download: | UniversalAdbDriverSetup.msi |
Full analysis: | https://app.any.run/tasks/9f23f54e-3952-4bcb-a600-87c4c4fe02db |
Verdict: | Malicious activity |
Analysis date: | May 20, 2019, 19:37:46 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-msi |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Create Time/Date: Mon Jun 21 08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: Intel;1033, Number of Pages: 200, Revision Number: {6B6AEE4D-046A-41C9-BF62-B092D307049D}, Title: UniversalAdbDriverSetup, Author: ClockworkMod, Number of Words: 2, Last Saved Time/Date: Sat Aug 1 00:09:28 2015, Last Printed: Sat Aug 1 00:09:28 2015 |
MD5: | A0B1CC7C5C26044738798BA2E5E8C217 |
SHA1: | 745BB99063748A2F309888467AAC70C3C7EF6A2E |
SHA256: | 4E77E303BBA6CF84588BDB6DA91F7A875D406F7930CBE9F4D2AAE0B643C0C928 |
SSDEEP: | 393216:Hc2Ryzq2+0lkPEezmlMUH9n0sEf0/c++oLw525IgfLJ5pz3:azHPKmVB0MUzMw525ljpz |
.msi | | | Microsoft Windows Installer (98.5) |
---|---|---|
.msi | | | Microsoft Installer (100) |
LastPrinted: | 2015:08:31 23:09:28 |
---|---|
ModifyDate: | 2015:08:31 23:09:28 |
Words: | 2 |
Comments: | - |
Keywords: | - |
Author: | ClockworkMod |
Subject: | - |
Title: | UniversalAdbDriverSetup |
RevisionNumber: | {6B6AEE4D-046A-41C9-BF62-B092D307049D} |
Pages: | 200 |
Template: | Intel;1033 |
CodePage: | Windows Latin 1 (Western European) |
Security: | Password protected |
Software: | Windows Installer |
CreateDate: | 1999:06:21 07:00:00 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3184 | "C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Temp\UniversalAdbDriverSetup.msi" | C:\Windows\System32\msiexec.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
2320 | C:\Windows\system32\msiexec.exe /V | C:\Windows\system32\msiexec.exe | services.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
2816 | C:\Windows\system32\MsiExec.exe -Embedding CFE9AAA7158C9953ADB5F8C2DE51F55D C | C:\Windows\system32\MsiExec.exe | — | msiexec.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
2892 | C:\Windows\system32\vssvc.exe | C:\Windows\system32\vssvc.exe | — | services.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft® Volume Shadow Copy Service Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3536 | DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot18" "" "" "6792c44eb" "00000000" "00000580" "00000388" | C:\Windows\system32\DrvInst.exe | — | svchost.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Driver Installation Module Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1572 | C:\Windows\system32\MsiExec.exe -Embedding 812438A8180E2046B21534A354867417 | C:\Windows\system32\MsiExec.exe | — | msiexec.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
3868 | "C:\Program Files\ClockworkMod\Universal Adb Driver\UniversalAdbDriverInstaller.exe" | C:\Program Files\ClockworkMod\Universal Adb Driver\UniversalAdbDriverInstaller.exe | msiexec.exe | |
User: admin Integrity Level: MEDIUM Description: UniveralAdbDriverInstaller Exit code: 0 Version: 1.0.0.0 | ||||
2424 | "C:\Program Files\ClockworkMod\Universal Adb Driver\makecert.exe" -r -pe -ss PrivateCertStore -n CN=UniversalADB "C:\Program Files\ClockworkMod\Universal Adb Driver\UniversalADB.cer" | C:\Program Files\ClockworkMod\Universal Adb Driver\makecert.exe | UniversalAdbDriverInstaller.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: ECM MakeCert Exit code: 0 Version: 10.0.10240.16384 (th1.150709-1700) | ||||
