File name: | Печать НД с PDF417(3.3.2).msi |
Full analysis: | https://app.any.run/tasks/b1a6d1f0-9829-492a-aed5-672ed75ddcd1 |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 05:53:02 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-msi |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Create Time/Date: Mon Jun 21 08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1251, Template: Intel;1049, Number of Pages: 200, Revision Number: {960DC5F6-8C21-4211-9AE3-619BA8656BD7}, Title: PDF417, Author: , Comments: - PDF417, Number of Words: 2, Last Saved Time/Date: Thu Oct 28 15:21:14 2021, Last Printed: Thu Oct 28 15:21:14 2021 |
MD5: | E85DBA1288DA3DC9A7CB02B436B3ABC4 |
SHA1: | A21EB055C3F724E7E69AFA6F4C4E6B83F19A169E |
SHA256: | 8E975674713B5090AE92515EF8BA608EE29D2B9F8584003256E5AD252F9C202E |
SSDEEP: | 98304:lyx7I/NaWlyEnr2/wwAmG2+unZN2hNYgCiba2ApxVEEnXpVOX:l+7I/TyYqiunGNY4baRgunOX |
.msi | | | Microsoft Windows Installer (98.5) |
---|---|---|
.msi | | | Microsoft Installer (100) |
CreateDate: | 1999:06:21 07:00:00 |
---|---|
Software: | Windows Installer |
Security: | Password protected |
CodePage: | Windows Cyrillic |
Template: | Intel;1049 |
Pages: | 200 |
RevisionNumber: | {960DC5F6-8C21-4211-9AE3-619BA8656BD7} |
Title: | Печать НД с PDF417 |
Subject: | - |
Author: | АО «ГНИВЦ» |
Keywords: | - |
Comments: | Печать налоговых документов со штрих-кодом PDF417 |
Words: | 2 |
ModifyDate: | 2021:10:28 14:21:14 |
LastPrinted: | 2021:10:28 14:21:14 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3176 | "C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Temp\Печать НД с PDF417(3.3.2).msi" | C:\Windows\System32\msiexec.exe | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
2740 | C:\Windows\system32\msiexec.exe /V | C:\Windows\system32\msiexec.exe | services.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
3884 | C:\Windows\system32\vssvc.exe | C:\Windows\system32\vssvc.exe | — | services.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft® Volume Shadow Copy Service Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3528 | "C:\Windows\system32\MsiExec.exe" /Y "C:\Program Files\gnivc\print-nd-pdf417\TAXDOCPrt.dll" | C:\Windows\system32\MsiExec.exe | — | msiexec.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
4028 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Desktop\thesewhite.rtf" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Exit code: 0 Version: 14.0.6024.1000 | ||||
2192 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Desktop\superphotos.rtf" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Exit code: 0 Version: 14.0.6024.1000 | ||||
3440 | C:\Windows\system32\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503} | C:\Windows\system32\DllHost.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: COM Surrogate Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2740 | msiexec.exe | C:\System Volume Information\SPP\metadata-2 | — | |
MD5:— | SHA256:— | |||
2740 | msiexec.exe | C:\Windows\Installer\f9784.msi | — | |
MD5:— | SHA256:— | |||
2740 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\~DF2AB4B16F605FB677.TMP | gmc | |
MD5:945C8069DA38D638FBF40525806CE43B | SHA256:3CF68D54B45EF1DD3C0D516C5FF56D519411270D49F612FB663B6D59E70778FC | |||
2740 | msiexec.exe | C:\System Volume Information\SPP\snapshot-2 | binary | |
MD5:0ABD23DF8A39A5E8643175C317AA26B1 | SHA256:4887A39197981CAF2B48BCCDD9FEA42CAF50428A451BB50D47CAE38A09C790EA | |||
2740 | msiexec.exe | C:\Windows\Installer\f9785.ipi | binary | |
MD5:DDD24848F0F047039496BFB7F1323F3E | SHA256:FD0FFC4B48E84865B6CF7DCF73EF025E69282F2FFCB61D66DD5B21F5832E1159 | |||
2740 | msiexec.exe | C:\Windows\Installer\f9787.msi | — | |
MD5:— | SHA256:— | |||
2740 | msiexec.exe | C:\Program Files\gnivc\print-nd-pdf417\-problem.zip | compressed | |
MD5:D99298785D05A127001499D0AB9E1179 | SHA256:C505CDEC92EA5D13A99B3B99A08CBE2E01DC7EAA5D266BD33A26766B8902E036 | |||
2740 | msiexec.exe | C:\Program Files\gnivc\print-nd-pdf417\ReadMe.rtf | text | |
MD5:1F8CF7ED0D132338B9887BAB6BD310EA | SHA256:4556987BFBCF15C35F363A4E259557454F10EF84116950D36B396285DF38D0A5 | |||
2740 | msiexec.exe | C:\Windows\Installer\MSI9C18.tmp | binary | |
MD5:DB3E5B9C740C7D3B2405ECECC7C23A3B | SHA256:9A0DF32C7A351CC3B0AE0211EAFA709AFD354E301657E11AB8DED913E4A35397 | |||
2740 | msiexec.exe | C:\Program Files\gnivc\print-nd-pdf417\TAXDOCPrt.dll | executable | |
MD5:CE4096734E07CE8C9FED136D756C242B | SHA256:BA80B2B555DCF17705059454CBC998D83F08500D463466B4EF68DC5B4BEA8B3A |