Automated Malware Analysis IOC Report for

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	7.2854275467767415
Filename:	INSTALL.EXE
Filesize:	595837
MD5:	3a365ce67bad474553673693275d66d7
SHA1:	d27a8c5e0418ce32161e1652fe07d95ea6b6a9e8
SHA256:	d15f527f1bc5c07b61713817af81aa20f76af3411009eb7479e88b73c42463bb
SHA512:	5e20d90c5ce3b78f2a16c3196e8b810e566c2997f0f53d449eaf444d36c02e291a7950ee1d8ea91fcf9bca5c2c8bdf7ecf939f46545adade428859bc6c2aefab
SSDEEP:	12288:69ORDtlTeOlj7v2mdUZS7ThYZ9KMs/xdZpDzkMj4LW3J+fdnMe:WE5ZeOl2mdXTK9hsrkizZe
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._...1...1...1..7....1..7..4.1..7....1...4...1...5...1...2...1.......1...0.J.1.8.8...1.8.1...1.8.....1.......1.8.3...1.Rich..1

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
PE file contains an invalid checksum	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary	Masquerading
Very long cmdline option found, this is very uncommon (may be encrypted or packed)	HIPS / PFW / Operating System Protection Evasion	Command and Scripting Interpreter
Creates files inside the user directory	System Summary	Masquerading
Creates temporary files	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
PE file has an executable .text section and no other executable section	System Summary
Reads ini files	System Summary
Reads software policies	System Summary
Sample reads its own file content	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
Uses an in-process (OLE) Automation server	System Summary
Writes ini files	System Summary	File and Directory Discovery
PE file contains a valid data directory to section mapping	System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
Creates install or setup log file	Compliance, Persistence and Installation Behavior

