File name: | Radic_Launcher.exe |
Full analysis: | https://app.any.run/tasks/120897b4-e217-46f7-91db-dcb00e00f145 |
Verdict: | Malicious activity |
Analysis date: | August 12, 2022, 19:47:33 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
MD5: | 4226628A27AA516E2F4665A9DBA4B9D9 |
SHA1: | 71CFBBA6DB6334CF1E05A752AEE95BC364F6C339 |
SHA256: | 9973EF0569EA1B7FE0DC561B05937DF7586E2C46178820757C9EF152E627F136 |
SSDEEP: | 49152:tb/ZbLN5WzFJtPglyxoily2GvFiSdf+pEUK3jh:tb/Zb55Wzt4Aoily2od93jh |
.dll | | | Win32 Dynamic Link Library (generic) (38.3) |
---|---|---|
.exe | | | Win32 Executable (generic) (26.2) |
.exe | | | Win16/32 Executable Delphi generic (12) |
.exe | | | Generic Win/DOS Executable (11.6) |
.exe | | | DOS Executable Generic (11.6) |
MachineType: | Intel 386 or later, and compatibles |
---|---|
TimeStamp: | 2022:06:26 20:40:20+02:00 |
PEType: | PE32 |
LinkerVersion: | 11 |
CodeSize: | 51200 |
InitializedDataSize: | 1620992 |
UninitializedDataSize: | - |
EntryPoint: | 0x19e00a |
OSVersion: | 4 |
ImageVersion: | - |
SubsystemVersion: | 4 |
Subsystem: | Windows GUI |
FileVersionNumber: | 1.0.0.0 |
ProductVersionNumber: | 1.0.0.0 |
FileFlagsMask: | 0x003f |
FileFlags: | (none) |
FileOS: | Win32 |
ObjectFileType: | Executable application |
FileSubtype: | - |
LanguageCode: | Neutral |
CharacterSet: | Unicode |
Comments: | The launcher for the Radic GTA 5 Mod Menu! |
CompanyName: | - |
FileDescription: | Radic Launcher |
FileVersion: | 1.0.0.0 |
InternalName: | Radic Launcher.exe |
LegalCopyright: | Copyright © 2022 |
LegalTrademarks: | Radic Development |
OriginalFileName: | Radic Launcher.exe |
ProductName: | Radic Launcher |
ProductVersion: | 1.0.0.0 |
AssemblyVersion: | 1.0.0.0 |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 26-Jun-2022 18:40:20 |
Comments: | The launcher for the Radic GTA 5 Mod Menu! |
CompanyName: | - |
FileDescription: | Radic Launcher |
FileVersion: | 1.0.0.0 |
InternalName: | Radic Launcher.exe |
LegalCopyright: | Copyright © 2022 |
LegalTrademarks: | Radic Development |
OriginalFilename: | Radic Launcher.exe |
ProductName: | Radic Launcher |
ProductVersion: | 1.0.0.0 |
Assembly Version: | 1.0.0.0 |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0090 |
Pages in file: | 0x0003 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x00000080 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 5 |
Time date stamp: | 26-Jun-2022 18:40:20 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
pSi\x0cQfUg\xa8\x88\x16 | 0x00002000 | 0x001688A8 | 0x00168A00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 7.99989 |
.text | 0x0016C000 | 0x0000C448 | 0x0000C600 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.27976 |
.rsrc | 0x0017A000 | 0x00022F3B | 0x00023000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.49154 |
0x0019E000 | 0x00000010 | 0x00000200 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 0.142636 | |
.reloc | 0x001A0000 | 0x0000000C | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.0980042 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 5.09263 | 3683 | UNKNOWN | UNKNOWN | RT_MANIFEST |
2 | 3.60671 | 67624 | UNKNOWN | UNKNOWN | RT_ICON |
3 | 3.85449 | 16936 | UNKNOWN | UNKNOWN | RT_ICON |
4 | 4.02369 | 9640 | UNKNOWN | UNKNOWN | RT_ICON |
5 | 4.26712 | 4264 | UNKNOWN | UNKNOWN | RT_ICON |
6 | 4.5984 | 1128 | UNKNOWN | UNKNOWN | RT_ICON |
32512 | 2.79908 | 90 | UNKNOWN | UNKNOWN | RT_GROUP_ICON |
mscoree.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3508 | "C:\Users\admin\AppData\Local\Temp\Radic_Launcher.exe" | C:\Users\admin\AppData\Local\Temp\Radic_Launcher.exe | — | Explorer.EXE |
User: admin Integrity Level: MEDIUM Description: Radic Launcher Exit code: 3221226540 Version: 1.0.0.0 | ||||
2236 | "C:\Users\admin\AppData\Local\Temp\Radic_Launcher.exe" | C:\Users\admin\AppData\Local\Temp\Radic_Launcher.exe | Explorer.EXE | |
User: admin Integrity Level: HIGH Description: Radic Launcher Version: 1.0.0.0 | ||||
572 | "C:\Program Files\Internet Explorer\iexplore.exe" https://radicmenu.xyz/genlicense/s1 | C:\Program Files\Internet Explorer\iexplore.exe | Radic_Launcher.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Internet Explorer Exit code: 1 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2608 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:572 CREDAT:275457 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2608 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:60D96CB4FCABB109D004291F800A48F6 | SHA256:EF714AE99D3B1ABACE2C9FC484214C08F896ACDA3C8CE8843238E6A74F91D8C8 | |||
