File name: | Predator The Thief Cracked [Gerki.pw].exe |
Full analysis: | https://app.any.run/tasks/d3062a40-64a3-4c48-9ead-c07d620547b1 |
Verdict: | Malicious activity |
Threats: | Predator, the Thief, is an information stealer, meaning that malware steals data from infected systems. This virus can access the camera and spy on victims, steal passwords and login information, and retrieve payment data from cryptocurrency wallets. |
Analysis date: | January 17, 2020, 23:28:24 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5: | 139DC5CD86A394A7F226E7A5597BF9F4 |
SHA1: | 06841B71B84568136F323D21F8D856CEB3692EDE |
SHA256: | 52BF2F37D2ECCA06C9DC3C87B841A5A0D811BA1D0CD936D8BC6F80DE54FD78F9 |
SSDEEP: | 24576:XAHnh+eWsN3skA4RV1Hom2KXMmHamB85COGBiI9E8b0BQ65:Kh+ZkldoPK8YamyLGBiIWj |
.exe | | | Win64 Executable (generic) (64.6) |
---|---|---|
.dll | | | Win32 Dynamic Link Library (generic) (15.4) |
.exe | | | Win32 Executable (generic) (10.5) |
.exe | | | Generic Win/DOS Executable (4.6) |
.exe | | | DOS Executable Generic (4.6) |
MachineType: | Intel 386 or later, and compatibles |
---|---|
TimeStamp: | 2019:05:05 13:46:06+02:00 |
PEType: | PE32 |
LinkerVersion: | 12 |
CodeSize: | 581632 |
InitializedDataSize: | 1058304 |
UninitializedDataSize: | - |
EntryPoint: | 0x2800a |
OSVersion: | 5.1 |
ImageVersion: | - |
SubsystemVersion: | 5.1 |
Subsystem: | Windows GUI |
FileVersionNumber: | 88.77.26.37 |
ProductVersionNumber: | 88.77.26.37 |
FileFlagsMask: | 0x003f |
FileFlags: | (none) |
FileOS: | Windows NT 32-bit |
ObjectFileType: | Executable application |
FileSubtype: | - |
LanguageCode: | Neutral |
CharacterSet: | Unicode |
FileVersion: | 88.77.26.37 |
ProductVersion: | 88.77.26.37 |
FileDescription: | MessagingDataModel2 |
CompanyName: | Библиотека динамической компоновки (DLL) учетных записей Майкрософт |
LegalCopyright: | (C) W6VZpwAAMeIGCtMIQivvLyETlie123zIF5SYwmesBBLca3ANmhItdyWAPRUZ6LIoTiOp Technology Co. Ltd., All rights reserved. |
ProductName: | |
Comments: | wgMz6zwXC4tbk9eMzG3UyAGYg9XV678zzPoEBmWlFReuMVlFgsb7Na3Ze43hryvR79N3lFSTm |
InternalName: | DevicePairingWizard.exe |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2784 | "C:\Users\admin\AppData\Local\Temp\Predator The Thief Cracked [Gerki.pw].exe" | C:\Users\admin\AppData\Local\Temp\Predator The Thief Cracked [Gerki.pw].exe | explorer.exe | |
User: admin Company: Библиотека динамической компоновки (DLL) учетных записей Майкрософт Integrity Level: MEDIUM Description: MessagingDataModel2 Exit code: 0 Version: 88.77.26.37 | ||||
2860 | "C:\Users\admin\AppData\Roaming\2ezlv6H6UbV\api.exe" | C:\Users\admin\AppData\Roaming\2ezlv6H6UbV\api.exe | Predator The Thief Cracked [Gerki.pw].exe | |
User: admin Company: tvq0scfjxdl Integrity Level: MEDIUM Description: cmvs0tjqzo2 Exit code: 3762504530 Version: 2.8.0.6 | ||||
3016 | "C:\Users\admin\AppData\Roaming\2ezlv6H6UbV\Predator The Thief Cracked [XakFor.Net].exe" | C:\Users\admin\AppData\Roaming\2ezlv6H6UbV\Predator The Thief Cracked [XakFor.Net].exe | — | Predator The Thief Cracked [Gerki.pw].exe |
