File name: | Sii0909098761234114.msi |
Full analysis: | https://app.any.run/tasks/2e3bf6b5-3a6b-4c2f-8d7f-f1ef93f990a3 |
Verdict: | Malicious activity |
Analysis date: | August 13, 2019, 19:11:00 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-msi |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.3, MSI Installer, Title: Installation Database, Keywords: Installer, MSI, Database, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Dec 11 11:47:44 2009, Number of Pages: 200, Security: 0, Code page: 1252, Revision Number: {EF039855-95DA-4F53-B8CB-552320887DD9}, Number of Words: 10, Subject: Archivo, Author: Principal, Name of Creating Application: Advanced Installer 12.2.1 build 64247, Template: ;1027, Comments: La base de dades del installador cont la lgica i les dades necessries per installar Archivo. |
MD5: | 69BF9FAB7277A08DB19E049E4B16695D |
SHA1: | 1127D9025DE9E42F11E3FA31C157E9E3AF78D11D |
SHA256: | 75E4C68705063E0CEAD0028B63D02FECFC91301A776D24E3E58E858063D79302 |
SSDEEP: | 196608:jE3msQOTE4GyNB0Fa3mVUr8Ejl4OPbYsZJK7eoc:g3m4TEyNB0gI+9jYwWX |
.msi | | | Microsoft Windows Installer (88.6) |
---|---|---|
.mst | | | Windows SDK Setup Transform Script (10) |
.msi | | | Microsoft Installer (100) |
Comments: | La base de dades del instal·lador conté la lògica i les dades necessàries per instal·lar Archivo. |
---|---|
Template: | ;1027 |
Software: | Advanced Installer 12.2.1 build 64247 |
LastModifiedBy: | - |
Author: | Principal |
Subject: | Archivo |
Words: | 10 |
RevisionNumber: | {EF039855-95DA-4F53-B8CB-552320887DD9} |
CodePage: | Windows Latin 1 (Western European) |
Security: | None |
Pages: | 200 |
ModifyDate: | 2009:12:11 11:47:44 |
CreateDate: | 2009:12:11 11:47:44 |
LastPrinted: | 2009:12:11 11:47:44 |
Keywords: | Installer, MSI, Database |
Title: | Installation Database |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2968 | "C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Temp\Sii0909098761234114.msi" | C:\Windows\System32\msiexec.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
3632 | C:\Windows\system32\msiexec.exe /V | C:\Windows\system32\msiexec.exe | services.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
1296 | C:\Windows\system32\vssvc.exe | C:\Windows\system32\vssvc.exe | — | services.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft® Volume Shadow Copy Service Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1324 | DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot22" "" "" "695c3f483" "00000000" "00000064" "00000394" | C:\Windows\system32\DrvInst.exe | — | svchost.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Driver Installation Module Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
316 | C:\Windows\system32\MsiExec.exe -Embedding 0018324347DB74C7528127155F5176C0 | C:\Windows\system32\MsiExec.exe | — | msiexec.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
2628 | "C:\Users\admin\Documents\QVTA5974HI2IH.exe" | C:\Users\admin\Documents\QVTA5974HI2IH.exe | msiexec.exe | |
User: admin Company: VMware, Inc. Integrity Level: MEDIUM Description: VMware NAT Service Version: 12.5.6 build-5528349 | ||||
628 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe13_ Global\UsGthrCtrlFltPipeMssGthrPipe13 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3632 | msiexec.exe | C:\System Volume Information\SPP\metadata-2 | — | |
MD5:— | SHA256:— | |||
1324 | DrvInst.exe | C:\Windows\INF\setupapi.dev.log | ini | |
MD5:B93327C88AE218D4F923CDFEEABB82D8 | SHA256:B0FBAE1F1EFC4AAA13E20A2A8FC2A52DFE29E715D2C8E164EEA0BB19FB175C92 | |||
1324 | DrvInst.exe | C:\Windows\INF\setupapi.ev3 | binary | |
MD5:8F761032829FB6121AEE77E26DC667A6 | SHA256:F83E1592023B7C8F6C15847F26D30770C0A52E6C7304DBA951EEA437E2737649 | |||
3632 | msiexec.exe | C:\System Volume Information\SPP\snapshot-2 | binary | |
MD5:2CBC37C3D709318D84F3EC38606A109D | SHA256:FFC6964AF2AA7A1510D41E24C1C4F7895924D99A34ABA60311FFCA4D8BB47B2B | |||
3632 | msiexec.exe | C:\Windows\Installer\37d814.msi | — | |
MD5:— | SHA256:— | |||
3632 | msiexec.exe | C:\System Volume Information\SPP\OnlineMetadataCache\{7cabaccc-6009-46ff-b675-8f0060847594}_OnDiskSnapshotProp | binary | |
MD5:2CBC37C3D709318D84F3EC38606A109D | SHA256:FFC6964AF2AA7A1510D41E24C1C4F7895924D99A34ABA60311FFCA4D8BB47B2B | |||
1324 | DrvInst.exe | C:\Windows\INF\setupapi.ev1 | binary | |
MD5:7B4D23200A6D0D8F85980CF442171338 | SHA256:8F9FADE2A2CE1D30E6EA45231A1B055593FADDF61C4B70751EA59319954D2E7C | |||
3632 | msiexec.exe | C:\Windows\Installer\MSID92E.tmp | — | |
MD5:— | SHA256:— | |||
3632 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\~DF35911F8B6E7A68A3.TMP | — | |
MD5:— | SHA256:— | |||
3632 | msiexec.exe | C:\Windows\Installer\37d816.ipi | — | |
MD5:— | SHA256:— |
Process | Message |
---|---|
QVTA5974HI2IH.exe | CodeSet_Init: no ICU
|