Overview

overview

8

Static

static

3

LGS_9.04.4...ch.exe

windows7-x64

7

LGS_9.04.4...ch.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$_32_/1-LG...PI.dll

windows7-x64

1

$_32_/1-LG...PI.dll

windows10-2004-x64

1

$_32_/1-LG...up.exe

windows7-x64

7

$_32_/1-LG...up.exe

windows10-2004-x64

8

$_32_/LogiKey.pub

windows7-x64

4

$_32_/LogiKey.pub

windows10-2004-x64

3

$_32_/MSetup.exe

windows7-x64

3

$_32_/MSetup.exe

windows10-2004-x64

3

$_32_/Setup.exe

windows7-x64

3

$_32_/Setup.exe

windows10-2004-x64

7

$_32_/SetupDll.dll

windows7-x64

3

$_32_/SetupDll.dll

windows10-2004-x64

3

$_32_/ui/h...s.html

windows7-x64

1

$_32_/ui/h...s.html

windows10-2004-x64

1

$_32_/ui/h...u.html

windows7-x64

1

$_32_/ui/h...u.html

windows10-2004-x64

1

$_32_/ui/h...k.html

windows7-x64

1

$_32_/ui/h...k.html

windows10-2004-x64

1

$_32_/ui/h...1.html

windows7-x64

1

$_32_/ui/h...1.html

windows10-2004-x64

1

$_32_/ui/h...f.html

windows7-x64

1

$_32_/ui/h...f.html

windows10-2004-x64

1

$_32_/ui/h...t.html

windows7-x64

1

$_32_/ui/h...t.html

windows10-2004-x64

1

$_32_/ui/h...s.html

windows7-x64

1

$_32_/ui/h...s.html

windows10-2004-x64

1

$_32_/ui/j...ler.js

windows7-x64

1

$_32_/ui/j...ler.js

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LGS_9.04.49_x64_Logitech.exe

  • Size

    120.0MB

  • MD5

    87a1119a7108e33da161b24b6aa763ad

  • SHA1

    3f32007e62f174b411f0c69be9779a6321363153

  • SHA256

    6db9f6442d46fbde0953f8bfbc36bd714e5e31a62f927563594cafd60724d3e0

  • SHA512

    69d5d7808dae0d84fe588850b1cc0f749debdfed6646191c51bdb67ad99d683c4507a38d2c65e05571bdffb32914b656fb74a1d37d1f09b05370fed0d26cba0d

  • SSDEEP

    3145728:NAhY0THiaUvrE7pisu8402Ujk45hAacfBQHHvh9l:NABksEj45hAacfunvh9

Score
3/10

Malware Config

Signatures

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • LGS_9.04.49_x64_Logitech.exe
    .exe windows:4 windows x86 arch:x86

    4ea4df5d94204fc550be1874e1b77ea7


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    fc0224e99e736751432961db63a41b76


    Headers

    Imports

    Exports

    Sections

  • $_32_/1-LGS-x64/DiFxAPI.dll
    .dll windows:6 windows x64 arch:x64

    ceb920209f99ac3a5c67dbf30edbb1c2


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_32_/1-LGS-x64/Setup.exe
    .exe windows:6 windows x64 arch:x64

    1a0a9e1e75898ee0315138eaabeb44d7


    Code Sign

    Headers

    Imports

    Sections

  • $_32_/1-LGS-x64/compcfg.ini
  • $_32_/1-LGS-x86/compcfg.ini
  • $_32_/LogiKey.pub
  • $_32_/MSetup.exe
    .exe windows:4 windows x86 arch:x86

