home

winsere.exe

Yan Jiang

The application winsere.exe by Yan Jiang has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a windows Service named “Winsere”.
Publisher:
Yan Jiang  (signed and verified)

MD5:
a7286a81a35230e3bb99741cff82dc60

SHA-1:
568fef600d4fce87594dfcdb5e076d812dbfeca8

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
2/25/2025 7:59:56 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ELEX.YanJiang (M)
16.6.11.14

File size:
299 KB (306,192 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\winsere\winsere\winsere.exe

Digital Signature
Signed by:
Yan Jiang

Authority:
thawte, Inc.

Valid from:
11/26/2015 5:30:00 AM

Valid to:
11/26/2016 5:29:59 AM

Subject:
CN=Yan Jiang, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
5DA147CD5813DFB43C70C7FD0A1B8461

File PE Metadata
Compilation timestamp:
2/25/2016 1:37:20 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
3072:Dpju6BPLVpZ5OQ3tdNsgOLkv+dMWsOaZCcjkYorz6FIPcO04zMLx4f2Ahdpn+K+p:NCArOLHdMk3j0FvGg+NDebLeQP36ySA7

Entry address:
0x1CF1E

Entry point:
E8, 01, 53, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 4C, 90, 44, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 70, 74, 44, 00, 01, 0F, 82, 19, 58, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83...
 
[+]

Entropy:
6.4728

Code size:
218 KB (223,232 bytes)

Service
Display name:
Winsere

Description:
Enables the download and installation of Winsere updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Winsere Update Web site.

Type:
Win32OwnProcess, InteractiveProcess


Remove winsere.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.