Windows Analysis Report
WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe

Overview

General Information

Sample name: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe
Analysis ID: 1559588
MD5: 9e6704727a6392d89e70695760082568
SHA1: 4046c737631b58193c6241cc151564fccf5db349
SHA256: dce9c1c9802637b50c215e138a576a927a7d32e450584636cff2539b7c8436ec
Infos:

Detection

Score: 2
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Contains functionality for read data from the clipboard
Contains functionality to shutdown / reboot the system
Detected potential crypto function
Sample file is different than original file name gathered from version info
Uses 32bit PE files

Classification

Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Static PE information: certificate valid
Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Code function: 0_2_0040626D FindFirstFileA,FindClose, 0_2_0040626D
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Code function: 0_2_00405732 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, 0_2_00405732
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Code function: 0_2_004026FE FindFirstFileA, 0_2_004026FE
Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe, 00000000.00000002.73778957520.000000000288D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://api.wavebrowserbase.com/inst/
Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe, 00000000.00000002.73778957520.000000000288D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://api.wavebrowserbase.com/log/imp/e/chr_offer_declined/d/
Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe, 00000000.00000002.73778505970.00000000004A8000.00000004.00000020.00020000.00000000.sdmp, WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe, 00000000.00000002.73778957520.000000000288D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://wavebrowser.co/changelog
Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe, 00000000.00000002.73778505970.00000000004A8000.00000004.00000020.00020000.00000000.sdmp, WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe, 00000000.00000002.73778957520.000000000288D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://wavebrowser.co/privacy
Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe, 00000000.00000002.73778505970.00000000004A8000.00000004.00000020.00020000.00000000.sdmp, WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe, 00000000.00000002.73778957520.000000000288D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://wavebrowser.co/terms
Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe, 00000000.00000002.73778505970.00000000004A8000.00000004.00000020.00020000.00000000.sdmp, WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe, 00000000.00000002.73778957520.000000000288D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://wavebrowser.co/termshttps://wavebrowser.co/privacyhttps://wavebrowser.co/changelog
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Code function: 0_2_004051CF GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard, 0_2_004051CF
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Code function: 0_2_004031D6 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,CoUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_004031D6
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Code function: 0_2_00404A0E 0_2_00404A0E
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Code function: 0_2_004065F6 0_2_004065F6
Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe, 00000000.00000000.73776334138.000000000043A000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameWave Browser: vs WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe
Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Binary or memory string: OriginalFilenameWave Browser: vs WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe
Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engine Classification label: clean2.winEXE@1/1@0/0
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Code function: 0_2_004031D6 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,CoUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_004031D6
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Code function: 0_2_0040449B GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA, 0_2_0040449B
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Code function: 0_2_004020D1 CoCreateInstance,MultiByteToWideChar, 0_2_004020D1
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe File created: C:\Users\user\AppData\Local\Temp\nsu1CE8.tmp Jump to behavior
Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe File read: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Jump to behavior
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Section loaded: edgegdi.dll Jump to behavior
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 Jump to behavior
Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Static PE information: certificate valid
Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Static file information: File size 80737360 > 1048576
Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Code function: 0_2_0040626D FindFirstFileA,FindClose, 0_2_0040626D
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Code function: 0_2_00405732 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, 0_2_00405732
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Code function: 0_2_004026FE FindFirstFileA, 0_2_004026FE
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe Code function: 0_2_004031D6 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,CoUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_004031D6
No contacted IP infos