Setup.exe

Status: finished

Submission Time: 2019-12-11 21:23:12 +01:00

Suspicious

Evader

Comments

Details

Analysis ID:
195552
API (Web) ID:
289106
Analysis Started:

2019-12-11 21:23:12 +01:00
Analysis Finished:

2019-12-11 21:53:24 +01:00
MD5:
099755697f8358ea6b9325ff30255095
SHA1:
50ca168528d30030723919253e7ad2af11f89f38
SHA256:
77469752341683d836dcfdada2a7c097ef7d90a153f1312fdfcf4f2e27796e73
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	suspicious Score: 24	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
	Full Report Management Report IOC Report	clean Score: 17	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 Run Condition: Cmdline fuzzy

IPs

IP	Country	Detection
198.91.81.4	United States

Domains

Name	IP	Detection
syncfolders.elementfx.com	198.91.81.4
www.syncfolders.elementfx.com	0.0.0.0

URLs

Name	Detection
https://www.dropbox.com/s/ldas3fpb42yhq5z/SyncFolders_Version_Information.xml?dl=1
https://www.dropbox.com/s/7uy8grv9h1mao9r/Setup.exe?dl=1x
http://www.syncfolders.elementfx.com/setupfile/SyncFolders_Version_Information.xmlx
Click to see the 60 hidden entries
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
http://www.kymoto.orgAcerca
http://www.syncfolders.elementfx.com/setupfile/Setup.exe
http://www.kymoto.org
http://www.syncfolders.elementfx.com/setupfile/Setup.exex
http://www.syncfolders.elementfx.com/setupfile/SyncFoldersPortable.zip
http://www.sakkal.com7
http://en.w
http://www.ascendercorp.com/typedesigners.htmlcom/hN
http://www.carterandcone.coml
http://syncfolders.elementfx.comxh
http://www.dk-soft.org/
http://www.syncfolders.elementfx.comxh
http://www.xrml.org/schema/2001/11/xrml2core
http://www.founder.com.cn/cn
http://www.ascendercorp.com/typedesigners.htmlhN
http://www.remobjects.com/psU
https://www.dropbox.com/s/faxtrwqiuwhjcog/SyncFolders_Version_Information.xml?dl=1
http://www.monotype.
https://www.dropbox.com/s/faxtrwqiuwhjcog/SyncFolders_Version_Information.xml?dl=1xh
http://www.ascendercorp.com/typedesigners.htmls
http://www.jiyu-kobo.co.jp/
http://www.syncfolders.elementfx.com/setupfile/SyncFoldersSetup.zip
http://www.remobjects.com/ps
http://en.wikipU4
http://www.ascendercorp.com/typedesigners.htmlc
https://www.dropbox.com/s/a5oihkr765wrycq/SyncFoldersPortable.zip?dl=1
http://www.syncfolders.elementfx.com/setupfile/SyncFoldersPortable.zipx
https://www.dropbox.com/s/5oz347zozfkfl3y/SyncFoldersSetup.zip?dl=1x
http://counter-strike.com.ua/
http://www.syncfolders.elementfx.com/setupfile/SyncFoldersSetup.zipx
http://www.syncfolders.elementfx.com/setupfile/SyncFolders_Version_Information.xml
http://www.kymoto.orgInformazioni
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
http://schemas.xmlsoap.org/soap/envelope/
http://www.tiro.com
http://www.syncfolders.elementfx.com/
https://www.dropbox.com/s/5oz347zozfkfl3y/SyncFoldersSetup.zip?dl=1
http://www.goodfont.co.kr
http://www.sajatypeworks.com
http://www.typography.netD
http://www.founder.com.cn/cn/cThe
http://fontfabrik.com
http://www.kymoto.orgSobre
https://www.dropbox.com/s/a5oihkr765wrycq/SyncFoldersPortable.zip?dl=1x
http://www.founder.com.cn/cn/bThe
http://www.fonts.com
http://www.sandoll.co.kr
http://www.syncfolders.elementfx.com
http://www.zhongyicts.com.cn
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.sakkal.com
http://www.kymoto.orgO
http://www.innosetup.com/
http://www.apache.org/licenses/LICENSE-2.0
http://www.kymoto.or
http://www.kymoto.orgOver
https://www.dropbox.com/s/7uy8grv9h1mao9r/Setup.exe?dl=1
https://www.dropbox.com/s/ldas3fpb42yhq5z/SyncFolders_Version_Information.xml?dl=1x
http://www.kymoto.orgAbout

