home

winsecurity.exe

Microsoft Windows Operating System

Lei Qing

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application winsecurity.exe by Lei Qing has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Microsoft Corporation  (signed by Lei Qing)

Product:
Microsoft Windows Operating System

Description:
Windows Security

Version:
6.3.9600.17284 (aaa.140822-1915)

MD5:
3d7163e7d3cecc4cb952ed8145e85322

SHA-1:
e563e86b3091b0aafcbf1c662a3dcdd8cc1e1a35

SHA-256:
38be44625942298a0ce7a4c0890e6cf9f27086bf9d9e01dc044a8c111b5b4df8

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
3/7/2026 2:24:22 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Elex.LeiQing.Meta (M)
16.7.9.11

File size:
6.9 MB (7,244,752 bytes)

Copyright:
Microsoft Corporation. All rights reserved.

Original file name:
winsecurity.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\temp\dsq_temp\winsecurity.exe

Digital Signature
Signed by:
Lei Qing

Authority:
WoSign CA Limited

Valid from:
8/19/2015 4:00:23 AM

Valid to:
8/19/2016 4:00:23 AM

Subject:
CN=Lei Qing, L=Tianjin, S=Tianjin, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
2B8E845E7AA055FC643B525DF3001A41

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
3.0

CTPH (ssdeep):
49152:/6YaVCMVkxBmeqCUIiSYhpeiuhstULPAMNJX/YrIQSqT3vS5jlzw1UhRtucRhC9K:yYalVreJ0shJDxQbl7a

Entry address:
0x54380

Entry point:
83, EC, 0C, 8B, 44, 24, 0C, 8D, 5C, 24, 10, 89, 44, 24, 04, 89, 5C, 24, 08, C7, 04, 24, FF, FF, FF, FF, E9, 01, 00, 00, 00, CC, E9, 0B, D3, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 5C, 24, 04, 64, C7, 05, 34, 00, 00, 00, 00, 00, 00, 00, 89, E5, 8B, 4B, 04, 89, C8, C1, E0, 02, 29, C4, 89, E7, 8B, 73, 08, FC, F3, A5, FF, 13, 89, EC, 8B, 5C, 24, 04, 89, 43, 0C, 89, 53, 10, 64, 8B, 05, 34, 00, 00, 00, 89, 43, 14, C3, CC, CC, CC, CC, 83, EC, 18, C7, 04, 24, F4, FF, FF, FF, 89, E5, FF, 15, 58, A0...
 
[+]

Entropy:
6.1732

Code size:
4.6 MB (4,817,408 bytes)

Remove winsecurity.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.