Talking_Ben_the_Dog_PC-4[.]0[.]0[.]98[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Talking_Ben_the_Dog_PC-4.0.0.98.zip
Size

56.8MB
MD5

4b548b07a5b7cdd73f491a9456b5b7fb
SHA1

cf5915a78312062211c16142068b98f43f739f48
SHA256

e23f3fb7b28c223a21cb2b6b505dad4a34f55099627574593dc68f8f975d3ab1
SHA512

337be73a6889e85aae8da8247569943f44d6f4e8695a5e57e9eb14bca55fb2ac92f56a27482c97470287a152680061f2f474673eab59f121394fafb64149fdc3
SSDEEP

1572864:j0fUhwGKVwR7T2O66uaAAe21Efu+2lX0mrZ0KHKIb:j08hwGpR7Tl6KteSmu+2ymrZlK4

Score

6^/10

Malware Config

Signatures

Requests dangerous framework permissions 2 IoCs

description	ioc
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE

Files

Talking_Ben_the_Dog_PC-4.0.0.98.zip
.zip
BlueStacksMicroInstaller_5.4.0.1063.exe
.exe windows:5 windows x86 arch:x86

07afe1e0c9da7fec9e5f700881a1f162

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:b1:4e:1a:ff:f5:87:9b:97:17:25:60:81:84:4b:4e
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

09/06/2021, 00:00

Not After

12/06/2024, 23:59

Subject

SERIALNUMBER=4559077,CN=Bluestack Systems\, Inc,OU=Bluestack Systems\, Inc,O=Bluestack Systems\, Inc,L=Campbell,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

19/05/2021, 05:42

Not After

18/05/2032, 05:42

Subject

CN=Certum Timestamp 2021,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

eb:e4:07:34:2e:c2:97:29:b8:95:0d:91:31:ed:de:80:b5:38:ff:a4:fe:0e:02:15:50:f9:f0:72:0f:49:1b:40
Signer

Actual PE Digest

eb:e4:07:34:2e:c2:97:29:b8:95:0d:91:31:ed:de:80:b5:38:ff:a4:fe:0e:02:15:50:f9:f0:72:0f:49:1b:40

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryExW
GetModuleFileNameW
LocalFree
FormatMessageW
GetSystemDirectoryW
CloseHandle
SetFileTime
CreateFileW
SetFileAttributesW
RemoveDirectoryW
GetProcAddress
GetModuleHandleW
CreateDirectoryW
DeleteFileW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTempPathW
SetLastError
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
FindClose
FindFirstFileW
FindNextFileW
GetModuleHandleA
GetFileAttributesW
GetFileSize
SetFilePointer
ReadFile
WriteFile
SetEndOfFile
GetProcessAffinityMask
GetCurrentProcess
GetSystemInfo
GlobalMemoryStatus
GetFileInformationByHandle
GetStdHandle
WaitForMultipleObjects
Sleep
VirtualAlloc
VirtualFree
GetVersionExW
lstrcatW
lstrlenW
WaitForSingleObject
CreateEventW
SetEvent
ResetEvent
InitializeCriticalSection
GetExitCodeProcess
CreateProcessW
GetCommandLineW
HeapSize
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LoadLibraryA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ExitProcess
HeapCreate
RtlUnwind
RaiseException
HeapAlloc
HeapFree
HeapReAlloc
ExitThread
CreateThread
GetCommandLineA
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
TerminateProcess
IsDebuggerPresent

user32

DestroyWindow
LoadIconW
EndDialog
KillTimer
SetTimer
SetWindowTextW
PostMessageW
SendMessageW
MessageBoxW
DialogBoxParamW
GetWindowLongW
SetWindowLongW
ShowWindow
LoadStringW
CharUpperW
GetDlgItem

shell32

ShellExecuteExW

oleaut32

VariantClear
SysAllocStringLen
SysStringLen

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Installation instructions.txt
Talking Ben the Dog_4.0.0.98.apk
.apk android arch:arm64 arch:arm

