wlsetup-all[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

wlsetup-all.exe
Size

106.2MB
MD5

3d342e1c5a3d7770fbe652a6011e2c81
SHA1

1c08aa1ecf2ebc0098fb8f0e4e20ddfaeae8f3a8
SHA256

4997d510af8494312897e4b270f79656dd70ad041335714916aeb6453ee38f46
SHA512

ca667570037dcb74551245ea6ca01e46f0b552865e545dfd7c04d500e1b0e0b54b944a74e84de10aebc6343e92f911c4d68c4e2a14ba4720c40655e7760de4b5
SSDEEP

3145728:d4BjdxiT2+DaT67qSP7FIxCYv8RZuMcUvu6bjc:dwW28IC7+P8ruMc968

Score

1^/10

Malware Config

Signatures

Files

wlsetup-all.exe
.exe windows:6 windows x86 arch:x86

f18c2f199b20fed75b6c5cea33061fb8

Code Sign

33:00:00:00:37:fe:bd:ed:dc:d2:54:01:6b:00:00:00:00:00:37
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27-03-2013 20:08

Not After

27-06-2014 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7D2E-3782-B0F7,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24-01-2013 22:33

Not After

24-04-2014 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

28:41:ac:b4:7c:45:d1:a1:3c:22:22:e4:2a:6d:94:51:88:58:c6:cb
Signer

Actual PE Digest

28:41:ac:b4:7c:45:d1:a1:3c:22:22:e4:2a:6d:94:51:88:58:c6:cb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wlsetup.pdb

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegGetValueW
CopySid
AddAce
OpenProcessToken
GetUserNameW
GetLengthSid
GetSidLengthRequired
GetSidSubAuthority
InitializeAcl
InitializeSid
IsValidSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetNamedSecurityInfoW
SetSecurityInfo
CreateProcessAsUserW
AdjustTokenPrivileges
DuplicateTokenEx
SetTokenInformation
ConvertStringSidToSidW
TraceEvent
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTokenInformation
ConvertSidToStringSidW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
LookupPrivilegeValueW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
OpenThreadToken
DuplicateToken
ImpersonateLoggedOnUser
RevertToSelf
RegEnumValueW
GetSecurityDescriptorDacl
GetSecurityDescriptorOwner
CreateWellKnownSid

kernel32

GetNativeSystemInfo
GetFileAttributesExW
DeleteTimerQueueTimer
CreateTimerQueueTimer
UnlockFileEx
LockFileEx
CompareStringEx
CreateHardLinkTransactedW
MoveFileExW
DeleteFileTransactedW
SetFileTime
GetExitCodeThread
WaitForMultipleObjectsEx
GetSystemDefaultLocaleName
GetComputerNameW
CopyFileW
GlobalMemoryStatusEx
WerRegisterFile
GetSystemDefaultLCID
GetSystemDefaultUILanguage
GetVersionExW
CompareStringA
GetTempFileNameA
GetProductInfo
lstrlenW
RemoveDirectoryA
GetShortPathNameW
CreateDirectoryA
GetTempPathA
FileTimeToDosDateTime
GetFullPathNameA
GetFileInformationByHandle
GetFileAttributesA
OpenFileMappingW
VirtualFree
FileTimeToLocalFileTime
DeleteFileA
CreateFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetNamedPipeServerProcessId
CreateNamedPipeW
QueryFullProcessImageNameW
GetTickCount
GetLocalTime
GetFileSize
GetFileSizeEx
CreateMutexW
GetFullPathNameW
QueueUserWorkItem
GetTempPathW
FlushInstructionCache
OpenProcess
SetEnvironmentVariableW
GetEnvironmentVariableW
VerifyVersionInfoW
ExpandEnvironmentStringsW
WaitForMultipleObjects
SetEnvironmentVariableA
CreateProcessW
GetExitCodeProcess
InterlockedCompareExchange
InterlockedExchangeAdd
CreateEventW
ResetEvent
EnumResourceNamesW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
WritePrivateProfileStringW
GetPrivateProfileStringW
OpenMutexW
ReleaseMutex
DeviceIoControl
SetFileAttributesW
RemoveDirectoryW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
GetTempFileNameW
CreateDirectoryW
LockResource
FindResourceExW
GetComputerNameExW
CreateFileW
WriteConsoleW
FlushFileBuffers
SetStdHandle
GetUserDefaultLocaleName
SetFilePointerEx
OutputDebugStringW
GetConsoleCP
WideCharToMultiByte
SetFilePointer
GetConsoleMode
ReadFile
LCMapStringEx
GetLocaleInfoEx
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
HeapSize
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount64
QueryPerformanceCounter
GetStartupInfoW
InitOnceExecuteOnce
GetLongPathNameW
GlobalFree
FileTimeToSystemTime
GetThreadPriority
FreeResource
DuplicateHandle
FreeLibraryAndExitThread
HeapDestroy
GetFileType
GetProcessHeap
WriteFile
GetStdHandle
GetModuleHandleExW
ExitProcess
GetCurrentThreadId
GetCurrentThread
FlsFree
CompareFileTime
CloseHandle
RaiseException
FlsSetValue
FlsGetValue
FlsAlloc
VirtualQuery
VirtualProtect
VirtualAlloc
GetSystemInfo
SetThreadStackGuarantee
HeapReAlloc
HeapAlloc
HeapFree
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
GetCommandLineW
DecodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
ReleaseSemaphore
GetTimeZoneInformation
GetSystemTime
MulDiv
LocalAlloc
OpenEventW
SetEvent
GetThreadUILanguage
MultiByteToWideChar
CompareStringW
SystemTimeToFileTime
SetDllDirectoryW
FindResourceW
LoadLibraryW
lstrcmpiW
FormatMessageW
LocalFree
SizeofResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
GetSystemDirectoryW
GetSystemTimeAsFileTime
SetThreadPriority
CreateThread
GetCurrentProcessId
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
Sleep
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
HeapSetInformation
SetLastError
GetLastError
CreateSemaphoreW

