download:

/ASMRoyal/Eulen/releases/download/Eulen/Eulen.Installer.exe

Full analysis: https://app.any.run/tasks/dd18d6f3-8db2-4584-9491-2091e1a21e8e
Verdict: Malicious activity
Analysis date: March 24, 2024, 11:53:58
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5:

19261726AFEEB62225EABD06682E47BC

SHA1:

165C6ACA9D7CC12D166FCEE887FC3EF6CD7FF2BD

SHA256:

9B0B8D0EB59B60B3A0B04E85091E49ADCC8A26DC3CE4F3DED129D5A1827509D3

SSDEEP:

98304:6VG6qMU5/XdPiF7H30PG49HCZ4WHDqKItKuS1KsgVtZLtlW9fL6hmaw3BXXJ3lj8:INY7Jwr9KOsOSnvbr465jCiV

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • Eulen.Installer.exe (PID: 2892)
      • Eulen.exe (PID: 1976)

    • Drops the executable file immediately after the start

      • Eulen.Installer.exe (PID: 2892)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • Eulen.Installer.exe (PID: 2892)

    • The process creates files with name similar to system file names

      • Eulen.Installer.exe (PID: 2892)

    • Executable content was dropped or overwritten

      • Eulen.Installer.exe (PID: 2892)

    • Creates a software uninstall entry

      • Eulen.Installer.exe (PID: 2892)

    • Reads the Internet Settings

      • Eulen.exe (PID: 1976)

  • INFO

    • Checks supported languages

      • Eulen.Installer.exe (PID: 2892)
      • Eulen.exe (PID: 1976)

    • Reads the computer name

      • Eulen.Installer.exe (PID: 2892)
      • Eulen.exe (PID: 1976)

    • Manual execution by a user

      • Eulen.exe (PID: 1976)

    • Create files in a temporary directory

      • Eulen.Installer.exe (PID: 2892)

    • Creates files in the program directory

      • Eulen.Installer.exe (PID: 2892)

    • Reads the machine GUID from the registry

      • Eulen.exe (PID: 1976)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | InstallShield setup (47)
.exe | Win32 Executable MS Visual C++ (generic) (34.1)
.dll | Win32 Dynamic Link Library (generic) (7.1)
.exe | Win32 Executable (generic) (4.9)
.exe | Win16/32 Executable Delphi generic (2.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:07:18 17:13:29+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit, No debug
PEType: PE32
LinkerVersion: 2.5
CodeSize: 795648
InitializedDataSize: 183296
UninitializedDataSize: -
EntryPoint: 0x16276
OSVersion: 4
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 8.27.5.0
ProductVersionNumber: 8.27.5.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Unknown (0)
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
ProductName: Eulen Setup
InternalName: Eulen Installer
OriginalFileName: Eulen Installer.exe
ProductVersion: 8.27.5
FileVersion: 8.27.5
CompanyName: eulencheats
Comments: Created with InstallForge 1.4.4
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
3
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start eulen.installer.exe eulen.exe eulen.installer.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1976"C:\Program Files\eulencheats\Eulen\Eulen.exe" C:\Program Files\eulencheats\Eulen\Eulen.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Eulen
Version:
1.0.0.0
Modules
Images
c:\program files\eulencheats\eulen\eulen.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2892"C:\Users\admin\AppData\Local\Temp\Eulen.Installer.exe" C:\Users\admin\AppData\Local\Temp\Eulen.Installer.exe
explorer.exe
User:
admin
Company:
eulencheats
Integrity Level:
HIGH
Exit code:
0
Version:
8.27.5
Modules
Images
c:\users\admin\appdata\local\temp\eulen.installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
4008"C:\Users\admin\AppData\Local\Temp\Eulen.Installer.exe" C:\Users\admin\AppData\Local\Temp\Eulen.Installer.exeexplorer.exe
User:
admin
Company:
eulencheats
Integrity Level:
MEDIUM
Exit code:
3221226540
Version:
8.27.5
Modules
Images
c:\users\admin\appdata\local\temp\eulen.installer.exe
c:\windows\system32\ntdll.dll
Total events
2 937
Read events
2 922
Write events
15
Delete events
0

