× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0fa07857b113ed708462f4530d6c3f2f22be16a3f43e67b2f16cbf2b5f8ec069
File name: wlsetup-web.exe
Detection ratio: 0 / 56
Analysis date: 2016-04-02 22:02:56 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160402
AegisLab 20160402
AhnLab-V3 20160402
Alibaba 20160401
ALYac 20160402
Antiy-AVL 20160402
Arcabit 20160402
Avast 20160402
AVG 20160402
Avira (no cloud) 20160402
AVware 20160402
Baidu 20160402
Baidu-International 20160402
BitDefender 20160402
Bkav 20160402
CAT-QuickHeal 20160402
ClamAV 20160402
CMC 20160401
Comodo 20160402
Cyren 20160402
DrWeb 20160402
Emsisoft 20160402
ESET-NOD32 20160402
F-Prot 20160402
F-Secure 20160402
Fortinet 20160402
GData 20160402
Ikarus 20160402
Jiangmin 20160402
K7AntiVirus 20160402
K7GW 20160402
Kaspersky 20160402
Kingsoft 20160402
Malwarebytes 20160402
McAfee 20160402
McAfee-GW-Edition 20160402
Microsoft 20160402
eScan 20160402
NANO-Antivirus 20160402
nProtect 20160401
Panda 20160402
Qihoo-360 20160402
Rising 20160402
Sophos AV 20160402
SUPERAntiSpyware 20160402
Symantec 20160331
Tencent 20160402
TheHacker 20160330
TrendMicro 20160402
TrendMicro-HouseCall 20160402
VBA32 20160401
VIPRE 20160402
ViRobot 20160402
Yandex 20160316
Zillya 20160402
Zoner 20160402
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Windows Essentials
Original name wlsetup.exe
Internal name wlsetup
File version 16.4.3528.0331
Description Windows Essentials Installer
Signature verification Signed file, verified signature
Signing date 7:14 AM 4/1/2014
Signers
[+] Microsoft Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Code Signing PCA
Valid from 11:33 PM 1/24/2013
Valid to 11:33 PM 4/24/2014
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 108E2BA23632620C427C570B6D9DB51AC31387FE
Serial number 33 00 00 00 B0 11 AF 0A 8B D0 3B 9F DD 00 01 00 00 00 B0
[+] Microsoft Code Signing PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:19 PM 8/31/2010
Valid to 11:29 PM 8/31/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 3CAF9BA2DB5570CAF76942FF99101B993888E257
Serial number 61 33 26 1A 00 00 00 00 00 31
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Time-Stamp PCA
Valid from 9:08 PM 3/27/2013
Valid to 9:08 PM 6/27/2014
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint B0A14894A7339739B6B509DE26D9B7AADED2E533
Serial number 33 00 00 00 34 24 31 40 C9 A0 C1 79 8D 00 00 00 00 00 34
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 1:53 PM 4/3/2007
Valid to 2:03 PM 4/3/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-01 04:27:13
Entry Point 0x00036596
Number of sections 4
PE sections
Overlays
MD5 0925f948e9bd5cfeb404a5ff1208e367
File type data
Offset 1223680
Size 16072
Entropy 7.42
PE imports
RegCreateKeyExW
RegCloseKey
DuplicateToken
CopySid
TraceEvent
AdjustTokenPrivileges
InitializeAcl
LookupPrivilegeValueW
RegDeleteKeyW
CryptHashData
CheckTokenMembership
RegisterTraceGuidsW
RegQueryValueExW
CryptCreateHash
GetSidSubAuthority
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateWellKnownSid
OpenProcessToken
RegGetValueW
RegOpenKeyExW
CreateProcessAsUserW
SetTokenInformation
GetSecurityDescriptorOwner
ConvertSidToStringSidW
GetTokenInformation
DuplicateTokenEx
CryptReleaseContext
GetUserNameW
IsValidSid
UnregisterTraceGuids
RegQueryInfoKeyW
GetSecurityDescriptorDacl
RegEnumKeyExW
CryptGenRandom
CryptAcquireContextW
GetLengthSid
ConvertStringSidToSidW
InitializeSid
SetSecurityInfo
CryptDestroyHash
OpenThreadToken
RegDeleteValueW
RevertToSelf
RegSetValueExW
FreeSid
CryptGetHashParam
GetSidLengthRequired
RegEnumValueW
AllocateAndInitializeSid
GetTraceLoggerHandle
ImpersonateLoggedOnUser
AddAce
SetNamedSecurityInfoW
CryptBinaryToStringW
CertVerifyCertificateChainPolicy
CryptStringToBinaryW
Ord(11)
Ord(10)
Ord(22)
Ord(23)
Ord(20)
Ord(14)
Ord(13)
GetTextMetricsW
CreateFontIndirectW
CreatePen
SaveDC
Rectangle
GetDeviceCaps
ExcludeClipRect
DeleteDC
RestoreDC
SetBkMode
SetLayout
DeleteObject
IntersectClipRect
BitBlt
SetTextColor
GetObjectW
GetStockObject
CreateRoundRectRgn
CreateCompatibleDC
CreateRectRgn
SelectObject
