Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

ActiveBarcode-Setup6.10.0.exe

Status: finished
Submission Time: 2020-10-27 17:30:11 +01:00
Malicious
Exploiter
Evader

Comments

Tags

Details

  • Analysis ID:
    306096
  • API (Web) ID:
    513978
  • Analysis Started:
    2020-10-27 17:34:17 +01:00
  • Analysis Finished:
    2020-10-27 17:50:15 +01:00
  • MD5:
    8a83e4d321941e09b46ee3e26f6c46a3
  • SHA1:
    b40bd27176bd6f927283757bb8694103088503aa
  • SHA256:
    1091d5ed5e16d8e5daa790aa109198d939bf288293fd74a8dbc9718588cd728b
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 54
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1045\license.rtf
 Rich Text Format data, version 1, unknown character set
 #
C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\BootstrapperApplicationData.xml
 XML 1.0 document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\3082\thm.wxl
 XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
 #
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\3082\license.rtf
 Rich Text Format data, version 1, unknown character set
 #
C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\2052\thm.wxl
 XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\2052\license.rtf
 Rich Text Format data, version 1, unknown character set
 #
C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1055\thm.wxl
 XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1055\license.rtf
 Rich Text Format data, version 1, unknown character set
 #
C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1049\thm.wxl
 XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1049\license.rtf
 Rich Text Format data, version 1, unknown character set
 #
C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1046\thm.wxl
 XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1046\license.rtf
 Rich Text Format data, version 1, unknown character set
 #
C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1045\thm.wxl
 XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\license.rtf
 Rich Text Format data, version 1, unknown character set
 #
C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1042\thm.wxl
 XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1042\license.rtf
 Rich Text Format data, version 1, unknown character set
 #
C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1041\thm.wxl
 XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1041\license.rtf
 Rich Text Format data, version 1, unknown character set
 #
C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1040\thm.wxl
 XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1040\license.rtf
 Rich Text Format data, version 1, unknown character set
 #
C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1036\thm.wxl
 XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1036\license.rtf
 Rich Text Format data, version 1, unknown character set
 #
C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1031\thm.wxl
 XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1031\license.rtf
 Rich Text Format data, version 1, unknown character set
 #
C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1029\thm.wxl
 XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1036\thm.wxl
 XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1049\thm.wxl
 XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1049\license.rtf
 Rich Text Format data, version 1, unknown character set
 #
C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1046\thm.wxl
 XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1046\license.rtf
 Rich Text Format data, version 1, unknown character set
 #
C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1045\thm.wxl
 XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1045\license.rtf
 Rich Text Format data, version 1, unknown character set
 #
C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1042\thm.wxl
 XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1042\license.rtf
 Rich Text Format data, version 1, unknown character set
 #
C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1041\thm.wxl
 XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1041\license.rtf
 Rich Text Format data, version 1, unknown character set
 #
C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1040\thm.wxl
 XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1040\license.rtf
 Rich Text Format data, version 1, unknown character set
 #
C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1029\license.rtf
 Rich Text Format data, version 1, unknown character set
 #
C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1036\license.rtf
 Rich Text Format data, version 1, unknown character set
 #
C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1031\thm.wxl
 XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1031\license.rtf
 Rich Text Format data, version 1, unknown character set
 #
C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1029\thm.wxl
 XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1029\license.rtf
 Rich Text Format data, version 1, unknown character set
 #
C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1028\thm.wxl
 XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1028\license.rtf
 Rich Text Format data, version 1, unknown character set
 #
C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\wixstdba.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\thm.xml
 XML 1.0 document, ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\thm.wxl
