File name: | apkcombovpn-x86-0.1.1.msi |
Full analysis: | https://app.any.run/tasks/ea5a8186-1830-43d0-8c22-400512db1b3b |
Verdict: | Malicious activity |
Analysis date: | May 30, 2020, 01:23:00 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-msi |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: APKCombo VPN: Fast, Modern, Secure VPN Tunnel, Author: APKCombo.com, Keywords: Installer, Comments: This installer database contains the logic and data required to install APKCombo VPN., Template: Intel;1033, Revision Number: {B2F6B482-5670-4F7A-B557-94116B5F789A}, Create Time/Date: Thu Apr 9 02:29:58 2020, Last Saved Time/Date: Thu Apr 9 02:29:58 2020, Number of Pages: 400, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 4 |
MD5: | 3670C1D3595609CCC3DB00404652D8A5 |
SHA1: | 1F27433DCC8CF58057EC0C8BFA97ABC4992943DE |
SHA256: | DCC870BA4EB76D1F3B3F3BCC84CF4807709EB4C74BCD5BEC5C94723618A33CB9 |
SSDEEP: | 98304:lvOFaSszWhQRYhgX6u8MVB6WFbay0bEiklTJPLk:l2FZ2WXhMVBpbaLAiQT |
.msi | | | Microsoft Windows Installer (98.5) |
---|---|---|
.msi | | | Microsoft Installer (100) |
CodePage: | Windows Latin 1 (Western European) |
---|---|
Title: | Installation Database |
Subject: | APKCombo VPN: Fast, Modern, Secure VPN Tunnel |
Author: | APKCombo.com |
Keywords: | Installer |
Comments: | This installer database contains the logic and data required to install APKCombo VPN. |
Template: | Intel;1033 |
RevisionNumber: | {B2F6B482-5670-4F7A-B557-94116B5F789A} |
CreateDate: | 2020:04:09 01:29:58 |
ModifyDate: | 2020:04:09 01:29:58 |
Pages: | 400 |
Words: | 2 |
Software: | Windows Installer XML Toolset (3.11.2.4516) |
Security: | Read-only enforced |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2908 | "C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Temp\apkcombovpn-x86-0.1.1.msi" | C:\Windows\System32\msiexec.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
2432 | C:\Windows\system32\msiexec.exe /V | C:\Windows\system32\msiexec.exe | services.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
2576 | C:\Windows\system32\vssvc.exe | C:\Windows\system32\vssvc.exe | — | services.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft® Volume Shadow Copy Service Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2980 | C:\Windows\system32\MsiExec.exe -Embedding E1F12751D003A19942CB298118155CAC | C:\Windows\system32\MsiExec.exe | — | msiexec.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
3772 | C:\Windows\system32\MsiExec.exe -Embedding DF03F8310F24B2C7F55700DD38ADCFD9 M Global\MSI0000 | C:\Windows\system32\MsiExec.exe | msiexec.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
3864 | DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{39f52aea-c776-3690-a5b6-4f4bd92cb654}\wintun.inf" "0" "634301143" "0000055C" "WinSta0\Default" "00000558" "208" "C:\Windows\Temp\3ef887d2d76d770753025898634439591401c408474a1fc3cb4d027f15876ad4" | C:\Windows\system32\DrvInst.exe | svchost.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Driver Installation Module Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2316 | rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{0b2f63fb-9158-5dfe-569f-6e1827730219} Global\{10a312e5-be62-5bf9-5cb4-501bf7f59745} C:\Windows\System32\DriverStore\Temp\{5ee22cc9-81e7-1740-ce17-123c2d44f97c}\wintun.inf C:\Windows\System32\DriverStore\Temp\{5ee22cc9-81e7-1740-ce17-123c2d44f97c}\wintun.cat | C:\Windows\system32\rundll32.exe | — | DrvInst.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3992 | "C:\Program Files\APKCombo VPN\apkcombovpn.exe" | C:\Program Files\APKCombo VPN\apkcombovpn.exe | — | msiexec.exe |
User: admin Company: WireGuard LLC Integrity Level: MEDIUM Description: APKCombo VPN: Fast, Modern, Secure VPN Tunnel Exit code: 0 Version: 0.1.1 | ||||
2308 | "C:\Program Files\APKCombo VPN\apkcombovpn.exe" /installmanagerservice | C:\Program Files\APKCombo VPN\apkcombovpn.exe | apkcombovpn.exe | |
User: SYSTEM Company: WireGuard LLC Integrity Level: SYSTEM Description: APKCombo VPN: Fast, Modern, Secure VPN Tunnel Exit code: 0 Version: 0.1.1 | ||||
2504 | "C:\Program Files\APKCombo VPN\apkcombovpn.exe" /managerservice | C:\Program Files\APKCombo VPN\apkcombovpn.exe | — | services.exe |
User: SYSTEM Company: WireGuard LLC Integrity Level: SYSTEM Description: APKCombo VPN: Fast, Modern, Secure VPN Tunnel Version: 0.1.1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2432 | msiexec.exe | C:\System Volume Information\SPP\metadata-2 | — | |
MD5:— | SHA256:— | |||
2432 | msiexec.exe | C:\Windows\Installer\MSI1333.tmp | — | |
MD5:— | SHA256:— | |||
2432 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\~DF7CC59B245A633C4E.TMP | — | |
MD5:— | SHA256:— | |||
2432 | msiexec.exe | C:\Windows\Installer\MSI14DB.tmp | — | |
MD5:— | SHA256:— | |||
2576 | vssvc.exe | C: | — | |
MD5:— | SHA256:— | |||
2432 | msiexec.exe | C:\Windows\Installer\80c9b.msi | executable | |
MD5:3670C1D3595609CCC3DB00404652D8A5 | SHA256:DCC870BA4EB76D1F3B3F3BCC84CF4807709EB4C74BCD5BEC5C94723618A33CB9 | |||
2432 | msiexec.exe | C:\System Volume Information\SPP\OnlineMetadataCache\{c5ebe375-d292-42e3-a71e-9295b2721cdc}_OnDiskSnapshotProp | binary | |
MD5:9DE9878DD2670AECE54A90A42EC8B83A | SHA256:780C57267B429E3F7FE1DA3AB537F206F9C8C4D2746696AD77522DE3805BE5E1 | |||
3772 | MsiExec.exe | C:\Windows\System32\DriverStore\FileRepository\netl1c86.inf_x86_neutral_49e2658f4a72e53f\netl1c86.PNF | pnf | |
MD5:BE29D44019BAFB720BD55F92C637D477 | SHA256:34ECEFA688609FD6D384AEEBC53DEB8A9C04A2007758FACEAEEA8E06D33F3EF4 | |||
2432 | msiexec.exe | C:\Windows\Installer\MSI14BA.tmp | binary | |
MD5:DD1CC924899F0E57EA2FAF98C87BFEC4 | SHA256:C81A247AED6FFEBC1B36002AFD6069A6A31AC5B6F06B97C4D7A6731DD92E5996 | |||
3772 | MsiExec.exe | C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_x86_neutral_8887242a56ee027e\dc21x4vm.PNF | pnf | |
MD5:1C00775E4FA5671BCB1E7F29D5816058 | SHA256:CA81179D16A5022F5EEA1C4AE219D12A719B3CA5C17F0F8B9039E131F3643CE7 |