File name: | apkcombovpn-x86-0.1.1.msi |
Full analysis: | https://app.any.run/tasks/4177ed5a-16d9-4943-ad74-2a3e2304e134 |
Verdict: | Malicious activity |
Analysis date: | May 30, 2020, 01:09:39 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-msi |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: APKCombo VPN: Fast, Modern, Secure VPN Tunnel, Author: APKCombo.com, Keywords: Installer, Comments: This installer database contains the logic and data required to install APKCombo VPN., Template: Intel;1033, Revision Number: {B2F6B482-5670-4F7A-B557-94116B5F789A}, Create Time/Date: Thu Apr 9 02:29:58 2020, Last Saved Time/Date: Thu Apr 9 02:29:58 2020, Number of Pages: 400, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 4 |
MD5: | 3670C1D3595609CCC3DB00404652D8A5 |
SHA1: | 1F27433DCC8CF58057EC0C8BFA97ABC4992943DE |
SHA256: | DCC870BA4EB76D1F3B3F3BCC84CF4807709EB4C74BCD5BEC5C94723618A33CB9 |
SSDEEP: | 98304:lvOFaSszWhQRYhgX6u8MVB6WFbay0bEiklTJPLk:l2FZ2WXhMVBpbaLAiQT |
.msi | | | Microsoft Windows Installer (98.5) |
---|---|---|
.msi | | | Microsoft Installer (100) |
CodePage: | Windows Latin 1 (Western European) |
---|---|
Title: | Installation Database |
Subject: | APKCombo VPN: Fast, Modern, Secure VPN Tunnel |
Author: | APKCombo.com |
Keywords: | Installer |
Comments: | This installer database contains the logic and data required to install APKCombo VPN. |
Template: | Intel;1033 |
RevisionNumber: | {B2F6B482-5670-4F7A-B557-94116B5F789A} |
CreateDate: | 2020:04:09 01:29:58 |
ModifyDate: | 2020:04:09 01:29:58 |
Pages: | 400 |
Words: | 2 |
Software: | Windows Installer XML Toolset (3.11.2.4516) |
Security: | Read-only enforced |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2188 | "C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Temp\apkcombovpn-x86-0.1.1.msi" | C:\Windows\System32\msiexec.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
1580 | C:\Windows\system32\msiexec.exe /V | C:\Windows\system32\msiexec.exe | services.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
1820 | C:\Windows\system32\vssvc.exe | C:\Windows\system32\vssvc.exe | — | services.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft® Volume Shadow Copy Service Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3472 | C:\Windows\system32\MsiExec.exe -Embedding E1BADDDBC734D0B252A4D9FC47E924A0 | C:\Windows\system32\MsiExec.exe | — | msiexec.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
1724 | C:\Windows\system32\MsiExec.exe -Embedding F58DCEDCF45E762B39C3279D34FC4EDC M Global\MSI0000 | C:\Windows\system32\MsiExec.exe | msiexec.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
1592 | DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{0b63d14d-1348-724e-9864-e515aa05d364}\wintun.inf" "0" "6f4a17203" "00000064" "WinSta0\Default" "00000060" "208" "C:\Windows\Temp\a5bc6555e5fd4af041215a3390b9f6074b72dbc68db8bba3282c6626e03378c3" | C:\Windows\system32\DrvInst.exe | svchost.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Driver Installation Module Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2368 | rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{5d966622-69cf-4e0f-f3e8-f857a8575129} Global\{7b9a228a-c015-5cb2-66d8-065767f86f06} C:\Windows\System32\DriverStore\Temp\{4023595c-e5f0-24a9-e2a2-e31b76c2d97a}\wintun.inf C:\Windows\System32\DriverStore\Temp\{4023595c-e5f0-24a9-e2a2-e31b76c2d97a}\wintun.cat | C:\Windows\system32\rundll32.exe | — | DrvInst.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows host process (Rundll32) Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
1580 | msiexec.exe | C:\System Volume Information\SPP\metadata-2 | — | |
MD5:— | SHA256:— | |||
1580 | msiexec.exe | C:\Windows\Installer\MSIE042.tmp | — | |
MD5:— | SHA256:— | |||
1580 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\~DFE1100F6165D078BA.TMP | — | |
MD5:— | SHA256:— | |||
1580 | msiexec.exe | C:\Windows\Installer\MSIE288.tmp | — | |
MD5:— | SHA256:— | |||
1820 | vssvc.exe | C: | — | |
MD5:— | SHA256:— | |||
1580 | msiexec.exe | C:\System Volume Information\SPP\snapshot-2 | binary | |
MD5:45CF32C4DE714781205E7DFB4318D124 | SHA256:7FB9FB00EAE14FE01470AB04093BB7B720260C5D9E5B3D8103AB7E5F444E8849 | |||
1580 | msiexec.exe | C:\System Volume Information\SPP\OnlineMetadataCache\{68d6c5df-a2fa-48cc-83ab-2d8db692c15a}_OnDiskSnapshotProp | binary | |
MD5:45CF32C4DE714781205E7DFB4318D124 | SHA256:7FB9FB00EAE14FE01470AB04093BB7B720260C5D9E5B3D8103AB7E5F444E8849 | |||
1724 | MsiExec.exe | C:\Windows\System32\DriverStore\FileRepository\netefe32.inf_x86_neutral_9590f3b23d1d64f3\netefe32.PNF | pnf | |
MD5:F3DC42E3947A78C619D4C3C33436D3B3 | SHA256:F13AFAA7654D94F04BF14B1F32428385BE2D3049C4FA0EB234A33D0F81E2A8D9 | |||
1724 | MsiExec.exe | C:\Windows\System32\DriverStore\FileRepository\netr28u.inf_x86_neutral_b42b25ec42f762c2\netr28u.PNF | pnf | |
MD5:2C44789099F59066490D5DB666E25389 | SHA256:A3CDE11A801B17119AE71BE811330811DFE37D485117DD9CD65E3A62D9EFE7EA | |||
1580 | msiexec.exe | C:\Windows\Installer\MSIE1AA.tmp | binary | |
MD5:7783EF933DF1324BD98D7F6740B596ED | SHA256:036AECD8BEEF46233969E6232BD5B8FE6448FBE7028204F55ACC9D6896655349 |