5qlzzvss.3wh.exe

Windows Phone app for desktop

Microsoft Corporation

This is a setup and installation application. The file has been seen being downloaded from 203.113.13.242 and multiple other hosts.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Windows Phone app for desktop

Description:
Software Installer

Version:
1.1.2726.0000

MD5:
d9e1366b1d3e7da845146a2e94323d1b

SHA-1:
f50d99fa1fdf1dfa3893bd9da27014e17c9b401c

SHA-256:
f4cdec49b64597889b51cd331ccc370a7e8cd1e1b1a63a6c3c2e8e4a8a879e97

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
11/24/2024 5:35:56 AM UTC  (today)

File size:
6.4 MB (6,745,792 bytes)

Product version:
1.1.2726.0000

Copyright:
Copyright © Microsoft Corp. 2014. All rights reserved.

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\5qlzzvss.3wh.exe

Digital Signature
Authority:
Microsoft Corporation

Valid from:
1/25/2013 2:33:39 AM

Valid to:
4/25/2014 2:33:39 AM

Subject:
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
33000000B011AF0A8BD03B9FDD0001000000B0

File PE Metadata
Compilation timestamp:
12/25/2012 1:48:25 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:9PxbUPJpingXkXGoZ40w2U+BPDQs/BDPuPbGzJgLg:HbwCgXuJO07Qs5Kw

Entry address:
0x38DB

Entry point:
E8, 4F, 31, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, A4, 0A, 41, 00, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, 96, 31, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24, 95, 60, 3A, 40, 00, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72...
 
[+]

Code size:
40 KB (40,960 bytes)

The file 5qlzzvss.3wh.exe has been seen being distributed by the following 30 URLs.

http://203.113.13.242/msupdate/5/1/D/.../WindowsPhone.exe

http://download1865.mediafire.com/ft6i3t1cwz0g/.../PaintTool SAI _1.1.0_PT_BR.exe

https://onedrive.live.com/.../I=0&ithint=.exe

http://go.redirectingat.com/?id=23432X820454&site=windowscentral.com&xs=1&isjs=1&url=http://go.microsoft.com/fwlink/?LinkID=265472&xguid=fd6fdd15b80a1d8989f20c9e8f798fcc&xuuid=3c625b59b33b48cad6acfa6439ded0d2&xsessid=304a2c301ee00ff9523e88a3af60e44a&xcreo=0&xed=0&sref=http://www.windowscentral.com/microsoft-updates-windows-phone-app-desktop-preview-3&pref=http://www.windowscentral.com/.../windows-phone-app-desktop&xtz=-120

http://download-new.utorrent.com/endpoint/bittorrent/os/windows/track/.../

http://redirecionar.mergulhei.com.br/tecmundo?url=http://go.microsoft.com/.../?LinkID=265472

http://118.175.9.117/msupdate/5/7/B/57BF5016-E4F0-4EB5-BE27-2BFA87E7723F/201508041/.../feed.xml?ivit=6393&original=download.microsoft.com/download/5/7/B/57BF5016-E4F0-4EB5-BE27-2BFA87E7723F/201508041/.../feed.xml

http://151.99.72.126/data/022a11ee60112ce8/download.microsoft.com/download/5/1/D/.../WindowsPhone.exe

http://go.redirectingat.com/?id=23432X820454&site=windowscentral.com&xs=1&isjs=1&url=http://go.microsoft.com/fwlink/?LinkID=265472&xguid=6ae80bda346ba12d0edc45bba140eb52&xuuid=38e4b7433b0ff497354fc42e70489ddf&xsessid=&xcreo=0&xed=0&sref=http://www.windowscentral.com/microsoft-updates-windows-phone-app-desktop-preview-3&pref=http://www.windowscentral.com/.../windows-phone-app-desktop&xtz=-330

http://www.techtudo.com.br/_/software/.../download

http://80.17.2.214/data/6278b08007beb5b8/download.microsoft.com/download/5/1/D/.../WindowsPhone.exe

https://aka.ms/windowsphoneappdesktop

http://212.131.108.150/data/188450406139338c/download.microsoft.com/download/5/1/D/.../WindowsPhone.exe

http://113.171.224.171/.../WindowsPhone.exe

temp:WindowsPhone.exe

http://200.117.237.14/msupdate/5/1/D/.../WindowsPhone.exe

http://186.215.127.238/msupdate/5/1/D/.../WindowsPhone.exe

Latest 30 of 30 download URLs