w7lxe.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from dl-mail.ymail.com and multiple other hosts.
Version:
3.0.0.0

MD5:
447445d9036ed6b360468250e929b403

SHA-1:
7168edc8b5e9dab95805cb665941c17f37e141a4

SHA-256:
fefac2fc8348324d1791aab4c319cbe07ec496f40a523c85f9b96c43b8cc712c

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/26/2024 12:40:04 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:PUP-gen [PUP]
2014.9-140127

Bkav FE
W32.Clod7f7.Trojan
1.3.0.4923

File size:
4 MB (4,154,880 bytes)

Product version:
3.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\w7lxe.exe

File PE Metadata
Compilation timestamp:
8/22/2009 10:12:34 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:Bs/l8SrtaRoNLZka5TEQb0R5fsYDRYeowYeodUqeurn4UiRl:K9LZkaV0R5f9Tn1qMUib

Entry address:
0x137548

Entry point:
55, 8B, EC, 83, C4, F0, B8, 7C, 06, 53, 00, E8, 20, 39, ED, FF, A1, 58, EF, 53, 00, 8B, 00, E8, EC, 90, F9, FF, A1, 58, EF, 53, 00, 8B, 00, BA, 10, 76, 53, 00, E8, F7, 8A, F9, FF, 33, C9, B2, 01, A1, 44, 3E, 51, 00, E8, ED, E6, F8, FF, 8B, 15, C4, F1, 53, 00, 89, 02, 33, C9, B2, 01, A1, 3C, 51, 51, 00, E8, D7, E6, F8, FF, 8B, 15, D8, EA, 53, 00, 89, 02, 33, C9, B2, 01, A1, 20, 39, 51, 00, E8, C1, E6, F8, FF, 8B, 15, F4, EC, 53, 00, 89, 02, 33, C9, B2, 01, A1, 20, 36, 51, 00, E8, AB, E6, F8, FF, 8B, 15, 70...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
1.2 MB (1,271,296 bytes)

The file w7lxe.exe has been seen being distributed by the following 31 URLs.

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-mIX_TyzC8N3ijMxc2srQhqOjjaCn58CGbyQUT32EDXGhZX7fjvj4mt-RBfC1tbdWjVfli5JDkUiiZ09-kZbeLQ/messages/@.id==AOhUimIANzHkWDuAEQgSaLi1wY8/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBbP1KkrCZKH4rSX7MqRjEmSZWs0mFxz2BPGjjM99ryo-QyemB11W8eBPgHo11FwpbSEOSXZdGsfQNtPcjV4ltu1&error=https://mg.mail.yahoo.com/.../iframemsg?id=1af6ac59-06ed-c63c-b28b-dddb3ab735d5&ymreqid=7f5c36f5-24bb-e3d1-0100-2f0022010000

https://doc-10-3c-docs.googleusercontent.com/docs/securesc/8lnjrg522ole9li4jid5dvbvhbiblupu/iqj75ul2p35jtfpr1nd34vq99ndf610i/1463688000000/.../06548889884694420798/0ByrVI66nIvnERnVzaUdMWmcyamc?e=download

http://aplicativos.no-ip.org:8245/.../w7lxe.exe

https://77l5pw.bl3302.livefilestore.com/.../Ativar Windows Sevem.exe

http://zalacznik.wp.pl/.../annn.exe

http://download1102.mediafire.com/utg95kmb91mg/.../W7LEB3.EXE

https://doc-10-3c-docs.googleusercontent.com/docs/securesc/8lnjrg522ole9li4jid5dvbvhbiblupu/r3au8cq4o27jlteitg342igudev670bq/1463760000000/.../06548889884694420798/0ByrVI66nIvnERnVzaUdMWmcyamc?e=download

http://192.168.2.154/w7lxe.exe

https://docs.google.com/uc?id=0B_GxrZpjTXQic05Gb3RNZUtLTzg&export=download

http://remote1.hulkload.com/files/8/.../activate.exe

https://www.dropbox.com/sh/qvl3bobe4gw8qga/AABvMaguQZ3E9BVOvEAVOCx8a/.../Ativador Windows 7 Todas as Versões x86 e x64.exe

ftp://ftp.netbynet.com.br/Microsoft/Ferramentas Microsoft/Ativadores/.../Ativador_7.exe

https://mega.nz/temporary/.../TAAUiZbZ

https://doc-0c-7o-docs.googleusercontent.com/docs/securesc/nm301hv5l67m0cu35ro3tda7isitm5nd/6a2ak8ahuf8hnhv35r71u3aa6gquhd1l/1467151200000/.../09067828854051962775/0BwKqyw9qZu9pcVdPdi1FTm1WMU0?e=download

https://docs.google.com/uc?authuser=0&id=0BzD9f4zO-CSCanozZGZyNGtfVVE&export=download

Latest 30 of 31 download URLs

Scan w7lxe.exe - Powered by Reason Core Security