User: admin Integrity Level: MEDIUM Description: Predator The Thief Cracked [XakFor.Net] Version: 1.0.0.0 | ||||
2852 | "C:\Users\admin\AppData\Roaming\NKvzgDxuwYuHn\api.exe" | C:\Users\admin\AppData\Roaming\NKvzgDxuwYuHn\api.exe | — | Predator The Thief Cracked [Gerki.pw].exe |
User: admin Company: tvq0scfjxdl Integrity Level: MEDIUM Description: cmvs0tjqzo2 Exit code: 4294967295 Version: 2.8.0.6 | ||||
2240 | "C:\Users\admin\AppData\Roaming\NKvzgDxuwYuHn\Predator The Thief Cracked [XakFor.Net].exe" | C:\Users\admin\AppData\Roaming\NKvzgDxuwYuHn\Predator The Thief Cracked [XakFor.Net].exe | — | Predator The Thief Cracked [Gerki.pw].exe |
User: admin Integrity Level: MEDIUM Description: Predator The Thief Cracked [XakFor.Net] Version: 1.0.0.0 | ||||
3764 | "C:\Users\admin\AppData\Roaming\Qql6yxwepKsZkI6Z\api.exe" | C:\Users\admin\AppData\Roaming\Qql6yxwepKsZkI6Z\api.exe | — | Predator The Thief Cracked [Gerki.pw].exe |
User: admin Company: tvq0scfjxdl Integrity Level: MEDIUM Description: cmvs0tjqzo2 Exit code: 4294967295 Version: 2.8.0.6 | ||||
3344 | "C:\Users\admin\AppData\Roaming\Qql6yxwepKsZkI6Z\Predator The Thief Cracked [XakFor.Net].exe" | C:\Users\admin\AppData\Roaming\Qql6yxwepKsZkI6Z\Predator The Thief Cracked [XakFor.Net].exe | Predator The Thief Cracked [Gerki.pw].exe | |
User: admin Integrity Level: MEDIUM Description: Predator The Thief Cracked [XakFor.Net] Version: 1.0.0.0 | ||||
3096 | "C:\Users\admin\Desktop\HMVAZZVvO.exe" | C:\Users\admin\Desktop\HMVAZZVvO.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Exit code: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2784 | Predator The Thief Cracked [Gerki.pw].exe | C:\Users\admin\AppData\Local\Temp\aut9AB4.tmp | — | |
MD5:— | SHA256:— | |||
2784 | Predator The Thief Cracked [Gerki.pw].exe | C:\Users\admin\AppData\Local\Temp\aut9B9F.tmp | — | |
MD5:— | SHA256:— | |||
2784 | Predator The Thief Cracked [Gerki.pw].exe | C:\Users\admin\AppData\Local\Temp\aut9BFE.tmp | — | |
MD5:— | SHA256:— | |||
2784 | Predator The Thief Cracked [Gerki.pw].exe | C:\Users\admin\AppData\Local\Temp\aut9C3D.tmp | — | |
MD5:— | SHA256:— | |||
2784 | Predator The Thief Cracked [Gerki.pw].exe | C:\Users\admin\AppData\Local\Temp\aut9CFA.tmp | — | |
MD5:— | SHA256:— | |||
2784 | Predator The Thief Cracked [Gerki.pw].exe | C:\Users\admin\AppData\Local\Temp\aut9D78.tmp | — | |
MD5:— | SHA256:— | |||
3344 | Predator The Thief Cracked [XakFor.Net].exe | C:\Users\admin\AppData\Local\Temp\stub.bin | — | |
MD5:— | SHA256:— | |||
3096 | HMVAZZVvO.exe | C:\Users\admin\AppData\Local\Temp\ifoepebnvwuz.ukz | — | |
MD5:— | SHA256:— | |||
3096 | HMVAZZVvO.exe | C:\Users\admin\AppData\Roaming\zpars6q7w8w7t7q7w8w7t7.zip | — | |
MD5:— | SHA256:— | |||
2784 | Predator The Thief Cracked [Gerki.pw].exe | C:\Users\admin\AppData\Roaming\NKvzgDxuwYuHn\api.exe | executable | |
MD5:E7161E8D24F66E438DB0C53C1A805F1A | SHA256:24314260537A473182C71D06023A2EC3F3FDDB5785D3FAE962622B5890F9FEB0 |