Windows Analysis Report
drw_free_installer.17163939163819b153.exe

Overview

General Information

Sample name: drw_free_installer.17163939163819b153.exe
Analysis ID: 1445894
MD5: 6e3bc255dc7b79e452c66610c741eb95
SHA1: 972d9adbec19dd1277b4329fa13641847ca18c87
SHA256: bdb74a31956e7c2ce7a3c6344ac7265d84b735c1038a390168f01d6d9fa43b3a
Infos:

Detection

Score: 23
Range: 0 - 100
Whitelisted: false
Confidence: 40%

Signatures

AI detected suspicious sample
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to create an SMB header
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found evasive API chain (date check)
Found evasive API chain (may stop execution after checking a module file name)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Potential key logger detected (key state polling based)
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 72.8% probability
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F15090 CreateFileW,CloseHandle,CryptAcquireContextW,CryptCreateHash,GetFileSize,ReadFile,CryptHashData,CloseHandle,CryptGetHashParam,CryptGetHashParam,CryptGetHashParam,_sprintf,CryptDestroyHash,CryptReleaseContext, 1_2_00F15090
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00FD3A40 CryptAcquireContextW,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext, 1_2_00FD3A40
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00FD3C80 CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext, 1_2_00FD3C80
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E2B4D40 CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext, 2_2_6E2B4D40
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E2B4B00 CryptAcquireContextA,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext, 2_2_6E2B4B00
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 3_2_6C9F4D40 CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext, 3_2_6C9F4D40
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 3_2_6C9F4B00 CryptAcquireContextA,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext, 3_2_6C9F4B00
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: -----BEGIN PUBLIC KEY----- 1_2_00FA52D0
Source: EDownloader.exe Binary or memory string: -----BEGIN PUBLIC KEY-----
Contains functionality to create an SMB header
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: mov dword ptr [esi+04h], 424D53FFh 1_2_00FB12F0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: mov dword ptr [esi+04h], 424D53FFh 2_2_6E2946B0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: mov dword ptr [esi+04h], 424D53FFh 3_2_6C9D46B0
Uses 32bit PE files
Source: drw_free_installer.17163939163819b153.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: drw_free_installer.17163939163819b153.exe Static PE information: certificate valid
Source: drw_free_installer.17163939163819b153.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: F:\testProject\AliyunLog\Code\UserInfoCollect\Release\AliyunWrapExe.pdb source: AliyunWrapExe.exe, 00000004.00000002.2889436492.0000000000A43000.00000002.00000001.01000000.00000009.sdmp, AliyunWrapExe.exe, 00000004.00000000.1671805830.0000000000A43000.00000002.00000001.01000000.00000009.sdmp, AliyunWrapExe.exe.0.dr
Source: Binary string: F:\testProject\AliyunLog\Code\UserInfoCollect\Release\InfoForSetup.pdb source: drw_free_installer.17163939163819b153.exe, 00000000.00000002.1643073592.000000000040A000.00000004.00000001.01000000.00000003.sdmp, InfoForSetup.exe, 00000002.00000002.1651145686.000000000034A000.00000002.00000001.01000000.00000006.sdmp, InfoForSetup.exe, 00000002.00000000.1647040740.000000000034A000.00000002.00000001.01000000.00000006.sdmp, InfoForSetup.exe, 00000003.00000002.1672647252.000000000034A000.00000002.00000001.01000000.00000006.sdmp, InfoForSetup.exe, 00000003.00000000.1668051537.000000000034A000.00000002.00000001.01000000.00000006.sdmp, InfoForSetup.exe.0.dr
Source: Binary string: D:\downloader2.0_drw\main\EDownloader\Release\EDownloader.pdb source: EDownloader.exe, 00000001.00000002.2890154973.0000000001006000.00000002.00000001.01000000.00000004.sdmp, EDownloader.exe, 00000001.00000000.1642539347.0000000001006000.00000002.00000001.01000000.00000004.sdmp, EDownloader.exe.0.dr
Source: Binary string: F:\testProject\AliyunLog\Code\UserInfoCollect\Release\AliyunWrap.pdbP% source: InfoForSetup.exe, 00000003.00000002.1675072188.000000006CA13000.00000002.00000001.01000000.00000007.sdmp, AliyunWrapExe.exe, 00000004.00000002.2890588150.000000006CA13000.00000002.00000001.01000000.00000007.sdmp, AliyunWrap.dll.0.dr
Source: Binary string: F:\testProject\AliyunLog\Code\UserInfoCollect\Release\AliyunWrap.pdbP%.n source: InfoForSetup.exe, 00000002.00000002.1653255235.000000006E2D3000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: F:\testProject\AliyunLog\Code\UserInfoCollect\Release\AliyunWrap.pdb source: InfoForSetup.exe, 00000002.00000002.1653255235.000000006E2D3000.00000002.00000001.01000000.00000007.sdmp, InfoForSetup.exe, 00000003.00000002.1675072188.000000006CA13000.00000002.00000001.01000000.00000007.sdmp, AliyunWrapExe.exe, 00000004.00000002.2890588150.000000006CA13000.00000002.00000001.01000000.00000007.sdmp, AliyunWrap.dll.0.dr
Source: Binary string: F:\testProject\AliyunLog\Code\UserInfoCollect\Release\InfoForSetup.pdbT source: drw_free_installer.17163939163819b153.exe, 00000000.00000002.1643073592.000000000040A000.00000004.00000001.01000000.00000003.sdmp, InfoForSetup.exe, 00000002.00000002.1651145686.000000000034A000.00000002.00000001.01000000.00000006.sdmp, InfoForSetup.exe, 00000002.00000000.1647040740.000000000034A000.00000002.00000001.01000000.00000006.sdmp, InfoForSetup.exe, 00000003.00000002.1672647252.000000000034A000.00000002.00000001.01000000.00000006.sdmp, InfoForSetup.exe, 00000003.00000000.1668051537.000000000034A000.00000002.00000001.01000000.00000006.sdmp, InfoForSetup.exe.0.dr
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe Code function: 0_2_004065FD FindFirstFileW,FindClose, 0_2_004065FD
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe Code function: 0_2_00402868 FindFirstFileW, 0_2_00402868
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe Code function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, 0_2_004059CC
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00FE0C2E __getdrive,FindFirstFileA,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose, 1_2_00FE0C2E
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E2BCD5B __getdrive,FindFirstFileA,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose, 2_2_6E2BCD5B
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 3_2_6C9FCD5B __getdrive,FindFirstFileA,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose, 3_2_6C9FCD5B
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe File opened: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\COMCTL32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe File opened: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe File opened: C:\Windows\SysWOW64\KERNELBASE.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe File opened: C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.2006_none_d94bc80de1097097 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe File opened: C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.2006_none_d94bc80de1097097\gdiplus.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe File opened: C:\Windows\SysWOW64\KERNEL32.DLL Jump to behavior
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: GET /product/index.php?c=main&a=getstatus&pid=2 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: track.easeus.comConnection: Keep-Alive
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00FAE0C0 recv, 1_2_00FAE0C0
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 22 May 2024 16:07:00 GMTContent-Type: text/html; charset=UTF-8Content-Length: 21Connection: keep-aliveServer: ApacheContent-Encoding: gzipX-Via: 1.1 luoshan65:1 (Cdn Cache Server V2.0), 1.1 fra13:1 (Cdn Cache Server V2.0)X-Ws-Request-Id: 664e1822_kf98_16929-13800Data Raw: 1f 8b 08 00 00 00 00 00 00 03 33 00 00 21 df db f4 01 00 00 00 Data Ascii: 3!