com.outfit7.talkingben

com.outfit7.talkingben.Main

Activities

com.outfit7.talkingben.Main

android.intent.action.MAIN
android.intent.action.VIEW

com.outfit7.talkingfriends.activity.AnimationPlayer

android.intent.action.MAIN

com.outfit7.felis.core.info.uid.share.LocalUidFileProviderActivity

com.outfit7.talkingben.UID

Permissions

android.permission.RECORD_AUDIO
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.WAKE_LOCK
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
com.android.vending.BILLING
com.google.android.c2dm.permission.RECEIVE
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

Receivers

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

android.intent.action.BATTERY_OKAY
android.intent.action.BATTERY_LOW

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

android.intent.action.DEVICE_STORAGE_LOW
android.intent.action.DEVICE_STORAGE_OK

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

android.net.conn.CONNECTIVITY_CHANGE

androidx.work.impl.background.systemalarm.RescheduleReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_SET
android.intent.action.TIMEZONE_CHANGED

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.background.systemalarm.UpdateProxies

androidx.work.impl.diagnostics.DiagnosticsReceiver

androidx.work.diagnostics.REQUEST_DIAGNOSTICS

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

com.vungle.warren.NetworkProviderReceiver

android.net.conn.CONNECTIVITY_CHANGE

com.fyber.inneractive.sdk.dv.DVKit

com.fyber.inneractive.sdk.intent.action.REGISTER_KIT

com.fyber.inneractive.sdk.video.IAVideoKit

com.fyber.inneractive.sdk.intent.action.REGISTER_KIT

com.fyber.inneractive.sdk.mraid.IAMraidKit

com.fyber.inneractive.sdk.intent.action.REGISTER_KIT

com.kidoz.sdk.api.receivers.SdkReceiver

android.intent.action.PACKAGE_ADDED

Services

com.outfit7.funnetworks.push.O7FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

Sharing

General

Malware Config

Signatures

Files

07afe1e0c9da7fec9e5f700881a1f162

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0b:b1:4e:1a:ff:f5:87:9b:97:17:25:60:81:84:4b:4eCertificate

Extended Key Usages

Key Usages

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

eb:e4:07:34:2e:c2:97:29:b8:95:0d:91:31:ed:de:80:b5:38:ff:a4:fe:0e:02:15:50:f9:f0:72:0f:49:1b:40Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

oleaut32

Sections

.text Size: 130KB - Virtual size: 130KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 6KB - Virtual size: 17KB

.rsrc Size: 120KB - Virtual size: 120KB

com.outfit7.talkingben

com.outfit7.talkingben.Main

Activities

com.outfit7.talkingben.Main

com.outfit7.talkingfriends.activity.AnimationPlayer

com.outfit7.felis.core.info.uid.share.LocalUidFileProviderActivity

Permissions

Receivers

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

androidx.work.impl.background.systemalarm.RescheduleReceiver

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.diagnostics.DiagnosticsReceiver

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.vungle.warren.NetworkProviderReceiver

com.fyber.inneractive.sdk.dv.DVKit

com.fyber.inneractive.sdk.video.IAVideoKit

com.fyber.inneractive.sdk.mraid.IAMraidKit

com.kidoz.sdk.api.receivers.SdkReceiver

Services

com.outfit7.funnetworks.push.O7FirebaseMessagingService

com.google.firebase.messaging.FirebaseMessagingService

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0b:b1:4e:1a:ff:f5:87:9b:97:17:25:60:81:84:4b:4e
Certificate

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

eb:e4:07:34:2e:c2:97:29:b8:95:0d:91:31:ed:de:80:b5:38:ff:a4:fe:0e:02:15:50:f9:f0:72:0f:49:1b:40
Signer

.text
Size: 130KB - Virtual size: 130KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 6KB - Virtual size: 17KB

.rsrc
Size: 120KB - Virtual size: 120KB