Details

File:	C:\Program Files (x86)\SensyCity\Fichiers Utilitaires\List_HourMN.txt
Category:	dropped
Dump:	List_HourMN.txt.10.dr
ID:	dr_65
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	ISO-8859 text, with CRLF line terminators
Entropy:	4.914059955464214
Encrypted:	false
Size:	5526
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\SensyCity.exe
Category:	dropped
Dump:	SensyCity.exe.10.dr
ID:	dr_68
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.04231680945465
Encrypted:	false
Size:	426496
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\SensyCity\SensyCity.wdl
Category:	dropped
Dump:	SensyCity.wdl.10.dr
ID:	dr_69
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	6.189402106129823
Encrypted:	false
Size:	3443273
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\TipOfTheDay.wdk
Category:	dropped
Dump:	TipOfTheDay.wdk.10.dr
ID:	dr_70
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	7.889077350867234
Encrypted:	false
Size:	840702
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\WDUNINST.EXE
Category:	dropped
Dump:	WDUNINST.EXE.10.dr
ID:	dr_162
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.50977238970168
Encrypted:	false
Size:	636928
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\SensyCity\WDUninst.ini
Category:	dropped
Dump:	WDUninst.ini.10.dr
ID:	dr_163
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	Generic INItialization configuration [WDUNINST03]
Entropy:	4.977181846624627
Encrypted:	false
Size:	3228
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\anglais.wdm
Category:	dropped
Dump:	anglais.wdm.10.dr
ID:	dr_67
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	4.553562482923408
Encrypted:	false
Size:	5205
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\libEGL.dll
Category:	dropped
Dump:	libEGL.dll.10.dr
ID:	dr_101
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.620826470301307
Encrypted:	false
Size:	342936
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\libGLESv2.dll
Category:	dropped
Dump:	libGLESv2.dll.10.dr
ID:	dr_102
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.804883349047612
Encrypted:	false
Size:	5867936
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\libcef.dll
Category:	dropped
Dump:	libcef.dll.10.dr
ID:	dr_100
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.979652309769045
Encrypted:	false
Size:	135378840
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\am.pak
Category:	dropped
Dump:	am.pak.10.dr
ID:	dr_107
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	4.979857746535158
Encrypted:	false
Size:	462345
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\ar.pak
Category:	dropped
Dump:	ar.pak.10.dr
ID:	dr_108
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	5.000912606102849
Encrypted:	false
Size:	489621
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\bg.pak
Category:	dropped
Dump:	bg.pak.10.dr
ID:	dr_109
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	4.757331747211785
Encrypted:	false
Size:	528575
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\bn.pak
Category:	dropped
Dump:	bn.pak.10.dr
ID:	dr_110
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	4.34629485108514
Encrypted:	false
Size:	684105
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\ca.pak
Category:	dropped
Dump:	ca.pak.10.dr
ID:	dr_111
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	5.456676702714802
Encrypted:	false
Size:	326470
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\cs.pak
Category:	dropped
Dump:	cs.pak.10.dr
ID:	dr_112
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	5.871762539263215
Encrypted:	false
Size:	333345
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\da.pak
Category:	dropped
Dump:	da.pak.10.dr
ID:	dr_113
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	5.497490537438238
Encrypted:	false
Size:	300882
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\de.pak
Category:	dropped
Dump:	de.pak.10.dr
ID:	dr_114
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	5.524382464154781
Encrypted:	false
Size:	324267
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\el.pak
Category:	dropped
Dump:	el.pak.10.dr
ID:	dr_115
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	4.831125570335381
Encrypted:	false
Size:	577384
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\en-GB.pak
Category:	dropped
Dump:	en-GB.pak.10.dr
ID:	dr_116
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	5.560625828879202
Encrypted:	false
Size:	265221
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\en-US.pak
Category:	dropped
Dump:	en-US.pak.10.dr
ID:	dr_117
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	5.577686220213485
Encrypted:	false
Size:	270465
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\es-419.pak
Category:	dropped
Dump:	es-419.pak.10.dr
ID:	dr_119
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	5.412635111410099
Encrypted:	false
Size:	320005
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\es.pak
Category:	dropped
Dump:	es.pak.10.dr
ID:	dr_118
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	5.396227191914651
Encrypted:	false
Size:	322580
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\et.pak
Category:	dropped
Dump:	et.pak.10.dr
ID:	dr_120
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	5.517689540735069
Encrypted:	false
Size:	289530
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\fa.pak
Category:	dropped
Dump:	fa.pak.10.dr
ID:	dr_121
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	5.112108004780993
Encrypted:	false
Size:	466252
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\fi.pak
Category:	dropped
Dump:	fi.pak.10.dr
ID:	dr_122
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	5.468530292610432
Encrypted:	false
Size:	297881
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\fil.pak
Category:	dropped
Dump:	fil.pak.10.dr
ID:	dr_123
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	5.2470574760340165
Encrypted:	false
Size:	332966
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\fr.pak
