» wlukcs_savingskey_1_5_0_0.exe
Overview
Analysis
File Details

wlukcs_savingskey_1_5_0_0.exe

Internet Explorer

Incentive Networks LLC

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application wlukcs_savingskey_1_5_0_0.exe, “Win32 Cabinet Self-Extractor ” by Incentive Networks has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

Publisher:

Microsoft Corporation (signed by Incentive Networks LLC)

Product:

Internet Explorer

Description:

Win32 Cabinet Self-Extractor

Version:

11.00.9600.16428 (winblue_gdr.131013-1700)

MD5:

541d80b56d05356d6d13e52643b4c8d7

SHA-1:

fc0b207820bb027307323a7264b08a192a19f6d9

SHA-256:

e3a00faef971698adb47e8c8800f628c8c17c68d6a3419da041ae42fe2bb5031

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 10:32:50 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.IncentiveNetworks (L)

16.9.7.10

File size:

3 MB (3,116,120 bytes)

Product version:

11.00.9600.16428

Original file name:

WEXTRACT.EXE .MUI

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\wlukcs_savingskey_1_5_0_0.exe

Digital Signature

Signed by:

Incentive Networks LLC

Authority:

VeriSign, Inc.

Valid from:

3/28/2012 1:00:00 AM

Valid to:

3/27/2015 11:59:59 PM

Subject:

CN=Incentive Networks LLC, OU=" ", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Incentive Networks LLC, L=Los Altos, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

78E324A21C668F73D42C18DC3D7B424E

File PE Metadata

Compilation timestamp:

10/14/2013 6:50:27 AM

OS version:

6.3

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:tQA/F+8iFYjGEpr+l7hBreeg7k0clDIahVyezwu4t66WG622I7LMNdEGO:h+8iujtpr67fyeg7k0cbc7465622qNGO

Entry address:

0x67CC

Entry point:

E8, 07, 0B, 00, 00, E9, 05, 00, 00, 00, CC, CC, CC, CC, CC, 6A, 58, 68, 68, 75, 40, 00, E8, BD, 0B, 00, 00, 33, DB, 89, 5D, E0, 89, 5D, FC, 8D, 45, 98, 50, FF, 15, 70, A1, 40, 00, C7, 45, FC, FE, FF, FF, FF, C7, 45, FC, 01, 00, 00, 00, 64, A1, 18, 00, 00, 00, 8B, 78, 04, 8B, F3, BA, EC, 88, 40, 00, 8B, CF, 33, C0, F0, 0F, B1, 0A, 85, C0, 74, 07, 3B, C7, 75, 16, 33, F6, 46, 83, 3D, F0, 88, 40, 00, 01, 75, 17, 6A, 1F, E8, 30, 09, 00, 00, 59, EB, 43, 68, E8, 03, 00, 00, FF, 15, 6C, A1, 40, 00, EB, C8, 39, 1D... 
[+]

Entropy:

7.9879 (probably packed)

Code size:

25.5 KB (26,112 bytes)

Remove wlukcs_savingskey_1_5_0_0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.