» wjpap.exe
Overview
Analysis
File Details
Behaviors (1)

wjpap.exe

Guangxi Nanning Shengtaian E-commerce Development Co., Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘WJNews_525350’.

File name:

wjpap.exe

Publisher:

无极影音 (signed by Guangxi Nanning Shengtaian E-commerce Development Co., Ltd.)

Product:

无极影音

Description:

影音加速

Version:

1.0.0.0

MD5:

aafa1832c0073625ba93f99797833c9a

SHA-1:

ad9c26d13206a79cf7a4a4d142076536d8e659f6

SHA-256:

86d1ca64b8ae8b1e0203595772d9791268e6f2b67201638166301a97dc9d2795

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

11/24/2024 9:32:07 AM UTC (today)

Scan engine

Detection

Engine version

Trend Micro House Call

TROJ_GEN.F47V0210

7.2.268

File size:

599.8 KB (614,200 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\wuji\525350\wjpap.exe

Digital Signature

Signed by:

Guangxi Nanning Shengtaian E-commerce Development Co., Ltd.

Authority:

WoSign eCommerce Services Limited

Valid from:

6/2/2013 10:58:04 PM

Valid to:

7/6/2014 9:14:35 AM

Subject:

E=kefu@shengtaian.com, CN="Guangxi Nanning Shengtaian E-commerce Development Co., Ltd.", O="Guangxi Nanning Shengtaian E-commerce Development Co., Ltd.", L=Nanning, S=Guangxi Zhuangzu Zizhiqu, C=CN

Issuer:

CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN

Serial number:

039E5E3EE7A9AB

File PE Metadata

Compilation timestamp:

6/20/1992 6:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:WSV0IaELAaHub8BrWd8NqtP7xn9Og9BlcGWIU3EYC0DI:WSnaDb0SCclx8g5cG1dYC0DI

Entry address:

0x17CBA6

Entry point:

68, 76, B3, 0F, C1, E8, 25, 64, 02, 00, E9, DC, BA, FF, FF, 00, 00, 53, 69, 7A, 65, 6F, 66, 52, 65, 73, 6F, 75, 72, 63, 65, 00, 84, FC, 29, C0, 66, 87, FB, 57, 8B, 5C, 24, 04, E9, EE, 08, 00, 00, 46, 88, 64, 24, 08, 9C, 66, C7, 04, 24, 39, D0, 8D, 64, 24, 42, 0F, 8E, D5, 04, 00, 00, 10, D2, 9C, 52, FF, 74, 24, 08, C2, 0C, 00, 00, 00, 52, 65, 67, 69, 73, 74, 65, 72, 57, 69, 6E, 64, 6F, 77, 4D, 65, 73, 73, 61, 67, 65, 41, 00, 00, 00, 47, 65, 74, 46, 6F, 63, 75, 73, 00, 68, 2A, 6C, 10, C1, E8, A9, 6D, 02, 00... 
[+]

Entropy:

7.9127 (probably packed)

Code size:

1.6 MB (1,721,856 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

WJNews_525350

Command:

"C:\Program Files\wuji\525350\wjpap.exe" -mini

Scan wjpap.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.