Category:	dropped
Dump:	fr.pak.10.dr
ID:	dr_124
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	5.4229042415362665
Encrypted:	false
Size:	350717
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\gu.pak
Category:	dropped
Dump:	gu.pak.10.dr
ID:	dr_125
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	4.392884436846674
Encrypted:	false
Size:	656399
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\he.pak
Category:	dropped
Dump:	he.pak.10.dr
ID:	dr_126
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	4.755154955338271
Encrypted:	false
Size:	406081
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\hi.pak
Category:	dropped
Dump:	hi.pak.10.dr
ID:	dr_127
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	4.367995072369975
Encrypted:	false
Size:	680312
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\hr.pak
Category:	dropped
Dump:	hr.pak.10.dr
ID:	dr_128
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	5.565037748775087
Encrypted:	false
Size:	320484
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\hu.pak
Category:	dropped
Dump:	hu.pak.10.dr
ID:	dr_129
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	5.688450010629266
Encrypted:	false
Size:	343693
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\id.pak
Category:	dropped
Dump:	id.pak.10.dr
ID:	dr_130
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	5.417666194155708
Encrypted:	false
Size:	286621
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\it.pak
Category:	dropped
Dump:	it.pak.10.dr
ID:	dr_131
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	5.342649840163748
Encrypted:	false
Size:	315619
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\ja.pak
Category:	dropped
Dump:	ja.pak.10.dr
ID:	dr_132
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	5.777707711566219
Encrypted:	false
Size:	388685
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\kn.pak
Category:	dropped
Dump:	kn.pak.10.dr
ID:	dr_133
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	4.293745720531853
Encrypted:	false
Size:	762096
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\ko.pak
Category:	dropped
Dump:	ko.pak.10.dr
ID:	dr_134
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	6.145137579461723
Encrypted:	false
Size:	326278
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\lt.pak
Category:	dropped
Dump:	lt.pak.10.dr
ID:	dr_135
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	5.67793536824001
Encrypted:	false
Size:	344289
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\lv.pak
Category:	dropped
Dump:	lv.pak.10.dr
ID:	dr_136
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	5.668753953845482
Encrypted:	false
Size:	342857
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\ml.pak
Category:	dropped
Dump:	ml.pak.10.dr
ID:	dr_137
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	4.325946477930805
Encrypted:	false
Size:	799268
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\mr.pak
Category:	dropped
Dump:	mr.pak.10.dr
ID:	dr_138
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	4.382301627118772
Encrypted:	false
Size:	643635
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\ms.pak
Category:	dropped
Dump:	ms.pak.10.dr
ID:	dr_139
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	5.300410537868971
Encrypted:	false
Size:	299332
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\nb.pak
Category:	dropped
Dump:	nb.pak.10.dr
ID:	dr_140
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	5.500923465775317
Encrypted:	false
Size:	295166
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\nl.pak
Category:	dropped
Dump:	nl.pak.10.dr
ID:	dr_141
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	5.413221464615691
Encrypted:	false
Size:	303176
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\pl.pak
Category:	dropped
Dump:	pl.pak.10.dr
ID:	dr_142
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	5.800125439043642
Encrypted:	false
Size:	332671
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\pt-BR.pak
Category:	dropped
Dump:	pt-BR.pak.10.dr
ID:	dr_143
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	5.474368524985319
Encrypted:	false
Size:	315764
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\pt-PT.pak
Category:	dropped
Dump:	pt-PT.pak.10.dr
ID:	dr_144
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	5.44592297854869
Encrypted:	false
Size:	320534
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\ro.pak
Category:	dropped
Dump:	ro.pak.10.dr
ID:	dr_145
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	5.509722120095943
Encrypted:	false
Size:	327858
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\ru.pak
Category:	dropped
Dump:	ru.pak.10.dr
ID:	dr_146
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	4.928823619198977
Encrypted:	false
Size:	523789
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\sk.pak
Category:	dropped
Dump:	sk.pak.10.dr
ID:	dr_147
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	5.844489578948941
Encrypted:	false
Size:	338655
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\sl.pak
Category:	dropped
Dump:	sl.pak.10.dr
ID:	dr_148
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	5.534596409479182
Encrypted:	false
Size:	323112
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\sr.pak
Category:	dropped
Dump:	sr.pak.10.dr
ID:	dr_149
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	4.850905771449699
Encrypted:	false
Size:	498072
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\sv.pak
Category:	dropped
Dump:	sv.pak.10.dr
ID:	dr_150
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	5.572030154613193
Encrypted:	false
Size:	295164
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\sw.pak
Category:	dropped
Dump:	sw.pak.10.dr
ID:	dr_151
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	5.400415483354943
Encrypted:	false
Size:	303170
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\ta.pak
Category:	dropped
Dump:	ta.pak.10.dr
ID:	dr_152