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SetBkColor
SetTextColor
SetBkMode
CreatePen
CreateSolidBrush
SelectObject
GetObjectW
GetStockObject
DeleteObject
CreateFontIndirectW
DeleteDC
Rectangle
GetDeviceCaps
GetTextExtentPoint32W
CreateRectRgn
ExcludeClipRect
IntersectClipRect
RestoreDC
GetClipRgn
SaveDC
SetLayout
GetTextMetricsW
CreateRoundRectRgn

user32

LoadIconW
GetParent
GetDesktopWindow
AdjustWindowRectEx
EndDialog
IsWindowVisible
ShowWindow
CreateWindowExW
ChangeWindowMessageFilter
GetWindowInfo
NotifyWinEvent
MapDialogRect
IsDialogMessageW
GetShellWindow
SetWindowLongW
GetWindowLongW
InflateRect
FillRect
GetClientRect
RedrawWindow
EndPaint
BeginPaint
TranslateAcceleratorW
IsWindowEnabled
CreateAcceleratorTableW
EnableWindow
GetNextDlgTabItem
BringWindowToTop
SetLayeredWindowAttributes
GetLayeredWindowAttributes
DestroyWindow
PostQuitMessage
PostMessageW
SendMessageTimeoutW
GetMessageW
GetClassNameW
GetWindowTextLengthW
GetWindowTextW
ReleaseDC
GetDC
DrawTextW
SendMessageW
GetSysColor
KillTimer
GetSystemMetrics
SetProcessDefaultLayout
GetWindowThreadProcessId
SetCursor
LoadCursorW
TranslateMessage
DispatchMessageW
PeekMessageW
IsWindow
SetWindowPos
GetWindowPlacement
MsgWaitForMultipleObjectsEx
SetWindowRgn
SetWindowTextW
GetWindowRect
SetRect
CopyRect
SystemParametersInfoW
InvalidateRect
UpdateWindow
MapWindowPoints
RegisterClassExW
CreateDialogIndirectParamW
DialogBoxIndirectParamW
DefDlgProcW
EnumChildWindows
PtInRect
SetWindowPlacement
DefWindowProcW
CallWindowProcW
GetClassInfoExW
GetAncestor
GetScrollPos
EnableScrollBar
SetScrollInfo
GetScrollInfo
TrackMouseEvent
GetFocus
GetScrollRange
IntersectRect
GetSystemMenu
EnableMenuItem
DrawFocusRect
GetDCEx
ScreenToClient
WindowFromPoint
MsgWaitForMultipleObjects
SetTimer
UnregisterClassW
SetFocus
CharNextW
ExitWindowsEx
RegisterWindowMessageW
MoveWindow
LoadStringW
DestroyAcceleratorTable

urlmon

CoInternetGetSession
URLOpenStreamW
CreateAsyncBindCtx
CreateURLMoniker

msi

ord141
ord244
ord240
ord116
ord118
ord115
ord8
ord285
ord286
ord32
ord159
ord113
ord92
ord254
ord270
ord266
ord78
ord150
ord171
ord48
ord195
ord190
ord205
ord238
ord160
ord242
ord70
ord203
ord173
ord88

