wolflearpro_g-10_setup.exe

HardHackeR

The application wolflearpro_g-10_setup.exe, “WolfLear G-10 Installation ” has been detected as a potentially unwanted program by 18 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from s2.dosya.tc.
Publisher:
HardHackeR

Description:
WolfLear G-10 Installation

Version:
G-10

MD5:
5e69a1a4bad996547974a7c82b2ea263

SHA-1:
85e8ee84039c3b90ef4e0dec1fd2a0f237df1614

SHA-256:
793ee7d868181716cfb031cb77427a82d2237c22d8f6f600a68b25033c047e9f

Scanner detections:
18 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 7:08:36 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Strictor.47200
185

Avira AntiVirus
TR/Dropper.Gen
8.3.3.4

Arcabit
Trojan.Strictor.DB860
1.0.0.741

avast!
Win32:Malware-gen
2014.9-160802

Bitdefender
Gen:Variant.Strictor.47200
1.0.20.1075

Dr.Web
Tool.InjDll.12
9.0.1.0215

Emsisoft Anti-Malware
Gen:Variant.Strictor.47200
8.16.08.02.01

ESET NOD32
MSIL/DllInject.JN potentially unsafe
10.13885

F-Secure
Gen:Variant.Strictor.47200
11.2016-02-08_3

G Data
Gen:Variant.Strictor.47200
16.8.25

IKARUS anti.virus
Virus.Win32.Neshta
t3scan.2.1.6.0

K7 AntiVirus
Riskware
13.235.20406

Kaspersky
not-a-virus:RiskTool.MSIL.Injecter
14.0.0.-188

MicroWorld eScan
Gen:Variant.Strictor.47200
17.0.0.645

NANO AntiVirus
Riskware.Win32.ExtremeInjector.dedmyj
1.0.38.8984

Qihoo 360 Security
HEUR/QVM05.1.0000.Malware.Gen
1.0.0.1120

Quick Heal
RiskTool.MSIL.g3 (Not a Virus)
8.16.14.00

Sophos
Generic PUA KB (PUA)
4.98

File size:
3.1 MB (3,282,968 bytes)

Copyright:
HardHackeR

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\wolflearpro_g-10_setup.exe

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:pAI+BYBaVdWwQMeqOOG3xsKg9CoCTEqmn6TIT6SmfpBrWgR6XSJTdzHmwMUAUZDI:pAI+ifwmLOG1iCTEP6TIOX5aSdzRjAUi

Entry address:
0x25468

Entry point:
55, 8B, EC, 83, C4, F0, B8, 88, 53, 42, 00, E8, 24, F2, FD, FF, B8, C8, 54, 42, 00, E8, 2A, 1C, FE, FF, 8B, 15, 40, 88, 42, 00, 89, 02, 8B, 15, 40, 88, 42, 00, 8B, 12, A1, 48, 88, 42, 00, E8, E4, D3, FF, FF, 8B, 15, 40, 88, 42, 00, 8B, 12, A1, DC, 87, 42, 00, E8, 7A, 64, FF, FF, A1, 40, 88, 42, 00, E8, AC, 4E, FE, FF, E8, DF, E0, FD, FF, 00, 00, 00, FF, FF, FF, FF, 01, 00, 00, 00, 2A, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
145.5 KB (148,992 bytes)

The file wolflearpro_g-10_setup.exe has been seen being distributed by the following URL.

Remove wolflearpro_g-10_setup.exe - Powered by Reason Core Security