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	4.117311024372153
Encrypted:	false
Size:	775396
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\te.pak
Category:	dropped
Dump:	te.pak.10.dr
ID:	dr_153
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	4.353916888827946
Encrypted:	false
Size:	723199
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\th.pak
Category:	dropped
Dump:	th.pak.10.dr
ID:	dr_154
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	4.420641614596877
Encrypted:	false
Size:	610619
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\tr.pak
Category:	dropped
Dump:	tr.pak.10.dr
ID:	dr_155
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	5.668788156203736
Encrypted:	false
Size:	313625
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\uk.pak
Category:	dropped
Dump:	uk.pak.10.dr
ID:	dr_156
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	4.958124344530803
Encrypted:	false
Size:	522510
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\vi.pak
Category:	dropped
Dump:	vi.pak.10.dr
ID:	dr_157
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	5.838005082950372
Encrypted:	false
Size:	368774
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\zh-CN.pak
Category:	dropped
Dump:	zh-CN.pak.10.dr
ID:	dr_158
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	6.734259464537852
Encrypted:	false
Size:	271963
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\locales\zh-TW.pak
Category:	dropped
Dump:	zh-TW.pak.10.dr
ID:	dr_159
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	6.737938259046921
Encrypted:	false
Size:	269934
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\resources.pak
Category:	dropped
Dump:	resources.pak.10.dr
ID:	dr_103
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	7.964710782197355
Encrypted:	false
Size:	6976680
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\snapshot_blob.bin
Category:	dropped
Dump:	snapshot_blob.bin.10.dr
ID:	dr_104
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	7.989629626872112
Encrypted:	false
Size:	48495
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\swiftshader\libEGL.dll
Category:	dropped
Dump:	libEGL.dll0.10.dr
ID:	dr_160
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.620801486020675
Encrypted:	false
Size:	342936
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\swiftshader\libGLESv2.dll
Category:	dropped
Dump:	libGLESv2.dll0.10.dr
ID:	dr_161
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.8048779424967645
Encrypted:	false
Size:	5867936
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\v8_context_snapshot.bin
Category:	dropped
Dump:	v8_context_snapshot.bin.10.dr
ID:	dr_105
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	data
Entropy:	7.99410823033423
Encrypted:	true
Size:	165673
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SensyCity\wd270web\wd270webexe.exe
Category:	dropped
Dump:	wd270webexe.exe.10.dr
ID:	dr_106
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.501891177859201
Encrypted:	false
Size:	420240
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo1.png
Category:	dropped
Dump:	disqueColorCombo1.png.10.dr
ID:	dr_71
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.6011728870752915
Encrypted:	false
Size:	779
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo10.png
Category:	dropped
Dump:	disqueColorCombo10.png.10.dr
ID:	dr_72
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.647811659195202
Encrypted:	false
Size:	816
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo11.png
Category:	dropped
Dump:	disqueColorCombo11.png.10.dr
ID:	dr_73
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.6359848235915555
Encrypted:	false
Size:	786
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo12.png
Category:	dropped
Dump:	disqueColorCombo12.png.10.dr
ID:	dr_74
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.622998967217589
Encrypted:	false
Size:	807
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo13.png
Category:	dropped
Dump:	disqueColorCombo13.png.10.dr
ID:	dr_75
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.681049294036895
Encrypted:	false
Size:	804
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo14.png
Category:	dropped
Dump:	disqueColorCombo14.png.10.dr
ID:	dr_76
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.609834229053009
Encrypted:	false
Size:	815
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo15.png
Category:	dropped
Dump:	disqueColorCombo15.png.10.dr
ID:	dr_77
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.648551363802056
Encrypted:	false
Size:	772
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo16.png
Category:	dropped
Dump:	disqueColorCombo16.png.10.dr
ID:	dr_78
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.5841887055586374
Encrypted:	false
Size:	769
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo17.png
Category:	dropped
Dump:	disqueColorCombo17.png.10.dr
ID:	dr_79
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.599529787074992
Encrypted:	false
Size:	762
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo18.png
Category:	dropped
Dump:	disqueColorCombo18.png.10.dr
ID:	dr_80
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.572142964143884
Encrypted:	false
Size:	776
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo19.png
Category:	dropped
Dump:	disqueColorCombo19.png.10.dr
ID:	dr_81
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.644680359091357
Encrypted:	false
Size:	821
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo2.png
Category:	dropped
Dump:	disqueColorCombo2.png.10.dr
ID:	dr_89
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.584434834923463
Encrypted:	false
Size:	782
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo20.png
Category:	dropped
Dump:	disqueColorCombo20.png.10.dr
ID:	dr_91
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.631133489855305
Encrypted:	false
Size:	808
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo21.png
Category:	dropped
Dump:	disqueColorCombo21.png.10.dr
ID:	dr_93
