home

w0a2jesk1.exe

Ding Ruan

The application w0a2jesk1.exe by Ding Ruan has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Ding Ruan  (signed and verified)

MD5:
7fcb1a39dafe9fe2c6ee4932938dd243

SHA-1:
0e9085a5fd2ce97c197adf75b5a515a6ceb8c8b6

SHA-256:
9cc881b6bd46f44092b470ed9ee2a870c522117b055c9cfdb418ba776bdb0730

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/17/2025 3:56:28 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ELEX (M)
16.12.21.19

File size:
406 KB (415,704 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\w0a2jesk1.exe

Digital Signature
Signed by:
Ding Ruan

Authority:
thawte, Inc.

Valid from:
12/15/2016 5:00:00 AM

Valid to:
4/14/2017 4:59:59 AM

Subject:
CN=Ding Ruan, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
7D515C25EB0A74C63EAA5EA1FA8DF603

File PE Metadata
Compilation timestamp:
12/12/2016 3:59:56 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x2CA7

Entry point:
E8, 7A, 0B, 00, 00, E9, 7C, 89, 00, 00, 55, 8B, EC, 8D, 41, 09, 50, 8B, 45, 08, 83, C0, 09, 50, E8, CC, A3, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, 55, 8B, EC, 56, 8B, F1, E8, 8B, 03, 00, 00, F6, 45, 08, 01, 74, 07, 56, E8, D6, 38, 00, 00, 59, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 8B, 55, 08, 85, D2, 74, 2B, 83, 79, 14, 10, 72, 04, 8B, 01, EB, 02, 8B, C1, 3B, D0, 72, 1B, 83, 79, 14, 10, 56, 72, 04, 8B, 31, EB, 02, 8B, F1, 8B, 41, 10, 03, C6, 5E, 3B, C2, 76, 04, B0, 01, EB, 02, 32, C0, 5D, C2...
 
[+]

Entropy:
7.8238  (probably packed)

Code size:
360 KB (368,640 bytes)

Remove w0a2jesk1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.