2307c4119e4aba798b67546b161a41fabb05a79e0ba96b09b5bd48cdb012eb1c

Sharing

General

Target

Wave Launcher.exe
Size

87.2MB
Sample

250103-kvmq8awndy
MD5

b03c44b7962534590e1561eda7ba1792
SHA1

53a84b81e2e374f203474a65fe02de39b8c8e083
SHA256

2307c4119e4aba798b67546b161a41fabb05a79e0ba96b09b5bd48cdb012eb1c
SHA512

ef5b91c4f42f759e939ea587a209b176f8737a40789e89c95cd2456629e7f181935ea51bb7b8f13b7298312ebe5a842ff08161c3d31c1fd92687acb45236c2e3
SSDEEP

1572864:1GDe4hd5gG8x/keCUDXbbJurhNih/PFM+BXfFDLXM5tG5R5mQD8vOp:EDe4DhCXHJ5XLX9gY8v4

Score

8^/10

Malware Config

Targets

- Target
  
  Wave Launcher.exe
- Size
  
  87.2MB
- MD5
  
  b03c44b7962534590e1561eda7ba1792
- SHA1
  
  53a84b81e2e374f203474a65fe02de39b8c8e083
- SHA256
  
  2307c4119e4aba798b67546b161a41fabb05a79e0ba96b09b5bd48cdb012eb1c
- SHA512
  
  ef5b91c4f42f759e939ea587a209b176f8737a40789e89c95cd2456629e7f181935ea51bb7b8f13b7298312ebe5a842ff08161c3d31c1fd92687acb45236c2e3
- SSDEEP
  
  1572864:1GDe4hd5gG8x/keCUDXbbJurhNih/PFM+BXfFDLXM5tG5R5mQD8vOp:EDe4DhCXHJ5XLX9gY8v4
Score

8^/10

steam credential_access defense_evasion discovery motw persistence phishing privilege_escalation spyware stealer
- Downloads MZ/PE file
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- A potential corporate email address has been identified in the URL: [email protected]
  phishing
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Mark of the Web detected: This indicates that the page was originally saved or cloned.
  phishing motw
- Detected potential entity reuse from brand STEAM.
  phishing steam
- Drops file in System32 directory
- Enumerates processes with tasklist
  discovery
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  $PLUGINSDIR/SpiderBanner.dll
- Size
  
  9KB
- MD5
  
  17309e33b596ba3a5693b4d3e85cf8d7
- SHA1
  
  7d361836cf53df42021c7f2b148aec9458818c01
- SHA256
  
  996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
- SHA512
  
  1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
- SSDEEP
  
  192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score

3^/10

discovery
behavioral2
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral3
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral4
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10

discovery
behavioral5
- Target
  
  $PLUGINSDIR/app-64.7z
- Size
  
  86.4MB
- MD5
  
  97696ecaf41621c8640b585135cc1a2e
- SHA1
  
  86b5058e3dc730dff769180954f7aace8f13be99
- SHA256
  
  beb3ecdf9857fda612cbb9008516e633c61e7b89ccecdc0102109c007ffb257b
- SHA512
  
  893a915c25c13bd159cfca6bf9ab75029f31b88561c571ea979e58c40d427f02a0763aa99cba31c896ec1b67cecb32936aa318c9d56fd7c35c8899c5be113247
- SSDEEP
  
  1572864:Ee4hd5gG8x/keCUDXbbJurhNih/PFM+BXfFDLXM5tG5R5mQD8vO/:Ee4DhCXHJ5XLX9gY8vu
Score

7^/10
- Executes dropped EXE
behavioral6
- Target
  
  resources/app.asar.unpacked/node_modules/@primno/dpapi/dist/index.js
- Size
  
  412B
- MD5
  
  0b33e83d33b01a51625a0fdcbef42ce3
- SHA1
  
  1c29d999ff7da39426b97f2eb31a3d83db8f5fc7
- SHA256
  
  a7ff0225cb5ebcbef8499c6c8ac2be924f584eb375dacb1d8bd3dc6540b510f2
- SHA512
  
  1d04caf4fc2e876bdf2a089ae938a41fe4d3f2928aa846709bafd2de236fa8c754fcc84d7e8a5f5734bc1cecc04b395ab9d2114945b35e8c85cd3b9ee8f9799c
Score

