Overview
overview
7Static
static
3frostwire-...ws.exe
windows7-x64
7frostwire-...ws.exe
windows10-2004-x64
7$PLUGINSDI....0.exe
windows7-x64
7$PLUGINSDI....0.exe
windows10-2004-x64
7$PLUGINSDI...er.dll
windows7-x64
1$PLUGINSDI...er.dll
windows10-2004-x64
1$PLUGINSDI...ad.dll
windows7-x64
3$PLUGINSDI...ad.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI....0.exe
windows7-x64
1$PLUGINSDI....0.exe
windows10-2004-x64
1$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...rk.dll
windows7-x64
1$PLUGINSDI...rk.dll
windows10-2004-x64
1$SMPROGRAM...te.url
windows7-x64
1$SMPROGRAM...te.url
windows10-2004-x64
1$TEMP/Open...lp.dll
windows7-x64
3$TEMP/Open...lp.dll
windows10-2004-x64
7FrostWire.exe
windows7-x64
1FrostWire.exe
windows10-2004-x64
1OpenCandy/...lp.dll
windows7-x64
3OpenCandy/...lp.dll
windows10-2004-x64
7SystemUtilities.dll
windows7-x64
3SystemUtilities.dll
windows10-2004-x64
3SystemUtilitiesA.dll
windows7-x64
3SystemUtilitiesA.dll
windows10-2004-x64
3General
-
Target
frostwire-4.21.1.windows.exe
-
Size
7.8MB
-
Sample
240611-vehsfathpk
-
MD5
2d6f24f73e0177d4044c4fd96eb41085
-
SHA1
5bc83dce5489898288d94d10a22e5133ea61a7bb
-
SHA256
1390fd6f0a7b31dbb986d0a119d9bc97271dd855f4966ac84dfb6aa962c9f9f6
-
SHA512
bbba676e1c9d6ffd29e3d5546034c70c332a81cdb08696fd41a6ddb4d6bcd52d83860ee0e549c50fc31450d04f70fe385e2dc3d296c0c2122d4070a2b0a2888c
-
SSDEEP
196608:WPfYsc/ZQKxsE8GiUAMfHhy2hebILFKUkp5xW6Gt:tXsE8TVMPhCELFKon
Static task
static1
Behavioral task
behavioral1
Sample
frostwire-4.21.1.windows.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
frostwire-4.21.1.windows.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/AskInstallChecker-1.5.0.0.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/AskInstallChecker-1.5.0.0.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/Banner.dll
Resource
win7-20240419-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/Banner.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/InetLoad.dll
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/InetLoad.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240215-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240508-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/askToolbarInstaller-1.9.1.0.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/askToolbarInstaller-1.9.1.0.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/processwork.dll
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/processwork.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral21
Sample
$SMPROGRAMS/FrostWire/Official FrostWire Website.url
Resource
win7-20240419-en
Behavioral task
behavioral22
Sample
$SMPROGRAMS/FrostWire/Official FrostWire Website.url
Resource
win10v2004-20240426-en
Behavioral task
behavioral23
Sample
$TEMP/OpenCandy/OCSetupHlp.dll
Resource
win7-20240220-en
Behavioral task
behavioral24
Sample
$TEMP/OpenCandy/OCSetupHlp.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral25
Sample
FrostWire.exe
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
FrostWire.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
OpenCandy/OCSetupHlp.dll
Resource
win7-20240508-en
Behavioral task
behavioral28
Sample
OpenCandy/OCSetupHlp.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
SystemUtilities.dll
Resource
win7-20240508-en
Behavioral task
behavioral30
Sample
SystemUtilities.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