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.583710129553621
Encrypted:	false
Size:	789
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo22.png
Category:	dropped
Dump:	disqueColorCombo22.png.10.dr
ID:	dr_95
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.658881581786179
Encrypted:	false
Size:	809
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo23.png
Category:	dropped
Dump:	disqueColorCombo23.png.10.dr
ID:	dr_96
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.63038118352878
Encrypted:	false
Size:	795
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo24.png
Category:	dropped
Dump:	disqueColorCombo24.png.10.dr
ID:	dr_97
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.610003520165087
Encrypted:	false
Size:	759
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo25.png
Category:	dropped
Dump:	disqueColorCombo25.png.10.dr
ID:	dr_98
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.611786572828292
Encrypted:	false
Size:	796
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo26.png
Category:	dropped
Dump:	disqueColorCombo26.png.10.dr
ID:	dr_99
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.6092744264748795
Encrypted:	false
Size:	789
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo27.png
Category:	dropped
Dump:	disqueColorCombo27.png.10.dr
ID:	dr_27
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.636718274682616
Encrypted:	false
Size:	795
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo28.png
Category:	dropped
Dump:	disqueColorCombo28.png.10.dr
ID:	dr_28
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.6058282131645045
Encrypted:	false
Size:	815
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo29.png
Category:	dropped
Dump:	disqueColorCombo29.png.10.dr
ID:	dr_36
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.6506878841518855
Encrypted:	false
Size:	798
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo3.png
Category:	dropped
Dump:	disqueColorCombo3.png.10.dr
ID:	dr_38
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.594290770933496
Encrypted:	false
Size:	814
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo30.png
Category:	dropped
Dump:	disqueColorCombo30.png.10.dr
ID:	dr_40
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.57726713388006
Encrypted:	false
Size:	784
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo31.png
Category:	dropped
Dump:	disqueColorCombo31.png.10.dr
ID:	dr_42
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.6074273567049016
Encrypted:	false
Size:	813
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo32.png
Category:	dropped
Dump:	disqueColorCombo32.png.10.dr
ID:	dr_43
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.56180733223203
Encrypted:	false
Size:	775
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo33.png
Category:	dropped
Dump:	disqueColorCombo33.png.10.dr
ID:	dr_44
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.594718734253168
Encrypted:	false
Size:	795
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo34.png
Category:	dropped
Dump:	disqueColorCombo34.png.10.dr
ID:	dr_45
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.570848657221103
Encrypted:	false
Size:	779
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo35.png
Category:	dropped
Dump:	disqueColorCombo35.png.10.dr
ID:	dr_46
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.626343350006458
Encrypted:	false
Size:	789
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo36.png
Category:	dropped
Dump:	disqueColorCombo36.png.10.dr
ID:	dr_47
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.637560072899232
Encrypted:	false
Size:	814
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo37.png
Category:	dropped
Dump:	disqueColorCombo37.png.10.dr
ID:	dr_48
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.591315639579181
Encrypted:	false
Size:	802
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo38.png
Category:	dropped
Dump:	disqueColorCombo38.png.10.dr
ID:	dr_82
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.596357150648267
Encrypted:	false
Size:	789
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo39.png
Category:	dropped
Dump:	disqueColorCombo39.png.10.dr
ID:	dr_83
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.643479007411867
Encrypted:	false
Size:	809
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo4.png
Category:	dropped
Dump:	disqueColorCombo4.png.10.dr
ID:	dr_84
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.616614166511252
Encrypted:	false
Size:	803
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo40.png
Category:	dropped
Dump:	disqueColorCombo40.png.10.dr
ID:	dr_85
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.654075874308391
Encrypted:	false
Size:	786
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo41.png
Category:	dropped
Dump:	disqueColorCombo41.png.10.dr
ID:	dr_86
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.593589267936535
Encrypted:	false
Size:	792
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo42.png
Category:	dropped
Dump:	disqueColorCombo42.png.10.dr
ID:	dr_87
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.657482646922242
Encrypted:	false
Size:	817
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo43.png
Category:	dropped
Dump:	disqueColorCombo43.png.10.dr
ID:	dr_88
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.598377743279848
Encrypted:	false
Size:	808
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo44.png
Category:	dropped
Dump:	disqueColorCombo44.png.10.dr
ID:	dr_90
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.629679522506881
Encrypted:	false
Size:	793
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo45.png
Category:	dropped
Dump:	disqueColorCombo45.png.10.dr
ID:	dr_92
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.637186344992774
Encrypted:	false
Size:	798
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo46.png
Category:	dropped
Dump:	disqueColorCombo46.png.10.dr
ID:	dr_94
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.597595765662222
