File name: | Sii0909098761234114.msi |
Full analysis: | https://app.any.run/tasks/ded5169b-90c4-4855-a5a4-d17817892d4f |
Verdict: | Malicious activity |
Analysis date: | August 13, 2019, 19:08:50 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-msi |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.3, MSI Installer, Title: Installation Database, Keywords: Installer, MSI, Database, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Dec 11 11:47:44 2009, Number of Pages: 200, Security: 0, Code page: 1252, Revision Number: {EF039855-95DA-4F53-B8CB-552320887DD9}, Number of Words: 10, Subject: Archivo, Author: Principal, Name of Creating Application: Advanced Installer 12.2.1 build 64247, Template: ;1027, Comments: La base de dades del installador cont la lgica i les dades necessries per installar Archivo. |
MD5: | 69BF9FAB7277A08DB19E049E4B16695D |
SHA1: | 1127D9025DE9E42F11E3FA31C157E9E3AF78D11D |
SHA256: | 75E4C68705063E0CEAD0028B63D02FECFC91301A776D24E3E58E858063D79302 |
SSDEEP: | 196608:jE3msQOTE4GyNB0Fa3mVUr8Ejl4OPbYsZJK7eoc:g3m4TEyNB0gI+9jYwWX |
.msi | | | Microsoft Windows Installer (88.6) |
---|---|---|
.mst | | | Windows SDK Setup Transform Script (10) |
.msi | | | Microsoft Installer (100) |
Comments: | La base de dades del instal·lador conté la lògica i les dades necessàries per instal·lar Archivo. |
---|---|
Template: | ;1027 |
Software: | Advanced Installer 12.2.1 build 64247 |
LastModifiedBy: | - |
Author: | Principal |
Subject: | Archivo |
Words: | 10 |
RevisionNumber: | {EF039855-95DA-4F53-B8CB-552320887DD9} |
CodePage: | Windows Latin 1 (Western European) |
Security: | None |
Pages: | 200 |
ModifyDate: | 2009:12:11 11:47:44 |
CreateDate: | 2009:12:11 11:47:44 |
LastPrinted: | 2009:12:11 11:47:44 |
Keywords: | Installer, MSI, Database |
Title: | Installation Database |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2488 | "C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Temp\Sii0909098761234114.msi" | C:\Windows\System32\msiexec.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
3652 | C:\Windows\system32\msiexec.exe /V | C:\Windows\system32\msiexec.exe | services.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
1484 | C:\Windows\system32\vssvc.exe | C:\Windows\system32\vssvc.exe | — | services.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft® Volume Shadow Copy Service Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3060 | DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot22" "" "" "695c3f483" "00000000" "000005DC" "00000578" | C:\Windows\system32\DrvInst.exe | — | svchost.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Driver Installation Module Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3244 | C:\Windows\system32\MsiExec.exe -Embedding DDF5F4FCDFA15EA091A33CA4A700E1C1 | C:\Windows\system32\MsiExec.exe | — | msiexec.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
3688 | "C:\Users\admin\Documents\QVTA5974HI2IH.exe" | C:\Users\admin\Documents\QVTA5974HI2IH.exe | msiexec.exe | |
User: admin Company: VMware, Inc. Integrity Level: MEDIUM Description: VMware NAT Service Version: 12.5.6 build-5528349 | ||||
1512 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe13_ Global\UsGthrCtrlFltPipeMssGthrPipe13 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3652 | msiexec.exe | C:\System Volume Information\SPP\metadata-2 | — | |
MD5:— | SHA256:— | |||
3652 | msiexec.exe | C:\Windows\Installer\372639.msi | — | |
MD5:— | SHA256:— | |||
3652 | msiexec.exe | C:\Windows\Installer\MSI29A5.tmp | — | |
MD5:— | SHA256:— | |||
3652 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\~DFDF2DDE43514ECFE5.TMP | — | |
MD5:— | SHA256:— | |||
3060 | DrvInst.exe | C:\Windows\INF\setupapi.ev3 | binary | |
MD5:8F761032829FB6121AEE77E26DC667A6 | SHA256:F83E1592023B7C8F6C15847F26D30770C0A52E6C7304DBA951EEA437E2737649 | |||
3060 | DrvInst.exe | C:\Windows\INF\setupapi.dev.log | ini | |
MD5:AF215E34D00F19F406D064CB13407114 | SHA256:50EFBBA318045A5C270C7ABE975B6575B55002E2A49E86E5E43261CCF69C92AE | |||
3652 | msiexec.exe | C:\System Volume Information\SPP\snapshot-2 | binary | |
MD5:7BB96DEEEF7C63C39C7D3E997F4FBE50 | SHA256:A691666C7F274D3F9758E22EB5476A4836326CBF8FEA8A8013A961A53999A844 | |||
3652 | msiexec.exe | C:\Config.Msi\37263c.rbs | — | |
MD5:— | SHA256:— | |||
3652 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\~DF732150D332154814.TMP | — | |
MD5:— | SHA256:— | |||
1484 | vssvc.exe | C: | — | |
MD5:— | SHA256:— |
Process | Message |
---|---|
QVTA5974HI2IH.exe | CodeSet_Init: no ICU
|