home

w7lxe.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from dl-mail.ymail.com and multiple other hosts.
Version:
3.0.0.0

MD5:
447445d9036ed6b360468250e929b403

SHA-1:
7168edc8b5e9dab95805cb665941c17f37e141a4

SHA-256:
fefac2fc8348324d1791aab4c319cbe07ec496f40a523c85f9b96c43b8cc712c

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/23/2024 7:50:27 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:PUP-gen [PUP]
2014.9-140127

Bkav FE
W32.Clod7f7.Trojan
1.3.0.4923

File size:
4 MB (4,154,880 bytes)

Product version:
3.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\w7lxe.exe

File PE Metadata
Compilation timestamp:
8/22/2009 10:12:34 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:Bs/l8SrtaRoNLZka5TEQb0R5fsYDRYeowYeodUqeurn4UiRl:K9LZkaV0R5f9Tn1qMUib

Entry address:
0x137548

Entry point:
55, 8B, EC, 83, C4, F0, B8, 7C, 06, 53, 00, E8, 20, 39, ED, FF, A1, 58, EF, 53, 00, 8B, 00, E8, EC, 90, F9, FF, A1, 58, EF, 53, 00, 8B, 00, BA, 10, 76, 53, 00, E8, F7, 8A, F9, FF, 33, C9, B2, 01, A1, 44, 3E, 51, 00, E8, ED, E6, F8, FF, 8B, 15, C4, F1, 53, 00, 89, 02, 33, C9, B2, 01, A1, 3C, 51, 51, 00, E8, D7, E6, F8, FF, 8B, 15, D8, EA, 53, 00, 89, 02, 33, C9, B2, 01, A1, 20, 39, 51, 00, E8, C1, E6, F8, FF, 8B, 15, F4, EC, 53, 00, 89, 02, 33, C9, B2, 01, A1, 20, 36, 51, 00, E8, AB, E6, F8, FF, 8B, 15, 70...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
1.2 MB (1,271,296 bytes)

The file w7lxe.exe has been seen being distributed by the following 31 URLs.

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-mIX_TyzC8N3ijMxc2srQhqOjjaCn58CGbyQUT32EDXGhZX7fjvj4mt-RBfC1tbdWjVfli5JDkUiiZ09-kZbeLQ/messages/@.id==AOhUimIANzHkWDuAEQgSaLi1wY8/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBbP1KkrCZKH4rSX7MqRjEmSZWs0mFxz2BPGjjM99ryo-QyemB11W8eBPgHo11FwpbSEOSXZdGsfQNtPcjV4ltu1&error=https://mg.mail.yahoo.com/.../iframemsg?id=1af6ac59-06ed-c63c-b28b-dddb3ab735d5&ymreqid=7f5c36f5-24bb-e3d1-0100-2f0022010000

https://doc-10-3c-docs.googleusercontent.com/docs/securesc/8lnjrg522ole9li4jid5dvbvhbiblupu/iqj75ul2p35jtfpr1nd34vq99ndf610i/1463688000000/.../06548889884694420798/0ByrVI66nIvnERnVzaUdMWmcyamc?e=download

http://aplicativos.no-ip.org:8245/.../w7lxe.exe

https://77l5pw.bl3302.livefilestore.com/.../Ativar Windows Sevem.exe

http://zalacznik.wp.pl/.../annn.exe

http://download1102.mediafire.com/utg95kmb91mg/.../W7LEB3.EXE

https://doc-10-3c-docs.googleusercontent.com/docs/securesc/8lnjrg522ole9li4jid5dvbvhbiblupu/r3au8cq4o27jlteitg342igudev670bq/1463760000000/.../06548889884694420798/0ByrVI66nIvnERnVzaUdMWmcyamc?e=download