3^/10

execution
behavioral7
- Target
  
  resources/app.asar.unpacked/node_modules/@primno/dpapi/prebuilds/win32-x64/node.napi.node
- Size
  
  137KB
- MD5
  
  04bfbfec8db966420fe4c7b85ebb506a
- SHA1
  
  939bb742a354a92e1dcd3661a62d69e48030a335
- SHA256
  
  da2172ce055fa47d6a0ea1c90654f530abed33f69a74d52fab06c4c7653b48fd
- SHA512
  
  4ea97a9a120ed5bee8638e0a69561c2159fc3769062d7102167b0e92b4f1a5c002a761bd104282425f6cee8d0e39dbe7e12ad4e4a38570c3f90f31b65072dd65
- SSDEEP
  
  3072:94PTD6FEzMju6bzJKjpEPeTOKvJhEnww+YbRYvPuq:94jQju6b9KilKvJurR8W
Score

1^/10
behavioral8
- Target
  
  resources/app.asar.unpacked/node_modules/registry-js/build/Release/registry.node
- Size
  
  202KB
- MD5
  
  874b42d5b5ee11513c92e3eb19523507
- SHA1
  
  6012c1fd9494d144e0caca2c7001268a2f7aca0a
- SHA256
  
  faecdd33395e502fc70b41a978c2e1e5ed7cb63b9a94aa3206ac5aba1261fdb7
- SHA512
  
  975abe876943186ef28a336f867f65a3591ff04c627cb019b055df6a2459da88041fff4fde20db04ea6eb6008b96b14b9a35c4add3cf1ca240489536e8ba37a6
- SSDEEP
  
  3072:oz2uohFlOmA4bnDzWtD3J02kQesHIUN0+dVL/UvLcStqHO/:ojeFlOJUfkelOIUN0+dVy+e
Score

1^/10
behavioral9
- Target
  
  resources/app.asar.unpacked/node_modules/registry-js/dist/lib/index.js
- Size
  
  658B
- MD5
  
  1b753840717ba9708d4afbfed7c5ecae
- SHA1
  
  188caa6d370515112ec3818cf89ce10a04712ae5
- SHA256
  
  f8a6cc69584e07a08a4e72ba1c89bfe791af854a62d2085f230a95a6e2ed8da4
- SHA512
  
  264f46934d2f96b2b5f0399e991fef48ebc8c8d2292f58fcc8d39b4a27734b2a2f667f2e706b851ca8fb3a54027561ef3f305fa357dc6275001257113efb7c60
Score

3^/10

execution
behavioral10
- Target
  
  resources/app.asar.unpacked/node_modules/registry-js/dist/lib/registry.js
- Size
  
  5KB
- MD5
  
  7084662c3e6624dae025c24f4d307854
- SHA1
  
  860f0a84208663d434671e9b94048ee57a00997e
- SHA256
  
  41589ec896a2d3b80311fc2325e1385f9d91dd15d0bf384c85dda403ac3e7871
- SHA512
  
  a7e9dd3acdf0df55cc14cb45e253be10bc2872ffde9ed90ee11475aa3e086e9c94a023b2d435fdbaaccba2dab6e9074e4a0dcb68d09b98bfb9cde70abeaf9de9
- SSDEEP
  
  96:LCQ80Gl/9mXgGkQSIsIEm1ymhva3apxrMepAHIetaFD0rrptetf+M7WZC85M7dZJ:LCHplQZyIsexrMepAHIetWD+rptetf5j
Score

3^/10

execution
behavioral11
- Target
  
  resources/app.asar.unpacked/node_modules/sqlite3/build/Release/node_sqlite3.node
- Size
  
