vlc-3.0.20-win64.exe
|
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
|
|
|
Filetype: |
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, Nullsoft Installer self-extracting archive
|
Entropy: |
7.999873560676055
|
Filename: |
vlc-3.0.20-win64.exe
|
Filesize: |
44420344
|
MD5: |
3d63e3a94c39a18f4da866b896b41e80
|
SHA1: |
c9520268936bfa6d060c8603cdee753db214d0ce
|
SHA256: |
d8055b6643651ca5b9ad58c438692a481483657f3f31624cdfa68b92e8394a57
|
SHA512: |
9dfcdeca8fbfb655d3a4a8d0297fdc7f4c34a46c1b4238436d6e51e8621cbcd866ebfbd2a738a50dccdcf18d162b213b086a5e2a720205751ae07147e800838a
|
SSDEEP: |
786432:3ESqSGUR5EpRsHXEiGxu9XjXlQGPmVaiTZiq+gB18wgMu232zhkYwWmA9d:0k1eqX6ucRX+C1xgMu232zhkYjD7
|
Preview: |
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...<.J_..............."............HF............@.................................._....@...
............................
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
Uses 32bit PE files |
Compliance, System Summary |
|
Creates temporary files |
System Summary |
|
Disables application error messsages (SetErrorMode) |
Hooking and other Techniques for Hiding and Protection |
|
PE file has an executable .text section and no other executable section |
System Summary |
|
Reads ini files |
System Summary |
File and Directory Discovery
|
Reads software policies |
System Summary |
System Information Discovery
|
Sample reads its own file content |
System Summary |
|
Tries to load missing DLLs |
System Summary |
|
Uses an in-process (OLE) Automation server |
System Summary |
|
Contains modern PE file flags such as dynamic base (ASLR) or NX |
Compliance, System Summary |
|
PE / OLE file has a valid certificate |
Compliance, System Summary |
|
Submission file is bigger than most known malware samples |
System Summary |
|
|
C:\Users\user\AppData\Local\Temp\nsz25DB.tmp\LangDLL.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\nsz25DB.tmp\LangDLL.dll
|
Category: |
dropped
|
Dump: |
LangDLL.dll.0.dr
|
ID: |
dr_1
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\vlc-3.0.20-win64.exe
|
Type: |
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
Entropy: |
4.738131570640122
|
Encrypted: |
false
|
Size: |
7680
|
Whitelisted: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\nsz25DB.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\nsz25DB.tmp\System.dll
|
Category: |
dropped
|
Dump: |
System.dll.0.dr
|
ID: |
dr_0
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\vlc-3.0.20-win64.exe
|
Type: |
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
Entropy: |
5.98616973067504
|
Encrypted: |
false
|
Size: |
27136
|
Whitelisted: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|