File name:	x64__installer__v2.0.4.msi
Full analysis:	https://app.any.run/tasks/e46863c1-5021-4a98-a259-ca02b95ac2d5
Verdict:	Malicious activity
Threats:	Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security. Malware Trends Tracker >>>
Analysis date:	August 03, 2024, 16:59:55
OS:	Windows 10 Professional (build: 19045, 64 bit)
Tags:	generated-doc adware advancedinstaller
Indicators:
MIME:	application/x-msi
File info:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {0934AB4E-B113-43A3-B5AE-6704748AA8C3}, Number of Words: 10, Subject: BivaApp, Author: Bivaji Coms, Name of Creating Application: BivaApp, Template: x64;2057, Comments: This installer database contains the logic and data required to install BivaApp., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Sat Aug 3 13:28:17 2024, Last Saved Time/Date: Sat Aug 3 13:28:17 2024, Last Printed: Sat Aug 3 13:28:17 2024, Number of Pages: 450
MD5:	9AAE30A0B15A58A3739DF1FED37E1157
SHA1:	AE060468A6730A2CD8940C8577F3C73E5F05CC4F
SHA256:	075BF61CF0ACC1F621CC192039D7C9129C5CC24E07826EA967D26FB1C5C19C4E
SSDEEP:	196608:uCKDHPKOFfXWZQHvOJgdbOIkVBqjgnMn86M0WFd5ljUaWR261zVz:YrJZm7xBJnM86Q/BUaW/Jp

.msi	\|	Microsoft Windows Installer (81.9)
.mst	\|	Windows SDK Setup Transform Script (9.2)
.msp	\|	Windows Installer Patch (7.6)
.msi	\|	Microsoft Installer (100)

Security:	None
CodePage:	Windows Latin 1 (Western European)
RevisionNumber:	{0934AB4E-B113-43A3-B5AE-6704748AA8C3}
Words:	10
Subject:	BivaApp
Author:	Bivaji Coms
LastModifiedBy:	-
Software:	BivaApp
Template:	x64;2057
Comments:	This installer database contains the logic and data required to install BivaApp.
Title:	Installation Database
Keywords:	Installer, MSI, Database
CreateDate:	2024:08:03 13:28:17
ModifyDate:	2024:08:03 13:28:17
LastPrinted:	2024:08:03 13:28:17
Pages:	450


(PID) Process:	(6896) msiexec.exe	Key:	HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:	write	Name:	Owner
Value: F01A00007331779DC6E5DA01
(PID) Process:	(6896) msiexec.exe	Key:	HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:	write	Name:	SessionHash
Value: 5DFE3C91581CABD5F12D9593CCCB482F590CE01539C3F82D6FD5AB83EE2C2F36
(PID) Process:	(6896) msiexec.exe	Key:	HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:	write	Name:	Sequence
Value: 1
(PID) Process:	(6948) msiexec.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(6948) msiexec.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1
(PID) Process:	(6948) msiexec.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	UNCAsIntranet
Value: 1
(PID) Process:	(6948) msiexec.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	AutoDetect
Value: 0
(PID) Process:	(6948) msiexec.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:	write	Name:	CachePrefix
Value:
(PID) Process:	(6948) msiexec.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:	write	Name:	CachePrefix
Value: Cookie:
(PID) Process:	(6948) msiexec.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:	write	Name:	CachePrefix
Value: Visited:

PID	Process	Filename		Type
6896	msiexec.exe	C:\Windows\Installer\e7078.msi		—
		MD5:—	SHA256:—
6896	msiexec.exe	C:\Users\admin\AppData\Roaming\Bivaji Coms\BivaApp\jmods\java.base.jmod		—
		MD5:—	SHA256:—
6896	msiexec.exe	C:\Users\admin\AppData\Roaming\Bivaji Coms\BivaApp\srv\classes.jsa		—
		MD5:—	SHA256:—
6896	msiexec.exe	C:\Users\admin\AppData\Roaming\Bivaji Coms\BivaApp\srv\classes_nocoops.jsa		—
		MD5:—	SHA256:—
6896	msiexec.exe	C:\Windows\Installer\MSI7182.tmp		executable
		MD5:B158D8D605571EA47A238DF5AB43DFAA	SHA256:CA763693CC25D316F14A9EBAD80EBF00590329550C45ADB7E5205486533C2504
6896	msiexec.exe	C:\Windows\Installer\MSI72DD.tmp		executable
		MD5:B158D8D605571EA47A238DF5AB43DFAA	SHA256:CA763693CC25D316F14A9EBAD80EBF00590329550C45ADB7E5205486533C2504
6896	msiexec.exe	C:\Windows\Installer\MSI72AD.tmp		executable
		MD5:B158D8D605571EA47A238DF5AB43DFAA	SHA256:CA763693CC25D316F14A9EBAD80EBF00590329550C45ADB7E5205486533C2504
6896	msiexec.exe	C:\Windows\Installer\MSI726D.tmp		executable
		MD5:B158D8D605571EA47A238DF5AB43DFAA	SHA256:CA763693CC25D316F14A9EBAD80EBF00590329550C45ADB7E5205486533C2504
6896	msiexec.exe	C:\Windows\Installer\MSI7CA3.tmp		executable
		MD5:B158D8D605571EA47A238DF5AB43DFAA	SHA256:CA763693CC25D316F14A9EBAD80EBF00590329550C45ADB7E5205486533C2504
6896	msiexec.exe	C:\Windows\Installer\MSI738A.tmp		executable
		MD5:B158D8D605571EA47A238DF5AB43DFAA	SHA256:CA763693CC25D316F14A9EBAD80EBF00590329550C45ADB7E5205486533C2504

PID	Process	IP	Domain	ASN	CN	Reputation
3888	svchost.exe	239.255.255.250:1900	—	—	—	whitelisted
—	—	20.73.194.208:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
4	System	192.168.100.255:137	—	—	—	whitelisted
—	—	40.127.240.158:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	unknown
4324	svchost.exe	40.127.240.158:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	unknown
6948	msiexec.exe	188.114.96.3:443	get-license4.com	CLOUDFLARENET	NL	unknown

Domain	IP	Reputation
settings-win.data.microsoft.com	20.73.194.208 40.127.240.158	whitelisted
google.com	142.250.186.110	whitelisted
get-license4.com	188.114.96.3 188.114.97.3	unknown

General Info

x64__installer__v2.0.4.msi

9AAE30A0B15A58A3739DF1FED37E1157

AE060468A6730A2CD8940C8577F3C73E5F05CC4F

075BF61CF0ACC1F621CC192039D7C9129C5CC24E07826EA967D26FB1C5C19C4E

196608:uCKDHPKOFfXWZQHvOJgdbOIkVBqjgnMn86M0WFd5ljUaWR261zVz:YrJZm7xBJnM86Q/BUaW/Jp

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

SUSPICIOUS

Reads the Windows owner or organization settings

Reads security settings of Internet Explorer

Checks Windows Trust Settings

Process drops legitimate windows executable

INFO

Reads the computer name

Checks supported languages

Executable content was dropped or overwritten

Reads Environment values

Checks proxy server information

Reads the software policy settings

Reads the machine GUID from the registry

Creates files or folders in the user directory

Creates a software uninstall entry

Malware configuration

Static information

TRiD

EXIF

FlashPix

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings

x64installerv2.0.4.msi