1256 | "C:\Program Files\ClockworkMod\Universal Adb Driver\signtool.exe" sign /v /s PrivateCertStore /n UniversalADB /t http://timestamp.verisign.com/scripts/timstamp.dll usb_driver\androidwinusb86.cat | C:\Program Files\ClockworkMod\Universal Adb Driver\signtool.exe | UniversalAdbDriverInstaller.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Authenticode(R) - signing and verifying tool Exit code: 0 Version: 4.00 (th1.150709-1700) | ||||
3292 | "C:\Program Files\ClockworkMod\Universal Adb Driver\signtool.exe" sign /v /s PrivateCertStore /n UniversalADB /t http://timestamp.verisign.com/scripts/timstamp.dll usb_driver\androidwinusba64.cat | C:\Program Files\ClockworkMod\Universal Adb Driver\signtool.exe | UniversalAdbDriverInstaller.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Authenticode(R) - signing and verifying tool Exit code: 0 Version: 4.00 (th1.150709-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3184 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\MSI4AB8.tmp | — | |
MD5:— | SHA256:— | |||
3184 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\MSI4B46.tmp | — | |
MD5:— | SHA256:— | |||
2320 | msiexec.exe | C:\System Volume Information\SPP\metadata-2 | — | |
MD5:— | SHA256:— | |||
2320 | msiexec.exe | C:\System Volume Information\SPP\OnlineMetadataCache\{aee004d3-91cb-41ac-aaaa-c4d4177c7522}_OnDiskSnapshotProp | binary | |
MD5:7145FEEE4153B2F57A2CE5EF295E4DDB | SHA256:C657E47BC9FA5CE18695C395B76E7071E1A7D7B5D2174412F45F1552C9B5D5AD | |||
3536 | DrvInst.exe | C:\Windows\INF\setupapi.ev1 | binary | |
MD5:403F57E5FF9768D8F906117E0B8F37AD | SHA256:BEADD52DB0688AE2B5C4AA859204C7D46DCCA1E6B6777363A9F85C8C28A3FC1C | |||
3536 | DrvInst.exe | C:\Windows\INF\setupapi.dev.log | ini | |
MD5:57E586238D0EFE22ED4B71B63BCD5C1A | SHA256:2D9518357CC3329DE7EB3B8AA3CECF7849E1C27BBD69B8AD41DB7E20E22FDE8D | |||
2320 | msiexec.exe | C:\System Volume Information\SPP\snapshot-2 | binary | |
MD5:7145FEEE4153B2F57A2CE5EF295E4DDB | SHA256:C657E47BC9FA5CE18695C395B76E7071E1A7D7B5D2174412F45F1552C9B5D5AD | |||
3536 | DrvInst.exe | C:\Windows\INF\setupapi.ev3 | binary | |
MD5:76DCC60F78B3DFF1AE3627619074F465 | SHA256:18541AC1875315C4F9EFF75050C574FAFF83717C029DAE6B366F9C6C3F0C19E0 | |||
2816 | MsiExec.exe | C:\Users\admin\AppData\Local\Temp\CFG4B45.tmp | xml | |
MD5:C517737DD6B59D0BD576A0A484C12E8B | SHA256:0774A3FD610BE54DAF2801AC6763F7FDE87073D95435900874C9A61B14F88F50 | |||
2320 | msiexec.exe | C:\Windows\Installer\13ab85.msi | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1256 | signtool.exe | POST | 200 | 216.168.246.38:80 | http://timestamp.verisign.com/scripts/timstamp.dll | US | text | 4.07 Kb | unknown |
3292 | signtool.exe | POST | 200 | 216.168.246.38:80 | http://timestamp.verisign.com/scripts/timstamp.dll | US | text | 4.07 Kb | unknown |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3292 | signtool.exe | 216.168.246.38:80 | timestamp.verisign.com | — | US | unknown |
1256 | signtool.exe | 216.168.246.38:80 | timestamp.verisign.com | — | US | unknown |
Domain | IP | Reputation |
---|---|---|
timestamp.verisign.com |
| unknown |