wprotectmanager.exe

wmp control

Cherished Technololgy LIMITED

The application wprotectmanager.exe has been detected as adware by 4 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Wpm Service”. This file is typically installed with the program WPM17.8.0.3442 by Cherished Technololgy LIMITED which is a potentially unwanted software program. While running, it connects to the Internet address a9.a2.a86c.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
Cherished Technololgy LIMITED

Product:
wmp control

Description:
WPM Service

Version:
17.8.0.3442

MD5:
6ba8985c841a5d1e94d91b81af764229

SHA-1:
a57a0dbbb1f4509e15617380de4a0d02b2751622

SHA-256:
756396fa7027d08f2dafac150fba29c999067f7512e49b740a2d4e4112dee6f0

Scanner detections:
4 / 68

Status:
Adware

Analysis date:
11/2/2024 11:23:46 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/ELEX.AE (variant)
8.9600

Malwarebytes
PUP.Optional.WpManager
v2014.03.07.07

Reason Heuristics
PUP.Service.CherishedTechnololgyLIMITED.P
14.3.28.17

ViRobot
Adware.Agent.496640
2011.4.7.4223

File size:
485 KB (496,640 bytes)

Product version:
17.8.0.3442

Copyright:
Copyright (C) 2013

Original file name:
wpm.exe

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\ProgramData\wpm\wprotectmanager.exe

File PE Metadata
Compilation timestamp:
3/7/2014 10:24:47 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:z9fMdTUVIiUvXfm3ROAaBzM65oyFX2J2:zadTULYP0Q46+sX2J2

Entry address:
0x1FAE4

Entry point:
E8, 8D, D1, 00, 00, E9, 7F, FE, FF, FF, CC, CC, 8B, 44, 24, 0C, 53, 85, C0, 74, 52, 8B, 54, 24, 08, 33, DB, 8A, 5C, 24, 0C, F7, C2, 03, 00, 00, 00, 74, 16, 8A, 0A, 83, C2, 01, 32, CB, 74, 72, 83, E8, 01, 74, 32, F7, C2, 03, 00, 00, 00, 75, EA, 83, E8, 04, 72, 12, 57, 8B, FB, C1, E3, 08, 03, DF, 8B, FB, C1, E3, 10, 03, DF, EB, 1B, 5F, 83, C0, 04, 74, 0E, 8A, 0A, 83, C2, 01, 32, CB, 74, 40, 83, E8, 01, 75, F2, 5B, C3, 83, E8, 04, 72, E5, 8B, 0A, 33, CB, BF, FF, FE, FE, 7E, 03, F9, 83, F1, FF, 33, CF, 83, C2...
 
[+]

Code size:
325 KB (332,800 bytes)

Service
Display name:
Wpm Service

Service name:
Wpm

Description:
Wpm service

Type:
Win32OwnProcess

Group:
SchedulerGroup


The file wprotectmanager.exe has been discovered within the following program.

WPM17.8.0.3442  by Cherished Technololgy LIMITED
WPM is an web browser advertisement extension that delivers ads to the user's web browser. Ads are in the form of traditional banners as well as context-hyper links.
80% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a9.a2.a86c.ip4.static.sl-reverse.com  (108.168.162.169:80)

TCP (HTTP):
Connects to 75.126.4.195-static.reverse.softlayer.com  (75.126.4.195:80)

TCP (HTTP):
Connects to 208.43.232.117-static.reverse.softlayer.com  (208.43.232.117:80)

Remove wprotectmanager.exe - Powered by Reason Core Security