Edit tour
Windows
Analysis Report
vlc-3.0.20-win64.exe
Overview
General Information
| Sample name: | vlc-3.0.20-win64.exe |
| Analysis ID: | 1431503 |
| MD5: | 3d63e3a94c39a18f4da866b896b41e80 |
| SHA1: | c9520268936bfa6d060c8603cdee753db214d0ce |
| SHA256: | d8055b6643651ca5b9ad58c438692a481483657f3f31624cdfa68b92e8394a57 |
| Infos: |  |
 | |
Detection
| Score: | 2 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 40% |
Compliance
| Score: | 50 |
| Range: | 0 - 100 |
Signatures
Creates a process in suspended mode (likely to inject code)
Drops PE files
Found dropped PE file which has not been started or loaded
Queries the volume information (name, serial number etc) of a device
Registers a DLL
Sigma detected: Explorer Process Tree Break
Stores files to the Windows start menu directory
Uses 32bit PE files
Classification
Analysis Advice
| Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox |
| Sample searches for specific file, try point organization specific fake files to the analysis machine |
| Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
- System is w10x64_ra
vlc-3.0.20-win64.exe (PID: 6952 cmdline: "C:\Users\ user\Deskt op\vlc-3.0 .20-win64. exe" MD5: 3D63E3A94C39A18F4DA866B896B41E80) - vlc-cache-gen.exe (PID: 7012 cmdline:
"C:\Progra m Files\Vi deoLAN\VLC \vlc-cache -gen.exe" C:\Program Files\Vid eoLAN\VLC\ plugins MD5: C314F48471D34BC89863326324D00B8B) 
conhost.exe (PID: 7028 cmdline: C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) 
regsvr32.exe (PID: 4512 cmdline: "C:\Window s\system32 \regsvr32. exe" /s "C :\Program Files\Vide oLAN\VLC\a xvlc.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0) - regsvr32.exe (PID: 612 cmdline:
/s "C:\Pr ogram File s\VideoLAN \VLC\axvlc .dll" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E) 
explorer.exe (PID: 816 cmdline: "C:\Window s\explorer .exe" "C:\ Program Fi les\VideoL AN\VLC\vlc .exe" MD5: 662F4F92FDE3557E86D110526BB578D5)
- explorer.exe (PID: 364 cmdline:
C:\Windows \explorer. exe /facto ry,{75dff2 b7-6936-4c 06-a8bb-67 6a7b00b24b } -Embeddi ng MD5: 662F4F92FDE3557E86D110526BB578D5) - vlc.exe (PID: 5764 cmdline:
"C:\Progra m Files\Vi deoLAN\VLC \vlc.exe" MD5: 3740507A1DC4FF4CB5C6E52652C10C20)
- cleanup
⊘No yara matches
| Source: | Author: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems), @gott_cyber: | ||
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
Compliance |   |
|---|
| Source: | Static PE information: | ||
| Source: | Window detected: | ||