Dropped files

Name	File Type	Hashes
C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\3b0-0\System.Data.SqlXml.dll	data	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\10c4-0\System.Deployment.dll	data	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1104-0\Microsoft.Build.Utilities.v4.0.dll	data	#
Click to see the 55 hidden entries
C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1104-0\System.ServiceModel.Internals.dll	data	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1108-0\System.Data.OracleClient.dll	data	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\11a4-0\System.Drawing.Design.dll	data	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1264-0\System.ComponentModel.DataAnnotations.dll	data	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\12f8-0\System.Security.dll	data	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1318-0\Microsoft.Win32.TaskScheduler.dll	data	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1320-0\Microsoft.Build.Tasks.v4.0.dll	data	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1364-0\Microsoft.Build.Framework.dll	data	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\228-0\System.Web.dll	data	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\2cc-0\System.DirectoryServices.Protocols.dll	data	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\5b8-0\System.Runtime.Caching.dll	data	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\6c0-0\System.EnterpriseServices.Wrapper.dll	data	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\6c0-0\System.EnterpriseServices.dll	data	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\8d4-0\Microsoft.JScript.dll	data	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\9a8-0\SMDiagnostics.dll	data	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\9c4-0\System.Web.RegularExpressions.dll	data	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\bd4-0\System.Runtime.Serialization.Formatters.Soap.dll	data	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\c30-0\System.Design.dll	data	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\cbc-0\System.Web.ApplicationServices.dll	data	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\dcc-0\SyncFolders.General.dll	data	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web.82d5542b#\3f948d04fd854eb7381d4c989cafc493\System.Web.RegularExpressions.ni.dll.aux.tmp	Hitachi SH big-endian COFF object file, not stripped, 0 section, symbol offset=0xb000000, -1207959552 symbols, optional header size 3328	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web.8dc504e4#\a7d5c902f395c78cfb861ccbb9167f5a\System.Web.ApplicationServices.ni.dll.aux.tmp	Hitachi SH big-endian COFF object file, not stripped, 0 section, symbol offset=0xb000000, -1207959552 symbols, optional header size 3328	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Servd1dec626#\9f362203fad8497aa003e6c897268c1a\System.ServiceModel.Internals.ni.dll.aux.tmp	Hitachi SH big-endian COFF object file, not stripped, 0 section, symbol offset=0xb000000, -1207959552 symbols, optional header size 3328	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web\e1e1a83117ac0b90f1738ec48d81d740\System.Web.ni.dll.aux.tmp	Hitachi SH big-endian COFF object file, not stripped, 0 section, symbol offset=0xb000000, -1543503872 symbols, optional header size 3328	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\d30-0\SyncFolders.exe	data	#
\Device\ConDrv	ASCII text, with CRLF line terminators	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\61f4c827bd0262304f46b9e4ecbccd38\SMDiagnostics.ni.dll.aux.tmp	Hitachi SH big-endian COFF object file, not stripped, 0 section, symbol offset=0xb000000, -1476395008 symbols, optional header size 3328	#
C:\Program Files (x86)\SyncFolders\is-SC0AC.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\SyncFolders\unins000.dat	data	#
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SyncFolders\SyncFolders.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Dec 12 04:25:48 2019, mtime=Thu Dec 12 04:25:48 2019, atime=Thu Sep 12 18:40:22 2019, length=1228288, window=hide	#
C:\Users\user\AppData\Local\Temp\b61e4c92-00bb-406b-b96a-e7ffa3b3f8d2.tmp	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\is-J5JS6.tmp\Setup.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\is-VJIVC.tmp\SmallImage.bmp	PC bitmap, Windows 3.x format, 32 x 32 x 24	#
