home

defaultpack.exe

DefaultPack.EXE

Microsoft Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from dl-mail.ymail.com and multiple other hosts.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
DefaultPack.EXE

Version:
1.7.54.1

MD5:
a504497b6e549c2e4f89259c5873bbe9

SHA-1:
9b5016083467eca5a00adee37c037df27d490c45

SHA-256:
c670b86bf41a6bf631e8d3a25cc2627f05dd331ef9328a76bf1fef877fca9fc0

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
11/17/2024 2:26:55 AM UTC  (today)

File size:
2.4 MB (2,551,952 bytes)

Product version:
1.7.54.1

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
WEXTRACT.EXE .MUI

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\defaultpack.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
6/4/2015 6:42:45 PM

Valid to:
9/4/2016 6:42:45 PM

Subject:
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
330000010A2C79AED7797BA6AC00010000010A

File PE Metadata
Compilation timestamp:
10/14/2013 6:50:27 AM

OS version:
6.3

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:LQ5e1lCNTsP+GX8cqku859D4NhnMHKKLnowcYmoxF9PS8cW0H1i9pmbNZ+qw/qG:BqlsF1/bD4jSKKLno9Y5pSbE9Ik5

Entry address:
0x67CC

Entry point:
E8, 07, 0B, 00, 00, E9, 05, 00, 00, 00, CC, CC, CC, CC, CC, 6A, 58, 68, 68, 75, 40, 00, E8, BD, 0B, 00, 00, 33, DB, 89, 5D, E0, 89, 5D, FC, 8D, 45, 98, 50, FF, 15, 70, A1, 40, 00, C7, 45, FC, FE, FF, FF, FF, C7, 45, FC, 01, 00, 00, 00, 64, A1, 18, 00, 00, 00, 8B, 78, 04, 8B, F3, BA, EC, 88, 40, 00, 8B, CF, 33, C0, F0, 0F, B1, 0A, 85, C0, 74, 07, 3B, C7, 75, 16, 33, F6, 46, 83, 3D, F0, 88, 40, 00, 01, 75, 17, 6A, 1F, E8, 30, 09, 00, 00, 59, EB, 43, 68, E8, 03, 00, 00, FF, 15, 6C, A1, 40, 00, EB, C8, 39, 1D...
 
[+]

Entropy:
7.9816  (probably packed)

Code size:
25.5 KB (26,112 bytes)

The file defaultpack.exe has been seen being distributed by the following 50 URLs.

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-XzA0pEA5YPo_3Xx49s3Q7EIM1FvESJXkgunOSviyxf4X8azvRiWpumYGXdoYUnD1/messages/@.id==AIQaDUwAAzbCV7nfJAn-mJsjpgI/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=59f33406-3f94-0934-0122-0e0015010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBbpQsc55zRLvTpu75diJ5HlOstHGQ2SvOzuBlPC52QM-g&error=https://us-mg6.mail.yahoo.com/.../iframemsg?id=34989366-52f8-c29d-42ec-a47fb8362825

http://everydownload.net/installing-7t/us/windows-media-player/windows/.../?post_id=8881&sid=14324141

http://everydownload.net/installing-7i/us/windows-media-player/windows/.../?post_id=8881&sid=13905949

http://everydownload.net/installing-8j/us/windows-media-player/windows/.../?post_id=8881&sid=15251419

http://everydownload.net/installing-87/us/windows-media-player/windows/.../?post_id=8881

http://everydownload.net/installing-6l/us/windows-media-player/windows/.../?post_id=8881&sid=12880052

https://doc-00-3o-docs.googleusercontent.com/docs/securesc/o01spf64ekk674rkg5p53nmbe0fru5tf/8vvu3dthe35hg1i5gn05gq145cresl5n/1483351200000/.../01980867116358349294/0B7tZ0xWZWxeNcjdyeXRBSk9Qb3c?e=download

http://everydownload.net/installing-6u/us/windows-media-player/windows/.../?post_id=8881&sid=13127512

http://everydownload.net/installing-96/us/windows-media-player/windows/.../?post_id=8881&sid=16031334

http://everydownload.net/installing-8k/us/windows-media-player/windows/.../?post_id=8881&sid=15300030

http://everydownload.net/installing-7q/us/windows-media-player/windows/.../?post_id=8881&sid=14203886

http://everydownload.net/installing-9c/us/windows-media-player/windows/.../?post_id=8881&sid=16252904

http://everydownload.net/installing-7s/us/windows-media-player/windows/.../?post_id=8881&sid=14274524

http://everydownload.net/installing-8o/us/windows-media-player/windows/.../?post_id=8881&sid=15429078

http://www.quickbitsdownloads.com/CNkXmDcBDoAYXHqpFiS_3gR0BkBCwwmxowgqJg2VJ0Qmuzem0ywoXwqrnwlvGJvRDpncelZnjqIa_x trM_eytM8 DgOQkvPwmF9ogE4aZrZogvVputNB7Dvez1HcgO_pFFPDaqBuTjhyEsNtMSzfJ4IthaEfUvt_NZnGtuzuEGIcVBRTuFUZFQv6SS7xI6cmtEPZd_DE7G3h3CbpNjEv737OlhC7A==-G2AAAER1Q6mgKS84hzkCwSDfDQ6csqgwSymUcfAYPq9W4gRt_GXmZk6tUW6XqYsg0reN84ZaficQtJCrGySMZ3TBEs8DXkmZCae6_AI=

http://everydownload.net/installing-9h/us/windows-media-player/windows/.../?post_id=8881&sid=16446747

http://everydownload.net/installing-9b/us/windows-media-player/windows/.../?post_id=8881

http://everydownload.net/installing-8z/us/windows-media-player/windows/.../?post_id=8881&sid=15805360

http://everydownload.net/installing-9f/us/windows-media-player/windows/.../?post_id=8881&sid=16373496

http://everydownload.net/installing-9c/us/windows-media-player/windows/.../?post_id=8881&sid=16280476

http://everydownload.net/installing-8l/us/windows-media-player/windows/.../?post_id=8881

http://everydownload.net/installing-6u/us/windows-media-player/windows/.../?post_id=8881&sid=13126129

http://dl01.fabdmr.com/n/.../Windows_Media_Player.exe

http://everydownload.net/installing-9j/us/windows-media-player/windows/.../?post_id=8881&sid=16528752

http://everydownload.net/installing-8r/us/windows-media-player/windows/.../?post_id=8881&sid=15521348

http://everydownload.net/installing-96/us/windows-media-player/windows/.../?post_id=8881&sid=16027956

http://everydownload.net/installing-9i/us/windows-media-player/windows/.../?post_id=8881&sid=16477579

http://everydownload.net/installing-8t/us/windows-media-player/windows/.../?post_id=8881&sid=15618233

http://everydownload.net/installing-8v/us/windows-media-player/windows/.../?post_id=8881&sid=15658226

http://everydownload.net/installing-7z/us/windows-media-player/windows/.../?post_id=8881&sid=14521117

Latest 30 of 57 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.