File name:

JarveePro-Installer-cleaned.exe

Full analysis: https://app.any.run/tasks/687fed52-cc8b-439d-b915-d9c54b370fc1
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: December 26, 2023, 11:16:29
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5:

1600D2028B6D3D7312EE5A752EDC87F4

SHA1:

F9AFE9307920898B1B9901BBEE1F5E50C98ECD3E

SHA256:

40A6E2D9252FC2C5B9511D28207F19CA03F687E9F904BB24674A9201A0CDD071

SSDEEP:

24576:ChVoxcGU9/SeEGI7/iIH8ZcV031IFTHG9GKY256MGmI9WSqM5VCBU2MaY:Ch69KYaaCBU2

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads settings of System Certificates

      • JarveePro-Installer-cleaned.exe (PID: 2064)

    • Reads the Internet Settings

      • JarveePro-Installer-cleaned.exe (PID: 2064)
      • JarveePro.exe (PID: 2244)
      • FCore.exe (PID: 2328)

    • Process requests binary or script from the Internet

      • JarveePro-Installer-cleaned.exe (PID: 2064)

    • The process creates files with name similar to system file names

      • JarveePro-Installer-cleaned.exe (PID: 2064)

  • INFO

    • Reads the computer name

      • JarveePro-Installer-cleaned.exe (PID: 2064)
      • JarveePro.exe (PID: 2244)
      • FCore.exe (PID: 2328)

    • Checks supported languages

      • JarveePro-Installer-cleaned.exe (PID: 2064)
      • JarveePro.exe (PID: 2244)
      • FCore.exe (PID: 2328)

    • Reads Environment values

      • JarveePro-Installer-cleaned.exe (PID: 2064)
      • FCore.exe (PID: 2328)

    • Reads the machine GUID from the registry

      • JarveePro-Installer-cleaned.exe (PID: 2064)
      • JarveePro.exe (PID: 2244)
      • FCore.exe (PID: 2328)

    • Create files in a temporary directory

      • JarveePro-Installer-cleaned.exe (PID: 2064)

    • Creates files or folders in the user directory

      • JarveePro-Installer-cleaned.exe (PID: 2064)

    • Drops 7-zip archiver for unpacking

      • JarveePro-Installer-cleaned.exe (PID: 2064)

    • Process drops legitimate windows executable

      • JarveePro-Installer-cleaned.exe (PID: 2064)

