Windows Analysis Report
SetupPSRCloud_5.0.2.exe

Overview

General Information

Sample name:	SetupPSRCloud_5.0.2.exe
Analysis ID:	1427669
MD5:	3f0aa516242d152f76d1151b6524c9c6
SHA1:	e7974e9135d24357764c6f578a726e0ae145f3c2
SHA256:	a0fa184a9104b4488e40de447615e464ebbf79bd8b6fd916c34a610eb0c8bfdb
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Drops PE files

PE file contains sections with non-standard names

Uses 32bit PE files

Classification

Signatures

Uses 32bit PE files

Source: SetupPSRCloud_5.0.2.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: SetupPSRCloud_5.0.2.exe

Static PE information: certificate valid

Source: SetupPSRCloud_5.0.2.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Uses 32bit PE files

Source: SetupPSRCloud_5.0.2.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: classification engine

Classification label: clean1.winEXE@3/1@0/0

Source: C:\Users\user\Desktop\SetupPSRCloud_5.0.2.exe

File created: C:\Users\user\AppData\Local\Temp\is-SE40O.tmp

Source: C:\Users\user\Desktop\SetupPSRCloud_5.0.2.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\Desktop\SetupPSRCloud_5.0.2.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Source: C:\Users\user\Desktop\SetupPSRCloud_5.0.2.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: C:\Users\user\Desktop\SetupPSRCloud_5.0.2.exe

File read: C:\Users\user\Desktop\SetupPSRCloud_5.0.2.exe

Source: unknown	Process created: C:\Users\user\Desktop\SetupPSRCloud_5.0.2.exe "C:\Users\user\Desktop\SetupPSRCloud_5.0.2.exe"
Source: C:\Users\user\Desktop\SetupPSRCloud_5.0.2.exe	Process created: C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp "C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp" /SL5="$603B2,23154778,874496,C:\Users\user\Desktop\SetupPSRCloud_5.0.2.exe"
Source: C:\Users\user\Desktop\SetupPSRCloud_5.0.2.exe	Process created: C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp "C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp" /SL5="$603B2,23154778,874496,C:\Users\user\Desktop\SetupPSRCloud_5.0.2.exe"

Source: C:\Users\user\Desktop\SetupPSRCloud_5.0.2.exe	Section loaded: version.dll
Source: C:\Users\user\Desktop\SetupPSRCloud_5.0.2.exe	Section loaded: netapi32.dll
Source: C:\Users\user\Desktop\SetupPSRCloud_5.0.2.exe	Section loaded: netutils.dll
Source: C:\Users\user\Desktop\SetupPSRCloud_5.0.2.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\SetupPSRCloud_5.0.2.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp	Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp	Section loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp	Section loaded: dwmapi.dll

Source: C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp

Window found: window name: TSelectLanguageForm

Source: SetupPSRCloud_5.0.2.exe

Static PE information: certificate valid

Source: SetupPSRCloud_5.0.2.exe

Static file information: File size 24045024 > 1048576

Source: SetupPSRCloud_5.0.2.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

PE file contains sections with non-standard names

Source: SetupPSRCloud_5.0.2.exe

Static PE information: section name: .didata

Drops PE files

Source: C:\Users\user\Desktop\SetupPSRCloud_5.0.2.exe

File created: C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp

Jump to dropped file

Source: C:\Users\user\Desktop\SetupPSRCloud_5.0.2.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-SE40O.tmp\SetupPSRCloud_5.0.2.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX

Screenshots

Network Map

⊘No contacted IP infos

ID:	1427669
Product:	CloudBasic
Start time:	23:12:27
Start date:	17.04.2024
Sample:	SetupPSRCloud_5.0.2.exe
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	3f0aa516242d152f76d1151b6524c9c6
SHA1:	e7974e9135d24357764c6f578a726e0ae145f3c2
SHA256:	a0fa184a9104b4488e40de447615e464ebbf79bd8b6fd916c34a610eb0c8bfdb
Filetype:	Win32 Executable (generic) a (10002005/4) 98.04%

Windows Analysis Report
SetupPSRCloud_5.0.2.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Screenshots

Network Map

Windows Analysis Report SetupPSRCloud_5.0.2.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Screenshots

Network Map

Windows Analysis Report
SetupPSRCloud_5.0.2.exe