home

wdsmanpro.exe

DTools

Cherished Technology Limited

The application wdsmanpro.exe by Cherished Technology Limited has been detected as adware by 4 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “WdsManPro Service”. While running, it connects to the Internet address 7d.a0.a86c.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
DTools LIMITED  (signed by Cherished Technology Limited)

Product:
DTools

Version:
20.0.0.2301

MD5:
809b39a1a036c20994e68cf322a2519a

SHA-1:
d927fbf867e2e9f1f0f192c3c4e9bbe6ea308dad

SHA-256:
c88d35be971de853f05ab1d8e746ef71b25eaa853a8c40be52471906cf4d5eac

Scanner detections:
4 / 68

Status:
Adware

Analysis date:
4/27/2024 1:54:02 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.Elex
4.0.3.1599

Bkav FE
W32.HfsAdware
1.3.0.7133

Malwarebytes
PUP.Optional.WProtectManager
v2015.09.09.12

Reason Heuristics
PUP.CherishedTechnology (M)
15.9.9.0

File size:
441.1 KB (451,720 bytes)

Product version:
20.0.0.2301

Copyright:
Copyright (C) DTools by 2001

Original file name:
DTools.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\ywdsmanproy\wdsmanpro.exe

Digital Signature
Signed by:
Cherished Technology Limited

Authority:
GlobalSign nv-sa

Valid from:
9/8/2015 3:18:38 AM

Valid to:
10/20/2015 10:35:29 PM

Subject:
CN=Cherished Technology Limited, O=Cherished Technology Limited, L=香港, S=香港, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121DEEBE987EB606DF47A7FAB18750B2710

File PE Metadata
Compilation timestamp:
9/8/2015 4:20:31 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:02HDPTbEdqIq5rIahg+/26rG+m3enyKyaar21PQ2iKEMxtJiNtK7c1vUIE:trTxtIahBO2G+UenEq/tEMxmNAOvUIE

Entry address:
0x15126

Entry point:
E8, 0A, DC, 00, 00, E9, 7F, FE, FF, FF, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 70, AB, 45, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, E0, 6A, 45, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 70, AB, 45, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00, 00, 00...
 
[+]

Code size:
274.5 KB (281,088 bytes)

Service
Display name:
WdsManPro Service

Service name:
WdsManPro

Type:
Win32OwnProcess

Group:
SVC_Group


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a9.a2.a86c.ip4.static.sl-reverse.com  (108.168.162.169:80)

TCP (HTTP):
Connects to c1.2f.6132.ip4.static.sl-reverse.com  (50.97.47.193:80)

TCP (HTTP):
Connects to 7d.a0.a86c.ip4.static.sl-reverse.com  (108.168.160.125:80)

TCP (HTTP):
Connects to server-54-230-206-238.atl50.r.cloudfront.net  (54.230.206.238:80)

TCP (HTTP):
Connects to server-54-239-132-46.sfo9.r.cloudfront.net  (54.239.132.46:80)

TCP (HTTP):
Connects to server-54-230-206-68.atl50.r.cloudfront.net  (54.230.206.68:80)

TCP (HTTP):
Connects to server-54-230-206-126.atl50.r.cloudfront.net  (54.230.206.126:80)

TCP (HTTP):
Connects to server-54-230-141-169.sfo5.r.cloudfront.net  (54.230.141.169:80)

TCP (HTTP):
Connects to server-52-85-77-124.lax3.r.cloudfront.net  (52.85.77.124:80)

TCP (HTTP):
Connects to server-52-85-221-48.cdg50.r.cloudfront.net  (52.85.221.48:80)

Remove wdsmanpro.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.