File name:

TwitchChatOverlay-Setup.exe

Full analysis: https://app.any.run/tasks/32414b7b-2281-4230-a798-2ed1db033c61
Verdict: Malicious activity
Analysis date: June 01, 2024, 16:15:30
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

B9196F34528FDA944FCA5E8CB7250A8B

SHA1:

14EF85766EFC23444998179BB56285AB78BEA0B7

SHA256:

5B7949F289F3ED75FB19470141CD0CFD9D8130A596A2FD25EED4DB243A341DAE

SSDEEP:

98304:qD5YcuVSL8f/QS6Cf40/ZC4yTMPp0nUNrovE1mW97TAFDqICM6s55s9j1ycouiqj:2EPR7uDfI

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • TwitchChatOverlay-Setup.exe (PID: 3980)
      • Update.exe (PID: 3996)
      • TransparentTwitchChatWPF.exe (PID: 4064)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • TwitchChatOverlay-Setup.exe (PID: 3980)
      • Update.exe (PID: 3996)
      • TransparentTwitchChatWPF.exe (PID: 4064)

    • Reads security settings of Internet Explorer

      • Update.exe (PID: 3996)
      • TransparentTwitchChatWPF.exe (PID: 4064)

    • Reads the Internet Settings

      • Update.exe (PID: 3996)
      • TransparentTwitchChatWPF.exe (PID: 4064)

    • Process drops legitimate windows executable

      • TransparentTwitchChatWPF.exe (PID: 4064)

    • Creates a software uninstall entry

      • Update.exe (PID: 3996)

    • Reads the date of Windows installation

      • TransparentTwitchChatWPF.exe (PID: 4064)

    • Searches for installed software

      • Update.exe (PID: 3996)

  • INFO

    • Creates files or folders in the user directory

      • TwitchChatOverlay-Setup.exe (PID: 3980)
      • Update.exe (PID: 3996)
      • TransparentTwitchChatWPF.exe (PID: 4064)

    • Checks supported languages

      • TwitchChatOverlay-Setup.exe (PID: 3980)
      • Update.exe (PID: 3996)
      • TransparentTwitchChatWPF.exe (PID: 4064)
      • wmpnscfg.exe (PID: 1112)

    • Reads the computer name

      • Update.exe (PID: 3996)
      • TransparentTwitchChatWPF.exe (PID: 4064)
      • wmpnscfg.exe (PID: 1112)

    • Reads the machine GUID from the registry

      • Update.exe (PID: 3996)
      • TransparentTwitchChatWPF.exe (PID: 4064)

    • Create files in a temporary directory

      • Update.exe (PID: 3996)
      • TransparentTwitchChatWPF.exe (PID: 4064)

    • Reads Environment values

      • TransparentTwitchChatWPF.exe (PID: 4064)

    • Disables trace logs

      • TransparentTwitchChatWPF.exe (PID: 4064)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 1112)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:02:08 02:59:34+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.16
CodeSize: 117248
InitializedDataSize: 6225408
UninitializedDataSize: -
EntryPoint: 0xab0b
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.0.4.0
ProductVersionNumber: 1.0.4.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: Application for Windows that will display Twitch chat on top of a windowed or borderless windowed game.
FileVersion: 1.0.4
InternalName: Setup.exe
LegalCopyright: 2024
OriginalFileName: Setup.exe
ProductName: Application for Windows that will display Twitch chat on top of a windowed or borderless windowed game.
ProductVersion: 1.0.4
SquirrelAwareVersion: 1
CompanyName: baffler
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
4
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start twitchchatoverlay-setup.exe update.exe transparenttwitchchatwpf.exe wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1112"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3980"C:\Users\admin\AppData\Local\Temp\TwitchChatOverlay-Setup.exe" C:\Users\admin\AppData\Local\Temp\TwitchChatOverlay-Setup.exe
explorer.exe
User:
admin
Company:
baffler
Integrity Level:
MEDIUM
Description:
Application for Windows that will display Twitch chat on top of a windowed or borderless windowed game.
Exit code:
0
Version:
1.0.4
Modules
Images
c:\users\admin\appdata\local\temp\twitchchatoverlay-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
3996"C:\Users\admin\AppData\Local\SquirrelTemp\Update.exe" --install . C:\Users\admin\AppData\Local\SquirrelTemp\Update.exe
TwitchChatOverlay-Setup.exe
User:
admin
Company:
GitHub
Integrity Level:
MEDIUM
Description:
Update
Exit code:
0
Version:
1.9.1.0
Modules
Images
c:\users\admin\appdata\local\squirreltemp\update.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
4064"C:\Users\admin\AppData\Local\TransparentTwitchChatOverlay\app-1.0.4\TransparentTwitchChatWPF.exe" --squirrel-firstrunC:\Users\admin\AppData\Local\TransparentTwitchChatOverlay\app-1.0.4\TransparentTwitchChatWPF.exe
Update.exe
User:
admin
Integrity Level:
MEDIUM
Description:
TransparentTwitchChatWPF
Version:
1.0.4
Modules
Images
c:\users\admin\appdata\local\transparenttwitchchatoverlay\app-1.0.4\transparenttwitchchatwpf.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
9 361
Read events
9 261
Write events
100
Delete events
0