    2bf4b850cc5713055acbd79961b6a026


    Code Sign

    Headers

    Imports

    Sections

  • $_32_/Setup.exe
    .exe windows:4 windows x86 arch:x86

    1c1c31dd18e600d1eead1fee641218a3


    Code Sign

    Headers

    Imports

    Sections

  • $_32_/Setup.ini
  • $_32_/SetupDll.dll
    .dll windows:4 windows x86 arch:x86

    c016803e1c604efc9c5fba85efe03476


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_32_/lgs.ico
  • $_32_/msetup.manifest
  • $_32_/setup.manifest
  • $_32_/ui/StockLayout.xml
    .xml
  • $_32_/ui/chs/CustomLayout.xml
    .xml
  • $_32_/ui/chs/CustomStrings.xml
    .xml
  • $_32_/ui/chs/License.txt
  • $_32_/ui/chs/StockStringsBase.xml
  • $_32_/ui/chs/StockStringsBranded.xml
  • $_32_/ui/chs/wizpage.css
  • $_32_/ui/cht/CustomLayout.xml
    .xml
  • $_32_/ui/cht/CustomStrings.xml
    .xml
  • $_32_/ui/cht/License.txt
  • $_32_/ui/cht/StockStringsBase.xml
  • $_32_/ui/cht/StockStringsBranded.xml
  • $_32_/ui/cht/wizpage.css
  • $_32_/ui/csy/CustomLayout.xml
    .xml
  • $_32_/ui/csy/CustomStrings.xml
    .xml
  • $_32_/ui/csy/License.txt
  • $_32_/ui/csy/StockStringsBase.xml
  • $_32_/ui/csy/StockStringsBranded.xml
  • $_32_/ui/csy/wizpage.css
  • $_32_/ui/dan/CustomLayout.xml
    .xml
  • $_32_/ui/dan/CustomStrings.xml
    .xml
  • $_32_/ui/dan/License.txt
  • $_32_/ui/dan/StockStringsBase.xml
  • $_32_/ui/dan/StockStringsBranded.xml
  • $_32_/ui/dan/wizpage.css
  • $_32_/ui/deu/CustomLayout.xml
    .xml
  • $_32_/ui/deu/CustomStrings.xml
    .xml
  • $_32_/ui/deu/License.txt
  • $_32_/ui/deu/StockStringsBase.xml
  • $_32_/ui/deu/StockStringsBranded.xml
  • $_32_/ui/deu/wizpage.css
  • $_32_/ui/enu/CustomLayout.xml
    .xml
  • $_32_/ui/enu/CustomStrings.xml
    .xml
  • $_32_/ui/enu/License.txt
  • $_32_/ui/enu/StockStringsBase.xml
  • $_32_/ui/enu/StockStringsBranded.xml
  • $_32_/ui/enu/wizpage.css
  • $_32_/ui/esp/CustomLayout.xml
    .xml
  • $_32_/ui/esp/CustomStrings.xml
    .xml
  • $_32_/ui/esp/License.txt
  • $_32_/ui/esp/StockStringsBase.xml
  • $_32_/ui/esp/StockStringsBranded.xml
  • $_32_/ui/esp/wizpage.css
  • $_32_/ui/fin/CustomLayout.xml
    .xml
  • $_32_/ui/fin/CustomStrings.xml
    .xml
  • $_32_/ui/fin/License.txt
  • $_32_/ui/fin/StockStringsBase.xml
  • $_32_/ui/fin/StockStringsBranded.xml
  • $_32_/ui/fin/wizpage.css
  • $_32_/ui/fra/CustomLayout.xml
    .xml
  • $_32_/ui/fra/CustomStrings.xml
    .xml
  • $_32_/ui/fra/License.txt
  • $_32_/ui/fra/StockStringsBase.xml
  • $_32_/ui/fra/StockStringsBranded.xml
  • $_32_/ui/fra/wizpage.css
  • $_32_/ui/html/FinishWithTasks.html
    .js
  • $_32_/ui/html/FinishWithTasks_deu.html
    .js
  • $_32_/ui/html/FinishWithTasks_trk.html
    .js
  • $_32_/ui/html/Install_1.html
    .js
  • $_32_/ui/html/Install_Overwolf.html
    .js
  • $_32_/ui/html/exit.html
    .js
  • $_32_/ui/html/install_progress.html
    .js
  • $_32_/ui/hun/CustomLayout.xml
    .xml
  • $_32_/ui/hun/CustomStrings.xml
    .xml
  • $_32_/ui/hun/License.txt
  • $_32_/ui/hun/StockStringsBase.xml
  • $_32_/ui/hun/StockStringsBranded.xml
  • $_32_/ui/hun/wizpage.css
  • $_32_/ui/images/animation/spinner.gif
    .gif
  • $_32_/ui/images/collateral/LogitechG_horz.png
    .png
  • $_32_/ui/images/collateral/OverWolf_C.png
    .png
  • $_32_/ui/images/collateral/bkgnd.png
    .png
  • $_32_/ui/images/collateral/blank.gif
    .gif
  • $_32_/ui/images/collateral/header_uninst_1.png
