home

serviceeverything.exe

TODO: <产品名>

Beijing Xingyunwang Technology Co., Ltd

The application serviceeverything.exe by Beijing Xingyunwang Technology Co. has been detected as a potentially unwanted program by 10 anti-malware scanners.
Publisher:
TODO: <公司名>  (signed by Beijing Xingyunwang Technology Co., Ltd)

Product:
TODO: <产品名>

Description:
TODO: <文件说明>

Version:
1.0.0.1

MD5:
ed746c5cdb131dec59aab1b8e12482ed

SHA-1:
ead366dfdc34f135b143bca99625fe98c0dbdf9b

SHA-256:
994521d19bdd2718feed8f2975074bde3065f2c6685e359d0e62cfa6626118b2

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
5/5/2024 1:35:34 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Elex.A.26
8.3.1.6

avast!
Win32:Dropper-gen [Drp]
2014.9-150714

Baidu Antivirus
Adware.Win32.Elex
4.0.3.15611

Emsisoft Anti-Malware
Gen:Variant.Graftor.202539
8.15.07.14.05

ESET NOD32
Win32/ELEX.DJ potentially unwanted application
7.0.302.0

F-Secure
Gen:Variant.Graftor.202539
11.2015-14-07_3

Kaspersky
not-a-virus:AdWare.Win32.ELEX
14.0.0.1739

McAfee
Generic PUP.y
5600.6705

Reason Heuristics
Threat.Win.Reputation.IMP
15.7.14.1

VIPRE Antivirus
Trojan.Win32.Generic
41638

File size:
288.2 KB (295,112 bytes)

Product version:
1.0.0.1

Copyright:
Copyright (C) 2015

Original file name:
ServiceF.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\users\{user}\appdata\everything\serviceeverything.exe

Digital Signature
Signed by:
Beijing Xingyunwang Technology Co., Ltd

Authority:
GlobalSign nv-sa

Valid from:
5/21/2015 9:53:51 AM

Valid to:
6/21/2016 10:07:00 AM

Subject:
CN="Beijing Xingyunwang Technology Co., Ltd", O="Beijing Xingyunwang Technology Co., Ltd", L=Beijing, S=Beijing, C=CN

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11216EFF24378FC18A406CB3A4E4067DBC1F

File PE Metadata
Compilation timestamp:
6/5/2015 8:45:06 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:tNFpOtQJWB+cyBCTn5sjCRYLiwm0R+h5MBZL7oO+dWcohYUAZITcNKNft:fFpMQJWB+P4TnHesUx/T2FZKD

Entry address:
0x1CDAD

Entry point:
E8, B1, A0, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, B0, 91, 43, 00, E8, 2D, 59, 00, 00, E8, F9, 23, 00, 00, 0F, B7, F0, 6A, 02, E8, 44, A0, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 2A, 74, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
5.9735

Code size:
191 KB (195,584 bytes)

Remove serviceeverything.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.