Encrypted:	false
Size:	784
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo47.png
Category:	dropped
Dump:	disqueColorCombo47.png.10.dr
ID:	dr_29
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.634323738615927
Encrypted:	false
Size:	817
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo48.png
Category:	dropped
Dump:	disqueColorCombo48.png.10.dr
ID:	dr_30
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.614313035048843
Encrypted:	false
Size:	794
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo49.png
Category:	dropped
Dump:	disqueColorCombo49.png.10.dr
ID:	dr_31
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.588914273845499
Encrypted:	false
Size:	790
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo5.png
Category:	dropped
Dump:	disqueColorCombo5.png.10.dr
ID:	dr_32
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.606443114985005
Encrypted:	false
Size:	789
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo50.png
Category:	dropped
Dump:	disqueColorCombo50.png.10.dr
ID:	dr_33
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.598909405302126
Encrypted:	false
Size:	786
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo51.png
Category:	dropped
Dump:	disqueColorCombo51.png.10.dr
ID:	dr_34
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.612919929333121
Encrypted:	false
Size:	788
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo52.png
Category:	dropped
Dump:	disqueColorCombo52.png.10.dr
ID:	dr_35
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.5515387028585526
Encrypted:	false
Size:	742
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo53.png
Category:	dropped
Dump:	disqueColorCombo53.png.10.dr
ID:	dr_37
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.653462004736112
Encrypted:	false
Size:	829
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo54.png
Category:	dropped
Dump:	disqueColorCombo54.png.10.dr
ID:	dr_39
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.66461161725981
Encrypted:	false
Size:	807
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo55.png
Category:	dropped
Dump:	disqueColorCombo55.png.10.dr
ID:	dr_41
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.6637336315186895
Encrypted:	false
Size:	783
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo56.png
Category:	dropped
Dump:	disqueColorCombo56.png.10.dr
ID:	dr_49
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.55245616232794
Encrypted:	false
Size:	803
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo57.png
Category:	dropped
Dump:	disqueColorCombo57.png.10.dr
ID:	dr_50
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.631110940931283
Encrypted:	false
Size:	786
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo58.png
Category:	dropped
Dump:	disqueColorCombo58.png.10.dr
ID:	dr_51
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.629371154923483
Encrypted:	false
Size:	801
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo59.png
Category:	dropped
Dump:	disqueColorCombo59.png.10.dr
ID:	dr_52
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.591158397588334
Encrypted:	false
Size:	792
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo6.png
Category:	dropped
Dump:	disqueColorCombo6.png.10.dr
ID:	dr_53
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.603040683504998
Encrypted:	false
Size:	815
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo60.png
Category:	dropped
Dump:	disqueColorCombo60.png.10.dr
ID:	dr_54
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.651973883176524
Encrypted:	false
Size:	794
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo7.png
Category:	dropped
Dump:	disqueColorCombo7.png.10.dr
ID:	dr_55
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.624452043068869
Encrypted:	false
Size:	819
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo8.png
Category:	dropped
Dump:	disqueColorCombo8.png.10.dr
ID:	dr_56
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.550541716635491
Encrypted:	false
Size:	821
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Choix couleurs\disqueColorCombo9.png
Category:	dropped
Dump:	disqueColorCombo9.png.10.dr
ID:	dr_57
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Entropy:	7.6047329972008235
Encrypted:	false
Size:	812
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Fichiers Utilitaires\20241030_SensyCity_FAQ App_1.4.15_V4.pdf
Category:	modified
Dump:	20241030_SensyCity_FAQ App_1.4.15_V4.pdf.10.dr
ID:	dr_58
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PDF document, version 1.7, 40 pages
Entropy:	7.645071661516097
Encrypted:	false
Size:	601549
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Fichiers Utilitaires\CDM v2.12.00 WHQL Certified.exe
Category:	dropped
Dump:	CDM v2.12.00 WHQL Certified.exe.10.dr
ID:	dr_61
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	7.997309056824754
Encrypted:	true
Size:	2240336
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\SensyCity\Fichiers Utilitaires\CDM212364_Setup.exe
Category:	dropped
Dump:	CDM212364_Setup.exe.10.dr
ID:	dr_62
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	7.989700528926337
Encrypted:	false
Size:	2264632
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\SensyCity\Fichiers Utilitaires\Export_Tegis_gray_56x56.png
Category:	dropped
Dump:	Export_Tegis_gray_56x56.png.10.dr
ID:	dr_64
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Entropy:	7.652789175770884
Encrypted:	false
Size:	4905
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Fichiers Utilitaires\cadenas_fond_GRIS.png
Category:	dropped
Dump:	cadenas_fond_GRIS.png.10.dr
ID:	dr_59
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
Entropy:	7.644988296237196
Encrypted:	false
Size:	907
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Fichiers Utilitaires\cadenas_fond_orange.png
Category:	dropped
Dump:	cadenas_fond_orange.png.10.dr
ID:	dr_60
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
Entropy:	7.724061698079299
Encrypted:	false
Size:	1138
Whitelisted:	false