    .png
  • $_32_/ui/images/collateral/header_uninst_2.png
    .png
  • $_32_/ui/images/collateral/header_uninst_3.png
    .png
  • $_32_/ui/images/collateral/header_uninst_4.png
    .png
  • $_32_/ui/images/collateral/please_wait.gif
    .gif
  • $_32_/ui/images/collateral/step_num_complete.png
    .png
  • $_32_/ui/images/collateral/warning.png
    .png
  • $_32_/ui/images/controls/checkbox.gif
    .gif
  • $_32_/ui/images/controls/edit_bg.gif
  • $_32_/ui/images/controls/edit_left.gif
    .gif
  • $_32_/ui/images/controls/formfield.jpg
    .jpg
  • $_32_/ui/images/controls/pbar.jpg
    .jpg
  • $_32_/ui/images/controls/progress.gif
    .gif
  • $_32_/ui/images/controls/progress_done.gif
  • $_32_/ui/images/controls/radio.gif
    .gif
  • $_32_/ui/images/controls/select.gif
  • $_32_/ui/images/controls/text_bg.gif
  • $_32_/ui/images/icons/app_store_apple_chs.png
    .png
  • $_32_/ui/images/icons/app_store_apple_cht.png
    .png
  • $_32_/ui/images/icons/app_store_apple_csy.png
    .png
  • $_32_/ui/images/icons/app_store_apple_dan.png
    .png
  • $_32_/ui/images/icons/app_store_apple_deu.png
    .png
  • $_32_/ui/images/icons/app_store_apple_enu.png
    .png
  • $_32_/ui/images/icons/app_store_apple_esp.png
    .png
  • $_32_/ui/images/icons/app_store_apple_fin.png
    .png
  • $_32_/ui/images/icons/app_store_apple_fra.png
    .png
  • $_32_/ui/images/icons/app_store_apple_hun.png
    .png
  • $_32_/ui/images/icons/app_store_apple_ita.png
    .png
  • $_32_/ui/images/icons/app_store_apple_kor.png
    .png
  • $_32_/ui/images/icons/app_store_apple_nld.png
    .png
  • $_32_/ui/images/icons/app_store_apple_nor.png
    .png
  • $_32_/ui/images/icons/app_store_apple_plk.png
    .png
  • $_32_/ui/images/icons/app_store_apple_ptg.png
    .png
  • $_32_/ui/images/icons/app_store_apple_rus.png
    .png
  • $_32_/ui/images/icons/app_store_apple_sve.png
    .png
  • $_32_/ui/images/icons/app_store_apple_trk.png
    .png
  • $_32_/ui/images/icons/app_store_google_chs.png
    .png
  • $_32_/ui/images/icons/app_store_google_cht.png
    .png
  • $_32_/ui/images/icons/app_store_google_csy.png
    .png
  • $_32_/ui/images/icons/app_store_google_dan.png
    .png
  • $_32_/ui/images/icons/app_store_google_deu.png
    .png
  • $_32_/ui/images/icons/app_store_google_enu.png
    .png
  • $_32_/ui/images/icons/app_store_google_esp.png
    .png
  • $_32_/ui/images/icons/app_store_google_fin.png
    .png
  • $_32_/ui/images/icons/app_store_google_fra.png
    .png
  • $_32_/ui/images/icons/app_store_google_hun.png
    .png
  • $_32_/ui/images/icons/app_store_google_ita.png
    .png
  • $_32_/ui/images/icons/app_store_google_kor.png
    .png
  • $_32_/ui/images/icons/app_store_google_nld.png
    .png
  • $_32_/ui/images/icons/app_store_google_nor.png
    .png
  • $_32_/ui/images/icons/app_store_google_plk.png
    .png
  • $_32_/ui/images/icons/app_store_google_ptg.png
    .png
  • $_32_/ui/images/icons/app_store_google_rus.png
    .png
  • $_32_/ui/images/icons/app_store_google_sve.png
    .png
  • $_32_/ui/images/icons/app_store_google_trk.png
    .png
  • $_32_/ui/images/icons/fb-icon.png
    .png
  • $_32_/ui/images/icons/gaming-tribe-icon.png
    .png
  • $_32_/ui/images/icons/logo-32x32.png
    .png
  • $_32_/ui/images/icons/twitter-icon.png
    .png
  • $_32_/ui/images/icons/youtube-icon.png
    .png
