Malware Analysis Report

2025-08-05 16:59

Sample ID 240108-d76ljabeb8
Target Angetube-40.70.0-Full-Installer-x64.exe
SHA256 3db20665e5be34a87dfdc3c39d862be6835976e533f062328264981a1aa5a086
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

3db20665e5be34a87dfdc3c39d862be6835976e533f062328264981a1aa5a086

Threat Level: Shows suspicious behavior

The file Angetube-40.70.0-Full-Installer-x64.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary


Executes dropped EXE

Loads dropped DLL

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-01-08 03:41

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-08 03:40

Reported

2024-01-08 03:45

Platform

win7-20231215-en

Max time kernel

30s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\nst1A37.tmp\check_for_64bit_visual_studio_2019_runtimes.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\gl-ES.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\hu-HU.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\en-US.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\frontend-tools\locale\ca-ES.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\frontend-tools\locale\es-ES.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\frontend-tools\locale\ms-MY.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\libobs\premultiplied_alpha.effect C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\image-source\locale\tr-TR.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\obs-ffmpeg\locale\ro-RO.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\image-source\locale\ca-ES.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\zh-CN.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\obs-ffmpeg\locale\nl-NL.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\en-GB.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\frontend-tools\locale\de-DE.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\obs-ffmpeg\locale\ar-SA.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\obs-ffmpeg\locale\el-GR.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\libobs\format_conversion.effect C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\tl-PH.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\sk-SK.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\frontend-tools\scripts\clock-source\dial.png C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File opened for modification C:\Program Files\angetube\bin\64bit\swscale-5.dll C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\it-IT.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\da-DK.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\frontend-tools\locale\el-GR.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\frontend-tools\locale\pt-BR.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\image-source\locale\pl-PL.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\obs-ffmpeg\locale\hi-IN.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\ro-RO.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\hr-HR.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\decklink-captions\.keepme C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\el-GR.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\fi-FI.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\pt-PT.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\frontend-tools\locale\ta-IN.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\image-source\locale\et-EE.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\libobs\default.effect C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\obs-ffmpeg\locale\it-IT.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\image-source\locale\pt-PT.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\ka-GE.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\frontend-tools\locale\hr-HR.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\gd-GB.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\ca-ES.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\enc-amf\enc-amf-test64.pdb C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\cs-CZ.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\es-ES.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File opened for modification C:\Program Files\angetube\data\obs-plugins\win-capture\graphics-hook32.dll C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\sk-SK.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\kab-KAB.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\he-IL.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\it-IT.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\image-source\locale\hr-HR.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\bn-BD.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\libobs\opaque.effect C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\tr-TR.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\image-source\locale\gl-ES.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\image-source\locale\ko-KR.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\obs-ffmpeg\locale\sk-SK.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\libobs\deinterlace_linear.effect C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\ar-SA.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\sv-SE.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\sr-CS.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\frontend-tools\locale\ba-RU.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\obs-plugins\frontend-tools\locale\sr-SP.ini C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A
File created C:\Program Files\angetube\data\libobs\deinterlace_blend_2x.effect C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe

"C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe"

C:\Users\Admin\AppData\Local\Temp\nst1A37.tmp\check_for_64bit_visual_studio_2019_runtimes.exe

C:\Users\Admin\AppData\Local\Temp\nst1A37.tmp\check_for_64bit_visual_studio_2019_runtimes.exe

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\angetube\data\obs-plugins\win-dshow\angetube-virtualcam-module64.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\angetube\data\obs-plugins\win-dshow\angetube-virtualcam-module32.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files\angetube\data\obs-plugins\win-dshow\angetube-virtualcam-module64.dll"

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Program Files\angetube\bin\64bit\angetube64.exe

"C:\Program Files\angetube\bin\64bit\angetube64.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Angetube\Angetube (64bit).lnk"

C:\Program Files\angetube\bin\64bit\angetube64.exe

"C:\Program Files\angetube\bin\64bit\angetube64.exe"

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\nst1A37.tmp\InstallOptions.dll