http://192.168.2.154/w7lxe.exe

https://docs.google.com/uc?id=0B_GxrZpjTXQic05Gb3RNZUtLTzg&export=download

http://remote1.hulkload.com/files/8/.../activate.exe

https://www.dropbox.com/sh/qvl3bobe4gw8qga/AABvMaguQZ3E9BVOvEAVOCx8a/.../Ativador Windows 7 Todas as Versões x86 e x64.exe

ftp://ftp.netbynet.com.br/Microsoft/Ferramentas Microsoft/Ativadores/.../Ativador_7.exe

https://mega.nz/temporary/.../TAAUiZbZ

https://doc-0c-7o-docs.googleusercontent.com/docs/securesc/nm301hv5l67m0cu35ro3tda7isitm5nd/6a2ak8ahuf8hnhv35r71u3aa6gquhd1l/1467151200000/.../09067828854051962775/0BwKqyw9qZu9pcVdPdi1FTm1WMU0?e=download

https://docs.google.com/uc?authuser=0&id=0BzD9f4zO-CSCanozZGZyNGtfVVE&export=download

http://remote1.hulkload.com/files/5/.../activate.exe

https://doc-0g-c8-docs.googleusercontent.com/docs/securesc/ihebb0l95frsnqcqs64os64k67c5sncc/rqvj9hjpd0e0o86t06cj7nrfod18252i/1454680800000/.../09948325351710179018/0B78-x-Jdq0yGUUFLWHBoejdIOUU?e=download

https://doc-04-4o-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/rues7bhqd3tpq5madgen3mingpsuekan/1466301600000/07786092265238281786/.../0B6Qy6paXuk-sRzNEYXRSUDVyVXM?e=download

https://www.dropbox.com/s/.../Ativador.Todas.Versoes.W7.Up.By Leoseven.exe

http://remote1.hulkload.com/files/8/.../activate.exe

http://download1808.mediafire.com/9hcoc8e3uiug/.../W7LEB3.EXE

https://www.dropbox.com/sh/0ncsq4wea7mr7na/.../Ativador Windows 7 Todas as Versões x86 e x64.exe

https://www.dropbox.com/pri/.../Ativando Todas Versões Windows 7.exe

https://onedrive.live.com/.../KGL6is YnykHZRPQxz0NFyssy9r7apoC2vwek z0FU=5

https://dl-web.dropbox.com/get/.../Crack Windowns 7 Enterprise.exe

https://doc-0s-14-docs.googleusercontent.com/docs/securesc/p6jfcrcg7p97lgp0gtfgr9lo39q8gunh/lv2niiqnuk4d1m47uvhb2vboe4e9ga4m/1457776800000/.../14246852320520645522/0BxZcR6G0m5vBXzR1ZlB1NjdQZHM?e=download

https://mega.nz/temporary/.../koth1DCB

http://s10068.minhateca.com.br/File.aspx?e=f_jIgVyEE-8tbctsDg2Tm0s7mMO8_E5zm-qeZ0AzcDOxmyg9UnGwRWorxIsPoWRhFCYmbXJXD8bwMTgbdnDhXMLAfDdHz38g3SeAcObx2PdYs72LIonoxV16kaDfsLlAT228hH_HrHZwyPVpHKm4zsX1SlyiR4HWKp2UGWUt7S8&pv=2

http://freecache25-free.uloz.to/Ps;Hs;fid=3949364;cid=404665670;rid=1347884164;up=0;uip=95.103.20.255;tm=1406573010;ut=f;aff=ulozto.sk;did=ulozto-sk;He;ch=4d7774bf976f640c461471a7542a0000;Pe/.../windows-7-activator.exe

http://freecache22-free.uloz.to/Ps;Hs;fid=3949364;cid=404665670;rid=1347884164;up=0;uip=95.103.20.255;tm=1406573010;ut=f;aff=ulozto.sk;did=ulozto-sk;He;ch=4d7774bf976f640c461471a7542a0000;Pe/.../windows-7-activator.exe

Latest 30 of 31 download URLs

Scan w7lxe.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.