home

service.exe

ServiceEx

Updates LTD

The application service.exe, “ServiceEx Console Application” by Updates has been detected as adware by 7 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “wlcomm32”.
Publisher:
ServiceEx  (signed by Updates LTD)

Product:
ServiceEx

Description:
ServiceEx Console Application

Version:
0, 2, 0, 1

MD5:
e6043572cb3bedc092482d6e5c6b88cf

SHA-1:
7b0b30a353236610e12e0d0423dda5472d6cebfe

SHA-256:
e3199474aa3281a2ab4e8d48181d64da0232f842abf59819bc3e3aaaf1c867f3

Scanner detections:
7 / 68

Status:
Adware

Analysis date:
4/19/2024 4:25:17 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Febipos-A [Trj]
2014.9-140509

Bkav FE
W32.Clodd47.Trojan
1.3.0.4613

IKARUS anti.virus
Win32.Febipos
t3scan.2.2.29

McAfee
Artemis!E6043572CB3B
5600.7136

Reason Heuristics
PUP.Service.Updates.H
14.5.18.10

Sophos
Updates Ltd Adware
4.96

Trend Micro House Call
TROJ_GEN.R0CCOH0IP13
7.2.129

File size:
116.4 KB (119,208 bytes)

Product version:
0, 2, 0, 1

Copyright:
Copyright (C) 2006, Mark E. Fraser, All Rights Reserved.

Trademarks:
ServiceEx

Original file name:
ServiceE.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\windows service\service.exe

Digital Signature
Signed by:
Updates LTD

Authority:
COMODO CA Limited

Valid from:
12/6/2012 2:00:00 AM

Valid to:
12/7/2013 1:59:59 AM

Subject:
CN=Updates LTD, O=Updates LTD, STREET=Alameda Professor Lucas Nogueira Garcez 2647, L=Atibaia, S=Sao Paulo, PostalCode=12947-000, C=BR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00FD2CF3FBE5A510B83F16BEBC4554C718

File PE Metadata
Compilation timestamp:
8/14/2006 8:03:23 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
7.10

CTPH (ssdeep):
1536:+cAw5rvWMkwA8ypwtizgO9GlCIfe9pW404mvpHG2eNqDiHOoOU:+cAw5tpyKtU9GlZfgmvpHGVNqOZz

Entry address:
0x30DA

Entry point:
6A, 18, 68, B0, 9D, 40, 00, E8, 4E, 28, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, AE, F3, FF, FF, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, DC, 90, 40, 00, 8B, 4E, 10, 89, 0D, 30, CA, 40, 00, 8B, 46, 04, A3, 3C, CA, 40, 00, 8B, 56, 08, 89, 15, 40, CA, 40, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 34, CA, 40, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 34, CA, 40, 00, C1, E0, 08, 03, C2, A3, 38, CA, 40, 00, 33, FF, 57, FF, 15, D0, 90, 40, 00, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03, C8, 81...
 
[+]

Entropy:
5.1821

Developed / compiled with:
Microsoft Visual C++ v7.0

Code size:
32 KB (32,768 bytes)

Service
Display name:
wlcomm32

Type:
Win32OwnProcess


Remove service.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.