Source: global traffic HTTP traffic detected: GET /product/index.php?c=main&a=getstatus&pid=2 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: track.easeus.comConnection: Keep-Alive
Source: global traffic DNS traffic detected: DNS query: track.easeus.com
Source: global traffic DNS traffic detected: DNS query: easeusinfo.us-east-1.log.aliyuncs.com
Source: unknown HTTP traffic detected: POST /logstores/logstore_drw_ip/shards/lb HTTP/1.1Host:easeusinfo.us-east-1.log.aliyuncs.comUser-Agent: log-c-lite_0.1.0Accept: */*Content-Type:application/x-protobufx-log-apiversion:0.6.0x-log-compresstype:lz4x-log-signaturemethod:hmac-sha1Date:Wed, 22 May 2024 16:06:59 GMTContent-MD5:A1955387E255B9FDEE28F34DF281DDF5Content-Length:248x-log-bodyrawsize:255Authorization:LOG LTAIBDHwLKKvsH19:wEJEW14HDW8fOSJPTmTMg59xCU0=Data Raw: f7 44 0a b7 01 08 a3 b0 b8 b2 06 12 17 0a 09 54 69 6d 65 73 74 61 6d 70 12 0a 31 37 31 36 33 39 34 30 31 35 12 17 0a 06 57 69 6e 64 6f 77 12 0d 57 65 62 5f 49 6e 73 74 61 6c 6c 65 72 12 20 0a 08 41 63 74 69 76 69 74 79 12 14 52 65 73 75 6c 74 5f 52 75 6e 22 00 f2 22 5b 0a 09 41 74 74 72 69 62 75 74 65 12 4e 7b 22 43 6f 75 6e 74 72 79 22 3a 22 53 77 69 74 7a 65 72 6c 61 6e 64 22 2c 22 50 61 67 65 69 64 22 3a 22 77 00 f0 00 33 39 31 36 33 38 31 39 62 31 35 33 22 2c 22 97 00 f0 48 7a 6f 6e 65 22 3a 22 47 4d 54 2d 30 35 3a 30 30 22 7d 1a 2e 53 2d 31 2d 35 2d 32 31 2d 32 32 34 36 31 32 32 36 35 38 2d 33 36 39 33 34 30 35 31 31 37 2d 32 34 37 36 37 35 36 36 33 34 2d 31 30 30 32 32 13 0a 0c 50 72 6f 64 75 63 74 00 62 61 64 20 12 03 64 72 77 Data Ascii: DTimestamp1716394015WindowWeb_Installer ActivityResult_Run""[AttributeN{"Country":"Switzerland","Pageid":"w39163819b153","Hzone":"GMT-05:00"}.S-1-5-21-2246122658-3693405117-2476756634-10022Productbad drw
Source: InfoForSetup.exe, 00000002.00000002.1653255235.000000006E2D3000.00000002.00000001.01000000.00000007.sdmp, InfoForSetup.exe, 00000003.00000002.1675072188.000000006CA13000.00000002.00000001.01000000.00000007.sdmp, AliyunWrapExe.exe, 00000004.00000002.2890588150.000000006CA13000.00000002.00000001.01000000.00000007.sdmp, AliyunWrap.dll.0.dr String found in binary or memory: http://./logstores//shards/lbContent-Type:application/x-protobufx-log-apiversion:0.6.0x-log-compress
Source: InitConfigure.ini.0.dr String found in binary or memory: http://baidu.com
Source: EDownloader.exe, 00000001.00000002.2889462577.0000000000666000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://baidu.com7
Source: EDownloader.exe, 00000001.00000003.1670012501.00000000024BE000.00000004.00000020.00020000.00000000.sdmp, EDownloader.exe, 00000001.00000003.1670232846.00000000024BA000.00000004.00000020.00020000.00000000.sdmp, EDownloader.exe, 00000001.00000003.1670305223.00000000024BB000.00000004.00000020.00020000.00000000.sdmp, EDownloader.exe, 00000001.00000003.1704847679.00000000024BB000.00000004.00000020.00020000.00000000.sdmp, EDownloader.exe, 00000001.00000003.1704792281.00000000024BA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://baidu.comJ
Source: EDownloader.exe, 00000001.00000002.2889462577.0000000000666000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://baidu.comq
Source: drw_free_installer.17163939163819b153.exe, AliyunWrap.dll.0.dr, EDownloader.exe.0.dr, AliyunWrapExe.exe.0.dr, InfoForSetup.exe.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: drw_free_installer.17163939163819b153.exe, AliyunWrap.dll.0.dr, EDownloader.exe.0.dr, AliyunWrapExe.exe.0.dr, InfoForSetup.exe.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: drw_free_installer.17163939163819b153.exe, AliyunWrap.dll.0.dr, EDownloader.exe.0.dr, AliyunWrapExe.exe.0.dr, InfoForSetup.exe.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: drw_free_installer.17163939163819b153.exe, AliyunWrap.dll.0.dr, EDownloader.exe.0.dr, AliyunWrapExe.exe.0.dr, InfoForSetup.exe.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: drw_free_installer.17163939163819b153.exe, AliyunWrap.dll.0.dr, EDownloader.exe.0.dr, AliyunWrapExe.exe.0.dr, InfoForSetup.exe.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: drw_free_installer.17163939163819b153.exe, AliyunWrap.dll.0.dr, EDownloader.exe.0.dr, AliyunWrapExe.exe.0.dr, InfoForSetup.exe.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: drw_free_installer.17163939163819b153.exe, AliyunWrap.dll.0.dr, EDownloader.exe.0.dr, AliyunWrapExe.exe.0.dr, InfoForSetup.exe.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: InfoForSetup.exe.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: drw_free_installer.17163939163819b153.exe, AliyunWrap.dll.0.dr, EDownloader.exe.0.dr, AliyunWrapExe.exe.0.dr, InfoForSetup.exe.0.dr String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: InitConfigure.ini.0.dr String found in binary or memory: http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/
Source: EDownloader.exe, 00000001.00000003.1643557910.0000000002460000.00000004.00000800.00020000.00000000.sdmp, EDownloader.exe, 00000001.00000002.2889462577.0000000000666000.00000004.00000020.00020000.00000000.sdmp, InitConfigure.ini.0.dr String found in binary or memory: http://download2.easeus.com/api2/index.php/Apicp/Drwdl202004/index/
Source: EDownloader.exe, 00000001.00000003.1643557910.0000000002460000.00000004.00000800.00020000.00000000.sdmp, EDownloader.exe, 00000001.00000002.2889462577.0000000000666000.00000004.00000020.00020000.00000000.sdmp, InitConfigure.ini.0.dr String found in binary or memory: http://download3.easeus.com/api2/index.php/Apicp/Drwdl202004/index/
Source: EDownloader.exe, 00000001.00000003.1643557910.0000000002460000.00000004.00000800.00020000.00000000.sdmp, InitConfigure.ini.0.dr String found in binary or memory: http://download3.easeus.com/drw/drw16.2.0.0_ad_google_trial_x.exe
Source: EDownloader.exe, 00000001.00000002.2889462577.0000000000666000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://download3.easeus.com/drw/drw16.2.0.0_ad_google_trial_x.exe9
Source: EDownloader.exe, 00000001.00000003.1643557910.0000000002460000.00000004.00000800.00020000.00000000.sdmp, EDownloader.exe, 00000001.00000002.2889462577.0000000000666000.00000004.00000020.00020000.00000000.sdmp, InitConfigure.ini.0.dr String found in binary or memory: http://download3.easeus.com/drw/drw16.2.0.0_free_x.exe
Source: EDownloader.exe, 00000001.00000003.1643557910.0000000002460000.00000004.00000800.00020000.00000000.sdmp, EDownloader.exe, 00000001.00000002.2889462577.0000000000666000.00000004.00000020.00020000.00000000.sdmp, InitConfigure.ini.0.dr String found in binary or memory: http://download3.easeus.com/drw/drw16.2.0.0_trial_x.exe
Source: AliyunWrapExe.exe, 00000004.00000002.2889967549.0000000001600000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://easeusinfo.us-east-1.log.aliyuncs.com/logstores/logstore_drw_ip/shards/lb
Source: AliyunWrapExe.exe, 00000004.00000002.2889967549.0000000001600000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://easeusinfo.us-east-1.log.aliyuncs.com/logstores/logstore_drw_ip/shards/lb76756634-1002
Source: drw_free_installer.17163939163819b153.exe String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: drw_free_installer.17163939163819b153.exe, AliyunWrap.dll.0.dr, EDownloader.exe.0.dr, AliyunWrapExe.exe.0.dr, InfoForSetup.exe.0.dr String found in binary or memory: http://ocsp.digicert.com0
Source: drw_free_installer.17163939163819b153.exe, AliyunWrap.dll.0.dr, EDownloader.exe.0.dr, AliyunWrapExe.exe.0.dr, InfoForSetup.exe.0.dr String found in binary or memory: http://ocsp.digicert.com0A
