IOC Report
drw_free_installer.756836.exe

loading gif

Files

File Path
Type
Category
Malicious
drw_free_installer.756836.exe
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
initial sample
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Arabic.ini
Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Chinese.ini
Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\ChineseTrad.ini
Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Danish.ini
Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Dutch.ini
Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EasyLog.log
JSON data
modified
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\French.ini
Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\German.ini
Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Indonesian.ini
Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\InitConfigure.ini
Generic INItialization configuration [Language]
dropped
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Italian.ini
Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Japanese.ini
Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Korean.ini
Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\LanguageTransfor.ini
Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Malay.ini
Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Mungarian.ini
Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Norwegian.ini
Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Polish.ini
Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Portuguese.ini
Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Russian.ini
Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Spanish.ini
Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Swedish.ini
Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Thai.ini
Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Turkish.ini
Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunConfig.ini
Unicode text, UTF-16, little-endian text, with CRLF line terminators
modified
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrap.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\DataFile.ini
Unicode text, UTF-16, little-endian text, with CRLF line terminators
modified
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\tempInfo.web
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\downloader.ico
MS Windows icon resource - 10 icons, 16x16, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
dropped
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\english.ini
Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\skin.zip
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\Desktop\drw18.0.0.0_free.exe.temp
data
dropped
There are 26 hidden files, click here to show them.

URLs

Name
IP
Malicious
http://track.easeus.com/product/index.php?c=main&a=getstatus&pid=2
163.171.128.150
http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/
13.227.219.92

Domains

Name
IP
Malicious
track.easeus.com.whecloud.com
163.171.128.150
d1yqyi2epbbxvx.cloudfront.net
13.227.219.92
www.google.com
142.250.185.132
d316xlss9esscz.cloudfront.net
108.156.60.79
easeusinfo.us-east-1.log.aliyuncs.com
47.252.97.212
d2.easeus.com
unknown
track.easeus.com
unknown
download.easeus.com
unknown
d1.easeus.com
unknown
d3.easeus.com
unknown

IPs

IP
Domain
Country
Malicious
47.252.97.212
easeusinfo.us-east-1.log.aliyuncs.com
United States
13.227.219.92
d1yqyi2epbbxvx.cloudfront.net
United States
108.156.60.79
d316xlss9esscz.cloudfront.net
United States
18.66.112.38
unknown
United States
142.250.185.132
www.google.com
United States
163.171.128.150
track.easeus.com.whecloud.com
European Union