    • Drops the executable file immediately after the start

      • JarveePro-Installer-cleaned.exe (PID: 2064)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic CIL Executable (.NET, Mono, etc.) (63.1)
.exe | Win64 Executable (generic) (23.8)
.dll | Win32 Dynamic Link Library (generic) (5.6)
.exe | Win32 Executable (generic) (3.8)
.exe | Generic Win/DOS Executable (1.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:04:29 04:01:42+02:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 827392
InitializedDataSize: 74240
UninitializedDataSize: -
EntryPoint: 0xcbe5e
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: TzNkNDliWjk4UndrbnFXenBVQWNNbXNZQUJWb1lzK3FWSXB1Z2Q3QWNGeDU0VHFsY2xjUk05c2ZWbjYxL0M5MnROZ2pRbHdJZVoxVTByS0t5d0NiYUM3UVR6emZaWFNHNHJIbkEyb0ZrRWtvdGlDMlZSU3UvZ0tkcXNVMVMrMnFhbG5SVlFGM2Q3TTlJMHIva2hDQzRkWXFLT2FWdDhQZFBGb3c1TVNCb1crNDc4dFlFQjFqZVpZdFdPMnBuSjRmZjFyb2wyWHppUGtyWFpNMHJTeTFzV0krUFJ0blYrZldublZVb2cvY3lsc2E0ZzJHSTEzM3IvVTBiT0JXVU02WUpTK0wxTUdvdTNpNURpajlBc3YzOWlWRkhkdTNCaWRqb1lYdHFtdW9qa3BTcCtxMHp2eE1yVXVyNFZ1YkxFUFpPWldsVlN5dmhTNFRoNUJpL0k0Z2RHeXgzMmhaaWdacmxMeVdtZjk1cll5NTZoYmQ5NnhJSTNsbUxpQ2dsWTI2VlhodmQxaHpXbStCcDJIYk5nWm51aXNZbk56NDZGQ2F1czRHYS9YZzJMZ2Q1aG02VUtKdHg3c0kxa04wSS8zcDA3ZUlPNlJkenhRV3Z5ZmxuaVJsaFpGMlBmUUtjSVFBQ2Mxd1lvUVdiM1gxVGMzZ1NFUHVDUT09
CompanyName: WhiteHatBox
FileDescription: JarveePro
FileVersion: 1.0.0.0
InternalName: JarveePro
LegalCopyright: Copyright © 2021
LegalTrademarks: JarveePro
OriginalFileName: JarveePro-Installer.exe
ProductName: JarveePro
ProductVersion: 1.0.0.0
AssemblyVersion: 1.0.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
4
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start jarveepro-installer-cleaned.exe jarveepro.exe no specs fcore.exe jarveepro-installer-cleaned.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2040"C:\Users\admin\AppData\Local\Temp\JarveePro-Installer-cleaned.exe" C:\Users\admin\AppData\Local\Temp\JarveePro-Installer-cleaned.exeexplorer.exe
User:
admin
Company:
WhiteHatBox
Integrity Level:
MEDIUM
Description:
JarveePro
Exit code:
3221226540
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\jarveepro-installer-cleaned.exe
c:\windows\system32\ntdll.dll
2064"C:\Users\admin\AppData\Local\Temp\JarveePro-Installer-cleaned.exe" C:\Users\admin\AppData\Local\Temp\JarveePro-Installer-cleaned.exe
explorer.exe
User:
admin
Company:
WhiteHatBox
Integrity Level:
HIGH
Description:
JarveePro
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\jarveepro-installer-cleaned.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2244"C:\JarveePro\JarveePro.exe" C:\JarveePro\JarveePro.exeJarveePro-Installer-cleaned.exe
User:
admin
Company:
WhiteHatBox
Integrity Level:
HIGH
Description:
JarveePro
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\jarveepro\jarveepro.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2328"C:\JarveePro\FCore.exe" YmJJYitjUVp3aXRhazNkdGVlSWljUmxNbDhvVlNKM0UvS3ZqVE1XN1Q1YXg3R0ZnVUVuMmc1bVNFZFJ2Lzl3Q3ZhL3pEK1NyQ2thL0RTbnF1WmU3VFBTUlRqcTdLWVc4U09IVzc1VnJFUW1Nbk5ha1lhNVkyWkRiZFhRdmJRZXYyVTFYSjBzdkdBendHL3FZNDdZRVlRb2xkV3JmYmREdVA3SGkvL2tCNGVrM3VqSCtsMjlRb1I1Ry9FcjlIU000UGlqazVGOEVuUmRURzdvYkFGcjBKcXRvcHpCZXlnUVpMZVQ1ZVJnV1RGT09GajB4SVkxWmdWTEVjOU4zcEYvRlp4QWEzUEtHejlCOUNxVG5IN0hTVktIdHArWG5rMDhhb0lseVJDMTNTcE9DcXNjano0MWdHQTAwdHZwbE5aQTJRYURYMnl0dWtmRFAzUTNQL3JKQUgyeTFXQmJheXdyeUFyTmpOT2ovT0NMM0JIcEVJd2FOWW9kM0pLT1ZNWkoxQkhhNGtibjFmaU4wVjgyQTZSNWVuWkdJbVdCQVlNaHRndXZWRXV1NVJNcXo1OGlCUEZRbllTanhhWTBMbzZhNFlad1RlL2l1aS82dWRXNGNKTVVGZ281MXFzS2dVeEcxc29COEwrbzgyclZxaGJoc2t0OHBNeUY1bUpRRzlxSHI4Mk1mY0dzTkUxeDZMaWdscG5ITzl6cVl4YzFRZjl2U3RxckgxRGpmUVNOVUhCS2RPeTFwQWQ4SHh1ZlBJUGlzNXNzcG9MSC8zREJLSXZXeE5LZlZPNHhVdmFaSWRneWY=C:\JarveePro\FCore.exe
JarveePro.exe
User:
admin
Company:
Microsoft
Integrity Level:
HIGH
Description:
BotSocial
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\jarveepro\fcore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
4 296
Read events
4 266
Write events
30
Delete events
0

Modification events

(PID) Process:(2064) JarveePro-Installer-cleaned.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2064) JarveePro-Installer-cleaned.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2064) JarveePro-Installer-cleaned.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2064) JarveePro-Installer-cleaned.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2064) JarveePro-Installer-cleaned.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(2244) JarveePro.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2244) JarveePro.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2244) JarveePro.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2244) JarveePro.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
150
Suspicious files
931
Text files
453
Unknown types
0

