Windows Analysis Report
vlc-3.0.20-win64.exe

ID:	1431704
Product:	CloudBasic
Start time:	16:57:02
Start date:	25.04.2024
Sample:	vlc-3.0.20-win64.exe
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	3d63e3a94c39a18f4da866b896b41e80
SHA1:	c9520268936bfa6d060c8603cdee753db214d0ce
SHA256:	d8055b6643651ca5b9ad58c438692a481483657f3f31624cdfa68b92e8394a57
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Temp\nsz25DB.tmp\LangDLL.dll	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows	20850D4D5416FBFD6A02E8A120F360FC	AC34F3A34AAA4A21EFD6A32BC93102639170E219	860B409B065B747AAB2A9937F02D08B6FD7309993B50D8E4B53983C8C2B56B61
C:\Users\user\AppData\Local\Temp\nsz25DB.tmp\System.dll	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows	4F25D99BF1375FE5E61B037B2616695D	958FAD0E54DF0736DDAB28FF6CB93E6ED580C862	803931797D95777248DEE4F2A563AED51FE931D2DD28FAEC507C69ED0F26F647

Compliance

Source: vlc-3.0.20-win64.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED

Source: vlc-3.0.20-win64.exe

Static PE information: certificate valid

Source: vlc-3.0.20-win64.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

System Summary

Source: vlc-3.0.20-win64.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED

Source: classification engine

Classification label: clean1.winEXE@1/2@0/0

Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exe

File created: C:\Users\user\AppData\Local\Temp\nsj252D.tmp

Source: vlc-3.0.20-win64.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exe

File read: C:\Users\desktop.ini

Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exe

File read: C:\Users\user\Desktop\vlc-3.0.20-win64.exe

Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exe	Section loaded: userenv.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exe	Section loaded: propsys.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exe	Section loaded: oleacc.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exe	Section loaded: version.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exe	Section loaded: shfolder.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exe	Section loaded: wldp.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exe	Section loaded: textshaping.dll

Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Source: vlc-3.0.20-win64.exe

Static PE information: certificate valid

Source: vlc-3.0.20-win64.exe

Static file information: File size 44420344 > 1048576

Source: vlc-3.0.20-win64.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Persistence and Installation Behavior

Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exe	File created: C:\Users\user\AppData\Local\Temp\nsz25DB.tmp\System.dll			Jump to dropped file
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exe	File created: C:\Users\user\AppData\Local\Temp\nsz25DB.tmp\LangDLL.dll			Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exe

Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz25DB.tmp\System.dll			Jump to dropped file
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz25DB.tmp\LangDLL.dll			Jump to dropped file