C:\Users\user\AppData\Local\Temp\is-VJIVC.tmp\_isetup\_setup64.tmp	PE32+ executable (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\is-VJIVC.tmp\isxdl.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	ASCII text, with CRLF line terminators	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.B3325a29b#\34e7ee4b346995a3faae92bf1234343c\Microsoft.Build.Framework.ni.dll.aux.tmp	Hitachi SH big-endian COFF object file, not stripped, 0 section, symbol offset=0xb000000, -1275068416 symbols, optional header size 3328	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.B83e9cb53#\890462e9f6c3db9a72bd45ecd369433c\Microsoft.Build.Utilities.v4.0.ni.dll.aux.tmp	Hitachi SH big-endian COFF object file, not stripped, 0 section, symbol offset=0xb000000, -1207959552 symbols, optional header size 3328	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Baa2ca56b#\993213f5027f1661c1aa18a1a3f16804\Microsoft.Build.Tasks.v4.0.ni.dll.aux.tmp	Hitachi SH big-endian COFF object file, not stripped, 0 section, symbol offset=0xb000000, -1275068416 symbols, optional header size 3328	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\448c132a6fe2edee838687a151acb983\Microsoft.JScript.ni.dll.aux.tmp	Hitachi SH big-endian COFF object file, not stripped, 0 section, symbol offset=0xb000000, -1409286144 symbols, optional header size 3328	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wb2e8627a#\d23004fb12087f41f013b9045a2769b7\Microsoft.Win32.TaskScheduler.ni.dll.aux.tmp	Hitachi SH big-endian COFF object file, not stripped, 0 section, symbol offset=0xb000000, -1207959552 symbols, optional header size 3328	#
C:\Program Files (x86)\SyncFolders\is-DBSVJ.tmp	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\SyncFolders.General\dc635a482667eccad25fa797fcab4abc\SyncFolders.General.ni.dll.aux.tmp	Hitachi SH big-endian COFF object file, not stripped, 0 section, symbol offset=0xb000000, -1610612736 symbols, optional header size 3328	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\SyncFolders\f421cd4bbfb395b4d63b002b77894b74\SyncFolders.ni.exe.aux.tmp	Hitachi SH big-endian COFF object file, not stripped, 0 section, symbol offset=0xb000000, -1677721600 symbols, optional header size 3328	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Comp46f2b404#\392d76562d1f1d3167f460499ceef6e0\System.ComponentModel.DataAnnotations.ni.dll.aux.tmp	Hitachi SH big-endian COFF object file, not stripped, 0 section, symbol offset=0xb000000, -1073741824 symbols, optional header size 3328	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\c68d99ed95f69da30082ce5beaa347af\System.Data.SqlXml.ni.dll.aux.tmp	Hitachi SH big-endian COFF object file, not stripped, 0 section, symbol offset=0xb000000, -1409286144 symbols, optional header size 3328	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data86569bbf#\8b4c5fb96aac0ab4e3907f0deeb6e8fa\System.Data.OracleClient.ni.dll.aux.tmp	Hitachi SH big-endian COFF object file, not stripped, 0 section, symbol offset=0xb000000, -1342177280 symbols, optional header size 3328	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\2b542ff82325c2856ccba8fde9551343\System.Deployment.ni.dll.aux.tmp	Hitachi SH big-endian COFF object file, not stripped, 0 section, symbol offset=0xb000000, -1409286144 symbols, optional header size 3328	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Design\d3c75cff5a3da5ac33b2df435ec97366\System.Design.ni.dll.aux.tmp	Hitachi SH big-endian COFF object file, not stripped, 0 section, symbol offset=0xb000000, -1476395008 symbols, optional header size 3328	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Dire5d62f0a2#\f5290de9ef3ca5f33b9fb4805f573860\System.DirectoryServices.Protocols.ni.dll.aux.tmp	Hitachi SH big-endian COFF object file, not stripped, 0 section, symbol offset=0xb000000, -1140850688 symbols, optional header size 3328	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Draw0a54d252#\15f8a6aacfe438783524a123f85d7219\System.Drawing.Design.ni.dll.aux.tmp	Hitachi SH big-endian COFF object file, not stripped, 0 section, symbol offset=0xb000000, -1342177280 symbols, optional header size 3328	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\bff8f2f0e7a86d505e7c4143548690a1\System.EnterpriseServices.ni.dll.aux.tmp	Hitachi SH big-endian COFF object file, not stripped, 0 section, symbol offset=0xb000000, -1275068416 symbols, optional header size 3328	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt19c51595#\059003a6c5302d45ad027cc33a0b0717\System.Runtime.Caching.ni.dll.aux.tmp	Hitachi SH big-endian COFF object file, not stripped, 0 section, symbol offset=0xb000000, -1342177280 symbols, optional header size 3328	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\2540285a2708be2030df65bb1dceb699\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux.tmp	Hitachi SH big-endian COFF object file, not stripped, 0 section, symbol offset=0xb000000, -1006632960 symbols, optional header size 3328	#
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\f85399925a856143d1ef0e1495ebebd3\System.Security.ni.dll.aux.tmp	Hitachi SH big-endian COFF object file, not stripped, 0 section, symbol offset=0xb000000, -1476395008 symbols, optional header size 3328	#

Setup.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Setup.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Search started

Setup.exe