Details

File:	C:\ProgramData\SensyCity\Fichiers Utilitaires\curseurGris.png
Category:	dropped
Dump:	curseurGris.png.10.dr
ID:	dr_63
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
Entropy:	7.4531180444334915
Encrypted:	false
Size:	604
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\33CUD2J1\__WDINST[1].zip
Category:	modified
Dump:	__WDINST[1].zip.10.dr
ID:	dr_66
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Entropy:	7.998738301786232
Encrypted:	true
Size:	105228201
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\INSTALL[1].zip
Category:	modified
Dump:	INSTALL[1].zip.1.dr
ID:	dr_21
Target ID:	1
Process:	C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE
Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Entropy:	7.999010546985669
Encrypted:	true
Size:	33457762
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates files inside the user directory	System Summary	Masquerading

Details

File:	C:\Users\user\AppData\Local\Temp\GABAB54.tmp\photo_pour_fichier_exe.png
Category:	dropped
Dump:	photo_pour_fichier_exe.png.10.dr
ID:	dr_26
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Type:	PNG image data, 1223 x 697, 8-bit/color RGB, non-interlaced
Entropy:	7.991621239125726
Encrypted:	true
Size:	954336
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\INST.WXF
Category:	dropped
Dump:	INST.WXF.1.dr
ID:	dr_22
Target ID:	1
Process:	C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE
Type:	data
Entropy:	3.8067247137966462
Encrypted:	false
Size:	122188
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

Details

File:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\ServeursWeb.wdk
Category:	dropped
Dump:	ServeursWeb.wdk.1.dr
ID:	dr_23
Target ID:	1
Process:	C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE
Type:	data
Entropy:	7.9936600432025955
Encrypted:	true
Size:	628435
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDMetabase.dll
Category:	dropped
Dump:	WDMetabase.dll.1.dr
ID:	dr_5
Target ID:	1
Process:	C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.596478553202518
Encrypted:	false
Size:	115104
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE
Category:	dropped
Dump:	WDSetup.EXE.1.dr
ID:	dr_6
Target ID:	1
Process:	C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	7.870087420072451
Encrypted:	false
Size:	3817472
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Enables debug privileges	Anti Debugging
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Very long cmdline option found, this is very uncommon (may be encrypted or packed)	HIPS / PFW / Operating System Protection Evasion	Command and Scripting Interpreter
Checks the free space of harddrives	Malware Analysis System Evasion	System Information Discovery
Creates files inside the program directory	System Summary	Masquerading
Creates mutexes	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Queries a list of all running processes	Malware Analysis System Evasion	Process Discovery
Queries the cryptographic machine GUID	Language, Device and Operating System Detection	System Information Discovery
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading
Creates install or setup log file	Compliance, Persistence and Installation Behavior
Uses Rich Edit Controls	System Summary