Source: drw_free_installer.17163939163819b153.exe, AliyunWrap.dll.0.dr, EDownloader.exe.0.dr, AliyunWrapExe.exe.0.dr, InfoForSetup.exe.0.dr String found in binary or memory: http://ocsp.digicert.com0C
Source: drw_free_installer.17163939163819b153.exe, AliyunWrap.dll.0.dr, EDownloader.exe.0.dr, AliyunWrapExe.exe.0.dr, InfoForSetup.exe.0.dr String found in binary or memory: http://ocsp.digicert.com0X
Source: EDownloader.exe, 00000001.00000003.1643557910.0000000002460000.00000004.00000800.00020000.00000000.sdmp, EDownloader.exe, 00000001.00000002.2889462577.0000000000666000.00000004.00000020.00020000.00000000.sdmp, InitConfigure.ini.0.dr String found in binary or memory: http://track.easeus.com/product/index.php/?a=statistics&p_type=m_drw_user_action_table
Source: EDownloader.exe, 00000001.00000003.1643557910.0000000002460000.00000004.00000800.00020000.00000000.sdmp, InitConfigure.ini.0.dr String found in binary or memory: http://track.easeus.com/product/index.php/?a=statistics&p_type=m_drw_user_base_infos
Source: EDownloader.exe, 00000001.00000002.2889462577.0000000000666000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://track.easeus.com/product/index.php/?a=statistics&p_type=m_drw_user_base_infosfP
Source: AliyunWrapExe.exe, 00000004.00000002.2889749147.000000000129A000.00000004.00000020.00020000.00000000.sdmp, AliyunWrapExe.exe, 00000004.00000002.2889749147.000000000124E000.00000004.00000020.00020000.00000000.sdmp, AliyunConfig.ini.0.dr String found in binary or memory: http://track.easeus.com/product/index.php?c=main&a=getstatus&pid=2
Source: AliyunWrapExe.exe, 00000004.00000002.2889749147.000000000129A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://track.easeus.com/product/index.php?c=main&a=getstatus&pid=23
Source: AliyunWrapExe.exe, 00000004.00000002.2889749147.000000000129A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://track.easeus.com/product/index.php?c=main&a=getstatus&pid=27
Source: AliyunWrapExe.exe, 00000004.00000002.2889749147.000000000124E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://track.easeus.com/product/index.php?c=main&a=getstatus&pid=2C:
Source: AliyunWrapExe.exe, 00000004.00000002.2889749147.000000000129A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://track.easeus.com/product/index.php?c=main&a=getstatus&pid=2K
Source: drw_free_installer.17163939163819b153.exe, AliyunWrap.dll.0.dr, EDownloader.exe.0.dr, AliyunWrapExe.exe.0.dr, InfoForSetup.exe.0.dr String found in binary or memory: http://www.digicert.com/CPS0
Source: EDownloader.exe, 00000001.00000003.1643557910.0000000002460000.00000004.00000800.00020000.00000000.sdmp, EDownloader.exe, 00000001.00000002.2889462577.0000000000666000.00000004.00000020.00020000.00000000.sdmp, InitConfigure.ini.0.dr String found in binary or memory: http://yiwo.easeus.com/
Source: EDownloader.exe, 00000001.00000003.1643557910.0000000002460000.00000004.00000800.00020000.00000000.sdmp, EDownloader.exe, 00000001.00000002.2889462577.0000000000666000.00000004.00000020.00020000.00000000.sdmp, InitConfigure.ini.0.dr String found in binary or memory: http://yiwo.easeus.com/api/index.php/Home/index/licenseAgreement?lang=
Source: InfoForSetup.exe, InfoForSetup.exe, 00000003.00000002.1675072188.000000006CA13000.00000002.00000001.01000000.00000007.sdmp, AliyunWrapExe.exe, 00000004.00000002.2890588150.000000006CA13000.00000002.00000001.01000000.00000007.sdmp, AliyunWrap.dll.0.dr, EDownloader.exe.0.dr String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: InfoForSetup.exe String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html#
Source: EDownloader.exe, 00000001.00000003.1643557910.0000000002460000.00000004.00000800.00020000.00000000.sdmp, InitConfigure.ini.0.dr String found in binary or memory: https://download.easeus.com/free/drw_free.exe
Source: EDownloader.exe, 00000001.00000002.2889462577.0000000000666000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://download.easeus.com/free/drw_free.exeni
Source: EDownloader.exe, 00000001.00000003.1643557910.0000000002460000.00000004.00000800.00020000.00000000.sdmp, EDownloader.exe, 00000001.00000002.2889462577.0000000000666000.00000004.00000020.00020000.00000000.sdmp, InitConfigure.ini.0.dr String found in binary or memory: https://download.easeus.com/trial/drw_trial.exe
Source: AliyunWrapExe.exe, 00000004.00000002.2889749147.000000000129A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com
Source: EDownloader.exe, 00000001.00000003.1643557910.0000000002460000.00000004.00000800.00020000.00000000.sdmp, EDownloader.exe, 00000001.00000002.2889462577.0000000000666000.00000004.00000020.00020000.00000000.sdmp, InitConfigure.ini.0.dr String found in binary or memory: https://update.easeus.com/update/drw_eng/drw.ini
Source: EDownloader.exe.0.dr String found in binary or memory: https://www.baidu.com/
Source: EDownloader.exe, 00000001.00000003.1643557910.0000000002460000.00000004.00000800.00020000.00000000.sdmp, InitConfigure.ini.0.dr String found in binary or memory: https://www.easeus.com/datarecoverywizard/history.php?lang=
Source: EDownloader.exe, 00000001.00000002.2889462577.0000000000666000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.easeus.com/datarecoverywizard/history.php?lang=inst
Source: EDownloader.exe, 00000001.00000003.1643557910.0000000002460000.00000004.00000800.00020000.00000000.sdmp, EDownloader.exe, 00000001.00000002.2889462577.0000000000666000.00000004.00000020.00020000.00000000.sdmp, InitConfigure.ini.0.dr String found in binary or memory: https://www.easeus.com/download-offline.html
Source: EDownloader.exe, 00000001.00000003.1643557910.0000000002460000.00000004.00000800.00020000.00000000.sdmp, InitConfigure.ini.0.dr String found in binary or memory: https://www.easeus.com/privacy.htm?lang=
Source: EDownloader.exe, 00000001.00000002.2889462577.0000000000666000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.easeus.com/privacy.htm?lang=/histor
Source: EDownloader.exe, EDownloader.exe, 00000001.00000002.2890154973.0000000001006000.00000002.00000001.01000000.00000004.sdmp, EDownloader.exe, 00000001.00000000.1642539347.0000000001006000.00000002.00000001.01000000.00000004.sdmp, EDownloader.exe.0.dr String found in binary or memory: https://www.google.com/
Source: EDownloader.exe, 00000001.00000002.2890154973.0000000001006000.00000002.00000001.01000000.00000004.sdmp, EDownloader.exe, 00000001.00000000.1642539347.0000000001006000.00000002.00000001.01000000.00000004.sdmp, EDownloader.exe.0.dr String found in binary or memory: https://www.google.com/https://www.baidu.com/GMT
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe Code function: 0_2_00405461 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard, 0_2_00405461
Potential key logger detected (key state polling based)
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F4AB50 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState, 1_2_00F4AB50
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00FD3A40 CryptAcquireContextW,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext, 1_2_00FD3A40
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E2B4B00 CryptAcquireContextA,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext, 2_2_6E2B4B00
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 3_2_6C9F4B00 CryptAcquireContextA,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext, 3_2_6C9F4B00
Contains functionality to launch a process as a different user
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E2792B0 SetEvent,CloseHandle,_memset,_memset,_memset,GetCurrentProcess,OpenProcessToken,CreateProcessAsUserW,CloseHandle,CreateProcessW,CloseHandle,CloseHandle, 2_2_6E2792B0