MD5 ece25721125d55aa26cdfe019c871476
SHA1 b87685ae482553823bf95e73e790de48dc0c11ba
SHA256 c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf
SHA512 4e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480

memory/2452-97-0x0000000000400000-0x000000000040E000-memory.dmp

memory/1728-1371-0x000007FEF6040000-0x000007FEF6581000-memory.dmp

memory/1728-1406-0x000000013FD80000-0x00000001407CE000-memory.dmp

memory/1728-1411-0x00000000001A0000-0x00000000001B0000-memory.dmp

memory/1728-1413-0x0000000002DF0000-0x00000000033D8000-memory.dmp

memory/1728-1412-0x0000000002DF0000-0x00000000033D8000-memory.dmp

memory/1728-1433-0x0000000000580000-0x000000000058A000-memory.dmp

memory/1728-1432-0x0000000000580000-0x000000000058A000-memory.dmp

memory/1728-1434-0x0000000002DF0000-0x00000000033D8000-memory.dmp

memory/1728-1435-0x0000000002DF0000-0x00000000033D8000-memory.dmp

memory/1728-1436-0x0000000000580000-0x000000000058A000-memory.dmp

memory/1728-1437-0x0000000000580000-0x000000000058A000-memory.dmp

memory/1728-1447-0x000000006AD00000-0x000000006AD24000-memory.dmp

memory/1728-1454-0x0000000000580000-0x0000000000582000-memory.dmp

memory/1728-1453-0x000007FEF3710000-0x000007FEF37A6000-memory.dmp

memory/1728-1452-0x000000006D840000-0x000000006D8C0000-memory.dmp

memory/1728-1451-0x0000000069D00000-0x0000000069E60000-memory.dmp

memory/1728-1450-0x000007FEF37C0000-0x000007FEF39FB000-memory.dmp

memory/1728-1449-0x000007FEF6900000-0x000007FEF6928000-memory.dmp

memory/1728-1448-0x000007FEF3A00000-0x000007FEF3B25000-memory.dmp

memory/1728-1446-0x000007FEF3B30000-0x000007FEF3EC9000-memory.dmp

memory/1728-1445-0x0000000066280000-0x00000000664A6000-memory.dmp

memory/1728-1444-0x000000006B680000-0x000000006B730000-memory.dmp

memory/1728-1443-0x0000000070680000-0x00000000706B6000-memory.dmp

memory/1728-1442-0x000000006D540000-0x000000006D5A2000-memory.dmp

memory/1728-1441-0x0000000062500000-0x0000000062755000-memory.dmp

memory/1728-1440-0x000007FEF3ED0000-0x000007FEF53A6000-memory.dmp

memory/2124-1455-0x000007FEF5AF0000-0x000007FEF6031000-memory.dmp

memory/2124-1458-0x0000000002FA0000-0x0000000003588000-memory.dmp

memory/2124-1457-0x00000000001B0000-0x00000000001C0000-memory.dmp

memory/2124-1459-0x0000000002FA0000-0x0000000003588000-memory.dmp

memory/2124-1456-0x000000013F9C0000-0x000000014040E000-memory.dmp

memory/2124-1461-0x0000000001E10000-0x0000000001E1A000-memory.dmp

memory/2124-1460-0x0000000001E10000-0x0000000001E1A000-memory.dmp

memory/2124-1468-0x000000006B680000-0x000000006B730000-memory.dmp

memory/2124-1477-0x000007FEF6090000-0x000007FEF6126000-memory.dmp

memory/2124-1476-0x000000006D840000-0x000000006D8C0000-memory.dmp

memory/2124-1475-0x0000000069D00000-0x0000000069E60000-memory.dmp

memory/2124-1474-0x000007FEF3610000-0x000007FEF384B000-memory.dmp

memory/2124-1473-0x000007FEF6F40000-0x000007FEF6F68000-memory.dmp

memory/2124-1472-0x000007FEF3850000-0x000007FEF3975000-memory.dmp

memory/2124-1471-0x000000006AD00000-0x000000006AD24000-memory.dmp

memory/2124-1470-0x000007FEF6130000-0x000007FEF64C9000-memory.dmp

memory/2124-1469-0x0000000066280000-0x00000000664A6000-memory.dmp

memory/2124-1467-0x0000000070680000-0x00000000706B6000-memory.dmp

memory/2124-1466-0x000000006D540000-0x000000006D5A2000-memory.dmp

memory/2124-1465-0x0000000062500000-0x0000000062755000-memory.dmp

memory/2124-1464-0x000007FEF3980000-0x000007FEF4E56000-memory.dmp