wlsetup-all[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

wlsetup-all.exe
Size

156.0MB
MD5

8e6232abe592a1084c430c2f06521d84
SHA1

ce5287396485f886a3051ac552cbdb2f08681033
SHA256

d1de734e4e7c49b8c176fb0dc0ec3dac6708bf0af1439c707e07626b6decb405
SHA512

a9a0d58ba5c3815f2a302f65d0f1dfd11862f4e852d716cfe6b0ec00ba6b05b90acb0c0d3e90352a833f52ef92b05dcbb9ab45ca6fb4a2f273d8caf3c9cf80aa
SSDEEP

3145728:8T1xV9QIS2TeDxWDUCXSa4n1TCpjh8L75m1iIELzf2me:8TfV9PS2Tcx3WuTC041PEL79e

Score

1^/10

Malware Config

Signatures

Files

wlsetup-all.exe
.exe windows:6 windows x86 arch:x86

64f2046b10f4ee51bc6fbac5986e2be1

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5d:3d:5e:bd:e4:43:43:14:89:27:f7:f5:fb:8c:9d:4b:b5:ab:d6:f2
Signer

Actual PE Digest

5d:3d:5e:bd:e4:43:43:14:89:27:f7:f5:fb:8c:9d:4b:b5:ab:d6:f2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wlsetup.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegGetValueW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW
GetSecurityDescriptorOwner
GetSecurityDescriptorDacl
RegEnumValueW
ImpersonateLoggedOnUser
OpenThreadToken
RevertToSelf
DuplicateToken
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
LookupPrivilegeValueW
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
CloseServiceHandle
GetTokenInformation
ConvertSidToStringSidW
RegisterTraceGuidsW
GetTraceLoggerHandle
TraceEvent
UnregisterTraceGuids
DuplicateTokenEx
ConvertStringSidToSidW
SetTokenInformation
AdjustTokenPrivileges
CreateProcessAsUserW
CreateWellKnownSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
SetNamedSecurityInfoW
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
SetSecurityInfo
CopySid
IsValidSid
GetLengthSid
InitializeAcl
AddAce
GetUserNameW

kernel32

ResetEvent
InterlockedCompareExchange
InterlockedExchangeAdd
OpenMutexW
SetFileAttributesW
RemoveDirectoryW
MoveFileExW
GetFileAttributesW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetPrivateProfileStringW
ReleaseMutex
WritePrivateProfileStringW
DeviceIoControl
FindNextFileW
FindFirstFileW
FindClose
CreateDirectoryW
GetTempFileNameW
CreateFileW
LockFileEx
UnlockFileEx
DeleteFileW
EnumResourceNamesW
FindResourceExW
LockResource
GetComputerNameExW
SetEnvironmentVariableA
CreateEventW
GetExitCodeProcess
CompareStringA
ReadFile
FlushFileBuffers
CreateFileA
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateProcessW
CopyFileW
IsProcessorFeaturePresent
ExitThread
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetFilePointer
InitializeCriticalSectionAndSpinCount
LoadLibraryA
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
GetCurrentThread
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetModuleHandleA
WriteFile
ExitProcess
SetUnhandledExceptionFilter
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapReAlloc
HeapAlloc
HeapFree
GetStartupInfoW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
RaiseException
lstrlenW
InterlockedIncrement
InterlockedDecrement
LocalFree
GetLastError
FormatMessageW
CompareStringW
CloseHandle
WaitForSingleObject
CompareFileTime
SystemTimeToFileTime
GetSystemTimeAsFileTime
QueueUserWorkItem
CreateSemaphoreW
ReleaseSemaphore
WaitForMultipleObjects
ExpandEnvironmentStringsW
VerifyVersionInfoW
SetEnvironmentVariableW
GetEnvironmentVariableW
OpenProcess
FlushInstructionCache
SetWaitableTimer
GetTempPathW
GetExitCodeThread
CreateWaitableTimerW
GlobalFree
GetFullPathNameW
GetFileSizeEx
GetFileSize
GetLocalTime
QueryFullProcessImageNameW
GetLocaleInfoEx
CreateMutexW
CreateNamedPipeW
GetNamedPipeServerProcessId
lstrlenA
UnmapViewOfFile
FreeLibraryAndExitThread
DuplicateHandle
FreeResource
SetThreadPriority
FreeLibrary
GetThreadUILanguage
GetThreadPriority
FileTimeToSystemTime
GetLongPathNameW
OpenFileMappingW
GetProcessHeap
GetUserDefaultLocaleName
GetNativeSystemInfo
GetProductInfo
GetProcAddress
LoadLibraryW
GetModuleHandleW
lstrcmpiW
LoadLibraryExW
TerminateThread
GetFileAttributesExW
GetTickCount64
CreateTimerQueueTimer
DeleteTimerQueueTimer
WaitForMultipleObjectsEx
GetModuleFileNameW
GetCurrentProcessId
GetSystemDirectoryW
Sleep
HeapSetInformation
FileTimeToDosDateTime
SetDllDirectoryW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
SetLastError
LocalAlloc
GetComputerNameW
GetSystemDefaultLocaleName
GlobalMemoryStatusEx
WerRegisterFile
GetVersionExW
GetSystemDefaultUILanguage
GetSystemDefaultLCID
GetShortPathNameW
GetTempFileNameA
CreateDirectoryA
SetFilePointerEx
RemoveDirectoryA
GetTempPathA
GetFullPathNameA
DeleteFileA
GetFileInformationByHandle
FileTimeToLocalFileTime
SetEvent
OpenEventW
MulDiv
GetSystemTime
MapViewOfFile
CreateFileMappingW
GetFileAttributesA
GetStdHandle
CreateThread