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe Code function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_0040338F
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F26110 ExitWindowsEx, 1_2_00F26110
Detected potential crypto function
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe Code function: 0_2_00406B15 0_2_00406B15
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe Code function: 0_2_004072EC 0_2_004072EC
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe Code function: 0_2_00404C9E 0_2_00404C9E
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F701B0 1_2_00F701B0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F742A0 1_2_00F742A0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F4C22B 1_2_00F4C22B
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F90320 1_2_00F90320
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F52450 1_2_00F52450
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F91220 1_2_00F91220
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F396C0 1_2_00F396C0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F8E060 1_2_00F8E060
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F141F0 1_2_00F141F0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F642D0 1_2_00F642D0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F18260 1_2_00F18260
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F42240 1_2_00F42240
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F3E3E0 1_2_00F3E3E0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F16390 1_2_00F16390
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00FF84E1 1_2_00FF84E1
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F38470 1_2_00F38470
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00FF6426 1_2_00FF6426
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00FEC40D 1_2_00FEC40D
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F6A5B0 1_2_00F6A5B0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F246C0 1_2_00F246C0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F206A0 1_2_00F206A0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F6E7A0 1_2_00F6E7A0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F1C780 1_2_00F1C780
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F3C710 1_2_00F3C710
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F2C820 1_2_00F2C820
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00FFA829 1_2_00FFA829
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F3E9F0 1_2_00F3E9F0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F929E0 1_2_00F929E0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00FEE909 1_2_00FEE909
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F16AA0 1_2_00F16AA0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F40A80 1_2_00F40A80
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00FF8BD9 1_2_00FF8BD9
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F6EB60 1_2_00F6EB60
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F30CA0 1_2_00F30CA0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00FE4E73 1_2_00FE4E73
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F26F50 1_2_00F26F50
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00FCEF40 1_2_00FCEF40
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F7507C 1_2_00F7507C
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F8D050 1_2_00F8D050
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00FA1150 1_2_00FA1150
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F23110 1_2_00F23110
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F6D2E0 1_2_00F6D2E0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F3B2B0 1_2_00F3B2B0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00FEF284 1_2_00FEF284
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F7D3E0 1_2_00F7D3E0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F39330 1_2_00F39330
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00FD9320 1_2_00FD9320
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00FDB4D0 1_2_00FDB4D0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F2F460 1_2_00F2F460
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F2D590 1_2_00F2D590
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F83590 1_2_00F83590
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F11500 1_2_00F11500
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F436B0 1_2_00F436B0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F93670 1_2_00F93670
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F8D880 1_2_00F8D880
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F3B860 1_2_00F3B860
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F33810 1_2_00F33810
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F3D9B0 1_2_00F3D9B0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00FF599E 1_2_00FF599E
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F45930 1_2_00F45930
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00FFBAE2 1_2_00FFBAE2
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F8FAC0 1_2_00F8FAC0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F17A50 1_2_00F17A50
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F55A20 1_2_00F55A20
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F51B60 1_2_00F51B60
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F3FC80 1_2_00F3FC80
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F73C80 1_2_00F73C80
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F37C40 1_2_00F37C40
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F11D30 1_2_00F11D30
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F91D10 1_2_00F91D10
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F3DEF0 1_2_00F3DEF0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00FF5EE2 1_2_00FF5EE2
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F23EA0 1_2_00F23EA0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F4BE70 1_2_00F4BE70
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F7DE50 1_2_00F7DE50
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_003457A7 2_2_003457A7
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E277FF0 2_2_6E277FF0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E2A6D40 2_2_6E2A6D40
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E2B9DBC 2_2_6E2B9DBC
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E2D0DFD 2_2_6E2D0DFD
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E2BDB10 2_2_6E2BDB10
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E278B90 2_2_6E278B90
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E2D08B9 2_2_6E2D08B9
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E2AC8C0 2_2_6E2AC8C0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E2B69F0 2_2_6E2B69F0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E2D14F5 2_2_6E2D14F5
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E2AF530 2_2_6E2AF530
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E2C6566 2_2_6E2C6566
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E2D2561 2_2_6E2D2561
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E2A7210 2_2_6E2A7210
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E281270 2_2_6E281270
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E2D0375 2_2_6E2D0375
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E2C4383 2_2_6E2C4383
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E2C3390 2_2_6E2C3390
