General
-
Target
ViviSetup.exe
-
Size
113.1MB
-
Sample
221003-xvgw7abhg3
-
MD5
913b1ade3be9997e30b3dfeab8f733c4
-
SHA1
c5046c370170b2b565f1341e192a7406238fb949
-
SHA256
6baa99b3494c8c8f8f0d2a76be07a4d602e81e412b8ecc5dfa49564a7bb30eda
-
SHA512
6e5d7700b5329dd7c963dfd31ec56fd78bf7c04136023455b751294affe9e2dea42edbcbe22e1024dea8420570b22331955cd1332a707d461a01f49f7218d477
-
SSDEEP
3145728:RifO83mHhj4NXbxNndXjNLYymIRJDe0/3rF:1AmB8NrrndJuEJDe0PrF
Static task
static1
Behavioral task
behavioral1
Sample
ViviSetup.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
ViviSetup.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
C:\Program Files\Vivi Corporation\Vivi\LICENSES.chromium.html
ooura@kurims.kyoto-u.ac.jp
<jserv@0xlab.org>
<tholo@sigmasoft.com>
<dm@uun.org>
<djm@openbsd.org>
<markus@openbsd.org>
<Todd.Miller@courtesan.com>
<wes@softweyr.com>
<mike@FreeBSD.org>
<kostik@iclub.nsu.ru>
<das@FreeBSD.ORG>
<otto@drijf.net>
<millert@openbsd.org>
<das@FreeBSD.org>
<ed@FreeBSD.org>
<theraven@FreeBSD.org>
<mpi@openbsd.org>
<ajacoutot@openbsd.org>
<deraadt@openbsd.org>
<beck@obtuse.com>
<provos@physnet.uni-hamburg.de>
victoria.zhislina@intel.com
openssl-core@openssl.org
eay@cryptsoft.com
tjh@cryptsoft.com
eay@cryptsoft.com)"
tjh@cryptsoft.com)"
john.boyer@abilitiessoft.com
<daniel@haxx.se>
<marijnh@gmail.com>
lionel.ulmer@free.fr
bbrox@bbrox.org
<rob@ti.com>
<mans@mansr.com>
<christophe.gisquet@gmail.com>
<skal@planet-d.net>
<astrange@ithinksw.com>
<pross@xvid.org>
<peter@elecard.net.ru>
<walken@zoy.org>
<lorenm@u.washington.edu>
<henrik@gramner.com>
<BugMaster@narod.ru>
<fiona@x264.com>
michaelni@gmx.at
bvasic@mips.com
darko@mips.com
djordje@mips.com
goran@mips.com
mvulin@mips.com
socovaj@mips.com
zoranl@mips.com
freetype@nongnu.org
freetype-devel@nongnu.org
breese@users.sourceforge.net
Gary.Pennington@uk.sun.com
<breese@users.sourceforge.net>
jloup@gzip.org
madler@alumni.caltech.edu
<breadbox@muppetlabs.com>
pommier@modartt.com
<clee@freedesktop.org>
<marineau@genie.uottawa.ca>
<Holger.Veit@gmd.de>
<bence.nagy@gmail.com>
bataak@gmail.com
rezende@ic.unicamp.br
jj@di.uminho.pt
c-tsai4@uiuc.edu
<provos@citi.umich.edu>
<dugsong@monkey.org>
<mike@datanerds.net>
<maxim.yegorushkin@gmail.com>
<saari@netscape.com>
<cls@lubutu.com>
<dev@frign.de>
<iano@quirkster.com>
<jamey@minilop.net>
<josh@freedesktop.org>
<doomster@knuut.de>
<libzip@nih.at>
"newlib@sourceware.org"
nicolas.roussel@inria.fr
hello@blakeembrey.com
<mjg@redhat.com>
https://www.apache.org/licenses/
https://www.apache.org/licenses/LICENSE-2.0
http://www.apache.org/licenses/
http://www.apache.org/licenses/LICENSE-2.0
http://code.google.com/p/y2038
http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2
http://mozilla.org/MPL/2.0/
http://www.torchmobile.com/
https://cla.developers.google.com/clas
http://www.openssl.org/)"
https://github.com/mit-plv/fiat-crypto/blob/master/AUTHORS
http://www.opensource.apple.com/apsl/
https://github.com/typetools/jdk
https://github.com/typetools/stubparser
https://github.com/typetools/annotation-tools
https://github.com/plume-lib/
http://www.mozilla.org/MPL/
http://source.android.com/
http://source.android.com/compatibility
http://www.apple.com/legal/guidelinesfor3rdparties.html