Modification events

(PID) Process:(2892) Eulen.Installer.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\DirectSound\Speaker Configuration
Operation:writeName:Speaker Configuration
Value:
4
(PID) Process:(2892) Eulen.Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Eulen
Operation:writeName:DisplayIcon
Value:
C:\Program Files\eulencheats\Eulen\Uninstall.exe
(PID) Process:(2892) Eulen.Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Eulen
Operation:writeName:UninstallString
Value:
C:\Program Files\eulencheats\Eulen\Uninstall.exe
(PID) Process:(2892) Eulen.Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Eulen
Operation:writeName:InstallDate
Value:
20240324
(PID) Process:(2892) Eulen.Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Eulen
Operation:writeName:InstallLocation
Value:
C:\Program Files\eulencheats\Eulen\
(PID) Process:(2892) Eulen.Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Eulen
Operation:writeName:EstimatedSize
Value:
22076
(PID) Process:(2892) Eulen.Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Eulen
Operation:writeName:NoModify
Value:
1
(PID) Process:(2892) Eulen.Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Eulen
Operation:writeName:NoRepair
Value:
1
(PID) Process:(2892) Eulen.Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Eulen
Operation:writeName:DisplayName
Value:
Eulen
(PID) Process:(2892) Eulen.Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Eulen
Operation:writeName:DisplayVersion
Value:
8.27.5
Executable files
24
Suspicious files
4
Text files
29
Unknown types
1

Dropped files

PID
Process
Filename
Type
2892Eulen.Installer.exeC:\Users\admin\AppData\Local\Temp\IF{C7A3BB1B-79AF-4DEB-94F6-AB948E404EAC}\setupArchive.archive
MD5:
SHA256:
2892Eulen.Installer.exeC:\Users\admin\AppData\Local\Temp\IF{C7A3BB1B-79AF-4DEB-94F6-AB948E404EAC}\Desktop.dattext
MD5:155B88EA1BFD87CAA0A1DB30F5E9EE9A
SHA256:50900A5165A91FE6C25985330C12E0AF6DDCFCDF9F363820CBFE119336AF9F92
2892Eulen.Installer.exeC:\Users\admin\AppData\Local\Temp\IF{C7A3BB1B-79AF-4DEB-94F6-AB948E404EAC}\English.ifltext
MD5:2922D0C758D9C3C10CBDC59F91979D0C
SHA256:20F6D12EAC29BD6DDC6A99DD276C5E200FAC25C976AB4293195B58EC164C253F
2892Eulen.Installer.exeC:\Users\admin\AppData\Local\Temp\IF{C7A3BB1B-79AF-4DEB-94F6-AB948E404EAC}\languages.dattext
MD5:A3AE2C67104C86A3197586C115A96136
SHA256:8422463648619E4C5205304DB50282CAB2DBA418F25B3AE32D14648293A0C019
2892Eulen.Installer.exeC:\Users\admin\AppData\Local\Temp\IF{C7A3BB1B-79AF-4DEB-94F6-AB948E404EAC}\Deutsch.ifltext
MD5:981077EF92410CBF204C59E5465DE5DD
SHA256:A792F4F5EDEE0E158798B75B82F6AC720E51957498450161B04EE812101F801C
2892Eulen.Installer.exeC:\Program Files\eulencheats\Eulen\Uninstall.exeexecutable
MD5:F553DFB018CECFFD6B8ABFDC3BA8A8DC
SHA256:57CC4023B38B9E512BF413C5D7299F367923235C0E19D20AB675F5B77C080CCA
2892Eulen.Installer.exeC:\Users\admin\AppData\Local\Temp\IF{C7A3BB1B-79AF-4DEB-94F6-AB948E404EAC}\licence.rtftext
MD5:822356269C1CF4E5CC7D6A42B7DCFD55
SHA256:A2D86C306A58582D056B9D2BDCCF76419807E2A978F63B34AE38EF4193BD3D76
2892Eulen.Installer.exeC:\Users\admin\AppData\Local\Temp\IF{C7A3BB1B-79AF-4DEB-94F6-AB948E404EAC}\OS.dattext
MD5:48D3C4D4CDC791B3C3E5B4432C3EA0BA
SHA256:38F778CBB7AA3D52F7FD5AB5CCF30B25962A6A5FECDFF6EFBB10501829459CA5
2892Eulen.Installer.exeC:\Program Files\eulencheats\Eulen\Discord.Net.Core.xmlxml
MD5:FEBC91D90D757A9D88AC4E6F98B6E43D
SHA256:FDB504BDD7E2A8F8EF3867FA3F892EA5F5EC3AE54D13F0166A65A89DDFCDD8C1
2892Eulen.Installer.exeC:\Program Files\eulencheats\Eulen\Discord.Net.Interactions.dllexecutable
MD5:83A08D4B05973DE7D9EE6A0E18FE6D0D
SHA256:B4810E11308AD0DDC3E7653AF719E23DE7E15D1909301953DDC614AB40386A75
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
/ASMRoyal/Eulen/releases/download/Eulen/Eulen.Installer.exe