home

winsecurity.exe

Microsoft Windows Operating System

Lei Qing

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application winsecurity.exe by Lei Qing has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Windows Security”.
Publisher:
Microsoft Corporation  (signed by Lei Qing)

Product:
Microsoft Windows Operating System

Description:
Windows Security

Version:
6.3.9600.17284 (aaa.140822-1915)

MD5:
7c2242974e3bfb632aa41a2d8c8ff058

SHA-1:
cec8002b5c0051fef8f5b2d7b92e454cf6c85156

SHA-256:
f681f67fccf66f31ec8ef2ad0982c8f4a0b310d67993b3e9e4b4e3aa9014d5fd

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
3/7/2026 2:31:02 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Elex.LeiQing.Meta (M)
16.7.9.11

File size:
6.9 MB (7,244,240 bytes)

Copyright:
Microsoft Corporation. All rights reserved.

Original file name:
winsecurity.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\windows security\winsecurity.exe

Digital Signature
Signed by:
Lei Qing

Authority:
WoSign CA Limited

Valid from:
8/19/2015 5:00:23 AM

Valid to:
8/19/2016 5:00:23 AM

Subject:
CN=Lei Qing, L=Tianjin, S=Tianjin, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
2B8E845E7AA055FC643B525DF3001A41

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
3.0

CTPH (ssdeep):
49152:+AL7NY31Iv8l5wUgEhx2KZEw7VqANfx9tcfVOMNJX/rcYRfB5BkbYfTRFIAIQriT:+ALRGIv85gcIm7PNfEBY

Entry address:
0x54380

Entry point:
83, EC, 0C, 8B, 44, 24, 0C, 8D, 5C, 24, 10, 89, 44, 24, 04, 89, 5C, 24, 08, C7, 04, 24, FF, FF, FF, FF, E9, 01, 00, 00, 00, CC, E9, 0B, D3, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 5C, 24, 04, 64, C7, 05, 34, 00, 00, 00, 00, 00, 00, 00, 89, E5, 8B, 4B, 04, 89, C8, C1, E0, 02, 29, C4, 89, E7, 8B, 73, 08, FC, F3, A5, FF, 13, 89, EC, 8B, 5C, 24, 04, 89, 43, 0C, 89, 53, 10, 64, 8B, 05, 34, 00, 00, 00, 89, 43, 14, C3, CC, CC, CC, CC, 83, EC, 18, C7, 04, 24, F4, FF, FF, FF, 89, E5, FF, 15, 58, 90...
 
[+]

Code size:
4.6 MB (4,816,896 bytes)

Service
Display name:
Windows Security

Service name:
WindowsSecurity

Type:
Win32OwnProcess


Remove winsecurity.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.