SystemUtilitiesA.dll
Resource
win7-20240215-en
Behavioral task
behavioral32
Sample
SystemUtilitiesA.dll
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
frostwire-4.21.1.windows.exe
-
Size
7.8MB
-
MD5
2d6f24f73e0177d4044c4fd96eb41085
-
SHA1
5bc83dce5489898288d94d10a22e5133ea61a7bb
-
SHA256
1390fd6f0a7b31dbb986d0a119d9bc97271dd855f4966ac84dfb6aa962c9f9f6
-
SHA512
bbba676e1c9d6ffd29e3d5546034c70c332a81cdb08696fd41a6ddb4d6bcd52d83860ee0e549c50fc31450d04f70fe385e2dc3d296c0c2122d4070a2b0a2888c
-
SSDEEP
196608:WPfYsc/ZQKxsE8GiUAMfHhy2hebILFKUkp5xW6Gt:tXsE8TVMPhCELFKon
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/AskInstallChecker-1.5.0.0.exe
-
Size
242KB
-
MD5
8f9b5f4f87207be1cf810ddc95124f92
-
SHA1
f5cec54c9aac59167ba95ec8077438be381fba3d
-
SHA256
4501e3f8f41966d403e76d3b1d04525098f0b6d41b65741a8351f3b0d3e4397e
-
SHA512
dac421d8132e474ddfc9ba5954928b40d952af17c4c2085c30f5f3dc631962c2f05db52cb487371108b6b61e6fbc0a82d68ced48e9075a1fbc5a214d5d201097
-
SSDEEP
3072:L9Sc/cBP7ZyFQyNGhwPjVr88LkkPl5qcV21BSA5mffoL6xB3UCWT4zeNpdrhUu5g:L9+B9AHKyjVrTLkkP7qcXvxZzchm
-
-
-
Target
$PLUGINSDIR/Banner.dll
-
Size
4KB
-
MD5
0116a50101c4107a138a588d1e46fca5
-
SHA1
b781dce23e828cf2b97306661c7dad250a6aaf77
-
SHA256
ab80cf45070d936f0745f5e39b22e6e07ba90aa179b5ec4469ef6e2cb1b9ef6b
-
SHA512
55de6aeaad05b01a25828553d3ea9f1b32a8b0c35c42dc6106bed244320e3421ec6a6f5359b15f9d18dd1e9692ca5572b2736d9d48cceb07b9443601d00a5988
Score1/10 -
-
-
Target
$PLUGINSDIR/InetLoad.dll
-
Size
18KB
-
MD5
588d2a4e27dee47f1d7a9c10e67ca948
-
SHA1
019aad53a317892c3875761a5f6f2fb470376b7b
-
SHA256
b908ac66f5e0876fefe0be8ee692095132a780a8362ba3a68e99ba0d53dc8ebc
-
SHA512
c9de72dcb87f27e0a67c6b0220dab67b8c5813bc803bd76fb2b3070e88447457afdc76ffc391be42c14e9f31218fb74e8ddcd2a867e1f4d6f057986a8e31955b
-
SSDEEP
384:kUyPTZJ/XdzJwwTh8W1cyMjPzt0Ac9k+LMkIX1+Gn+XHfs:k37/luwTh8W1rMjPzbus
Score3/10 -
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
325b008aec81e5aaa57096f05d4212b5
-
SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3
-
SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
-
SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
-
SSDEEP
192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score3/10 -
-
-
Target
$PLUGINSDIR/NSISdl.dll
-
Size
14KB
-
MD5
a5f8399a743ab7f9c88c645c35b1ebb5
-
SHA1
168f3c158913b0367bf79fa413357fbe97018191
-
SHA256
dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9
-
SHA512
824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977
-
SSDEEP
192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c17103ae9072a06da581dec998343fc1
-
SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
-
SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
-
SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$PLUGINSDIR/askToolbarInstaller-1.9.1.0.exe
-
Size
2.9MB
-
MD5
aee02b9d3d9dfe2dfec230ace3804ba8
-
SHA1
ad44a69068930a5a5e100f7e1f14cf189842a670
-
SHA256
4d2f2a2cbaa420897a9362a2be0dbe23f8f4301fa35fd7fd5d5b093bcb2e16a7
-
SHA512
4b72ca26292bbe5136e9b471b8016b9931dc5578aa8e7a01b4a23a2b9ad6367f5f6c4f5f84c65f0c8cc9b601ae63240b13b0b25bfe0bb7a77d22a8bff085c6fb
-
SSDEEP
49152:LDnTDfkbVCs/2cex8CfdVY36EfrTzcZse23npE71z5tm6zuByY2prwt4i9oSQSqW:LDPfjDYKEgZYpE795FzuBxOY9oSpw3BG
Score1/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
c10e04dd4ad4277d5adc951bb331c777
-
SHA1
