home

wpm.exe

WFini

Cherished Technololgy LIMITED

The application wpm.exe by Cherished Technololgy LIMITED has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address server-52-85-83-103.lax1.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
WFini LIMITED  (signed by Cherished Technololgy LIMITED)

Product:
WFini

Version:
22.0.0.2534

MD5:
0cdc6f84fbbfdf52e102b5376e3c0b82

SHA-1:
612f0e72c99f08a91a688ebe32137861a4185f69

SHA-256:
5648dc5f14dd53fcbf042bb81d9d7f95345646175bef54d3099c32a10ce41f2d

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/21/2024 8:53:18 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ELEX.Cherishe (M)
16.6.12.9

File size:
205.2 KB (210,104 bytes)

Product version:
22.0.0.2534

Copyright:
Copyright (C) WFini.com From 2012

Original file name:
WFini.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\searchestoyesbnd\wpm.exe

Digital Signature
Signed by:
Cherished Technololgy LIMITED

Authority:
GlobalSign nv-sa

Valid from:
6/3/2016 8:43:04 AM

Valid to:
8/12/2016 2:48:37 PM

Subject:
CN=Cherished Technololgy LIMITED, O=Cherished Technololgy LIMITED, L=香港, S=香港, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121BDEB9CB7BCAA2B74B53E6357A10B3CAA

File PE Metadata
Compilation timestamp:
6/12/2016 12:19:41 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
3072:QGQ/TOInQeB5RCCdp//Piqtx3TzL9Y+DXo0rgpKK29:Q37QeB5dft4E/9

Entry address:
0xFA54

Entry point:
E8, 1B, 95, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, 83, 66, 04, 00, C7, 06, 14, 52, 42, 00, C6, 46, 08, 00, FF, 30, E8, A8, 00, 00, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 8B, 45, 08, C7, 01, 14, 52, 42, 00, 8B, 00, 89, 41, 04, 8B, C1, C6, 41, 08, 00, 5D, C2, 08, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, 83, 66, 04, 00, C7, 06, 14, 52, 42, 00, C6, 46, 08, 00, E8, 12, 00, 00, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, 14, 52, 42, 00, E9, 96, 00, 00, 00, 55, 8B, EC, 56, 57, 8B, 7D, 08...
 
[+]

Entropy:
6.3873

Code size:
138.5 KB (141,824 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-95-91.fra2.r.cloudfront.net  (54.230.95.91:80)

TCP (HTTP):
Connects to server-54-192-129-4.ams50.r.cloudfront.net  (54.192.129.4:80)

TCP (HTTP):
Connects to server-54-192-129-106.ams50.r.cloudfront.net  (54.192.129.106:80)

TCP (HTTP):
Connects to server-54-230-216-41.mrs50.r.cloudfront.net  (54.230.216.41:80)

TCP (HTTP):
Connects to server-54-192-14-154.ams1.r.cloudfront.net  (54.192.14.154:80)

TCP (HTTP):
Connects to server-54-192-14-147.ams1.r.cloudfront.net  (54.192.14.147:80)

TCP (HTTP):
Connects to server-52-85-83-49.lax1.r.cloudfront.net  (52.85.83.49:80)

TCP (HTTP):
Connects to server-52-85-83-242.lax1.r.cloudfront.net  (52.85.83.242:80)

TCP (HTTP):
Connects to server-52-85-83-174.lax1.r.cloudfront.net  (52.85.83.174:80)

TCP (HTTP):
Connects to server-52-85-83-103.lax1.r.cloudfront.net  (52.85.83.103:80)

TCP (HTTP):
Connects to server-52-85-83-10.lax1.r.cloudfront.net  (52.85.83.10:80)

Remove wpm.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.