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E276070 2_2_6E276070
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E2770E0 2_2_6E2770E0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E2B8100 2_2_6E2B8100
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 3_2_6C9F9DBC 3_2_6C9F9DBC
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 3_2_6CA10DFD 3_2_6CA10DFD
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 3_2_6C9E6D40 3_2_6C9E6D40
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 3_2_6C9B7FF0 3_2_6C9B7FF0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 3_2_6CA108B9 3_2_6CA108B9
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 3_2_6C9EC8C0 3_2_6C9EC8C0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 3_2_6C9F69F0 3_2_6C9F69F0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 3_2_6C9B8B90 3_2_6C9B8B90
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 3_2_6C9FDB10 3_2_6C9FDB10
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 3_2_6CA114F5 3_2_6CA114F5
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 3_2_6C9EF530 3_2_6C9EF530
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 3_2_6CA12561 3_2_6CA12561
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 3_2_6CA06566 3_2_6CA06566
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 3_2_6C9B70E0 3_2_6C9B70E0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 3_2_6C9B6070 3_2_6C9B6070
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 3_2_6C9F8100 3_2_6C9F8100
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 3_2_6C9E7210 3_2_6C9E7210
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 3_2_6C9C1270 3_2_6C9C1270
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 3_2_6CA04383 3_2_6CA04383
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 3_2_6CA03390 3_2_6CA03390
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 3_2_6CA10375 3_2_6CA10375
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Code function: 4_2_00A3DA69 4_2_00A3DA69
Found potential string decryption / allocating functions
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: String function: 6C9C9940 appears 197 times
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: String function: 6C9C8F00 appears 44 times
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: String function: 6E289A20 appears 219 times
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: String function: 6C9F3910 appears 37 times
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: String function: 6C9C9A20 appears 221 times
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: String function: 6E288F00 appears 44 times
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: String function: 6E2B3910 appears 37 times
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: String function: 6E289940 appears 197 times
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: String function: 6E2BFB78 appears 57 times
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: String function: 6E289060 appears 32 times
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: String function: 6C9FFB78 appears 57 times
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: String function: 6C9C9060 appears 32 times
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: String function: 00F12580 appears 151 times
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: String function: 00FA8030 appears 237 times
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: String function: 00FE543C appears 66 times
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: String function: 00F12120 appears 169 times
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: String function: 00F1BB00 appears 253 times
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: String function: 00FA7FA0 appears 188 times
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: String function: 00F18860 appears 40 times
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: String function: 00F96A40 appears 56 times
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: String function: 00FDC8E3 appears 56 times
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Code function: String function: 00A3A544 appears 33 times
Uses 32bit PE files
Source: drw_free_installer.17163939163819b153.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engine Classification label: sus23.winEXE@9/35@2/2
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00FD0610 GetLastError,_strerror,_strncpy,FormatMessageA,_strrchr,_strrchr,GetLastError,SetLastError, 1_2_00FD0610
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe Code function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_0040338F
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F16280 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges, 1_2_00F16280
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe Code function: 0_2_00404722 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW, 0_2_00404722
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F45480 CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,Process32NextW,CloseHandle, 1_2_00F45480
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe Code function: 0_2_00402104 CoCreateInstance, 0_2_00402104
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F71690 CreateFileW,GetFileSize,ReadFile,CloseHandle,FindResourceW,LoadResource,FreeResource,SizeofResource,LockResource,FreeResource,CreateFileW,GetFileSize,ReadFile,CloseHandle,_memset,CreateDIBSection,CharNextW,__wcstoui64, 1_2_00F71690
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\index[1].htm Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Mutant created: \Sessions\1\BaseNamedObjects\DRW_Installer
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Mutant created: NULL
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Mutant created: \Sessions\1\BaseNamedObjects\Global\C$$USERS$user$APPDATA$LOCAL$TEMP$DOWNLOADER_EASEUS$2.0.0$2FREE$ALIYUN$ALIYUNCONFIG.INI
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Mutant created: \Sessions\1\BaseNamedObjects\Global\C$$USERS$user$APPDATA$LOCAL$TEMP$DOWNLOADER_EASEUS$2.0.0$2FREE$ALIYUN$DATAFILE.INI
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe File created: C:\Users\user\AppData\Local\Temp\nstF03.tmp Jump to behavior
Source: drw_free_installer.17163939163819b153.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: drw_free_installer.17163939163819b153.exe String found in binary or memory: resource/install_bg_1.png
Source: drw_free_installer.17163939163819b153.exe String found in binary or memory: resource/install_bg_3.png
Source: drw_free_installer.17163939163819b153.exe String found in binary or memory: resource/install_bg_4.png
Source: drw_free_installer.17163939163819b153.exe String found in binary or memory: resource/install_bg_5.png
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe File read: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe "C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe"
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe Process created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe "C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe" EXEDIR=C:\Users\user\Desktop ||| EXENAME=drw_free_installer.17163939163819b153.exe ||| DOWNLOAD_VERSION=free ||| PRODUCT_VERSION=2.0.0 ||| INSTALL_TYPE=0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Process created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /Uid "S-1-5-21-2246122658-3693405117-2476756634-1002"
