabled, users of this computer will not be able to use Winsere Update or its automatic

Type:

Win32OwnProcess, InteractiveProcess

Remove winsere.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.