 XML 1.0 document, ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\logo.png
 PNG image data, 64 x 64, 8-bit colormap, non-interlaced
 #
C:\Program Files (x86)\ActiveBarcode\is-S1ET4.tmp
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Program Files\ActiveBarcode\is-BS3TJ.tmp
 PE32+ executable (GUI) x86-64, for MS Windows
 #
C:\Program Files\ActiveBarcode\is-7QPGI.tmp
 PNG image data, 128 x 128, 8-bit colormap, non-interlaced
 #
C:\Program Files (x86)\ActiveBarcode\word\is-95S3E.tmp
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\ActiveBarcode\unins000.msg
 data
 #
C:\Program Files (x86)\ActiveBarcode\unins000.dat
 data
 #
C:\Program Files (x86)\ActiveBarcode\powerpoint\is-HVL4I.tmp
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\ActiveBarcode\php\is-VBOJ5.tmp
 PHP script, ASCII text, with CRLF line terminators
 #
C:\Program Files (x86)\ActiveBarcode\php\is-SA1JG.tmp
 PHP script, ASCII text, with CRLF line terminators
 #
C:\Program Files (x86)\ActiveBarcode\php\is-P6450.tmp
 PHP script, UTF-8 Unicode text, with CRLF line terminators
 #
C:\Program Files (x86)\ActiveBarcode\php\is-MCFJF.tmp
 PHP script, ASCII text, with CRLF line terminators
 #
C:\Program Files (x86)\ActiveBarcode\php\is-CKBK5.tmp
 HTML document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Program Files (x86)\ActiveBarcode\php\is-30VK0.tmp
 PHP script, ASCII text, with CRLF line terminators
 #
C:\Program Files\ActiveBarcode\is-E4TA6.tmp
 PNG image data, 270 x 270, 8-bit colormap, non-interlaced
 #
C:\Program Files (x86)\ActiveBarcode\is-QT8OU.tmp
 PNG image data, 270 x 270, 8-bit colormap, non-interlaced
 #
C:\Program Files (x86)\ActiveBarcode\is-NF12M.tmp
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\ActiveBarcode\is-EJAO3.tmp
 PE32 executable (console) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\ActiveBarcode\is-B4AHR.tmp
 MS Windows 95 Internet shortcut text (URL=<https://www.activebarcode.com/>), ASCII text, with CRLF line terminators
 #
C:\Program Files (x86)\ActiveBarcode\is-46OVU.tmp
 PNG image data, 128 x 128, 8-bit colormap, non-interlaced
 #
C:\Program Files (x86)\ActiveBarcode\is-33N56.tmp
 ASCII text, with CRLF line terminators
 #
C:\Program Files (x86)\ActiveBarcode\excel\is-2E9JE.tmp
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\ActiveBarcode\asp\is-U5JM0.tmp
 HTML document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Program Files (x86)\ActiveBarcode\asp\is-TSNN9.tmp
 HTML document, ASCII text, with CRLF line terminators
 #
C:\Program Files (x86)\ActiveBarcode\asp\is-N4N88.tmp
 UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\Program Files (x86)\ActiveBarcode\asp\is-H2QFN.tmp
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\is-8NSOS.tmp\ActiveBarcode-Setup6.10.0.tmp
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1028\thm.wxl
 XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1028\license.rtf
 Rich Text Format data, version 1, unknown character set
 #
C:\Users\user\AppData\Local\Temp\is-VO8D4.tmp\_isetup\_setup64.tmp
 PE32+ executable (console) x86-64, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\is-VHR2U.tmp\_isetup\_setup64.tmp
 PE32+ executable (console) x86-64, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\is-S3U11.tmp\vc_redist.x86.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\is-S3U11.tmp\vc_redist.x64.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\is-S3U11.tmp\_isetup\_setup64.tmp
 PE32+ executable (console) x86-64, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\is-S3U11.tmp\ActiveBarcode.x86.msi
 2
 #
C:\Users\user\AppData\Local\Temp\is-S3U11.tmp\ActiveBarcode.x64.msi
 2
 #
C:\Users\user\AppData\Local\Temp\is-PGOBR.tmp\_isetup\_setup64.tmp
 PE32+ executable (console) x86-64, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\is-OGIO1.tmp\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.tmp
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\is-MHRBQ.tmp\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.tmp
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\ActiveBarcode\asp\is-8PJ8C.tmp
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\is-4RA3O.tmp\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.tmp
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\dd_vcredist_x86_20201027173604.log
 ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20201027173553.log
 ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\Setup Log 2020-10-27 #003.txt
 UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\Setup Log 2020-10-27 #002.txt
 UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\Setup Log 2020-10-27 #001.txt
 UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActiveBarcode\ActiveBarcode Generator.lnk
 MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Oct 27 15:36:17 2020, mtime=Tue Oct 27 15:36:17 2020, atime=Wed Aug 5 12:53:38 2020, length=5755864, window=hide
 #
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActiveBarcode\ActiveBarcode CLI.lnk
 MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Has command line arguments, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
 #
C:\Program Files\ActiveBarcode\is-O0ER4.tmp
 MS Windows 95 Internet shortcut text (URL=<https://www.activebarcode.com/>), ASCII text, with CRLF line terminators
 #
C:\Program Files\ActiveBarcode\is-F3OA5.tmp
 ASCII text, with CRLF line terminators
 #
C:\Program Files\ActiveBarcode\is-E6UFQ.tmp
 PE32+ executable (console) x86-64, for MS Windows
 #