File name: | gSyncit_5_3_21.msi |
Full analysis: | https://app.any.run/tasks/518b4801-0c5a-4c1b-b4fa-e0f2b1bdd55c |
Verdict: | Malicious activity |
Analysis date: | January 11, 2019, 09:41:03 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-msi |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Create Time/Date: Mon Jun 21 08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: Intel;1033, Number of Pages: 200, Revision Number: {75E6C46E-92C1-4768-98EB-98F58D24F125}, Title: gSyncit for Microsoft Outlook, Author: Fieldston Software, Number of Words: 2, Last Saved Time/Date: Wed Jan 9 19:17:04 2019, Last Printed: Wed Jan 9 19:17:04 2019 |
MD5: | 08FAFEE91A1182E1217ABB03BED16F43 |
SHA1: | FB19B3C6CA81DB4B2228CC15FE7137536EB595F9 |
SHA256: | 0594D14667C3DF494DBA92F4A71E284D8E45BAFF1C8547CC08EFAE6877412FC8 |
SSDEEP: | 196608:UF/lgvM4+47WjFGBvj0HlfPk8sJlmTmjXBRNaMqA4oLq:w/lSMCIsBoFfPkPiTmP8tA |
.msi | | | Microsoft Windows Installer (90.2) |
---|---|---|
.msp | | | Windows Installer Patch (8.4) |
.msi | | | Microsoft Installer (100) |
LastPrinted: | 2019:01:09 19:17:04 |
---|---|
ModifyDate: | 2019:01:09 19:17:04 |
Words: | 2 |
Comments: | - |
Keywords: | - |
Author: | Fieldston Software |
Subject: | - |
Title: | gSyncit for Microsoft Outlook |
RevisionNumber: | {75E6C46E-92C1-4768-98EB-98F58D24F125} |
Pages: | 200 |
Template: | Intel;1033 |
CodePage: | Windows Latin 1 (Western European) |
Security: | Password protected |
Software: | Windows Installer |
CreateDate: | 1999:06:21 07:00:00 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3300 | "C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\Downloads\gSyncit_5_3_21.msi" | C:\Windows\System32\msiexec.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
2192 | C:\Windows\system32\msiexec.exe /V | C:\Windows\system32\msiexec.exe | services.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
3948 | C:\Windows\system32\MsiExec.exe -Embedding 81F4FC124851856B53DD4D0327D8C052 C | C:\Windows\system32\MsiExec.exe | — | msiexec.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
3980 | C:\Windows\system32\vssvc.exe | C:\Windows\system32\vssvc.exe | — | services.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft® Volume Shadow Copy Service Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2640 | DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot18" "" "" "6792c44eb" "00000000" "000003A8" "00000540" | C:\Windows\system32\DrvInst.exe | — | svchost.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Driver Installation Module Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2092 | C:\Windows\system32\MsiExec.exe -Embedding D9430351A4B1C733B2A9DC6EF1C9560E | C:\Windows\system32\MsiExec.exe | — | msiexec.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
2412 | C:\Windows\system32\MsiExec.exe -Embedding 81D6DE2EAAF36FFCC2E722170E05A3B7 M Global\MSI0000 | C:\Windows\system32\MsiExec.exe | — | msiexec.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
3492 | "C:\Program Files\Fieldston Software\gSyncit\gsyncit.exe" | C:\Program Files\Fieldston Software\gSyncit\gsyncit.exe | MsiExec.exe | |
User: admin Company: Fieldston Software Integrity Level: MEDIUM Description: gSyncit Version: 5.3.21.0 | ||||
3200 | "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" | C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE | MsiExec.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3300 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\MSID45D.tmp | — | |
MD5:— | SHA256:— | |||
3300 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\MSID529.tmp | — | |
MD5:— | SHA256:— | |||
2192 | msiexec.exe | C:\System Volume Information\SPP\metadata-2 | — | |
MD5:— | SHA256:— | |||
2192 | msiexec.exe | C:\System Volume Information\SPP\OnlineMetadataCache\{6677040d-550d-4230-9e01-934b7aee5b26}_OnDiskSnapshotProp | binary | |
MD5:52102E3521E369FCA72D0C6185C38A71 | SHA256:6C779646DC1F3542547C87449DD5944EC8EFD7DC7964A5B1EA8810E6DECAC621 | |||
2640 | DrvInst.exe | C:\Windows\INF\setupapi.ev1 | binary | |
MD5:405DCFD6CD4DFB5A35CBCF9A62F996F1 | SHA256:D0C972E20CDF3A4B4EDA06E10EBB0182F127E6F4EFCDA1CFB1CF1118042451F4 | |||
3948 | MsiExec.exe | C:\Users\admin\AppData\Local\Temp\CFGD519.tmp | xml | |
MD5:20244937356423BD634209FA8D98ED3F | SHA256:F1F95E23D1BEE18AD4E77EFE70F5F36CC5BE2B60688F5E99714F7910869E3C65 | |||
2192 | msiexec.exe | C:\Windows\Installer\1a33d3.msi | — | |
MD5:— | SHA256:— | |||
2192 | msiexec.exe | C:\System Volume Information\SPP\snapshot-2 | binary | |
MD5:52102E3521E369FCA72D0C6185C38A71 | SHA256:6C779646DC1F3542547C87449DD5944EC8EFD7DC7964A5B1EA8810E6DECAC621 | |||
2640 | DrvInst.exe | C:\Windows\INF\setupapi.dev.log | ini | |
MD5:5F5110DB8297940DE0CF692F694D5BC2 | SHA256:9D10C637E956B218E24226D09F3D6CD043632F872631A3A25C0979E5B056FB33 | |||
2640 | DrvInst.exe | C:\Windows\INF\setupapi.ev3 | binary | |
MD5:76DCC60F78B3DFF1AE3627619074F465 | SHA256:18541AC1875315C4F9EFF75050C574FAFF83717C029DAE6B366F9C6C3F0C19E0 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3200 | OUTLOOK.EXE | GET | — | 64.4.26.155:80 | http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig | US | — | — | whitelisted |
3300 | msiexec.exe | GET | 200 | 91.199.212.52:80 | http://crt.comodoca.com/COMODORSAAddTrustCA.crt | GB | der | 1.37 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3300 | msiexec.exe | 91.199.212.52:80 | crt.comodoca.com | Comodo CA Ltd | GB | suspicious |
3200 | OUTLOOK.EXE | 69.16.215.76:443 | www.fieldstonsoftware.com | Liquid Web, L.L.C | US | unknown |
3200 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
crt.comodoca.com |
| whitelisted |
www.fieldstonsoftware.com |
| unknown |
config.messenger.msn.com |
| whitelisted |
Process | Message |
---|---|
gsyncit.exe | gSync: [OutlookService::GetOutlookDefaultProfileName]
|
gsyncit.exe | gSync: GetOutlookDefaultProfileName()
|
gsyncit.exe | gSync: GetUserSettingPathOverride() => []
|
gsyncit.exe | gSync: GetUserSettingPathOverride() => []
|
gsyncit.exe | gSync: GetUserSettingPathOverride() => []
|
gsyncit.exe | gSync: GetUserSettingPathOverride() => []
|
gsyncit.exe | gSync:
|
gsyncit.exe | gSync: Error [File not found.] Exception [ File not found. ] Stack --> at gsyncit.core.UserSettings.Load() in C:\CVSLOCAL\Solutions\gSync_v5.0\src\gsyncit.core\Configuration\UserSettings.cs:line 1209
|
gsyncit.exe | gSync:
|
gsyncit.exe | gSync: GetUserSettingPathOverride() => []
|