» winsere.exe
Overview
Analysis
File Details
Behaviors (1)

winsere.exe

Yan Jiang

The application winsere.exe by Yan Jiang has been detected as a potentially unwanted program by 11 anti-malware scanners. It runs as a windows Service named “Winsere”.

File name:

winsere.exe

Publisher:

Yan Jiang (signed and verified)

MD5:

bdc15b639e187fb0a16326a59c26e935

SHA-1:

6ec56cf5fc99767ee47ea01e9f1fd10f85851802

SHA-256:

f84b9996e1d67b6725b2882587298e1572aae85b546146fefe5100dc7ae254a2

Scanner detections:

11 / 68

Status:

Potentially unwanted

Analysis date:

1/2/2025 3:32:57 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Pioneer-C

160327-1

AVG

Win32/Floxif.A

2015.0.4545

Dr.Web

Adware.Mutabaha.1112, Win32.FloodFix.7

9.0.1.05190

Emsisoft Anti-Malware

Win32.Floxif

11.5.0.6191

ESET NOD32

Win32/Floxif.H virus

8.0.319.0

F-Prot

W32/Floxif.B

4.6.5.141

Kaspersky

Virus.Win32.Pioneer

15.0.0.562

McAfee

Trojan.Dropper-FIY!BDC15B639E18

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.217.516.0

Reason Heuristics

PUP.ELEX.YanJiang (M)

16.4.4.22

Sophos

Virus 'W32/Floxif-C'

5.23

File size:

376 KB (385,015 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\winsere\winsere\winsere.exe

Digital Signature

Signed by:

Yan Jiang

Authority:

thawte, Inc.

Valid from:

3/14/2016 12:00:00 AM

Valid to:

11/25/2016 11:59:59 PM

Subject:

CN=Yan Jiang, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

0D086736E024A587D6959B6C9B0C8655

File PE Metadata

Compilation timestamp:

3/15/2016 9:39:37 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

6144:/H2q2eeGLBnHj6GTmiUAdLR30ns3ET6UGn/LCsBV+UdvrEFp7hK/:+q1eqBD1mi7dLykD/LCsBjvrEH7Q

Entry address:

0x1D14E

Entry point:

E9, F6, C8, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 4C, 90, 44, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 70, 74, 44, 00, 01, 0F, 82, 99, 58, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83... 
[+]

Entropy:

6.9240

Packer / compiler:

Xtreme-Protector v1.05

Code size:

218.5 KB (223,744 bytes)

Service

Display name:

Winsere

Description:

Enables the detection, download, and installation of updates for Winsere and other programs. If this service is disabled, users of this computer will not be able to use Winsere Update or its automatic

Type:

Win32OwnProcess, InteractiveProcess

Remove winsere.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.