Modification events

(PID) Process:(3996) Update.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3996) Update.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3996) Update.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3996) Update.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3996) Update.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(3996) Update.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\TransparentTwitchChatOverlay
Operation:writeName:DisplayName
Value:
Transparent Twitch Chat Overlay
(PID) Process:(3996) Update.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\TransparentTwitchChatOverlay
Operation:writeName:DisplayVersion
Value:
1.0.4
(PID) Process:(3996) Update.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\TransparentTwitchChatOverlay
Operation:writeName:InstallDate
Value:
20240601
(PID) Process:(3996) Update.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\TransparentTwitchChatOverlay
Operation:writeName:InstallLocation
Value:
C:\Users\admin\AppData\Local\TransparentTwitchChatOverlay
(PID) Process:(3996) Update.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\TransparentTwitchChatOverlay
Operation:writeName:Publisher
Value:
baffler
Executable files
7
Suspicious files
12
Text files
8
Unknown types
0

Dropped files

PID
Process
Filename
Type
3980TwitchChatOverlay-Setup.exeC:\Users\admin\AppData\Local\SquirrelTemp\Update.exeexecutable
MD5:C5F6CDA4976AE38CD9FBA3D1E5EBD244
SHA256:DAE7BD888B715B8E215482BC5EA6F028DED32A3AD88BF4ACB6431D2A62FFE3F4
3996Update.exeC:\Users\admin\AppData\Local\TransparentTwitchChatOverlay\Update.exeexecutable
MD5:C5F6CDA4976AE38CD9FBA3D1E5EBD244
SHA256:DAE7BD888B715B8E215482BC5EA6F028DED32A3AD88BF4ACB6431D2A62FFE3F4
3996Update.exeC:\Users\admin\AppData\Local\TransparentTwitchChatOverlay\app-1.0.4\assets\Alert 3.wavbinary
MD5:FB2E5091989A05A8DB0F45C916160F87
SHA256:0601D5E5B3BAA15B4C8C8550F5DFC499E68C681DECFD94654F779A6AA5625FEC
3980TwitchChatOverlay-Setup.exeC:\Users\admin\AppData\Local\SquirrelTemp\RELEASEStext
MD5:ED33AC8BAB64AABAACA2A9305291C3FE
SHA256:CAEB28F1270C4D48ED323A2BFF3DA3EE9474380B22C2BA0E75B86CB27AE226D4
3996Update.exeC:\Users\admin\AppData\Local\TransparentTwitchChatOverlay\packages\TransparentTwitchChatOverlay-1.0.4-full.nupkgcompressed
MD5:AB58A63C3196ACFB5076CDAEFF962035
SHA256:454CA88064EF0592415C9770ED30929C1CBAE606E328EEFBC4FEDAE846D53DD5
3996Update.exeC:\Users\admin\AppData\Local\TransparentTwitchChatOverlay\app-1.0.4\assets\Alert 1 (Low).wavbinary
MD5:D0B95504BA251D3FBFC7A49D0AD6E97E
SHA256:56B02354F2DE1C3133BAD75D0BE32470E6AEE50FCC5F9A8354B228820FA6E245
3996Update.exeC:\Users\admin\AppData\Local\TransparentTwitchChatOverlay\app-1.0.4\index.htmlhtml
MD5:140229453088721FC4EC658F53A1AAF8
SHA256:188F7E91BD347D09137073A890249838C8A8AF7184BCDE1474D4EF460E722E35
3996Update.exeC:\Users\admin\AppData\Local\TransparentTwitchChatOverlay\app-1.0.4\assets\Alert 2 (Low).wavbinary
MD5:E4D6376631E42B54939E96C5FE4E2762
SHA256:5F82F09AD4DC315C74612DAFCB3FD27FD2A2DE18A819541025C4A5307E1E5CA6
3996Update.exeC:\Users\admin\AppData\Local\TransparentTwitchChatOverlay\app-1.0.4\assets\Alert 2.wavbinary
MD5:F71F3D354A4EE1565FFE7C5F5237FCB6
SHA256:74874F73F6A5801CF56D0AA85A562C63F77B647ECC26B8A8313FFCBE9B3483BF
3996Update.exeC:\Users\admin\AppData\Local\TransparentTwitchChatOverlay\app-1.0.4\assets\Alert 3 (Low).wavbinary
MD5:4B3B40D5971ECB4B99CE3B3262AAB976
SHA256:E110A39BB7E5031E4470F134E93725F9627DB8087CA005973267D9585447350F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
5
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
1088
svchost.exe
224.0.0.252:5355
unknown
4064
TransparentTwitchChatWPF.exe
140.82.121.6:443
api.github.com
GITHUB
US
unknown

DNS requests

Domain
IP
Reputation
api.github.com
  • 140.82.121.6
whitelisted

Threats

No threats detected
Process
Message
TransparentTwitchChatWPF.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
TransparentTwitchChatWPF.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
TransparentTwitchChatWPF.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
TransparentTwitchChatWPF.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
TransparentTwitchChatWPF.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
TransparentTwitchChatWPF.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
TransparentTwitchChatWPF.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
TransparentTwitchChatWPF.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
TransparentTwitchChatWPF.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
TransparentTwitchChatWPF.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
TwitchChatOverlay-Setup.exe