  1.8MB
- MD5
  
  66a65322c9d362a23cf3d3f7735d5430
- SHA1
  
  ed59f3e4b0b16b759b866ef7293d26a1512b952e
- SHA256
  
  f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c
- SHA512
  
  0a44d12852fc4c74658a49f886c4bc7c715c48a7cb5a3dcf40c9f1d305ca991dd2c2cb3d0b5fd070b307a8f331938c5213188cbb2d27d47737cc1c4f34a1ea21
- SSDEEP
  
  49152:lVtIA1xRrGLYLn9M+BMPPivsICK9rzoNEqt:7tH4X3inMZt
Score

1^/10
behavioral12
- Target
  
  resources/app.asar.unpacked/node_modules/sqlite3/deps/extract.js
- Size
  
  224B
- MD5
  
  f0a82a6a6043bf87899114337c67df6c
- SHA1
  
  a906c146eb0a359742ff85c1d96a095bd0dd95fd
- SHA256
  
  5be353d29c0fabea29cfd34448c196da9506009c0b20fde55e01d4191941dd74
- SHA512
  
  d26879f890226808d9bd2644c5ca85cc339760e86b330212505706e5749464fafad1cb5f018c59a8f034d68d327cd3fa5234ceac0677de1ac9ae09039f574240
Score

3^/10

execution
behavioral13
- Target
  
  resources/app.asar.unpacked/node_modules/sqlite3/lib/sqlite3-binding.js
- Size
  
  59B
- MD5
  
  8582b2dcaed9c5a6f3b7cfe150545254
- SHA1
  
  14667874e0bfbe4ffc951f3e4bec7c5cf44e5a81
- SHA256
  
  762c7a74d7f92860a3873487b68e89f654a21d2aaeae9524eab5de9c65e66a9c
- SHA512
  
  22ec4df7697322b23ae2e73c692ed5c925d50fde2b7e72bfc2d5dd873e2da51834b920dea7c67cca5733e8a3f5e603805762e8be238c651aa40290452843411d
Score

3^/10

execution
behavioral14
- Target
  
  resources/app.asar.unpacked/node_modules/sqlite3/lib/sqlite3.js
- Size
  
  6KB
- MD5
  
  275019a4199a84cfd18abd0f1ae497aa
- SHA1
  
  8601683f9b6206e525e4a087a7cca40d07828fd8
- SHA256
  
  8d6b400ae7f69a80d0cdd37a968d7b9a913661fa53475e5b8de49dda21684973
- SHA512
  
  6422249ccd710973f15d1242a8156d98fa8bdea820012df669e5363c50c5d8492d21ffefcdfa05b46c3c18033dde30f03349e880a4943feda8d1ee3c00f952b0
- SSDEEP
  
  192:QoM2Wd0WmO6pM+tPtVRhoh3hG/h1goWPQfAcCy7gPQbQwZQiR893+9dY:npM0I6aPkd/K
Score

3^/10

execution
behavioral15
- Target
  
  resources/app.asar.unpacked/node_modules/sqlite3/lib/trace.js
- Size
  
  1KB
- MD5
  
  e5c2de3c74bc66d4906bb34591859a5f
- SHA1
  
  37ec527d9798d43898108080506126b4146334e7
- SHA256
  
  d06caec6136120c6fb7ee3681b1ca949e8b634e747ea8d3080c90f35aeb7728f
- SHA512
  
  e250e53dae618929cbf3cb2f1084a105d3a78bdfb6bb29e290f63a1fd5fbb5b2fab934ad16bc285e245d749a90c84bdc72fdc1a77af912b7356c18b0b197fbe5
Score

3^/10

execution
behavioral16
- Target
  
  resources/app.asar.unpacked/node_modules/sqlite3/src/backup.h
- Size
  
  6KB
- MD5
  
  29dd2fca11a4e0776c49140ecac95ce9
- SHA1
  
  837cfbc391c7faad304e745fc48ae9693afaf433
- SHA256
  
  556ba9af78010f41bc6b5b806743dc728bc181934bf8a7c6e5d606f9b8c7a2e9
- SHA512
  
  5785667b9c49d4f4320022c98e0567a412b48a790c99569261c12b8738bde0b4949d3998e2b375540ede2ff1d861cad859780ade796b71d4d1d692e1ed449021
- SSDEEP
  
  192:jXmQS7rRLcxPsPVHXmIXYIyx15kPhw0Io:j2QS7rRLOPs5e0
Score

3^/10

execution
behavioral17
- Target
  
  resources/app.asar.unpacked/node_modules/win-version-info/bin.js
- Size
  
  247B
- MD5
  
  927d799c0c996a865d11a78f04198211
- SHA1
  
  f5898b61159f1f56ebd3cd439b498a177d413c0a
- SHA256
  
  7f69b31efa09c6e7d442d6229e82e65f38faeafeda1fbed7c5e54324aff062e6
- SHA512
  
  97e1061700f32af28dbc946e2f3be0358234689f9d3482b37429dc28697516916cf1ff6c7891a29b835cdd775705f432ff7f437bb67ba87d7ae81d62453407b2
Score

3^/10

execution
behavioral18
- Target
  
  resources/app.asar.unpacked/node_modules/win-version-info/index.js
- Size
  
  514B
- MD5
  
  e5053e64fdc67009804a42cc8baebf90
- SHA1
  
  8814ef33fe018ed0a1817e77c7ed7ddb16076137
- SHA256
  
  5e591255fa35fb3650502e648ff51d6d7c7e57ada312bd33058da03cc412efb3
- SHA512
  
  60f941a6814dc3efea6a65c6dced552d4248273e1ce57222b428f813e0ab655d13546a0951ad3c0b22adffc7fc40542d7667ce70d315052308ea0fa1195526f5
Score

3^/10

execution
behavioral19
- Target
  
  resources/app.asar.unpacked/node_modules/win-version-info/prebuilds/win32-ia32/node.napi.node
- Size
  
  193KB
- MD5
  
  cefe26ec7acfc362cc9312c5e13bccc1
- SHA1
  
  5b8c20deafe5756765d35ff293b7fb65ccdca34c
- SHA256
  
  05790e8ae1c66ed2add027e45f7d0560ae94151b46016899c19449a65dc21f56
- SHA512
  
  175435b8f3cb2f153593808ef95528b74f408f623b7ef575ca2f09bb2a147c9c272ecc5e95918cfdc19f05864238108a9131cfeeb2b2c13b8a1531cbc2a22189
- SSDEEP
  
  3072:Ggk8drYJFnIEW91HATlbWVMkbruHNGZ2OLZrBny5OAg0FuDmrjr2F9awrC7:Ggk84SAcP/yNGZHLlAOF9NrC7
Score

3^/10

discovery
behavioral20
- Target
  
  resources/app.asar.unpacked/node_modules/win-version-info/prebuilds/win32-x64/node.napi.node
- Size
  
  249KB
- MD5
  
  de00e0648bb3ee003375504188d473ef
- SHA1
  
  a43be3fa52b56a4e8610590ac9465aa25401fbe5
- SHA256
  
  9666f8e196c798ef4419b1e6c1a8d4bdb4a399ccab485a32a38bef6eaeb4a384
- SHA512
  
  11772462cdaefcfaaef1d6d19c55c6454d8402e0056552fcbf63f68b5c999939a8be34769b5fcb74872e2d7a890c0075b35d7e23565f76d246d5d624403a15b3
- SSDEEP
  
  6144:3o06awTFRroAJKQEozTk/us7bqm/ohOnI:3o0cTjVJKQ9k/7bqm/o
Score

1^/10
behavioral21
- Target
  
  resources/app.asar.unpacked/node_modules/win-version-info/skip.js
- Size
  
  117B
- MD5
  
  92a4c6dc39d38ac078ec80977508feac
- SHA1
  
  edc8d81988e99c77105abb1455ea224fde97d212
- SHA256
  
  c12583530edc83dcc7cacef4a428eaefa84c10bfe4b62c0c9707de015e338859
- SHA512
  
  3833af1f274d3bb89776a8dc6b9ff015f5d219ebec47f5e98bf88670e523517ad8a493b0959dd41dd6e658c230335338325e8c2befea61f2f22f8e83822ccab2
Score

