General

  • Target

    directwavevst_install.exe

  • Size

    41.2MB

  • MD5

    6c808b3d9bf2282f83e8c3ca65c58519

  • SHA1

    83582a41c59e91f56f80a7887b0c8fc98627009f

  • SHA256

    9ee9c6ca034a9ee33b343b348dca17172bd5d7da0169569467c3234a4c2724d5

  • SHA512

    910331367a4ec44e19267ee0290d393f72cf7ad8abe4df32670ca00a7a73fecac132ed88802119ab9940c32a57c1ecadac941fe6e355cbc9206e2b1918f729ac

  • SSDEEP

    786432:PaCEcfFLRWxoPuV+EpfK62Qlctq0iV5NT88SQMxFkGrfPNi3CCsO7H79PQX:n3fdRWxomVrpfK62QltpV598GM7XfPNf

Score
3/10

Malware Config

Signatures

  • Unsigned PE 13 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 8 IoCs

Files

  • directwavevst_install.exe
    .exe windows:4 windows x86 arch:x86

    099c0646ea7282d232219f8807883be0


    Code Sign

    Headers

    Imports

    Sections

  • $0/Artwork/Fonts/Cuprum.ttf
  • $0/Artwork/Fonts/Cuprum/OFL.txt
  • $0/Artwork/Fonts/Francois One/OFL.txt
  • $0/Artwork/Fonts/FrancoisOne.ttf
  • $0/Artwork/Fonts/ILCursors.ttf
  • $0/Artwork/Fonts/ILGlyphs.ttf
  • $0/Artwork/Fonts/ILGlyphsEx.ttf
  • $0/Artwork/Fonts/JosefinSans-SemiBold.ttf
  • $0/Artwork/Fonts/OpenSans-CondLight.ttf
  • $0/Artwork/Fonts/Open_Sans_Condensed/LICENSE.txt
  • $0/Artwork/Fonts/PT Sans/OFL.txt
  • $0/Artwork/Fonts/PT_Sans-Narrow-Web-Regular.ttf
  • $0/Artwork/Fonts/PT_Sans-Web-Regular.ttf
  • $0/Artwork/Fonts/Revalia-Regular.ttf
  • $0/Artwork/Fonts/Revalia/OFL.txt
  • $0/Artwork/Fonts/RobotoCondensed-Light.ttf
  • $0/Artwork/Fonts/RobotoCondensed-Regular.ttf
  • $0/Artwork/Fonts/Roboto_Condensed/LICENSE.txt
  • $0/Artwork/Fonts/Share-Regular.ttf
  • $0/Artwork/Fonts/Share/OFL.txt
  • $0/Artwork/Fonts/Ubuntu-R.ttf
  • $0/Artwork/Fonts/UbuntuCondensed-Regular.ttf
  • $0/DelZip190.dll
    .dll windows:4 windows x86 arch:x86

    380f2d17bd37c3067396a1e157a8ffc0


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $0/DelZip64.dll
    .dll windows:6 windows x64 arch:x64

    7dc0facef4ce538c1938af8c3e81ac0b


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $0/DirectWaveCtEngine.dll
    .dll windows:5 windows x86 arch:x86

    b4d109050cfd8ae9b366181224b9c2be


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $0/DirectWaveCtEngine_x64.dll
    .dll windows:5 windows x64 arch:x64

    410a3db4b254853309877ef50e47fbaf


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $0/Elastique.dll
    .dll windows:4 windows x86 arch:x86

    c645f2f0cda6a4b525d11b95e2a188d7


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $0/ILMinihostBridge32.exe
    .exe windows:5 windows x86 arch:x86

    53de097fed7e1f1c14291e2d6e06294d


    Code Sign

    Headers

    Imports

    Sections

  • $0/ILMinihostBridge64.exe
    .exe windows:5 windows x64 arch:x64

    05d6b994e76428587e77442fe444b0f8


    Code Sign

    Headers

    Imports

    Sections

  • $0/ILPluginScanner32.exe
    .exe windows:5 windows x86 arch:x86

    ddfa87726fa162fcc5605b7fb9f0dc82


    Code Sign

    Headers

    Imports

    Sections

  • $0/ILPluginScanner64.exe
    .exe windows:5 windows x64 arch:x64

    a53b15766d9800d72604c8389f287db0


    Code Sign

    Headers

    Imports

    Sections

  • $0/ILRemoteServer.dll
    .dll windows:5 windows x86 arch:x86

    e7b3d7f6818a523b3c0f082bdb50ae0a


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $0/ILRemoteServer_x64.dll
    .dll windows:6 windows x64 arch:x64

