download:

/ASMRoyal/Eulen/releases/download/Eulen/Eulen.Installer.exe

Full analysis: https://app.any.run/tasks/dd18d6f3-8db2-4584-9491-2091e1a21e8e
Verdict: Malicious activity
Analysis date: March 24, 2024, 11:53:58
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5:

19261726AFEEB62225EABD06682E47BC

SHA1:

165C6ACA9D7CC12D166FCEE887FC3EF6CD7FF2BD

SHA256:

9B0B8D0EB59B60B3A0B04E85091E49ADCC8A26DC3CE4F3DED129D5A1827509D3

SSDEEP:

98304:6VG6qMU5/XdPiF7H30PG49HCZ4WHDqKItKuS1KsgVtZLtlW9fL6hmaw3BXXJ3lj8:INY7Jwr9KOsOSnvbr465jCiV

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • Eulen.exe (PID: 1976)
      • Eulen.Installer.exe (PID: 2892)

    • Drops the executable file immediately after the start

      • Eulen.Installer.exe (PID: 2892)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • Eulen.Installer.exe (PID: 2892)

    • Reads the Internet Settings

      • Eulen.exe (PID: 1976)

    • Process drops legitimate windows executable

      • Eulen.Installer.exe (PID: 2892)

    • Creates a software uninstall entry

      • Eulen.Installer.exe (PID: 2892)

    • Executable content was dropped or overwritten

      • Eulen.Installer.exe (PID: 2892)

  • INFO

    • Reads the computer name

      • Eulen.Installer.exe (PID: 2892)
      • Eulen.exe (PID: 1976)

    • Checks supported languages

      • Eulen.Installer.exe (PID: 2892)
      • Eulen.exe (PID: 1976)

    • Reads the machine GUID from the registry

      • Eulen.exe (PID: 1976)

    • Create files in a temporary directory

      • Eulen.Installer.exe (PID: 2892)

    • Creates files in the program directory

      • Eulen.Installer.exe (PID: 2892)

    • Manual execution by a user

      • Eulen.exe (PID: 1976)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | InstallShield setup (47)
.exe | Win32 Executable MS Visual C++ (generic) (34.1)
.dll | Win32 Dynamic Link Library (generic) (7.1)
.exe | Win32 Executable (generic) (4.9)
.exe | Win16/32 Executable Delphi generic (2.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:07:18 17:13:29+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit, No debug
PEType: PE32
LinkerVersion: 2.5
CodeSize: 795648
InitializedDataSize: 183296
UninitializedDataSize: -
EntryPoint: 0x16276
OSVersion: 4
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 8.27.5.0
ProductVersionNumber: 8.27.5.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Unknown (0)
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
ProductName: Eulen Setup
InternalName: Eulen Installer
OriginalFileName: Eulen Installer.exe
ProductVersion: 8.27.5
FileVersion: 8.27.5
CompanyName: eulencheats
Comments: Created with InstallForge 1.4.4
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
3
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start eulen.installer.exe eulen.exe eulen.installer.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1976"C:\Program Files\eulencheats\Eulen\Eulen.exe" C:\Program Files\eulencheats\Eulen\Eulen.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Eulen
Version:
1.0.0.0
Modules
Images
c:\program files\eulencheats\eulen\eulen.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2892"C:\Users\admin\AppData\Local\Temp\Eulen.Installer.exe" C:\Users\admin\AppData\Local\Temp\Eulen.Installer.exe
explorer.exe
User:
admin
Company:
eulencheats
Integrity Level:
HIGH
Exit code:
0
Version:
8.27.5
Modules
Images
c:\users\admin\appdata\local\temp\eulen.installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
4008"C:\Users\admin\AppData\Local\Temp\Eulen.Installer.exe" C:\Users\admin\AppData\Local\Temp\Eulen.Installer.exeexplorer.exe
User:
admin
Company:
eulencheats
Integrity Level:
MEDIUM
Exit code:
3221226540
Version:
8.27.5
Modules
Images
c:\users\admin\appdata\local\temp\eulen.installer.exe
c:\windows\system32\ntdll.dll
Total events
2 937
Read events
2 922
Write events
15
Delete events
0