gdi32

SetTextColor
CreateSolidBrush
GetObjectW
CreateFontIndirectW
SetBkMode
GetStockObject
GetTextMetricsW
SelectObject
DeleteDC
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreatePen
Rectangle
GetDeviceCaps
GetTextExtentPoint32W
ExcludeClipRect
IntersectClipRect
GetClipRgn
CreateRectRgn
CreateRoundRectRgn
DeleteObject
RestoreDC
SaveDC
SetLayout
SetBkColor

user32

SetWindowLongW
ChangeWindowMessageFilter
NotifyWinEvent
CreateAcceleratorTableW
GetMessageW
TranslateAcceleratorW
IsDialogMessageW
DestroyAcceleratorTable
InflateRect
RedrawWindow
MapDialogRect
GetLayeredWindowAttributes
SetLayeredWindowAttributes
PostQuitMessage
SendNotifyMessageW
DestroyWindow
PostMessageW
GetSysColor
IsWindowVisible
EnableWindow
GetParent
ShowWindow
GetWindowLongW
AdjustWindowRectEx
GetDesktopWindow
FillRect
DrawTextW
LoadIconW
ReleaseDC
GetDC
EndDialog
SendMessageW
GetClientRect
GetSystemMetrics
RegisterWindowMessageW
EndPaint
BeginPaint
GetWindowInfo
GetShellWindow
GetClassNameW
GetWindowTextW
GetWindowTextLengthW
MapWindowPoints
IsWindowEnabled
UpdateWindow
PtInRect
GetClassInfoExW
DefWindowProcW
RegisterClassExW
CallWindowProcW
GetAncestor
SetWindowPlacement
DefDlgProcW
EnumChildWindows
CreateDialogIndirectParamW
DialogBoxIndirectParamW
EnableScrollBar
SetScrollInfo
GetScrollPos
GetScrollInfo
IntersectRect
GetScrollRange
GetFocus
TrackMouseEvent
EnableMenuItem
GetSystemMenu
DrawFocusRect
GetDCEx
ScreenToClient
WindowFromPoint
PostThreadMessageW
MsgWaitForMultipleObjects
BringWindowToTop
GetNextDlgTabItem
MoveWindow
InvalidateRect
SetWindowTextW
SetWindowPos
SetWindowRgn
SetRect
PeekMessageW
MsgWaitForMultipleObjectsEx
TranslateMessage
DispatchMessageW
IsWindow
SystemParametersInfoW
GetWindowPlacement
CopyRect
GetWindowRect
LoadCursorW
SetCursor
ExitWindowsEx
GetWindowThreadProcessId
SetFocus
CharNextW
SetProcessDefaultLayout
SetTimer
KillTimer
LoadStringW
CreateWindowExW
UnregisterClassA

sensapi

IsNetworkAlive

urlmon

CreateAsyncBindCtx
IsValidURL
CoInternetGetSession
CreateURLMoniker

msi

ord270
ord48
ord266
ord150
ord78
ord195
ord92
ord32
ord159
ord205
ord113
ord190
ord141
ord254
ord70
ord203
ord173
ord118
ord115
ord244
ord242
ord116
ord88
ord238
ord240
ord8
ord286
ord285
ord160
ord171

comctl32

ord17

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrustEx

userenv

UnloadUserProfile

secur32

GetUserNameExW

crypt32

CertVerifyCertificateChainPolicy
CryptBinaryToStringW
CryptStringToBinaryW

uxtheme

SetWindowTheme

psapi

EnumProcesses

shlwapi

StrRChrW
PathFindFileNameW
SHDeleteValueW
StrRChrA
StrStrA
SHSetValueW
SHCreateStreamOnFileW
PathFileExistsW
SHDeleteKeyW
PathIsDirectoryW
PathIsRelativeW
PathFindExtensionW
StrStrIW
PathCombineW
SHCreateStreamOnFileEx
SHGetValueW
PathAppendW
PathRemoveFileSpecW
UrlCanonicalizeW
PathStripToRootW
PathStripPathW
PathUnquoteSpacesW
PathRemoveArgsW
UrlCreateFromPathW
PathCreateFromUrlW
PathFindFileNameA
PathFileExistsA
SHCreateStreamOnFileA
PathGetDriveNumberA
PathIsDirectoryA
StrCmpNIW
StrCmpNW
ord437

wininet

InternetCreateUrlW
InternetCrackUrlW
InternetCombineUrlW
InternetQueryOptionW

gdiplus

GdipDeleteFont
GdipCloneImage
GdipGetLogFontW
GdipCreateFontFamilyFromName
GdipAlloc
GdipFree
GdipDrawImageRectRectI
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipCreateFont
GdipCreateFromHWND
GdipDisposeImage
GdipDeleteFontFamily
GdipCreateBitmapFromStream
GdipDeleteGraphics
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromStreamICM
GdipDrawImagePointRectI
GdipDrawImageRectI
GdipDrawImageI
GdipDrawImageRectRect

winhttp

WinHttpOpen
WinHttpWriteData
WinHttpAddRequestHeaders
WinHttpTimeFromSystemTime
WinHttpSetCredentials
WinHttpCloseHandle
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpQueryOption
WinHttpSetStatusCallback
WinHttpQueryHeaders
WinHttpReadData
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetDefaultProxyConfiguration
WinHttpDetectAutoProxyConfigUrl
WinHttpGetProxyForUrl
WinHttpSetTimeouts

cabinet

ord10
ord14
ord13
ord11

ntdll

RtlAllocateHeap
RtlUnwind
RtlFreeHeap
NtQuerySystemTime
VerSetConditionMask

oleacc

LresultFromObject
AccessibleObjectFromWindow

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wer

WerReportCreate
WerReportSubmit
WerReportAddFile
WerReportSetParameter
WerReportCloseHandle
WerReportSetUIOption

rstrtmgr

RmShutdown
RmRestart
RmCancelCurrentTask
RmEndSession
RmStartSession
RmAddFilter
RmRegisterResources

wsock32

inet_addr
gethostbyname
WSACleanup
WSAGetLastError
WSAStartup

shell32

SHGetFolderPathAndSubDirW
ord165
ord43
SHGetFolderPathW
SHGetFolderPathA
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetKnownFolderPath
ShellExecuteExW
CommandLineToArgvW

ole32

CreateStreamOnHGlobal
StringFromGUID2
CoCreateGuid
CoQueryProxyBlanket
CoCopyProxy
CoCreateFreeThreadedMarshaler
CoRegisterClassObject
CoInitializeSecurity
CoSetProxyBlanket
CoRevokeClassObject
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

VariantCopy
SysAllocStringLen
VariantChangeType
LoadTypeLi
SysStringLen
VariantClear
VariantInit
VarUI4FromStr
SysAllocString
SysFreeString
LoadTypeLibEx
LoadRegTypeLi

Sections

.text
Size: 922KB - Virtual size: 921KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 155.0MB - Virtual size: 155.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64f2046b10f4ee51bc6fbac5986e2be1

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:05:a2:30:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

5d:3d:5e:bd:e4:43:43:14:89:27:f7:f5:fb:8c:9d:4b:b5:ab:d6:f2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

sensapi

urlmon

msi

comctl32

wintrust

userenv

secur32

crypt32

uxtheme

psapi

shlwapi

wininet

gdiplus

winhttp

cabinet

ntdll

oleacc

version

wer

rstrtmgr

wsock32

shell32

ole32

oleaut32

Sections

.text Size: 922KB - Virtual size: 921KB

.data Size: 17KB - Virtual size: 38KB

.rsrc Size: 155.0MB - Virtual size: 155.0MB

.reloc Size: 59KB - Virtual size: 59KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:05:a2:30:00:00:00:00:00:08
Certificate

5d:3d:5e:bd:e4:43:43:14:89:27:f7:f5:fb:8c:9d:4b:b5:ab:d6:f2
Signer

.text
Size: 922KB - Virtual size: 921KB

.data
Size: 17KB - Virtual size: 38KB

.rsrc
Size: 155.0MB - Virtual size: 155.0MB

.reloc
Size: 59KB - Virtual size: 59KB