|
vlc-3.0.20-win64.exe
|
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
|
|
|
| Filetype: |
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, Nullsoft Installer self-extracting archive
|
| Entropy: |
7.999873560676055
|
| Filename: |
vlc-3.0.20-win64.exe
|
| Filesize: |
44420344
|
| MD5: |
3d63e3a94c39a18f4da866b896b41e80
|
| SHA1: |
c9520268936bfa6d060c8603cdee753db214d0ce
|
| SHA256: |
d8055b6643651ca5b9ad58c438692a481483657f3f31624cdfa68b92e8394a57
|
| SHA512: |
9dfcdeca8fbfb655d3a4a8d0297fdc7f4c34a46c1b4238436d6e51e8621cbcd866ebfbd2a738a50dccdcf18d162b213b086a5e2a720205751ae07147e800838a
|
| SSDEEP: |
786432:3ESqSGUR5EpRsHXEiGxu9XjXlQGPmVaiTZiq+gB18wgMu232zhkYwWmA9d:0k1eqX6ucRX+C1xgMu232zhkYjD7
|
| Preview: |
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...<.J_..............."............HF............@.................................._....@...
............................
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
| Uses 32bit PE files |
Compliance, System Summary |
|
| Creates temporary files |
System Summary |
|
| Disables application error messsages (SetErrorMode) |
Hooking and other Techniques for Hiding and Protection |
|
| PE file has an executable .text section and no other executable section |
System Summary |
|
| Reads ini files |
System Summary |
File and Directory Discovery
|
| Reads software policies |
System Summary |
System Information Discovery
|
| Sample reads its own file content |
System Summary |
|
| Tries to load missing DLLs |
System Summary |
|
| Uses an in-process (OLE) Automation server |
System Summary |
|
| Contains modern PE file flags such as dynamic base (ASLR) or NX |
Compliance, System Summary |
|
| PE / OLE file has a valid certificate |
Compliance, System Summary |
|
| Submission file is bigger than most known malware samples |
System Summary |
|
|
|
C:\Users\user\AppData\Local\Temp\nsz25DB.tmp\LangDLL.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nsz25DB.tmp\LangDLL.dll
|
| Category: |
dropped
|
| Dump: |
LangDLL.dll.0.dr
|
| ID: |
dr_1
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\vlc-3.0.20-win64.exe
|
| Type: |
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
| Entropy: |
4.738131570640122
|
| Encrypted: |
false
|
| Size: |
7680
|
| Whitelisted: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\nsz25DB.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nsz25DB.tmp\System.dll
|
| Category: |
dropped
|
| Dump: |
System.dll.0.dr
|
| ID: |
dr_0
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\vlc-3.0.20-win64.exe
|
| Type: |
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
| Entropy: |
5.98616973067504
|
| Encrypted: |
false
|
| Size: |
27136
|
| Whitelisted: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