    4b724f61892b7c96e8b81e8f508ac6f4


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $0/LAMEenc.dll
    .dll windows:4 windows x86 arch:x86

    654022cc5ae5c599dd653bf802a4d5ce


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $0/LAMEenc_x64.dll
    .dll windows:4 windows x64 arch:x64

    e7e522730f5345ac0f43c286facfd3c7


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $0/QuickFontCache.dll
    .dll windows:5 windows x86 arch:x86

    f0c0b3cb700b46916e94b31a7296d235


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $0/QuickFontCache_x64.dll
    .dll windows:5 windows x64 arch:x64

    eed1ed74766f93ecd9d73fb288280590


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $0/REX Shared Library.dll
    .dll windows:5 windows x86 arch:x86

    8325134a805e75d948ccc2006d92681e


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $0/REX Shared Library_x64.dll
    .dll windows:5 windows x64 arch:x64

    abd823488a02e1464603eeadd6ca5b86


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $0/Reverb.dll
    .dll windows:4 windows x86 arch:x86

    bd65ec4c173739c6ea5c9bffb160ec15


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $0/Reverb_x64.dll
    .dll windows:4 windows x64 arch:x64

    8b91309cfba9a6d437f29bb3fbe6069d


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $0/SG.dll
    .dll windows:5 windows x86 arch:x86

    adfd1f074d1ad27cac50b1735a70221b


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $0/SG_x64.dll
    .dll windows:5 windows x64 arch:x64

    9239b0a79fe3a94ceb0aabb9c555655a


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $0/dsp_ipp.dll
    .dll windows:6 windows x86 arch:x86

    a8a51f369f8924ff853227d0dd296984


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $0/dsp_ipp_x64.dll
    .dll windows:6 windows x64 arch:x64

    a2d15a65c4a2f37cb315fd48aa325423


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $0/elastique_x64.dll
    .dll windows:5 windows x64 arch:x64

    f973045f4862b94477c3de95369aedd6


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $0/freetype.dll
    .dll windows:4 windows x86 arch:x86

    bcf0865ab946dc4c8e9f7b347fd3ec31


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $0/freetype_x64.dll
    .dll windows:4 windows x64 arch:x64

    c0ffb3280487bf8c3d98531f7c8d3c9b


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $0/oggio.dll
    .dll windows:4 windows x86 arch:x86

    d9c287a15b4f325845ba12f6df6e05d7


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $0/oggio_x64.dll
    .dll windows:4 windows x64 arch:x64

    0fdca9c1c366492184b19efeacd4d90f


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $0/steam_api.dll
    .dll windows:5 windows x86 arch:x86

    4b75e8f71ef7ec9d7921abd4eaff587d


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $0/steam_api64.dll
    .dll windows:5 windows x64 arch:x64

    3f9d1359f700b8629ff9520a82d2190a


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $0/uninstall.exe
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/ILUninstall.dll
    .dll windows:5 windows x86 arch:x86

    e467a585796dc48fbb4492ddfcbde1aa


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • uninstall.fud
  • $0/wavpackdll.dll
    .dll windows:4 windows x86 arch:x86

    e3b07025795389915e5f3b3cc31cd07a


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $0/wavpackdll_x64.dll
    .dll windows:4 windows x64 arch:x64

    dd20a5625b38c1a4466ef178afd2582d


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/AccessControl.dll
    .dll windows:4 windows x86 arch:x86

    ed83f419402bc3b83a08e3aaf8b5b5b7


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ILInstallUtil.dll
    .dll windows:5 windows x86 arch:x86