Details

File:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetupFont.ttf
Category:	dropped
Dump:	WDSetupFont.ttf.1.dr
ID:	dr_7
Target ID:	1
Process:	C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE
Type:	TrueType Font data, digitally signed, 19 tables, 1st "DSIG", 30 names, Macintosh, Digitized data copyright \251 2010-2011, Google Corporation.Open Sans LightRegularAscender - Ope
Entropy:	6.431002788848856
Encrypted:	false
Size:	222412
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetupFontLicence.txt
Category:	dropped
Dump:	WDSetupFontLicence.txt.1.dr
ID:	dr_8
Target ID:	1
Process:	C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE
Type:	ASCII text, with CRLF line terminators
Entropy:	4.476377058372447
Encrypted:	false
Size:	11560
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates install or setup log file	Compliance, Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\__GABARIT.ZIP
Category:	dropped
Dump:	__GABARIT.ZIP.1.dr
ID:	dr_9
Target ID:	1
Process:	C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE
Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Entropy:	7.99810312947631
Encrypted:	true
Size:	949153
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270com.dll
Category:	dropped
Dump:	wd270com.dll.1.dr
ID:	dr_11
Target ID:	1
Process:	C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	7.1521508170085575
Encrypted:	false
Size:	5172120
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270cpl.dll
Category:	dropped
Dump:	wd270cpl.dll.1.dr
ID:	dr_12
Target ID:	1
Process:	C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.643421906479134
Encrypted:	false
Size:	1488280
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270hf.dll
Category:	dropped
Dump:	wd270hf.dll.1.dr
ID:	dr_13
Target ID:	1
Process:	C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.765482163212561
Encrypted:	false
Size:	4524440
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270mat.dll
Category:	dropped
Dump:	wd270mat.dll.1.dr
ID:	dr_14
Target ID:	1
Process:	C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.703344050158806
Encrypted:	false
Size:	338840
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270mdl.dll
Category:	dropped
Dump:	wd270mdl.dll.1.dr
ID:	dr_15
Target ID:	1
Process:	C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	7.058595319266997
Encrypted:	false
Size:	3946392
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270obj.dll
Category:	dropped
Dump:	wd270obj.dll.1.dr
ID:	dr_16
Target ID:	1
Process:	C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	7.448888051284811
Encrypted:	false
Size:	16988056
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270ole.dll
Category:	dropped
Dump:	wd270ole.dll.1.dr
ID:	dr_17
Target ID:	1
Process:	C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.681548034857293
Encrypted:	false
Size:	289176
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270pnt.dll
Category:	dropped
Dump:	wd270pnt.dll.1.dr
ID:	dr_18
Target ID:	1
Process:	C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.637804463488379
Encrypted:	false
Size:	2183576
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270sql.dll
Category:	dropped
Dump:	wd270sql.dll.1.dr
ID:	dr_19
Target ID:	1
Process:	C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.56730584247556
Encrypted:	false
Size:	1639832
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270std.dll
Category:	dropped
Dump:	wd270std.dll.1.dr
ID:	dr_20
Target ID:	1
Process:	C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	7.305853011265901
Encrypted:	false
Size:	3058072
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270trs.dll
Category:	dropped
Dump:	wd270trs.dll.1.dr
ID:	dr_24
Target ID:	1
Process:	C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.686295574828286
Encrypted:	false
Size:	250264
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270uni.dll
Category:	dropped
Dump:	wd270uni.dll.1.dr
ID:	dr_25
Target ID:	1
Process:	C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	5.676483794157969
Encrypted:	false
Size:	7749016
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270vm.dll
Category:	dropped
Dump:	wd270vm.dll.1.dr
ID:	dr_2
Target ID:	1
Process:	C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.624554920174478
Encrypted:	false
Size:	4976536
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270xml.dll
Category:	dropped
Dump:	wd270xml.dll.1.dr
ID:	dr_3
Target ID:	1
Process:	C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.862401236985892
Encrypted:	false
Size:	1892248
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270zip.dll
Category:	dropped
Dump:	wd270zip.dll.1.dr
ID:	dr_4
Target ID:	1
Process:	C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	7.057682359881007
Encrypted:	false
Size:	1052568
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE
Category:	dropped
Dump:	INSTALL.EXE.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Users\user\Desktop\INSTALL.EXE
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.587226505503342
Encrypted:	false
Size:	462848
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
PE file contains an invalid checksum	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Very long cmdline option found, this is very uncommon (may be encrypted or packed)	HIPS / PFW / Operating System Protection Evasion	Command and Scripting Interpreter
Creates files inside the user directory	System Summary	Masquerading
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
PE file has an executable .text section and no other executable section	System Summary
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading
PE file contains a valid data directory to section mapping	System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
Creates install or setup log file	Compliance, Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.INI
Category:	dropped
Dump:	INSTALL.INI.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\INSTALL.EXE
Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	3.574664790995699
Encrypted:	false
Size:	332
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Writes ini files	System Summary	File and Directory Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\WD_495E.tmp\WDUpdate.net
Category:	modified
Dump:	WDUpdate.net.1.dr
ID:	dr_10
Target ID:	1
Process:	C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE
Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	3.6653475934459507
Encrypted:	false
Size:	1640
Whitelisted:	false

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
INSTALL.EXE

Files

Domains

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportINSTALL.EXE

Files

Domains

IPs

IOC Report
INSTALL.EXE