  • $_32_/ui/images/logos/logo.png
    .png
  • $_32_/ui/images/logos/logo_enu.png
    .png
  • $_32_/ui/images/standard/Logitech_G.png
    .png
  • $_32_/ui/images/standard/Overwolf.ico
  • $_32_/ui/images/standard/backgroundimage.png
    .png
  • $_32_/ui/images/standard/btn_disabled.png
    .png
  • $_32_/ui/images/standard/btn_hover.png
    .png
  • $_32_/ui/images/standard/btn_normal.png
    .png
  • $_32_/ui/images/standard/btn_normal_grey.png
    .png
  • $_32_/ui/images/standard/btn_pressed.png
    .png
  • $_32_/ui/images/standard/digiplay.png
    .png
  • $_32_/ui/images/standard/facebook.png
    .png
  • $_32_/ui/images/standard/g-log-onyxia-32x32.png
    .png
  • $_32_/ui/images/standard/radio_active.ico
  • $_32_/ui/images/standard/radio_complete.ico
  • $_32_/ui/images/standard/radio_inactive.ico
  • $_32_/ui/images/standard/register.png
    .png
  • $_32_/ui/images/standard/stepimage.png
    .png
  • $_32_/ui/images/standard/twitter.png
    .png
  • $_32_/ui/ita/CustomLayout.xml
    .xml
  • $_32_/ui/ita/CustomStrings.xml
    .xml
  • $_32_/ui/ita/License.txt
  • $_32_/ui/ita/StockStringsBase.xml
  • $_32_/ui/ita/StockStringsBranded.xml
  • $_32_/ui/ita/wizpage.css
  • $_32_/ui/js/crawler.js
    .js
  • $_32_/ui/js/custom_ui.js
    .js
  • $_32_/ui/js/effects.js
    .js
  • $_32_/ui/js/local_code.js
    .js
  • $_32_/ui/js/logi_code.js
    .js
  • $_32_/ui/js/logi_helper.vbs
    .vbs
  • $_32_/ui/js/logi_uninstall.js
    .js
  • $_32_/ui/js/progress.js
    .js
  • $_32_/ui/js/prototype.js
    .js
  • $_32_/ui/kor/CustomLayout.xml
    .xml
  • $_32_/ui/kor/CustomStrings.xml
    .xml
  • $_32_/ui/kor/License.txt
  • $_32_/ui/kor/StockStringsBase.xml
  • $_32_/ui/kor/StockStringsBranded.xml
  • $_32_/ui/kor/wizpage.css
  • $_32_/ui/nld/CustomLayout.xml
    .xml
  • $_32_/ui/nld/CustomStrings.xml
    .xml
  • $_32_/ui/nld/License.txt
  • $_32_/ui/nld/StockStringsBase.xml
  • $_32_/ui/nld/StockStringsBranded.xml
  • $_32_/ui/nld/wizpage.css
  • $_32_/ui/nor/CustomLayout.xml
    .xml
  • $_32_/ui/nor/CustomStrings.xml
    .xml
  • $_32_/ui/nor/License.txt
  • $_32_/ui/nor/StockStringsBase.xml
  • $_32_/ui/nor/StockStringsBranded.xml
  • $_32_/ui/nor/wizpage.css
  • $_32_/ui/plk/CustomLayout.xml
    .xml
  • $_32_/ui/plk/CustomStrings.xml
    .xml
  • $_32_/ui/plk/License.txt
  • $_32_/ui/plk/StockStringsBase.xml
  • $_32_/ui/plk/StockStringsBranded.xml
  • $_32_/ui/plk/wizpage.css
  • $_32_/ui/ptg/CustomLayout.xml
    .xml
  • $_32_/ui/ptg/CustomStrings.xml
    .xml
  • $_32_/ui/ptg/License.txt
  • $_32_/ui/ptg/StockStringsBase.xml
  • $_32_/ui/ptg/StockStringsBranded.xml
  • $_32_/ui/ptg/wizpage.css
  • $_32_/ui/resource_ids.txt
  • $_32_/ui/rus/CustomLayout.xml
    .xml
  • $_32_/ui/rus/CustomStrings.xml
    .xml
  • $_32_/ui/rus/License.txt
  • $_32_/ui/rus/StockStringsBase.xml
  • $_32_/ui/rus/StockStringsBranded.xml
  • $_32_/ui/rus/wizpage.css
  • $_32_/ui/spinner.html
    .html
  • $_32_/ui/sve/CustomLayout.xml
    .xml
  • $_32_/ui/sve/CustomStrings.xml
    .xml
  • $_32_/ui/sve/License.txt
  • $_32_/ui/sve/StockStringsBase.xml
  • $_32_/ui/sve/StockStringsBranded.xml
  • $_32_/ui/sve/wizpage.css
  • $_32_/ui/trk/CustomLayout.xml
    .xml
  • $_32_/ui/trk/CustomStrings.xml
    .xml
  • $_32_/ui/trk/License.txt
  • $_32_/ui/trk/StockStringsBase.xml
  • $_32_/ui/trk/StockStringsBranded.xml
  • $_32_/ui/trk/wizpage.css