b1e30808198a3ae6d6d1cca62df8893dc2a7ad43
-
SHA256
e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a
-
SHA512
853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e
-
SSDEEP
96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420
Score3/10 -
-
-
Target
$PLUGINSDIR/processwork.dll
-
Size
231KB
-
MD5
0a4fa7a9ba969a805eb0603c7cfe3378
-
SHA1
0f018a8d5b42c6ce8bf34b4a6422861c327af88c
-
SHA256
27329ea7002d9ce81c8e28e97a5c761922097b33cedeada4db30d2b9d505007c
-
SHA512
e13e29712457d5e6351bfd69cba6320795d8b2fd1a047923814f8699f7188ec730ec7f0d946fdff66c8b430fef011415ed045b6ea56e4cc0b1d010171ab88178
-
SSDEEP
3072:n/93Fm9hfGIGjk1qc55CDoGowH6Fb/CcXwuCoty1IKYOlIa+zUk9sfqQAPfujRzS:/94yj9c55CDorNqot43ndqQpzjIKW
Score1/10 -
-
-
Target
$SMPROGRAMS/FrostWire/Official FrostWire Website.url
-
Size
80B
-
MD5
e6182c11b9454da9a32a7d23f5344046
-
SHA1
1bda8a01e17af0773580537dbcb738287116371a
-
SHA256
7d3fb5e0c43e42fd47e666409d888c0740aa66c1cdf61f27a9d34fc4f451ab1e
-
SHA512
beb097593a75ab9cb3615eee02d2cd33487e0a064b5ee3c4a8ebbafc587e107a5f8f60b2b336e3793c520c92dc03a1016000cfcc1bd58472f0012d9f436b378c
Score1/10 -
-
-
Target
$TEMP/OpenCandy/OCSetupHlp.dll
-
Size
435KB
-
MD5
daff06ef02834886326f15321da070f4
-
SHA1
eb60a51b619dc2c3e6a745b4356529a020bc6e6d
-
SHA256
9e670ccdac38c45bab87a1ca35ad8f2069bd5234d1067505c5a337a0babebaa9
-
SHA512
e5a46cc1b2c8cc04bd898e4340657cf699edb8c8aa759bc0de636ac4314bf5cf267d79cd26c0b9eacd3821a931cb71de721191c45faf69ebd13a37c98fe2d4db
-
SSDEEP
12288:/D8yV/rRyThzHXBpR0JA5Y3BleBzz3va3:/7VlyTZHR0JA5Y3qtz3y3
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
FrostWire.exe
-
Size
112KB
-
MD5
4939d0506630168e691c7d389435a773
-
SHA1
07b98d813387de30dfe82a1033fa7c851d3cfdec
-
SHA256
edb5304678788706899597cca672f8021915a4d71bfe4a39a2998aad41e45840
-
SHA512
aeb8c800614456a53b18698a63b5442eabbb4fdd193d8ed2253794a0511c74b08c2c87bb97c0fd0e118619bdbacc6b3853867e97de2246981250325baf6501e0
-
SSDEEP
1536:khyOBDujEkaQckG6VpNFkpp7PFVbvPhJSywtRU42CU3Jo9e8c:khy0kSkTp+hJSTt642p5oHc
Score1/10 -
-
-
Target
OpenCandy/OCSetupHlp.dll
-
Size
435KB
-
MD5
daff06ef02834886326f15321da070f4
-
SHA1
eb60a51b619dc2c3e6a745b4356529a020bc6e6d
-
SHA256
9e670ccdac38c45bab87a1ca35ad8f2069bd5234d1067505c5a337a0babebaa9
-
SHA512
e5a46cc1b2c8cc04bd898e4340657cf699edb8c8aa759bc0de636ac4314bf5cf267d79cd26c0b9eacd3821a931cb71de721191c45faf69ebd13a37c98fe2d4db
-
SSDEEP
12288:/D8yV/rRyThzHXBpR0JA5Y3BleBzz3va3:/7VlyTZHR0JA5Y3qtz3y3
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
SystemUtilities.dll
-
Size
88KB
-
MD5
826733847f85d08b1cd5d3b63f459b3d
-
SHA1
52408dbbe1d3cb097d93b84b2ee7aeb0662860e6
-
SHA256
fa389ea38aed06fbdb1dd5bcd2d5713a0635f9c6212829af6f6c3d504faae991
-
SHA512
29481205ee2f8ef95ef2b17c85cc8c140ad8f4799a2d4c0f3d4d7e0da5892ed3d67810649506d1dd1c835d80f3dd68f94e823ad550580f5387b474a1446a9697
-
SSDEEP
1536:ekxxG0ZMa9oXYR8f641TLkMlWnswHgEtapyuk:ekxQa9LR/41TwtAEtapy3
Score3/10 -
-
-
Target
SystemUtilitiesA.dll
-
Size
84KB
-
MD5
46f0ebb1a297a6a3eee33d9099023ec6
-
SHA1
a2824fadb1e769732ddfabf9e7a7dae2d58d1af7
-
SHA256
7036db81a48b8e6dbbe98c736c7b033281aaa97cb02e953aff8464d450b250d4
-
SHA512
28bed974c70f1c014827269049f3067afdd17cb9d9afbd4b2a6c21fd8ecd7f449eca337877524cad776ec191b535dc2d968c1c1f52f2cb022ba1626e358b66a4
-
SSDEEP
768:4026NAi69ghRu+mK+F8lld7E5KFXZQZ67aM+qO9BD7Qc5IbVkSm9hANIUtf57P:O6NAJgvEFa7E5KFphHWn7mpk5uBtft
Score3/10 -