comctl32

ord17

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrustEx

userenv

UnloadUserProfile

secur32

GetUserNameExW

crypt32

CertVerifyCertificateChainPolicy
CryptBinaryToStringW
CryptStringToBinaryW

uxtheme

SetWindowTheme

psapi

EnumProcesses

shlwapi

PathAppendW
StrStrIW
PathIsRelativeW
PathFindExtensionW
PathIsDirectoryW
SHCreateStreamOnFileW
SHDeleteValueW
SHSetValueW
SHGetValueW
SHCreateStreamOnFileEx
PathRemoveFileSpecW
PathRemoveArgsW
PathStripPathW
PathUnquoteSpacesW
PathStripToRootW
UrlCreateFromPathW
PathCreateFromUrlW
PathFindFileNameA
PathFileExistsA
PathGetDriveNumberA
PathIsDirectoryA
SHCreateStreamOnFileA
StrCmpNIW
SHDeleteKeyW
PathFileExistsW
StrStrA
StrRChrA
PathFindFileNameW
StrRChrW
ord437
PathCombineW
StrCmpNW

wininet

InternetCrackUrlW
InternetCreateUrlW
InternetCombineUrlW

gdiplus

GdipDrawImageRectI
GdipDrawImagePointRectI
GdipDrawImageI
GdipDrawImageRectRect
GdiplusStartup
GdiplusShutdown
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectRectI
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateFromHWND
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipGetLogFontW

winhttp

WinHttpWriteData
WinHttpAddRequestHeaders
WinHttpSetStatusCallback
WinHttpTimeFromSystemTime
WinHttpSetCredentials
WinHttpGetDefaultProxyConfiguration
WinHttpCrackUrl
WinHttpGetProxyForUrl
WinHttpSetOption
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpQueryHeaders
WinHttpGetIEProxyConfigForCurrentUser

cabinet

ord11
ord13
ord14
ord20
ord22
ord23
ord10

ntdll

RtlAllocateHeap
VerSetConditionMask
NtQuerySystemTime
RtlFreeHeap
RtlUnwind

oleacc

AccessibleObjectFromWindow
LresultFromObject

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wer

WerReportSubmit
WerReportSetUIOption
WerReportAddFile
WerReportSetParameter
WerReportCreate
WerReportCloseHandle

rstrtmgr

RmEndSession
RmStartSession
RmRegisterResources
RmShutdown
RmRestart
RmCancelCurrentTask
RmAddFilter

ktmw32

CreateTransaction
RollbackTransaction
CommitTransaction

pdh

PdhOpenQueryW
PdhCollectQueryData
PdhCloseQuery
PdhGetFormattedCounterValue
PdhAddEnglishCounterW

wsock32

inet_addr
WSACleanup
WSAStartup
gethostbyname
WSAGetLastError

shell32

SHGetKnownFolderPath
ord43
SHGetFolderPathW
CommandLineToArgvW
SHGetFolderPathA
ShellExecuteExW
SHGetSpecialFolderPathW
ord165
SHCreateDirectoryExW
SHGetFolderPathAndSubDirW

ole32

CoCreateFreeThreadedMarshaler
CoQueryProxyBlanket
CoCopyProxy
CoCreateGuid
CreateStreamOnHGlobal
StringFromGUID2
CoInitializeSecurity
CoDisconnectObject
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoTaskMemRealloc
CoSetProxyBlanket
CoTaskMemAlloc
CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

VariantClear
LoadTypeLibEx
VariantChangeType
SysAllocStringLen
VariantInit
LoadTypeLi
LoadRegTypeLi
SysAllocString
SysStringLen
VarUI4FromStr
VariantCopy
SysFreeString

Sections

.text
Size: 925KB - Virtual size: 924KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 105.2MB - Virtual size: 105.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f18c2f199b20fed75b6c5cea33061fb8

Code Sign

33:00:00:00:37:fe:bd:ed:dc:d2:54:01:6b:00:00:00:00:00:37Certificate

Extended Key Usages

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

28:41:ac:b4:7c:45:d1:a1:3c:22:22:e4:2a:6d:94:51:88:58:c6:cbSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

urlmon

msi

comctl32

wintrust

userenv

secur32

crypt32

uxtheme

psapi

shlwapi

wininet

gdiplus

winhttp

cabinet

ntdll

oleacc

version

wer

rstrtmgr

ktmw32

pdh

wsock32

shell32

ole32

oleaut32

Sections

.text Size: 925KB - Virtual size: 924KB

.data Size: 26KB - Virtual size: 44KB

.rsrc Size: 105.2MB - Virtual size: 105.2MB

.reloc Size: 65KB - Virtual size: 64KB

33:00:00:00:37:fe:bd:ed:dc:d2:54:01:6b:00:00:00:00:00:37
Certificate

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

28:41:ac:b4:7c:45:d1:a1:3c:22:22:e4:2a:6d:94:51:88:58:c6:cb
Signer

.text
Size: 925KB - Virtual size: 924KB

.data
Size: 26KB - Virtual size: 44KB

.rsrc
Size: 105.2MB - Virtual size: 105.2MB

.reloc
Size: 65KB - Virtual size: 64KB