home

wjnews.exe

无极影音

Guangxi Nanning Shengtaian E-commerce Development Co., Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘WJNews_177081’.
Publisher:
Sta  (signed by Guangxi Nanning Shengtaian E-commerce Development Co., Ltd.)

Product:
无极影音

Description:
无极影音加速程序

Version:
1.0.0.0

MD5:
5c80f22154865bf033d24aae71bd41ee

SHA-1:
fc8d2d2dabd4c5f7da49252e38139ea99d3522e4

SHA-256:
00f41dfd0fd063b9d39049fa687d26c85b2935193a29752d6fc8ea7112aea524

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/5/2024 9:32:53 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win-Trojan/Malpacked5.Gen
2013.07.21

IKARUS anti.virus
Trojan.Win32.Genome
t3scan.2.0.3.0

File size:
565.4 KB (578,920 bytes)

Product version:
1.0.0.0

Copyright:
Copyright (C) 2013

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\wuji\wjnews.exe

Digital Signature
Signed by:
Guangxi Nanning Shengtaian E-commerce Development Co., Ltd.

Authority:
WoSign eCommerce Services Limited

Valid from:
7/17/2012 12:23:57 AM

Valid to:
7/19/2013 10:21:38 AM

Subject:
E=kefu@shengtaian.com, CN="Guangxi Nanning Shengtaian E-commerce Development Co., Ltd.", O="Guangxi Nanning Shengtaian E-commerce Development Co., Ltd.", L=Nanning, S=Guangxi, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN

Serial number:
1BB133DCEFAD95

File PE Metadata
Compilation timestamp:
6/20/1992 6:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x174B4A

Entry point:
68, AE, D8, BB, 85, E8, 34, 12, 00, 00, 00, 00, 50, 74, 49, 6E, 52, 65, 63, 74, 00, 0F, BC, DC, 66, C1, EF, 0A, 29, C0, 66, 0F, B6, F9, 0F, 9C, C7, 66, 0F, B6, D9, E9, 03, DD, FF, FF, 8D, 64, 24, 34, E8, AD, 1F, FE, FF, E9, 8D, CE, F7, FF, 66, 59, F2, AA, 95, 0A, 81, 1B, 4A, 52, 97, 49, EC, 38, 6E, 3B, 36, 1A, 17, DD, 81, 15, 83, 65, EB, C2, C7, 1B, 8C, CA, 93, E2, 97, 53, 65, B7, 83, 24, C1, 0C, 12, D1, D1, D4, DB, 08, DD, C3, 9A, FD, F0, FA, A5, AB, AF, 7E, F0, 54, 0E, 15, 11, 3C, 5F, 31, F6, DF, E2, 4A...
 
[+]

Entropy:
7.9008  (probably packed)

Code size:
1.5 MB (1,536,000 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
WJNews_177081

Command:
C:\Program Files\wuji\wjnews.exe -mini


Scan wjnews.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.