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Process created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /SendInfo Window "Web_Installer" Activity "Result_Run_Installer" Attribute "{\"Country\":\"Switzerland\",\"Pageid\":\"17163939163819b153\",\"Timezone\":\"GMT-05:00\"}"
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Process created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.Exe
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe Process created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe "C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe" EXEDIR=C:\Users\user\Desktop ||| EXENAME=drw_free_installer.17163939163819b153.exe ||| DOWNLOAD_VERSION=free ||| PRODUCT_VERSION=2.0.0 ||| INSTALL_TYPE=0 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Process created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /Uid "S-1-5-21-2246122658-3693405117-2476756634-1002" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Process created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /SendInfo Window "Web_Installer" Activity "Result_Run_Installer" Attribute "{\"Country\":\"Switzerland\",\"Pageid\":\"17163939163819b153\",\"Timezone\":\"GMT-05:00\"}" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Process created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.Exe Jump to behavior
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Section loaded: ieframe.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Section loaded: msftedit.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Section loaded: windows.globalization.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Section loaded: bcp47mrm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Section loaded: globinputhost.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Section loaded: windows.ui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Section loaded: inputhost.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Section loaded: aliyunwrap.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 Jump to behavior
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe File written: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Korean.ini Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe File opened: C:\Windows\SysWOW64\msftedit.dll Jump to behavior
Source: drw_free_installer.17163939163819b153.exe Static PE information: certificate valid
Source: drw_free_installer.17163939163819b153.exe Static file information: File size 2654624 > 1048576
Source: drw_free_installer.17163939163819b153.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: F:\testProject\AliyunLog\Code\UserInfoCollect\Release\AliyunWrapExe.pdb source: AliyunWrapExe.exe, 00000004.00000002.2889436492.0000000000A43000.00000002.00000001.01000000.00000009.sdmp, AliyunWrapExe.exe, 00000004.00000000.1671805830.0000000000A43000.00000002.00000001.01000000.00000009.sdmp, AliyunWrapExe.exe.0.dr
Source: Binary string: F:\testProject\AliyunLog\Code\UserInfoCollect\Release\InfoForSetup.pdb source: drw_free_installer.17163939163819b153.exe, 00000000.00000002.1643073592.000000000040A000.00000004.00000001.01000000.00000003.sdmp, InfoForSetup.exe, 00000002.00000002.1651145686.000000000034A000.00000002.00000001.01000000.00000006.sdmp, InfoForSetup.exe, 00000002.00000000.1647040740.000000000034A000.00000002.00000001.01000000.00000006.sdmp, InfoForSetup.exe, 00000003.00000002.1672647252.000000000034A000.00000002.00000001.01000000.00000006.sdmp, InfoForSetup.exe, 00000003.00000000.1668051537.000000000034A000.00000002.00000001.01000000.00000006.sdmp, InfoForSetup.exe.0.dr
Source: Binary string: D:\downloader2.0_drw\main\EDownloader\Release\EDownloader.pdb source: EDownloader.exe, 00000001.00000002.2890154973.0000000001006000.00000002.00000001.01000000.00000004.sdmp, EDownloader.exe, 00000001.00000000.1642539347.0000000001006000.00000002.00000001.01000000.00000004.sdmp, EDownloader.exe.0.dr
Source: Binary string: F:\testProject\AliyunLog\Code\UserInfoCollect\Release\AliyunWrap.pdbP% source: InfoForSetup.exe, 00000003.00000002.1675072188.000000006CA13000.00000002.00000001.01000000.00000007.sdmp, AliyunWrapExe.exe, 00000004.00000002.2890588150.000000006CA13000.00000002.00000001.01000000.00000007.sdmp, AliyunWrap.dll.0.dr
Source: Binary string: F:\testProject\AliyunLog\Code\UserInfoCollect\Release\AliyunWrap.pdbP%.n source: InfoForSetup.exe, 00000002.00000002.1653255235.000000006E2D3000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: F:\testProject\AliyunLog\Code\UserInfoCollect\Release\AliyunWrap.pdb source: InfoForSetup.exe, 00000002.00000002.1653255235.000000006E2D3000.00000002.00000001.01000000.00000007.sdmp, InfoForSetup.exe, 00000003.00000002.1675072188.000000006CA13000.00000002.00000001.01000000.00000007.sdmp, AliyunWrapExe.exe, 00000004.00000002.2890588150.000000006CA13000.00000002.00000001.01000000.00000007.sdmp, AliyunWrap.dll.0.dr
Source: Binary string: F:\testProject\AliyunLog\Code\UserInfoCollect\Release\InfoForSetup.pdbT source: drw_free_installer.17163939163819b153.exe, 00000000.00000002.1643073592.000000000040A000.00000004.00000001.01000000.00000003.sdmp, InfoForSetup.exe, 00000002.00000002.1651145686.000000000034A000.00000002.00000001.01000000.00000006.sdmp, InfoForSetup.exe, 00000002.00000000.1647040740.000000000034A000.00000002.00000001.01000000.00000006.sdmp, InfoForSetup.exe, 00000003.00000002.1672647252.000000000034A000.00000002.00000001.01000000.00000006.sdmp, InfoForSetup.exe, 00000003.00000000.1668051537.000000000034A000.00000002.00000001.01000000.00000006.sdmp, InfoForSetup.exe.0.dr
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F816C0 LoadLibraryW,GetProcAddress,CoCreateInstance, 1_2_00F816C0
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F7CAB6 push 8B000001h; iretd 1_2_00F7CABB
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00FE2BE6 push ecx; ret 1_2_00FE2BF9
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00FA52D0 push ecx; mov dword ptr [esp], 00000000h 1_2_00FA52D1
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00FE5481 push ecx; ret 1_2_00FE5494
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_003434AD push ecx; ret 2_2_003434C0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E2BFBBD push ecx; ret 2_2_6E2BFBD0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E2C0329 push ecx; ret 2_2_6E2C033C
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 3_2_6C9FFBBD push ecx; ret 3_2_6C9FFBD0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 3_2_6CA00329 push ecx; ret 3_2_6CA0033C
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Code function: 4_2_00A3A589 push ecx; ret 4_2_00A3A59C
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Code function: 4_2_00A38506 push ecx; ret 4_2_00A38519
Drops PE files
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe File created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrap.dll Jump to dropped file
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe File created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Jump to dropped file
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe File created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Jump to dropped file
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe File created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Jump to dropped file
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F14B80 IsIconic,GetWindowRect,OffsetRect,CreateRoundRectRgn,SetWindowRgn,DeleteObject, 1_2_00F14B80
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F14C60 IsIconic,CallWindowProcW, 1_2_00F14C60