Dropped files

PID
Process
Filename
Type
2064JarveePro-Installer-cleaned.exeC:\JarveePro\7z1.dllexecutable
MD5:42EDF51C86E726F00379CCBDAD2BC796
SHA256:F7E6FB7F23AC191CCAE310DEAEA112D03A17D507755D3E041D4213C02AD7BE9D
2064JarveePro-Installer-cleaned.exeC:\JarveePro\app.inftext
MD5:85B0D68E2F95CE7A0D018D7EB1935512
SHA256:F9598B2272F910AC3EAAF29AA8BC4E4DF1AAADB2AC726DF1202BF71CB05E2F7B
2064JarveePro-Installer-cleaned.exeC:\Users\admin\AppData\Local\Temp\1f01943fbbf2a7328bb0da2c02fba796compressed
MD5:ADA4141996B3096F25F2691E43E9EDE3
SHA256:AFD5DFE508DCBB6660438565C4C4F9E5D41E0577DAF57E368965815A5441B6E2
2064JarveePro-Installer-cleaned.exeC:\Users\admin\AppData\Local\Temp\3f94b8ce44fe1cedff12368b68a52565.zipexecutable
MD5:3F94B8CE44FE1CEDFF12368B68A52565
SHA256:E8D238FAC24735FD851C12F4CA8278572CA8A931C01E85C2AD3A28B67EBB3414
2064JarveePro-Installer-cleaned.exeC:\JarveePro\BotModule.jsontext
MD5:A4DB6D4119AF8797E0163B6771F71545
SHA256:C8B4ED5CD38CF0B5489DC6E12E92DFDBE7B9A44AA30F594087E2478B66966A6E
2064JarveePro-Installer-cleaned.exeC:\JarveePro\BotChiefDebug.zipcompressed
MD5:0D0BED4453A46EBEC2F7F11BB388E3B4
SHA256:0DA8E24A7697863ACC590AE7502C390AFAA84A6D53573161687EFED5947F794B
2064JarveePro-Installer-cleaned.exeC:\JarveePro\BotSocialUtility.dllexecutable
MD5:56501E91F809C5EF3E5A3BCE93684590
SHA256:36B705914CCE5465ABBD3E1B45B6BD50AC067BE4D1156FEADF28800509DBB073
2064JarveePro-Installer-cleaned.exeC:\JarveePro\BotSocialModel.dllexecutable
MD5:2E98D518647527F3ED65AB19BF74C564
SHA256:AF3C7F7287E109186006B085D27F219FB8963F01E2DDC61AE89B0EA2186BE295
2064JarveePro-Installer-cleaned.exeC:\Users\admin\AppData\Local\Temp\3f94b8ce44fe1cedff12368b68a52565executable
MD5:3F94B8CE44FE1CEDFF12368B68A52565
SHA256:E8D238FAC24735FD851C12F4CA8278572CA8A931C01E85C2AD3A28B67EBB3414
2064JarveePro-Installer-cleaned.exeC:\Users\admin\AppData\Local\Temp\1f01943fbbf2a7328bb0da2c02fba796.zipcompressed
MD5:ADA4141996B3096F25F2691E43E9EDE3
SHA256:AFD5DFE508DCBB6660438565C4C4F9E5D41E0577DAF57E368965815A5441B6E2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
8
DNS requests
2
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2064
JarveePro-Installer-cleaned.exe
GET
104.21.47.106:80
http://api.whbapi.com/SoftwareUpdate/NewSoftwares/0e37f96d23eb4375bff49f09bbc42ad9.zip?v=1f01943fbbf2a7328bb0da2c02fba796
unknown
unknown
2328
FCore.exe
GET
52.55.202.105:80
http://developer.botchief.com/cefsharplib.zip
unknown
unknown
2064
JarveePro-Installer-cleaned.exe
GET
200
104.21.47.106:80
http://api.whbapi.com/SoftwareUpdate/NewSoftwares/0e37f96d23eb4375bff49f09bbc42ad9.zip?v=1f01943fbbf2a7328bb0da2c02fba796
unknown
compressed
122 Mb
unknown
2064
JarveePro-Installer-cleaned.exe
GET
200
104.21.47.106:80
http://api.whbapi.com/SoftwareUpdate/Components/Software/317/default/JarveePro.exe?v=3f94b8ce44fe1cedff12368b68a52565
unknown
executable
633 Kb
unknown
2328
FCore.exe
GET
200
52.55.202.105:80
http://developer.botchief.com/IbotUpdate//browserinfo.txt
unknown
text
621 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
2064
JarveePro-Installer-cleaned.exe
104.21.47.106:443
api.whbapi.com
CLOUDFLARENET
unknown
2064
JarveePro-Installer-cleaned.exe
104.21.47.106:80
api.whbapi.com
CLOUDFLARENET
unknown
2328
FCore.exe
52.55.202.105:80
developer.botchief.com
AMAZON-AES
US
unknown

DNS requests

Domain
IP
Reputation
api.whbapi.com
  • 104.21.47.106
  • 172.67.146.192
unknown
developer.botchief.com
  • 52.55.202.105
unknown

Threats

Found threats are available for the paid subscriptions
1 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
JarveePro-Installer-cleaned.exe