br4Cu3BycW.exe

Status: finished

Submission Time: 2021-09-28 09:24:25 +02:00

Malicious

Trojan

Spyware

Evader

Vidar

Comments

Details

Analysis ID:
492023
API (Web) ID:
859592
Analysis Started:

2021-09-28 09:30:51 +02:00
Analysis Finished:

2021-09-28 09:46:17 +02:00
MD5:
ec72a93f6279b16006f2196f330166ee
SHA1:
74b4d4a19500d3644a6a4f523ad7d4adcb1ace6f
SHA256:
4340bc1e1ddb5d268a010401be96435063de733a2601d158d13f56da9f20df5d
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 76	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

Score: 8/28

IPs

IP	Country	Detection
147.135.170.166	France

URLs

Name	Detection
http://tux4kids.net/~jdandr2)
http://translationproject.org/
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=104456&repeatmerged=yes
Click to see the 37 hidden entries
http://www.libsdl.org/projects/SDL_ttf
http://www.libsdl.org/projects/SDL_ttf/
http://sourceforge.net/bugs/?func=detailbug&bug_id=131474&group_id=12715)
https://www.remobjects.com/ps
http://www.galuzzi.it.
https://www.innosetup.com/
http://sourceforge.net/tracker/index.php?func=detail&aid=414339&group_id=12715&atid=112715)
http://translationproject.org/extra/matrix.html
http://fsf.org/
http://scripts.sil.org/OFL
http://www.libsdl.org/projects/SDL_mixer
http://alioth.debian.org/forum/?group_id=31080
http://www.libsdl.org/download-1.2.php
http://sdlpango.sourceforge.net
HTTP://WWW.MPEGLA.COM
http://www.filehelpers.com4
http://www.gnu.org/licenses/
http://147.135.170.166/
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
http://www.filehelpers.com0
http://tux4kids.alioth.debian.org
HTTP://WWW.MPEGLA.COM.
http://www.libsdl.org
http://www.gnu.org/philosophy/why-not-lgpl.html
http://sources.redhat.com/pthreads-win32/d&
http://www.filehelpers.comg
http://www.libsdl.org/projects/SDL_mixer/
http://www.elecard.com
http://sourceforge.net/tracker/index.php?func=detail&aid=421508&group_id=12715&atid=112715)
http://www.iisc.ernet.in
http://147.135.170.166/public/sqlite3.dll
http://www.tux4kids.com.
http://www.filehelpers.com
http://www.libsdl.org/projects/SDL_image
http://www.libsdl.org/projects/SDL_image/
https://jrsoftware.org/ishelp/index.php?topic=setupcmdline
http://bura-bura.com/blog/archives/2005/08/02/how-to-compile-an-application-for-102-or-103-using-xco