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F54DE0 IsIconic,GetWindowRect,OffsetRect,CreateRoundRectRgn,SetWindowRgn,DeleteObject, 1_2_00F54DE0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F537C0 IsIconic, 1_2_00F537C0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F49760 GetWindowRect,GetParent,GetWindow,MonitorFromWindow,GetMonitorInfoW,IsIconic,GetWindowRect,SetWindowPos, 1_2_00F49760
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F53BB0 IsIconic,GetWindowRect,OffsetRect,CreateRoundRectRgn,SetWindowRgn,DeleteObject, 1_2_00F53BB0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F4BE70 IsIconic,ScreenToClient,SendMessageW,SendMessageW,IsRectEmpty,IsIconic,GetTickCount,SendMessageW,_TrackMouseEvent,GetTickCount,SendMessageW,SetFocus,GetTickCount,SetFocus,GetTickCount,GetTickCount,SetFocus,GetTickCount,ScreenToClient,GetTickCount,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,GetWindowRect,IsIconic,GetActiveWindow,PtInRect,SendMessageW,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,GetTickCount,_memset,CreateWindowExW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetClientRect,SaveDC,GetWindow,GetWindowRect,MapWindowPoints,SetWindowOrgEx,SendMessageW,GetWindow,RestoreDC, 1_2_00F4BE70
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F4BE70 IsIconic,ScreenToClient,SendMessageW,SendMessageW,IsRectEmpty,IsIconic,GetTickCount,SendMessageW,_TrackMouseEvent,GetTickCount,SendMessageW,SetFocus,GetTickCount,SetFocus,GetTickCount,GetTickCount,SetFocus,GetTickCount,ScreenToClient,GetTickCount,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,GetWindowRect,IsIconic,GetActiveWindow,PtInRect,SendMessageW,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,GetTickCount,_memset,CreateWindowExW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetClientRect,SaveDC,GetWindow,GetWindowRect,MapWindowPoints,SetWindowOrgEx,SendMessageW,GetWindow,RestoreDC, 1_2_00F4BE70
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F4BE70 IsIconic,ScreenToClient,SendMessageW,SendMessageW,IsRectEmpty,IsIconic,GetTickCount,SendMessageW,_TrackMouseEvent,GetTickCount,SendMessageW,SetFocus,GetTickCount,SetFocus,GetTickCount,GetTickCount,SetFocus,GetTickCount,ScreenToClient,GetTickCount,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,GetWindowRect,IsIconic,GetActiveWindow,PtInRect,SendMessageW,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,GetTickCount,_memset,CreateWindowExW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetClientRect,SaveDC,GetWindow,GetWindowRect,MapWindowPoints,SetWindowOrgEx,SendMessageW,GetWindow,RestoreDC, 1_2_00F4BE70
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_00341060 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 2_2_00341060
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Found evasive API chain (date check)
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Evasive API call chain: GetLocalTime,DecisionNodes
Found evasive API chain (may stop execution after checking a module file name)
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep
Found large amount of non-executed APIs
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe API coverage: 4.5 %
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe API coverage: 7.5 %
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe API coverage: 7.3 %
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe Code function: 0_2_004065FD FindFirstFileW,FindClose, 0_2_004065FD
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe Code function: 0_2_00402868 FindFirstFileW, 0_2_00402868
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe Code function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, 0_2_004059CC
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00FE0C2E __getdrive,FindFirstFileA,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose, 1_2_00FE0C2E
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E2BCD5B __getdrive,FindFirstFileA,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose, 2_2_6E2BCD5B
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 3_2_6C9FCD5B __getdrive,FindFirstFileA,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose, 3_2_6C9FCD5B
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F176C0 GetSystemInfo,GetVersionExW,LoadLibraryA,GetProcAddress,FreeLibrary, 1_2_00F176C0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe File opened: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\COMCTL32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe File opened: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe File opened: C:\Windows\SysWOW64\KERNELBASE.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe File opened: C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.2006_none_d94bc80de1097097 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe File opened: C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.2006_none_d94bc80de1097097\gdiplus.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe File opened: C:\Windows\SysWOW64\KERNEL32.DLL Jump to behavior
Source: AliyunWrapExe.exe, 00000004.00000002.2889749147.00000000012B5000.00000004.00000020.00020000.00000000.sdmp, AliyunWrapExe.exe, 00000004.00000002.2889749147.000000000124E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: InfoForSetup.exe, 00000002.00000002.1652984754.0000000000E2E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllk
Source: AliyunWrapExe.exe, 00000004.00000002.2889749147.000000000124E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWL
Source: InfoForSetup.exe, 00000003.00000002.1674237816.0000000001018000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe API call chain: ExitProcess graph end node
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00FDADFF IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 1_2_00FDADFF
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F816C0 LoadLibraryW,GetProcAddress,CoCreateInstance, 1_2_00F816C0
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00FF81D5 CreateFileA,__lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock, 1_2_00FF81D5
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00FDADFF IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 1_2_00FDADFF
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00FDAD69 _abort,__NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 1_2_00FDAD69
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00FE302D __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 1_2_00FE302D
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00FDB13F _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 1_2_00FDB13F
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_0034286C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 2_2_0034286C
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_00347AFE __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,RtlUnwind, 2_2_00347AFE
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_0034415B SetUnhandledExceptionFilter, 2_2_0034415B
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_00342186 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 2_2_00342186
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E2CFE05 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 2_2_6E2CFE05
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E2B8C52 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 2_2_6E2B8C52
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E2B90CA _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 2_2_6E2B90CA