Modification events

(PID) Process:(2892) Eulen.Installer.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\DirectSound\Speaker Configuration
Operation:writeName:Speaker Configuration
Value:
4
(PID) Process:(2892) Eulen.Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Eulen
Operation:writeName:DisplayIcon
Value:
C:\Program Files\eulencheats\Eulen\Uninstall.exe
(PID) Process:(2892) Eulen.Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Eulen
Operation:writeName:UninstallString
Value:
C:\Program Files\eulencheats\Eulen\Uninstall.exe
(PID) Process:(2892) Eulen.Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Eulen
Operation:writeName:InstallDate
Value:
20240324
(PID) Process:(2892) Eulen.Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Eulen
Operation:writeName:InstallLocation
Value:
C:\Program Files\eulencheats\Eulen\
(PID) Process:(2892) Eulen.Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Eulen
Operation:writeName:EstimatedSize
Value:
22076
(PID) Process:(2892) Eulen.Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Eulen
Operation:writeName:NoModify
Value:
1
(PID) Process:(2892) Eulen.Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Eulen
Operation:writeName:NoRepair
Value:
1
(PID) Process:(2892) Eulen.Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Eulen
Operation:writeName:DisplayName
Value:
Eulen
(PID) Process:(2892) Eulen.Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Eulen
Operation:writeName:DisplayVersion
Value:
8.27.5
Executable files
24
Suspicious files
4
Text files
29
Unknown types
1

Dropped files

PID
Process
Filename
Type
2892Eulen.Installer.exeC:\Users\admin\AppData\Local\Temp\IF{C7A3BB1B-79AF-4DEB-94F6-AB948E404EAC}\setupArchive.archive
MD5:
SHA256:
2892Eulen.Installer.exeC:\Users\admin\AppData\Local\Temp\IF{C7A3BB1B-79AF-4DEB-94F6-AB948E404EAC}\licence.rtftext
MD5:822356269C1CF4E5CC7D6A42B7DCFD55
SHA256:A2D86C306A58582D056B9D2BDCCF76419807E2A978F63B34AE38EF4193BD3D76
2892Eulen.Installer.exeC:\Users\admin\AppData\Local\Temp\IF{C7A3BB1B-79AF-4DEB-94F6-AB948E404EAC}\SC.dattext
MD5:16D4BD0F9DF2EC5A3CCB7980F2BD064B
SHA256:2A8D26E139707981826DB30135C3CA9C4CE04EA8DE046C10A16098EA3DAD80C7
2892Eulen.Installer.exeC:\Users\admin\AppData\Local\Temp\IF{C7A3BB1B-79AF-4DEB-94F6-AB948E404EAC}\languages.dattext
MD5:A3AE2C67104C86A3197586C115A96136
SHA256:8422463648619E4C5205304DB50282CAB2DBA418F25B3AE32D14648293A0C019
2892Eulen.Installer.exeC:\Program Files\eulencheats\Eulen\Discord.Net.Commands.dllexecutable
MD5:D7B746736A3E3D7E4B746E2F6D99266C
SHA256:6FB5524D0F03158DBC113DC688CFC552F4E52F2CB858B74F2F173B32DFEB9FFD
2892Eulen.Installer.exeC:\Program Files\eulencheats\Eulen\Discord.Net.Core.dllexecutable
MD5:1D814D46D92585AFAF0EB2CA8421F843
SHA256:00EFFB123C50B199E6AD6BE2E3F61B11DF50F5CCD01B1FE36F1AF3CBD35CDBD8
2892Eulen.Installer.exeC:\Program Files\eulencheats\Eulen\Discord.Net.Commands.xmlxml
MD5:570B7B74D00504863929F68799CB3436
SHA256:A7712A3E83EF94A5F6A5EE1E489CCCCA5B02C24B426E2AF53DCC739817BDF932
2892Eulen.Installer.exeC:\Users\admin\AppData\Local\Temp\IF{C7A3BB1B-79AF-4DEB-94F6-AB948E404EAC}\English.ifltext
MD5:2922D0C758D9C3C10CBDC59F91979D0C
SHA256:20F6D12EAC29BD6DDC6A99DD276C5E200FAC25C976AB4293195B58EC164C253F
2892Eulen.Installer.exeC:\Users\admin\AppData\Local\Temp\IF{C7A3BB1B-79AF-4DEB-94F6-AB948E404EAC}\setupConfiguration.archivecompressed
MD5:03F12A9620E961EDF92807014833B9D3
SHA256:9D23817FF79860369312C135123DDC8407D54AC70FD641E7CE5E4A320C864D7E
2892Eulen.Installer.exeC:\Users\admin\AppData\Local\Temp\IF{C7A3BB1B-79AF-4DEB-94F6-AB948E404EAC}\Desktop.dattext
MD5:155B88EA1BFD87CAA0A1DB30F5E9EE9A
SHA256:50900A5165A91FE6C25985330C12E0AF6DDCFCDF9F363820CBFE119336AF9F92
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
/ASMRoyal/Eulen/releases/download/Eulen/Eulen.Installer.exe