2608 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61 | binary | |
MD5:921C3D5BC910DD1A103FC6E9084D1D0E | SHA256:2AD05D0ACACA41964FC7E56CBD292D88D792648881F9F317DAA50955A4B84F18 | |||
2608 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\59B3BA6988DD55E01C1B3A963C43426D | der | |
MD5:D1635895F0F4AAFAF0C64DF542AC5AA1 | SHA256:5CE3A5430099A306F486F48CF1048638208CEB3F97D99614699EF6F21E844121 | |||
2608 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\JSKJLYT0.txt | text | |
MD5:C61BD05EA044EAE5D9D19C83A81AB882 | SHA256:FF37D7405EA0CBF54A9B58DBDFA1F018816EE2C404F57B0111C916CCF27F330B | |||
2236 | Radic_Launcher.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 | binary | |
MD5:47858AC4096BA820B956B55609E8B628 | SHA256:D43A190C03C70788F26E4832C217A41877B93E53A400ED12A93E4889C570ABFC | |||
2236 | Radic_Launcher.exe | C:\Users\admin\AppData\Local\Temp\CabF245.tmp | compressed | |
MD5:589C442FC7A0C70DCA927115A700D41E | SHA256:2E5CB72E9EB43BAAFB6C6BFCC573AAC92F49A8064C483F9D378A9E8E781A526A | |||
2236 | Radic_Launcher.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 | compressed | |
MD5:589C442FC7A0C70DCA927115A700D41E | SHA256:2E5CB72E9EB43BAAFB6C6BFCC573AAC92F49A8064C483F9D378A9E8E781A526A | |||
2608 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751 | binary | |
MD5:AF0BF9253F42BA2218CD95208CBF375A | SHA256:17D127AE2A95E48CFFAF8CE6B68446C9EE1928C9F03DE80000762374CAFE7043 | |||
2236 | Radic_Launcher.exe | C:\Users\admin\AppData\Local\Temp\TarF246.tmp | cat | |
MD5:7EE994C83F2744D702CBA18693ED1758 | SHA256:5DB917AB6DC8A42A43617850DFBE2C7F26A7F810B229B349E9DD2A2D615671D2 | |||
2608 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\59B3BA6988DD55E01C1B3A963C43426D | binary | |
MD5:E636AB0D2813DB18224658ADA398C52D | SHA256:1E507D5F25440333EA148CEA1132BDD93C427C9D538C9B32C4753838A579EF3E |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2236 | Radic_Launcher.exe | GET | 200 | 8.253.95.120:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?e18705e2dc937ee5 | US | compressed | 60.2 Kb | whitelisted |
572 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
2608 | iexplore.exe | GET | 200 | 67.27.158.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0840d39ad030f8b0 | US | compressed | 4.70 Kb | whitelisted |
2608 | iexplore.exe | GET | 200 | 67.27.158.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?89e0f9deaa1b0a2e | US | compressed | 4.70 Kb | whitelisted |
2608 | iexplore.exe | GET | 200 | 96.16.145.230:80 | http://x1.c.lencr.org/ | US | der | 717 b | whitelisted |
2608 | iexplore.exe | GET | 200 | 184.24.77.74:80 | http://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgTi6ahI7V%2B1uQ2ez0jpn13eLg%3D%3D | US | der | 345 b | whitelisted |
2608 | iexplore.exe | GET | 200 | 96.16.145.230:80 | http://x2.c.lencr.org/ | US | der | 300 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2236 | Radic_Launcher.exe | 188.114.96.3:443 | radicmenu.xyz | Cloudflare Inc | US | malicious |
2608 | iexplore.exe | 188.114.96.3:443 | radicmenu.xyz | Cloudflare Inc | US | malicious |
2608 | iexplore.exe | 67.27.158.254:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | malicious |
2236 | Radic_Launcher.exe | 8.253.95.120:80 | ctldl.windowsupdate.com | Global Crossing | US | suspicious |
2608 | iexplore.exe | 96.16.145.230:80 | x1.c.lencr.org | Akamai Technologies, Inc. | US | suspicious |
2608 | iexplore.exe | 184.24.77.74:80 | e1.o.lencr.org | Time Warner Cable Internet LLC | US | unknown |
572 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
572 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
radicmenu.xyz |
| malicious |
ctldl.windowsupdate.com |
| whitelisted |
x1.c.lencr.org |
| whitelisted |
x2.c.lencr.org |
| whitelisted |
e1.o.lencr.org |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
2236 | Radic_Launcher.exe | Potentially Bad Traffic | ET INFO Observed Let's Encrypt Certificate for Suspicious TLD (.xyz) |
2608 | iexplore.exe | Potentially Bad Traffic | ET INFO Observed Let's Encrypt Certificate for Suspicious TLD (.xyz) |
2608 | iexplore.exe | Potentially Bad Traffic | ET INFO Observed Let's Encrypt Certificate for Suspicious TLD (.xyz) |