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 3_2_6C9F8C52 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 3_2_6C9F8C52
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 3_2_6CA0FE05 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 3_2_6CA0FE05
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 3_2_6C9F90CA _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 3_2_6C9F90CA
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Code function: 4_2_00A374A2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 4_2_00A374A2
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Code function: 4_2_00A40886 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,RtlUnwind, 4_2_00A40886
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Code function: 4_2_00A39864 SetUnhandledExceptionFilter, 4_2_00A39864
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Code function: 4_2_00A37718 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 4_2_00A37718
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E2798D0 _memset,_memset,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateMutexW,GetLastError, 2_2_6E2798D0
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: GetTimeZoneInformation,_memset,GetLocaleInfoW, 1_2_00F396C0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage, 1_2_00FEC0B8
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA, 1_2_00FEC1E0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA, 1_2_00FEC179
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s, 1_2_00FEC21C
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: GetLocaleInfoA, 1_2_00FE43CC
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: _memset,GetLocaleInfoW, 1_2_00F3C710
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: GetLocaleInfoA, 1_2_00FF28C0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement, 1_2_00FE2BFA
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW, 1_2_00FE8B1D
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, 1_2_00FEAFA9
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: __time64,_memset,GetLocaleInfoW, 1_2_00F26F50
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement, 1_2_00FEB617
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement, 1_2_00FEB86F
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: GetLocaleInfoA,GetLocaleInfoA,GetACP, 1_2_00FEBCC3
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: __getptd,_LcidFromHexString,GetLocaleInfoA, 1_2_00FEBDDA
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage, 1_2_00FEBEE6
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen, 1_2_00FEBE72
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,GetLocaleInfoA, 1_2_00FF3E4F
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW, 1_2_00FF3E1B
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, 1_2_00FF3F8E
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: GetLocaleInfoA, 2_2_00347D4F
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: GetLocaleInfoA, 2_2_6E2CD8E6
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: GetLocaleInfoA, 3_2_6CA0D8E6
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe Code function: GetLocaleInfoA, 4_2_00A41874
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F96A40 CloseHandle,GetLocalTime,_memset,GetCurrentThreadId,__snprintf,_vswprintf_s,OutputDebugStringA, 1_2_00F96A40
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F15AA0 _memset,GetUserNameW,_memset,_memset,LookupAccountNameW,IsValidSid,GetSidIdentifierAuthority,swprintf,swprintf,GetSidSubAuthorityCount,GetSidSubAuthority,GetSidSubAuthority,swprintf, 1_2_00F15AA0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00F396C0 GetTimeZoneInformation,_memset,GetLocaleInfoW, 1_2_00F396C0
Source: C:\Users\user\Desktop\drw_free_installer.17163939163819b153.exe Code function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_0040338F
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00FBA1D0 _memset,__wcstoui64,__wcstoui64,getsockname,WSAGetLastError,_strncpy,WSAGetLastError,WSAGetLastError,htons,bind,WSAGetLastError,getsockname,WSAGetLastError,getsockname,WSAGetLastError,listen,WSAGetLastError,htons,htons, 1_2_00FBA1D0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00FAD810 _memset,_memset,_strncmp,_strncmp,htons,bind,bind,htons,bind,_memset,getsockname,WSAGetLastError,htons,WSAGetLastError, 1_2_00FAD810
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe Code function: 1_2_00FB5E30 bind,WSAGetLastError, 1_2_00FB5E30
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E28F680 _memset,_memset,_strncmp,_strncmp,htons,bind,htons,htons,bind,_memset,getsockname,WSAGetLastError,htons,htons,htons,WSAGetLastError, 2_2_6E28F680
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E29D420 _memset,_strncpy,__wcstoui64,__wcstoui64,_strncpy,getsockname,WSAGetLastError,WSAGetLastError,WSAGetLastError,WSAGetLastError,htons,bind,WSAGetLastError,getsockname,WSAGetLastError,getsockname,WSAGetLastError,listen,WSAGetLastError,htons,htons, 2_2_6E29D420
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 2_2_6E299280 bind,WSAGetLastError, 2_2_6E299280
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 3_2_6C9DD420 _memset,_strncpy,__wcstoui64,__wcstoui64,_strncpy,getsockname,WSAGetLastError,WSAGetLastError,WSAGetLastError,WSAGetLastError,htons,bind,WSAGetLastError,getsockname,WSAGetLastError,getsockname,WSAGetLastError,listen,WSAGetLastError,htons,htons, 3_2_6C9DD420
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 3_2_6C9CF680 _memset,_memset,_strncmp,_strncmp,htons,bind,htons,htons,bind,_memset,getsockname,WSAGetLastError,htons,htons,htons,WSAGetLastError, 3_2_6C9CF680
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe Code function: 3_2_6C9D9280 bind,WSAGetLastError, 3_2_6C9D9280
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1445894 Sample: drw_free_installer.17163939... Startdate: 22/05/2024 Architecture: WINDOWS Score: 23 29 track.easeus.com.whecloud.com 2->29 31 track.easeus.com 2->31 33 easeusinfo.us-east-1.log.aliyuncs.com 2->33 39 AI detected suspicious sample 2->39 9 drw_free_installer.17163939163819b153.exe 46 2->9         started        signatures3 process4 file5 21 C:\Users\user\AppData\...\InfoForSetup.exe, PE32 9->21 dropped 23 C:\Users\user\AppData\...\AliyunWrapExe.exe, PE32 9->23 dropped 25 C:\Users\user\AppData\...\AliyunWrap.dll, PE32 9->25 dropped 27 C:\Users\user\AppData\...Downloader.exe, PE32 9->27 dropped 12 EDownloader.exe 1 9->12         started        process6 process7 14 InfoForSetup.exe 1 12->14         started        16 InfoForSetup.exe 12->16         started        process8 18 AliyunWrapExe.exe 14 14->18         started        dnsIp9 35 track.easeus.com.whecloud.com 163.171.128.150, 49731, 80 QUANTILNETWORKSUS European Union 18->35 37 easeusinfo.us-east-1.log.aliyuncs.com 47.252.97.212, 49732, 80 CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC United States 18->37
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
47.252.97.212
 easeusinfo.us-east-1.log.aliyuncs.com United States
45102 CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC false
163.171.128.150
 track.easeus.com.whecloud.com European Union
54994 QUANTILNETWORKSUS false

Contacted Domains

Name IP Active
track.easeus.com.whecloud.com 163.171.128.150 true
easeusinfo.us-east-1.log.aliyuncs.com 47.252.97.212 true
track.easeus.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://track.easeus.com/product/index.php?c=main&a=getstatus&pid=2 false
  • Avira URL Cloud: safe
 unknown