    f54089062a794946c82cd9c08d60bc3d


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $_3_/Downloads/Drumaxx.txt
  • $_3_/Downloads/FL Mobile Samples.txt
  • $_3_/Downloads/Harmor.txt
  • $_3_/Downloads/Legacy.txt
  • $_3_/Downloads/Loops.txt
  • $_3_/Downloads/Synthmaker.txt
  • $_3_/Downloads/bassdrum.txt
  • $_3_/Downloads/directwave.txt
  • $_3_/Downloads/fpc.txt
  • $_3_/Downloads/gms.txt
  • $_3_/Downloads/morphine.txt
  • $_3_/Downloads/ogun.txt
  • $_3_/Downloads/poizone.txt
  • $_3_/Downloads/sakura.txt
  • $_3_/Downloads/sawer.txt
  • $_3_/Downloads/toxic biohazard.txt
  • $_3_/FLDownload.dll
    .dll windows:5 windows x86 arch:x86

    bc71e7ac8396ad8e276994ea9b43c0bd


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_3_/Fonts/CL-Font1-Regular.ttf
  • $_3_/Fonts/CL-Font2-Regular.ttf
  • $_3_/Fonts/OFL.txt
  • $_3_/ILDownloadManager.exe
    .exe windows:5 windows x86 arch:x86

    ab42ec410cb0c02dc3caec550f53b4f5


    Code Sign

    Headers

    Imports

    Sections

  • $_3_/Stub/FLDownload.dll
    .dll windows:4 windows x86 arch:x86

    9696f656d9dd7905533227242d722c02


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_3_/Update/Updater.exe
    .exe windows:4 windows x86 arch:x86

    8b1c863312f6977ce0e438376ff3a4d7


    Code Sign

    Headers

    Imports

    Sections

  • $_3_/uninstall.exe
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Code Sign

    Headers

    Imports

    Sections

  • $0/Uninstall.fud
  • $PLUGINSDIR/ILInstallUtil.dll
    .dll windows:5 windows x86 arch:x86

    f54089062a794946c82cd9c08d60bc3d


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ILUninstall.dll
    .dll windows:5 windows x86 arch:x86

    e467a585796dc48fbb4492ddfcbde1aa


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • $_4_/Downloads/Drumaxx.txt
  • $_4_/Downloads/FL Mobile Samples.txt
  • $_4_/Downloads/Harmor.txt
  • $_4_/Downloads/Legacy.txt
  • $_4_/Downloads/Loops.txt
  • $_4_/Downloads/Synthmaker.txt
  • $_4_/Downloads/bassdrum.txt
  • $_4_/Downloads/directwave.txt
  • $_4_/Downloads/fpc.txt
  • $_4_/Downloads/gms.txt
  • $_4_/Downloads/morphine.txt
  • $_4_/Downloads/ogun.txt
  • $_4_/Downloads/poizone.txt
  • $_4_/Downloads/sakura.txt
  • $_4_/Downloads/sawer.txt
  • $_4_/Downloads/toxic biohazard.txt
  • $_4_/FLDownload.dll
    .dll windows:5 windows x86 arch:x86

    bc71e7ac8396ad8e276994ea9b43c0bd


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_4_/Fonts/CL-Font1-Regular.ttf
  • $_4_/Fonts/CL-Font2-Regular.ttf
  • $_4_/Fonts/OFL.txt
  • $_4_/ILDownloadManager.exe
    .exe windows:5 windows x86 arch:x86

    ab42ec410cb0c02dc3caec550f53b4f5


    Code Sign

    Headers

    Imports

    Sections

  • $_4_/Stub/FLDownload.dll
    .dll windows:4 windows x86 arch:x86

    9696f656d9dd7905533227242d722c02


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_4_/Update/Updater.exe
    .exe windows:4 windows x86 arch:x86

    8b1c863312f6977ce0e438376ff3a4d7


    Code Sign

    Headers

    Imports

    Sections

  • uninstall.exe
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Code Sign

    Headers

    Imports

    Sections

  • $0/Uninstall.fud
  • $PLUGINSDIR/ILInstallUtil.dll
    .dll windows:5 windows x86 arch:x86

    f54089062a794946c82cd9c08d60bc3d


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ILUninstall.dll
    .dll windows:5 windows x86 arch:x86

    e467a585796dc48fbb4492ddfcbde1aa


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp