WolferVPN.exe

Status: finished

Submission Time: 2023-12-02 22:03:28 +01:00

Malicious

Adware

Spyware

Comments

Details

Analysis ID:
1352257
API (Web) ID:
1352257
Analysis Started:

2023-12-02 22:03:31 +01:00
Analysis Finished:

2023-12-02 22:15:25 +01:00
MD5:
6434ceafa88a3afa1f8351bc6890b2a5
SHA1:
700b43db6881bc83c6d7acb0d020283dca4fa7ba
SHA256:
db230e271893be37515e7bf1403352d99a5f8ac441c2df589551ee399dea7315
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 68	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 28/70

malicious

Score: 15/37

IPs

IP	Country	Detection
172.67.218.203	United States
172.64.41.3	United States

Domains

Name	IP	Detection
rufflesrefined.com	172.67.218.203
chrome.cloudflare-dns.com	172.64.41.3

URLs

Name	Detection
https://developer.mozilla.org/en-US/docs/Web/API/window.crypto.getRandomValues
http://pajhome.org.uk/crypt/md5
https://v8docs.nodesource.com/node-8.16/d5/dda/classv8_1_1_isolate.html#aeb420b690bc2c216882d6fdd00d
Click to see the 97 hidden entries
https://github.com/nodejs/nan#wg-members--collaborators
https://github.com/agnat
https://v8docs.nodesource.com/node-8.16/da/d6f/classv8_1_1_j_s_o_n.html#a936310d2540fb630ed37d3ee3ff
https://v8docs.nodesource.com/node-8.16/d4/dc6/classv8_1_1_try_catch.html)
https://v8docs.nodesource.com/node-8.16/d2/db3/classv8_1_1_string.html#a5264d50b96d2c896ce525a734dc1
https://v8docs.nodesource.com/node-8.16/db/d85/classv8_1_1_object.html#ace1769b0f3b86bfe9fda10109163
https://v8.dev/docs/embed#exceptions)
http://stuartk.com/jszip
https://github.com/RyanZim/universalify.git
https://github.com/cryptocoinjs/base-x
https://github.com/inspiredware/napi-build-utils#readme
http://www.unicode.org/copyright.html
https://v8docs.nodesource.com/node-8.16/db/d85/classv8_1_1_object.html#a8700b1862e6b4783716964ba4d5e
https://github.com/trevnorris
https://v8docs.nodesource.com/node-8.16/db/d5f/classv8_1_1_object_template.html#a33b3ebd7de641f6cc64
https://github.com/RyanZim/universalify#readme
https://aka.ms/opensource/security/bounty)
https://v8docs.nodesource.com/node-8.16/d9/db3/classv8_1_1_string_1_1_external_one_byte_string_resou
https://github.com/mkrufky
http://www.openssl.org
https://github.com/kjur/jsjws/blob/master/rsa.js:
https://developer.mozilla.org/en-US/docs/JavaScript/Reference/Operators/Bitwise_Operators
https://github.com/crypto-browserify/md5.js
https://github.com/inspiredware/napi-build-utils#napi-build-utils).
https://github.com/mafintosh/end-of-stream
https://v8docs.nodesource.com/node-8.16/db/d85/classv8_1_1_object.html#a169f2da506acbec34deadd9149a1
https://v8docs.nodesource.com/node-8.16/d7/dc5/classv8_1_1_property_callback_info.html)
https://v8docs.nodesource.com/node-8.16/dd/d0d/classv8_1_1_function_callback_info.html)
https://v8docs.nodesource.com/node-4.8/d3/d32/classv8_1_1_array.html#a1d3a878d4c1c7cae974dd50a163924
https://github.com/mafintosh/tar-stream.git
http://www.gnu.org/licenses/gpl-2.0-standalone.html
https://sindresorhus.com
https://github.com/mafintosh/pump
https://hackage.haskell.org/package/base/docs/Data-Maybe.html.
http://www.info-zip.org/FAQ.html#backslashes
https://v8docs.nodesource.com/node-0.12/db/d85/classv8_1_1_object.html#acfbdfd7427b516ebdb5c47c4df5e
https://v8docs.nodesource.com/node-8.16/db/d85/classv8_1_1_object.html#a50d571de50d0b0dfb28795619d07
https://github.com/xamarin)
https://github.com/rvagg
https://github.com/sponsors/feross
https://v8docs.nodesource.com/node-8.16/d9/d28/classv8_1_1_message.html#a60ede616ba3822d712e44c7a744
https://v8docs.nodesource.com/node-8.16/d5/dda/classv8_1_1_isolate.html#a5f72c7cda21415ce062bbe5c58a
https://v8docs.nodesource.com/node-8.16/d2/d78/classv8_1_1_persistent.html)
https://v8docs.nodesource.com/node-8.16/db/d85/classv8_1_1_object.html#ad8b80a59c9eb3c1e6c3cd6c84571
https://v8docs.nodesource.com/node-8.16/db/d5f/classv8_1_1_object_template.html#ad605a7543cfbc5dab54
http://www.joyent.com
http://unicode.org/reports/tr15/
https://v8docs.nodesource.com/node-8.16/db/d85/classv8_1_1_object.html#ab7b7245442ca6de1e1c145ea3fd6
https://v8docs.nodesource.com/node-8.16/d5/dda/classv8_1_1_isolate.html#aabd223436bc1100a787dadaa024
https://sqlite.org/wal.html#ckpt
https://github.com/digitalbazaar/forge
https://github.com/crypto-browserify/md5.js.git
https://github.com/TooTallNate/util-deprecate
https://www.patreon.com/feross
https://tools.ietf.org/html/rfc8410#section-10.3
https://v8docs.nodesource.com/node-8.16/da/da5/classv8_1_1_script_compiler.html#a93f5072a0db55d881b9
https://github.com/PeculiarVentures/webcrypto-core#readme
https://v8.dev/docs/embed#interceptors).
https://github.com/nodejs/string_decoder
http://www.rsa.com/rsalabs/node.asp?id=2125
https://github.com/dchest/tweetnacl-js
https://v8docs.nodesource.com/node-8.16/de/d73/classv8_1_1_non_copyable_persistent_traits.html)
https://github.com/v8/v8/wiki/Embedder%27s%20Guide#handles-and-garbage-collection).
https://github.com/PeculiarVentures/webcrypto-core.git
http://seclists.org/fulldisclosure/2009/Sep/394
https://v8docs.nodesource.com/node-8.16/d9/d28/classv8_1_1_message.html#adbe46c10a88a6565f2732a2d2ad
https://v8docs.nodesource.com/node-8.16/d5/d54/classv8_1_1_function.html#a9c3d0e4e13ddd7721fce238aa5
https://v8docs.nodesource.com/node-8.16/db/d85/classv8_1_1_object.html#a6f76b2ed605cb8f9185b92de0033
https://github.com/mafintosh/mkdirp-classic.git
https://github.com/nodejs/node/blob/v10.8.0/lib/internal/errors.js
https://github.com/TooTallNate
https://v8docs.nodesource.com/node-8.16/dc/d0a/classv8_1_1_value.html#a08fba1d776a59bbf6864b25f9152c
https://datatracker.ietf.org/doc/html/rfc7468#section-7
https://github.com/digitalbazaar/forge/blob/master/lib/asn1.js#L542
https://github.com/fanatid)
https://v8docs.nodesource.com/node-8.16/db/d85/classv8_1_1_object.html#ab7a92b4dcf822bef72f6c0ac6fea
https://v8docs.nodesource.com/node-8.16/d4/dca/classv8_1_1_persistent_base.html)
http://stackoverflow.com/a/1068308/13216
https://sqlite.org/lang_savepoint.html
https://v8docs.nodesource.com/node-8.16/d5/dda/classv8_1_1_isolate.html#a045d7754e62fa0ec72ae6c259b2
https://github.com/dominictarr/varstruct.git
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/endsWith
https://v8docs.nodesource.com/node-8.16/d8/d06/classv8_1_1_weak_callback_info.html)
https://v8docs.nodesource.com/node-8.16/d3/d95/classv8_1_1_handle_scope.html).
https://nodejs.org/api/addons.html#addons_wrapping_c_objects)
http://www.netdealing.com
http://digitalbazaar.com/
https://github.com/electron/node-abi#readme
https://v8docs.nodesource.com/node-8.16/da/d6a/classv8_1_1_exception.html)
https://v8docs.nodesource.com/node-8.16/d5/dda/classv8_1_1_isolate.html#ad6a2a02657f5425ad460060652a
https://v8docs.nodesource.com/node-8.16/db/d85/classv8_1_1_object.html#a2565f03e736694f6b1e1cf22a0b4
https://v8docs.nodesource.com/node-8.16/d5/d54/classv8_1_1_function.html#ae477558b10c14b76ed00e8dbab
https://v8docs.nodesource.com/node-8.16/db/d85/classv8_1_1_object.html#af743b7ea132b89f84d34d164d066
https://semver.org/
https://v8docs.nodesource.com/node-8.16/db/d5f/classv8_1_1_object_template.html#a5e9612fc80bf6db8f2d
https://v8docs.nodesource.com/node-8.16/d5/dda/classv8_1_1_isolate.html#a542d67e85089cb3f92aadf032f9
https://github.com/kkoopa

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data.bby	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies.bby	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 6	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data.bby	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3	#
Click to see the 11 hidden entries
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data.bby	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Programs\WolferVPN\WolferVPN.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\b1c3f10e-540e-46f8-9bee-83879b20c9f6.tmp.node	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\nsr97EA.tmp\7z-out\WolferVPN.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\nsr97EA.tmp\7z-out\d3dcompiler_47.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\nsr97EA.tmp\7z-out\ffmpeg.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\nsr97EA.tmp\7z-out\libEGL.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\nsr97EA.tmp\7z-out\libGLESv2.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\nsr97EA.tmp\7z-out\vk_swiftshader.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\nsr97EA.tmp\7z-out\vulkan-1.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updater.exe	PE32+ executable (GUI) x86-64, for MS Windows	#

WolferVPN.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

WolferVPN.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

WolferVPN.exe