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Roaming\Crystal Reports Extra\CrystalReports.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-7MTO8.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-5P6B9.tmp	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
Click to see the 97 hidden entries
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-Q7NRR.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-OSEV1.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-N95UU.tmp	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-MMNOC.tmp	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-L6ITB.tmp	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-KTI9L.tmp	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-JEA3R.tmp	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-HRO44.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-FCT1V.tmp	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-B5IQO.tmp	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-AFSCM.tmp	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-TECE4.tmp	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-5F8P5.tmp	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-33ENG.tmp	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-1UL10.tmp	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\imageformats\qjpeg4.dll (copy)	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\imageformats\qgif4.dll (copy)	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\imageformats\is-GS64B.tmp	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\imageformats\is-0V44S.tmp	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\history.txt (copy)	data	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\fonts\lohit_ta.ttf (copy)	TrueType Font data, 20 tables, 1st "GDEF", 16 names, Macintosh, Copyright (c) 2003, Automatic Control Equipments, Pune, INDIA. - under General Public LicenseLo	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\fonts\lohit_pa.ttf (copy)	TrueType Font data, 20 tables, 1st "GDEF", 16 names, Macintosh, Copyright (c) 2001, Automatic Control Equipments, Pune, INDIA. - under General Public LicenseLo	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\fonts\lohit_hi.ttf (copy)	TrueType Font data, 16 tables, 1st "GDEF", 14 names, Macintosh	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\libssl-40.dll (copy)	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\czech\words\is-C75PA.tmp	UTF-8 Unicode text	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\czech\words\is-6M9NV.tmp	UTF-8 Unicode text	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\czech\words\is-6IOGQ.tmp	UTF-8 Unicode text	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\czech\words\is-60AQ9.tmp	UTF-8 Unicode text	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\czech\words\abeceda.txt (copy)	UTF-8 Unicode text	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\czech\settings.txt (copy)	ASCII text	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\czech\keyboard.lst (copy)	UTF-8 Unicode text	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\czech\is-J58EF.tmp	ASCII text	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\czech\is-DDSCO.tmp	UTF-8 Unicode text	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\pthreadGC2.dll (copy)	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\mingwm10.dll (copy)	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\libtasn1-6.dll (copy)	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-RSFVI.tmp	data	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\libogg-0.dll (copy)	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\libnettle-4-6.dll (copy)	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\libmongoc-1.0.dll (copy)	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\libintl-8.dll (copy)	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\libgthread-2.0-0.dll (copy)	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\libgpg-error6-0.dll (copy)	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\libgmodule-2.0-0.dll (copy)	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\libffi-6.dll (copy)	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\libbson-1.0.dll (copy)	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-VO510.tmp	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\fonts\is-K99HI.tmp	TrueType Font data, 20 tables, 1st "GDEF", 16 names, Macintosh, Copyright (c) 2001, Automatic Control Equipments, Pune, INDIA. - under General Public LicenseLo	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\Filters\is-UREBA.tmp	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\AUTHORS (copy)	UTF-8 Unicode text	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\ABOUT-NLS (copy)	ASCII text	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\dat\is-NE78S.tmp	MS Windows icon resource - 3 icons, 48x48, 16 colors, 4 bits/pixel, 48x48, 8 bits/pixel	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\dat\is-60EIS.tmp	MS Windows icon resource - 9 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\dat\is-5TG90.tmp	MS Windows icon resource - 9 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\dat\ico48.ico (copy)	MS Windows icon resource - 3 icons, 48x48, 16 colors, 4 bits/pixel, 48x48, 8 bits/pixel	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\dat\enc.ico (copy)	MS Windows icon resource - 9 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\dat\PDF_32x32.ico (copy)	MS Windows icon resource - 9 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\Microsoft.ReportViewer.ProcessingObjectModel.dll (copy)	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\License.txt (copy)	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\Filters\unregister.cmd (copy)	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\Filters\register.cmd (copy)	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\COPYING (copy)	ASCII text	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\Filters\is-NST0V.tmp	Rich Text Format data, version 1, ANSI	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\Filters\is-D43R5.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\Filters\is-BME18.tmp	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\Filters\License.rtf (copy)	Rich Text Format data, version 1, ANSI	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\Filters\LC.dll (copy)	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\FileHelpers.DLL (copy)	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\Docs\is-PSH61.tmp	PDF document, version 1.4	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\Docs\Quick Start.pdf (copy)	PDF document, version 1.4	#
C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\is-D30UI.tmp\_isetup\_setup64.tmp	PE32+ executable (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\is-I8QQE.tmp	ASCII text	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\fonts\is-K1NF7.tmp	TrueType Font data, 16 tables, 1st "GDEF", 14 names, Macintosh	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\fonts\is-DJ1Q7.tmp	TrueType Font data, 16 tables, 1st "GDEF", 26 names, Unicode	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\fonts\is-878RF.tmp	TrueType Font data, 20 tables, 1st "GDEF", 16 names, Macintosh, Copyright (c) 2003, Automatic Control Equipments, Pune, INDIA. - under General Public LicenseLo	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\fonts\Kedage-n.ttf (copy)	TrueType Font data, 16 tables, 1st "GDEF", 26 names, Unicode	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\lesson_scripting_reference.html (copy)	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\is-RUFVL.tmp	ASCII text	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\is-Q5V6P.tmp	UTF-8 Unicode text	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\is-NGKMM.tmp	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\is-MKJK3.tmp	ASCII text	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\is-LH7R9.tmp	ASCII text, with very long lines	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\is-KDGPL.tmp	ASCII text	#
C:\Users\user\AppData\Local\Temp\is-627NM.tmp\_isetup\_setup64.tmp	PE32+ executable (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\is-GB5QC.tmp	ASCII text	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\is-71NV9.tmp	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\is-6O94V.tmp	ASCII text	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\is-098P2.tmp	UTF-8 Unicode text	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\howtotheme.html (copy)	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\TuxType_port_Mac.txt (copy)	ASCII text, with very long lines	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\TODO (copy)	ASCII text	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\README (copy)	ASCII text	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\OFL (copy)	ASCII text	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\INSTALL (copy)	ASCII text	#
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\ChangeLog (copy)	UTF-8 Unicode text	#

br4Cu3BycW.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

br4Cu3BycW.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

Search started

br4Cu3BycW.exe