File name: | Phoenix_Protector.msi |
Full analysis: | https://app.any.run/tasks/e91071e3-e159-4334-a948-7a4eeaff484b |
Verdict: | Malicious activity |
Analysis date: | March 31, 2020, 11:01:16 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-msi |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Create Time/Date: Mon Jun 21 08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: Intel;1033, Number of Pages: 200, Revision Number: {39F77FE7-23B4-4BE0-A22F-F6E198906FB4}, Title: Phoenix Protector, Author: Daniel Pistelli, Number of Words: 2, Last Saved Time/Date: Wed Jul 7 11:59:20 2010, Last Printed: Wed Jul 7 11:59:20 2010 |
MD5: | DB824D8FD76EA44E79CC900656C32AC1 |
SHA1: | E3A2E889E157122872523D2DC2ADEFABACF29935 |
SHA256: | 15A7DBBF90CE66FB302A322C6809FAFD897808096069DFECEDEDF78E51B16369 |
SSDEEP: | 24576:4gAG1n9AGybBDnrCXYtNmvP9s0Iv3FHaZ42Yr:4gAG19uB/uYtE8v8+ |
.msi | | | Microsoft Windows Installer (95.3) |
---|---|---|
.doc | | | Microsoft Word document (old ver.) (3.2) |
.msi | | | Microsoft Installer (100) |
LastPrinted: | 2010:07:07 10:59:20 |
---|---|
ModifyDate: | 2010:07:07 10:59:20 |
Words: | 2 |
Comments: | - |
Keywords: | - |
Author: | Daniel Pistelli |
Subject: | - |
Title: | Phoenix Protector |
RevisionNumber: | {39F77FE7-23B4-4BE0-A22F-F6E198906FB4} |
Pages: | 200 |
Template: | Intel;1033 |
CodePage: | Windows Latin 1 (Western European) |
Security: | Password protected |
Software: | Windows Installer |
CreateDate: | 1999:06:21 07:00:00 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3028 | "C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Temp\Phoenix_Protector.msi" | C:\Windows\System32\msiexec.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
2936 | C:\Windows\system32\msiexec.exe /V | C:\Windows\system32\msiexec.exe | services.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
2896 | C:\Windows\system32\MsiExec.exe -Embedding A84DBA035E716B8985E1A47DC41DB6B2 C | C:\Windows\system32\MsiExec.exe | — | msiexec.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
1748 | C:\Windows\system32\vssvc.exe | C:\Windows\system32\vssvc.exe | — | services.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft® Volume Shadow Copy Service Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
536 | C:\Windows\system32\MsiExec.exe -Embedding E0DCDCB7CEDC3F3385F35C29A0D7A820 | C:\Windows\system32\MsiExec.exe | — | msiexec.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
2536 | "C:\Program Files\NTCore\Phoenix Protector\Phoenix Protector.exe" | C:\Program Files\NTCore\Phoenix Protector\Phoenix Protector.exe | — | explorer.exe |
User: admin Company: NTCore Integrity Level: MEDIUM Description: Phoenix Protector Version: 1.9.0.1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3028 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\MSI6D1A.tmp | — | |
MD5:— | SHA256:— | |||
3028 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\MSI6DA7.tmp | — | |
MD5:— | SHA256:— | |||
2936 | msiexec.exe | C:\System Volume Information\SPP\metadata-2 | — | |
MD5:— | SHA256:— | |||
2936 | msiexec.exe | C:\Windows\Installer\MSIC665.tmp | — | |
MD5:— | SHA256:— | |||
2936 | msiexec.exe | C:\Windows\Installer\MSIC751.tmp | — | |
MD5:— | SHA256:— | |||
2936 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\~DFBBCF6E1210188D6A.TMP | — | |
MD5:— | SHA256:— | |||
1748 | vssvc.exe | C: | — | |
MD5:— | SHA256:— | |||
2936 | msiexec.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phoenix Protector\Phoenix Protector Help.lnk | lnk | |
MD5:CA6E0DB722EF0902277B79F5D779136A | SHA256:5697162917D1400D3712C3A639C9F7D262C25D144EBE61FDB479AEDD188B1F3A | |||
2936 | msiexec.exe | C:\System Volume Information\SPP\OnlineMetadataCache\{8629c54f-5f60-4933-83e9-1e66f057e7b8}_OnDiskSnapshotProp | binary | |
MD5:CC2F1A056700B02DB9E585E35B728A70 | SHA256:3F929B65E627FC19F7A4C8DE50D236F084FCD7CB5BC9B578347DF399C82B8664 | |||
2936 | msiexec.exe | C:\System Volume Information\SPP\snapshot-2 | binary | |
MD5:CC2F1A056700B02DB9E585E35B728A70 | SHA256:3F929B65E627FC19F7A4C8DE50D236F084FCD7CB5BC9B578347DF399C82B8664 |