home

picexasvc.exe

Picexa Viewer

Taiwan Shui Mu Chih Ching Technology Limited

The application picexasvc.exe by Taiwan Shui Mu Chih Ching Technology Limited has been detected as adware by 14 anti-malware scanners. This file is typically installed with the program Picexa by Taiwan Shui Mu Chih Ching Technology Limited.. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address 8.81.6132.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
Taiwan Shui Mu Chih Ching Technology Limited  (signed and verified)

Product:
Picexa Viewer

Description:
Picexa service

Version:
2.1.55.332

MD5:
5906aa054c3fe8760721c353a359c2bb

SHA-1:
d0af4e7d34e4787608ff0e62bd28c6ef458d4f03

SHA-256:
14794fceedd4b32324ea06752a812d9948feefde4307978b945c03ae06271c80

Scanner detections:
14 / 68

Status:
Adware

Analysis date:
4/24/2024 1:52:15 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
TR/Trash.Gen
8.3.1.6

Baidu Antivirus
Adware.Win32.Elex
4.0.3.15916

Bkav FE
W32.HfsAdware
1.3.0.7237

Dr.Web
Adware.Mutabaha.229
9.0.1.0259

ESET NOD32
Win32/ELEX.CK potentially unwanted (variant)
9.12260

Fortinet FortiGate
Riskware/Elex
9/16/2015

IKARUS anti.virus
PUA.SearchProtect
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.207.16611

McAfee
Artemis!393DAC4043B7
5600.6640

Panda Antivirus
PUP/Winzipper
15.09.16.05

Reason Heuristics
PUP.Thinknice.TaiwanShuiMuChihChingTechnology (M)
15.9.16.17

Trend Micro House Call
Suspicious_GEN.F47V0515
7.2.259

Zillya! Antivirus
Adware.ELEX.Win32.1
2.0.0.2301

File size:
705.5 KB (722,400 bytes)

Product version:
2.1.55.332

Copyright:
Copyright (c)Taiwan Shui Mu Chih Ching Technology Limited. All Rights Reserved.

Original file name:
Picexa.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\picexasvc.exe

Digital Signature
Signed by:
Taiwan Shui Mu Chih Ching Technology Limited

Authority:
GlobalSign nv-sa

Valid from:
3/6/2015 9:19:12 AM

Valid to:
3/4/2016 12:26:37 PM

Subject:
CN=Taiwan Shui Mu Chih Ching Technology Limited, O=Taiwan Shui Mu Chih Ching Technology Limited, L=Taipei City, S=Taiwan, C=TW

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112127474DE010DA49D31D0EE8193EAC2D0E

File PE Metadata
Compilation timestamp:
9/14/2015 6:03:20 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:nPxMjTPbhB0q7zAwU6oHddF33OsH2QMqmwuXzaGpd88K1uB/wIeFBT0i/AfMG770:nZMjTbh29vcs/BWzM7BqKmHTkbAGi0

Entry address:
0x54190

Entry point:
E8, 11, DB, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, 83, 3D, 50, 02, 4A, 00, 01, 72, 5F, 0F, B6, 44, 24, 08, 8B, D0, C1, E0, 08, 0B, D0, 66, 0F, 6E, DA, F2, 0F, 70, DB, 00, 0F, 16, DB, 8B, 54, 24, 04, B9, 0F, 00, 00, 00, 83, C8, FF, 23, CA, D3, E0, 2B, D1, F3, 0F, 6F, 0A, 66, 0F, EF, D2, 66, 0F, 74, D1, 66, 0F, 74, CB, 66, 0F, EB, D1, 66, 0F, D7, CA, 23, C8, 75, 08, 83, C8, FF, 83, C2, 10, EB, DC, 0F, BC, C1, 03, C2, 66, 0F, 7E, DA, 33, C9, 3A, 10, 0F, 45, C1, C3, 33, C0, 8A, 44, 24, 08, 53, 8B...
 
[+]

Code size:
455.5 KB (466,432 bytes)

The file picexasvc.exe has been discovered within the following program.

Picexa  by Taiwan Shui Mu Chih Ching Technology Limited.
About 2% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 8.81.6132.ip4.static.sl-reverse.com  (50.97.129.8:80)

TCP (HTTP):
Connects to cd.f6.0bc6.ip4.static.sl-reverse.com  (198.11.246.205:80)

TCP (HTTP):
Connects to dd.d3.a86c.ip4.static.sl-reverse.com  (108.168.211.221:80)

Remove picexasvc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.