https://github.com/easylist
https://easylist.to/)"
https://creativecommons.org/compatiblelicenses
https://creativecommons.org/
http://developer.intel.com/vtune/cbts/strmsimd/922down.htm
http://skal.planet-d.net/coding/dct.html
http://developer.intel.com/vtune/cbts/strmsimd/appnotes.htm
http://www.elecard.com/peter/idct.html
http://www.linuxvideo.org/mpeg2dec/
http://www.opensource.org/licenses/bsd-license.php
https://www.freetype.org
http://www.mozilla.org/MPL/2.0/
http://www.mozilla.org/MPL/2.0/FAQ.html
http://freetype.sourceforge.net/license.html
http://www.freetype.org
http://source.icu-project.org/repos/icu/icu/trunk/license.html
http://icu-project.org/userguide/icufaq.html
http://www.unicode.org/copyright.html
http://www.unicode.org/Public/
http://www.unicode.org/reports/
http://www.unicode.org/cldr/data/
http://jquery.com/
https://github.com/jquery/jquery/blob/master/MIT-LICENSE.txt
https://github.com/jquery/sizzle/blob/master/LICENSE
http://ctrio.sourceforge.net/
http://www.cisl.ucar.edu/css/software/fftpack5/ftpk.html
http://www.opensource.org/licenses/mit-license.php
http://www.tex-tipografia.com/spanish_hyphen.html
https://opensource.org/licenses/BSD-3-Clause
https://www.unicode.org/copyright.html
http://opensource.org/licenses/bsd-license.php
https://sourceforge.net/project/?group_id=1519
http://chasen.aist-nara.ac.jp/chasen/distribution.html
http://casper.beckman.uiuc.edu/~c-tsai4
https://github.com/rober42539/lao-dictionary
https://github.com/rober42539/lao-dictionary/laodict.txt
https://github.com/rober42539/lao-dictionary/LICENSE.txt
http://oss.sgi.com/projects/FreeB/
https://www.khronos.org/registry/
https://llvm.org/docs/DeveloperPolicy.html#legacy
http://llvm.org
http://www.unicode.org/Public/zipped/9.0.0/UCD.zip
https://github.com/chjj/
http://daringfireball.net/
http://modp.com/release/base64
http://sourceware.org/newlib/docs.html
http://sourceware.org/ml/newlib/
https://datatracker.ietf.org/ipr/1524/
https://datatracker.ietf.org/ipr/1914/
https://datatracker.ietf.org/ipr/1526/
http://code.google.com/p/lao-dictionary/
http://lao-dictionary.googlecode.com/git/Lao-Dictionary.txt
http://lao-dictionary.googlecode.com/git/Lao-Dictionary-LICENSE.txt
https://creativecommons.org/licenses/by/3.0/
https://sites.google.com/site/gaviotachessengine/Home/endgame-tablebases-1
http://www.ploscompbiol.org/static/license
http://www.gutenberg.org/ebooks/53
http://www.suitable.com
http://www.nongnu.org/freebangfont/downloads.html#mukti
https://dejavu-fonts.github.io/Download.html">homepage</a></span>
http://scripts.sil.org/OFL
https://code.google.com/p/sctp-refimpl/source/browse/trunk/COPYRIGHT
http://cgit.freedesktop.org/xorg/xserver/tree/COPYING
http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/xz/COPYING
Targets
-
-
Target
ViviSetup.exe
-
Size
113.1MB
-
MD5
913b1ade3be9997e30b3dfeab8f733c4
-
SHA1
c5046c370170b2b565f1341e192a7406238fb949
-
SHA256
6baa99b3494c8c8f8f0d2a76be07a4d602e81e412b8ecc5dfa49564a7bb30eda
-
SHA512
6e5d7700b5329dd7c963dfd31ec56fd78bf7c04136023455b751294affe9e2dea42edbcbe22e1024dea8420570b22331955cd1332a707d461a01f49f7218d477
-
SSDEEP
3145728:RifO83mHhj4NXbxNndXjNLYymIRJDe0/3rF:1AmB8NrrndJuEJDe0PrF
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-