3^/10

execution
behavioral22
- Target
  
  resources/elevate.exe
- Size
  
  105KB
- MD5
  
  792b92c8ad13c46f27c7ced0810694df
- SHA1
  
  d8d449b92de20a57df722df46435ba4553ecc802
- SHA256
  
  9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
- SHA512
  
  6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
- SSDEEP
  
  3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score

3^/10

discovery
behavioral23
- Target
  
  vk_swiftshader.dll
- Size
  
  5.0MB
- MD5
  
  133954b7c0216a099173fb01db3d1ead
- SHA1
  
  331ea0b401fa277227886b67a36c25317d3b9b82
- SHA256
  
  0827f0ce55555b2369a7820146bff7a95f79d10b314c993d2f47b6facb3eb42a
- SHA512
  
  42c3f638dcf9cf99a428aab465d9b199f2253d365e48f2d4bf43babd3ea8f82da9aa557f384358074368af8db1c1836d8d62ec10c19c5bd108407abf5ac7f9eb
- SSDEEP
  
  49152:zO6ftECL3Zdon2+a/EgBqB1y91lxfAV7xWV9MzaNZ8m8Lg1d7RXmVEZvMUn0HjyF:zLftMUSogaEm5hZdIOlEbRaB3YIt
Score

1^/10
behavioral24
- Target
  
  vulkan-1.dll
- Size
  
  925KB
- MD5
  
  52d5707acfae6fd7d8559e0775728caa
- SHA1
  
  75fdcd780971c784ca879e391f2e2e77bb92671b
- SHA256
  
  822806991ff41c2f31b426d2f8f13d48db7e2fab7c72df141b39a11ef9ee5293
- SHA512
  
  2440e1d812edde2100aa1e43dfcfeb322206bcaba88ab0fe2710f1d0bfb2f6ee904cc773c9bcb2844e87b9cdee1d0544510f73147e70782388fd42e42a1e0b16
- SSDEEP
  
  24576:Oy+lCO+5ia/1DW6pb9MLtX6Z5WdDYsH26g3P0zAk7o3n:OymVqXpbId6Z5WdDYsH26g3P0zAk7o3
Score

1^/10
behavioral25
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  ec0504e6b8a11d5aad43b296beeb84b2
- SHA1
  
  91b5ce085130c8c7194d66b2439ec9e1c206497c
- SHA256
  
  5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
- SHA512
  
  3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57
- SSDEEP
  
  96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr
Score

3^/10

discovery
behavioral26
- Target
  
  $PLUGINSDIR/nsis7z.dll
- Size
  
  424KB
- MD5
  
  80e44ce4895304c6a3a831310fbf8cd0
- SHA1
  
  36bd49ae21c460be5753a904b4501f1abca53508
- SHA256
  
  b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
- SHA512
  
  c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
- SSDEEP
  
  6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
Score

3^/10

discovery
behavioral27
- Target
  
  $R0/Uninstall DesktopWaifu.exe
- Size
  
  386KB
- MD5
  
  c3682b2dafa1c0041778ec71e96d3d95
- SHA1
  
  0af826f849e4663f414d052589cac906cec70af5
- SHA256
  
  36b958a866e80ce467fc64eec3a507f33464bc655eb569e98b3612ee4fec21fe
- SHA512
  
  0654b1779f4671fbdeed23a71a82dbb928b8a1301b4ac796f64d17bcc7d5077c06c7c2ee338658e170ce52710844be98acd22f888e7aa82a2edcd16414f03588
- SSDEEP
  
  3072:Kn77v00hEoDEtaux4FshRfezdMQTIKxitfuofETsP5aH2tvhOEA1RJCir86SrSrG:K740IB9R8IK9hys2t0EyL+ya7
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral28
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral29
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral30
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10

discovery
behavioral31
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  ec0504e6b8a11d5aad43b296beeb84b2
- SHA1
  
  91b5ce085130c8c7194d66b2439ec9e1c206497c
- SHA256
  
  5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
- SHA512
  
  3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57
- SSDEEP
  
  96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr
Score

3^/10

discovery
behavioral32