CreateSolidBrush
GetClipRgn
SetBkColor
GetTextExtentPoint32W
CreateCompatibleBitmap
GetTempFileNameA
FileTimeToDosDateTime
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
SetEvent
HeapDestroy
GetPrivateProfileSectionNamesW
FlsGetValue
HeapFree
GetFileAttributesW
QueryFullProcessImageNameW
GetLocalTime
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
FreeEnvironmentStringsW
LocalAlloc
UnhandledExceptionFilter
GetSystemDirectoryW
GetFileInformationByHandle
InitializeSListHead
InterlockedPopEntrySList
SetStdHandle
GetTempPathA
WideCharToMultiByte
InterlockedExchange
GetTempPathW
GetTimeZoneInformation
WaitForSingleObject
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
LocalFree
FormatMessageW
GetThreadPriority
FlsFree
FreeLibraryAndExitThread
GetSystemDefaultLocaleName
OutputDebugStringW
FindClose
InterlockedDecrement
SetFileAttributesW
QueueUserWorkItem
EncodePointer
GetCurrentThread
GetEnvironmentVariableW
SetLastError
CreateHardLinkTransactedW
GetSystemTime
DeviceIoControl
InitializeCriticalSection
CopyFileW
LoadResource
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
FlsSetValue
RemoveDirectoryA
HeapSetInformation
LockFileEx
SetThreadPriority
GetSystemDefaultLCID
LoadLibraryExW
MultiByteToWideChar
VerifyVersionInfoW
SetFilePointerEx
DeleteTimerQueueTimer
FlushInstructionCache
GetPrivateProfileStringW
GetFullPathNameW
InterlockedExchangeAdd
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetSystemDefaultUILanguage
GetExitCodeThread
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
SetThreadStackGuarantee
GetUserDefaultLocaleName
DecodePointer
SetEnvironmentVariableA
WaitForMultipleObjectsEx
TerminateProcess
CreateSemaphoreW
GetModuleHandleExW
VirtualQuery
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
InitOnceExecuteOnce
EnterCriticalSection
LoadLibraryW
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
VirtualProtect
FlushFileBuffers
lstrcmpiW
FreeLibrary
GetFileSize
OpenProcess
CreateDirectoryA
DeleteFileA
CreateTimerQueueTimer
GetStartupInfoW
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetSystemInfo
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
EnumResourceNamesW
CompareStringW
WriteFile
GetFileSizeEx
GetModuleFileNameW
ExpandEnvironmentStringsW
GetNamedPipeServerProcessId
FindNextFileW
DeleteFileTransactedW
CompareStringA
GetComputerNameExW
FindResourceW
FindFirstFileW
DuplicateHandle
GetProcAddress
GetLocaleInfoEx
GetPrivateProfileSectionW
GetProductInfo
CreateEventW
CreateFileW
WerRegisterFile
GetFileType
CreateFileA
HeapAlloc
LCMapStringEx
InterlockedIncrement
GetNativeSystemInfo
GetLastError
InterlockedPushEntrySList
SystemTimeToFileTime
GetComputerNameW
GetShortPathNameW
CreateNamedPipeW
GlobalFree
GetConsoleCP
OpenEventW
GetThreadUILanguage
GetEnvironmentStringsW
lstrlenW
VirtualFree
FileTimeToLocalFileTime
SizeofResource
CompareFileTime
CompareStringEx
LockResource
SetFileTime
GetCommandLineW
GetCPInfo
HeapSize
FlsAlloc
InterlockedCompareExchange
WritePrivateProfileStringW
GetTickCount64
RaiseException
ReleaseSemaphore
MapViewOfFile
SetFilePointer
ReadFile
CloseHandle
OpenMutexW
SetDllDirectoryW
UnlockFileEx
GetACP
GetModuleHandleW
FreeResource
GetFileAttributesExW
GetLongPathNameW
IsValidCodePage
UnmapViewOfFile
FindResourceExW
CreateProcessW
Sleep
VirtualAlloc
GetCurrentProcessId
ResetEvent
AccessibleObjectFromWindow
LresultFromObject
LoadRegTypeLib
VariantChangeType
SysStringLen
SysAllocStringLen
VariantClear
SysAllocString
VariantCopy
LoadTypeLibEx
LoadTypeLib
SysFreeString
VariantInit
VarUI4FromStr
EnumProcesses
RmCancelCurrentTask
RmAddFilter
RmRestart
RmShutdown
RmRegisterResources
RmStartSession
RmEndSession
SHGetFolderPathW
Ord(43)
SHCreateDirectoryExW
SHGetKnownFolderPath
Ord(165)
ShellExecuteExW
SHGetFolderPathA
SHGetSpecialFolderPathW
SHGetFolderPathAndSubDirW
CommandLineToArgvW
SHSetValueW
StrRChrW
PathStripPathW
PathIsDirectoryA
StrCmpNIW
Ord(437)
StrRChrA
PathFindExtensionW
PathRemoveArgsW
UrlCreateFromPathW
PathIsRelativeW
PathIsDirectoryW
SHGetValueW
PathGetDriveNumberA
SHCreateStreamOnFileW
PathFileExistsW
SHCreateStreamOnFileA
SHDeleteValueW
PathStripToRootW
PathCombineW
PathFileExistsA
SHCreateStreamOnFileEx
SHDeleteKeyW
PathRemoveFileSpecW
PathCreateFromUrlW
StrStrIW
PathAppendW
StrStrA
StrCmpNW
PathUnquoteSpacesW
PathFindFileNameW
PathFindFileNameA
GetUserNameExW
RedrawWindow
SetWindowRgn
EnableScrollBar
PostQuitMessage
SetWindowPos
IsWindow
EndPaint
WindowFromPoint
DispatchMessageW
ReleaseDC
SendMessageW
UnregisterClassW
GetClientRect
DrawTextW
GetNextDlgTabItem
MsgWaitForMultipleObjectsEx
GetWindowTextW
GetWindowTextLengthW
MsgWaitForMultipleObjects
PtInRect
GetParent
UpdateWindow
ChangeWindowMessageFilter
GetMessageW
ShowWindow
PeekMessageW
EnableWindow
SetWindowPlacement
LoadIconW
TranslateMessage
IsWindowEnabled
GetWindowPlacement
LoadStringW
EnableMenuItem
DrawFocusRect
GetDCEx
IsDialogMessageW
FillRect
CopyRect
CreateWindowExW
GetWindowLongW
GetWindowInfo
DestroyWindow
MapWindowPoints
RegisterWindowMessageW
BeginPaint
DefWindowProcW
GetScrollPos
KillTimer
TrackMouseEvent
GetClassInfoExW
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
EnumChildWindows
IntersectRect
PostMessageW
GetScrollInfo
SetWindowTextW
SetTimer
BringWindowToTop
ScreenToClient
GetLayeredWindowAttributes
DialogBoxIndirectParamW
DestroyAcceleratorTable
GetDesktopWindow
LoadCursorW
GetSystemMenu
GetDC
NotifyWinEvent
ExitWindowsEx
CreateDialogIndirectParamW
MapDialogRect
GetScrollRange
SetLayeredWindowAttributes
EndDialog
SetProcessDefaultLayout
CreateAcceleratorTableW
GetShellWindow
SetFocus
GetWindowThreadProcessId
RegisterClassExW
MoveWindow
AdjustWindowRectEx
SendMessageTimeoutW
GetSysColor
SetScrollInfo
IsWindowVisible
SystemParametersInfoW
SetRect
InvalidateRect
CharNextW
CallWindowProcW
GetClassNameW
GetAncestor
GetFocus
TranslateAcceleratorW
DefDlgProcW
SetCursor
UnloadUserProfile
SetWindowTheme
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
WinHttpTimeFromSystemTime
WinHttpConnect
WinHttpQueryHeaders
WinHttpSendRequest
WinHttpCloseHandle
WinHttpSetOption
WinHttpSetTimeouts
WinHttpQueryDataAvailable
WinHttpWriteData
WinHttpCrackUrl
WinHttpSetCredentials
WinHttpGetProxyForUrl
WinHttpAddRequestHeaders
WinHttpSetStatusCallback
WinHttpGetDefaultProxyConfiguration
WinHttpReceiveResponse
WinHttpOpen
WinHttpOpenRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpReadData
InternetCreateUrlW
InternetCrackUrlW
InternetCombineUrlW
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrustEx
WSAStartup
gethostbyname
inet_addr
WSAGetLastError
WSACleanup
GdipGetLogFontW
GdipDrawImageRectRect
GdiplusShutdown
GdipDeleteFontFamily
GdipDisposeImage
GdiplusStartup
GdipDeleteGraphics
GdipCreateBitmapFromStream
GdipDeleteFont
GdipDrawImagePointRectI
GdipCreateFromHDC
GdipGetImageWidth
GdipAlloc
GdipCreateFromHWND
GdipDrawImageI
GdipDrawImageRectI
GdipDrawImageRectRectI
GdipCreateFont
GdipFree
GdipCreateFontFamilyFromName
GdipGetImageHeight
GdipCloneImage
CommitTransaction
CreateTransaction
RollbackTransaction
Ord(285)
Ord(205)
Ord(242)
Ord(270)
Ord(266)
Ord(113)
Ord(48)
Ord(150)
Ord(173)
Ord(115)
Ord(160)
Ord(171)
Ord(190)
Ord(159)
Ord(88)
Ord(70)
Ord(203)
Ord(92)
Ord(254)
Ord(141)
Ord(244)
Ord(116)
Ord(238)
Ord(240)
Ord(286)
Ord(78)
Ord(195)
Ord(118)
Ord(32)
Ord(8)
RtlAllocateHeap
NtQuerySystemTime
RtlUnwind
RtlFreeHeap
VerSetConditionMask
CreateStreamOnHGlobal
CoRegisterClassObject
CoTaskMemAlloc
CoRevokeClassObject
CoInitializeEx
CoQueryProxyBlanket
CoCreateGuid
CoTaskMemRealloc
CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoDisconnectObject
CoCopyProxy
CoTaskMemFree
StringFromGUID2
CoSetProxyBlanket
CoCreateFreeThreadedMarshaler
PdhGetFormattedCounterValue
PdhCloseQuery
PdhOpenQueryW
PdhCollectQueryData
PdhAddEnglishCounterW
CoInternetGetSession
CreateAsyncBindCtx
URLOpenStreamW
CreateURLMoniker
WerReportSubmit
WerReportAddFile
WerReportCloseHandle
WerReportCreate
WerReportSetParameter
WerReportSetUIOption
Number of PE resources by type
RT_STRING 38
CONFIG 14
RT_ICON 13
RT_RCDATA 9
HIG 6
RT_DIALOG 1
TYPELIB 1
WLUNPACKER 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 70
NEUTRAL 16
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.0

LinkerVersion
11.0

ImageVersion
6.2

FileSubtype
0

FileVersionNumber
16.4.3528.331

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
275456

EntryPoint
0x36596

OriginalFileName
wlsetup.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
16.4.3528.0331

TimeStamp
2014:04:01 05:27:13+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
wlsetup

ProductVersion
16.4.3528.0331

FileDescription
Windows Essentials Installer

OSVersion
6.2

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
947200

ProductName
Windows Essentials

ProductVersionNumber
16.4.3528.331

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 fd16c47494166590f41c2db1365ad13f
SHA1 6d48f1a6734cabd435dc6ec6ba0a94ebfcf15b9f
SHA256 0fa07857b113ed708462f4530d6c3f2f22be16a3f43e67b2f16cbf2b5f8ec069
ssdeep
24576:enz7O4ILdA9KHjStCd8Xxpqo01fgBOV2oEb5uxWt:sfIIKCBBpN0eO2oEo

authentihash 2190caed2b9f0ac975cbd4cf091722568666d678945d8d416d4549d0ccf58e4f
imphash 4f80bf39f1af7ff2a025f67b08135575
File size 1.2 MB ( 1239752 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (53.0%)
Win64 Executable (generic) (34.0%)
Win32 Executable (generic) (5.5%)
OS/2 Executable (generic) (2.4%)
Generic Win/DOS Executable (2.4%)
Tags
peexe via-tor signed overlay

VirusTotal metadata
First submission 2014-04-16 16:49:29 UTC ( 4 years, 2 months ago )
Last submission 2018-06-18 03:11:22 UTC ( 1 day, 11 hours ago )
File names 6d48f1a6734cabd435dc6ec6ba0a94ebfcf15b9f.exe
WLSETUP-WEB.EXE
wlsetup-web.exe.y4aie05.partial
36230-675477-windows-movie-maker.exe
wlsetup-web.exe
wlsetup-web.exe.acp06p9.partial
wlsetup-web.exe.ph39n23.partial
wlsetup-web (3).exe
wlsetup-web (1).exe
wlsetup-web.exe
wlsetup-web(1).exe
f_00c625
wlsetup-web.exe.3vjvjcs.partial
windows-movie-maker-2012.exe
Windows Live setup-web v14.exe
Movie maker 2012.exe
WindowsLivePhotoGallery.exe
windows-live-photo-gallery.exe
file
wlsetup-web-12.exe
0fa07857b113ed70_cuckoo-322e8e6dbb46f430d5ba9c0a545f44f6b415c6e88a2c2bd639a0fa860b406ac8.exe
wlsetup-web windows movie maker.exe
230115-670612-windows-movie-maker-2013.exe
codecX-msf-norun.dll.exe
nvepdjttjsv5ino4n3dlucuu5p6pcw47.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!