WinExeSvc

Category: Adware and PUAsProtection available since:10 Jun 2019 20:36:31 (GMT)
Type: Hacking ToolLast Updated:10 Jun 2019 20:36:31 (GMT)
Publisher Name:WinExe Project
Publisher URL:https://sourceforge.net/projects/winexe/

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

WinExeSvc is an Open Source product designed to allow network-based management of Windows clients from Linux systems, similar to PSExec. 

When deployed, it allows a remote Linux system to copy and launch software on the target Windows endpoints.

See the linked Sophos KBA for more information on why Sophos detects WinExeSvc as PUA:

 

Legitimate software packages that use WinExeSvc include:

 

Sophos moved detection from Application Control to PUA in June 2019, in response to seeing this tool being abused by malicious actors.

      Examples of WinExeSvc include:

      Example 1

      File Information

      Size
      27K
      SHA-1
      f102ee835d69802697e183fba8c5ed333d5f42c5
      MD5
      ee48fbda204392d74863bcdecc3770e8
      CRC-32
      44c26d14
      File type
      Windows executable
      First seen
      2017-03-20

      Example 2

      File Information

      File type
      Windows executable

      Example 3

      File Information

      Size
      19K
      SHA-1
      ceb96b364d6a8b65ea8fa43eb0a735176e409eb0
      MD5
      ca2a53ad706fe27bdb37f23a6cbd0d73
      CRC-32
      7a5fa2e1
      File type
      Windows executable
      First seen
      2018-11-01

      download Try Sophos products for free
      Download now