File name: | JPEGView32_en-us_1.0.40.msi |
Full analysis: | https://app.any.run/tasks/a037dd43-c96e-4b09-a43c-5ba64c782bce |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 08:32:32 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-msi |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Lightweight Image Viewer, Author: Kevin M (sylikc), Keywords: Installer, Comments: Installs JPEGView 1.0.40.0, Template: Intel;1033, Revision Number: {3C8C42B3-F86B-4B98-98C4-3152596FE2F3}, Create Time/Date: Wed Mar 30 21:13:02 2022, Last Saved Time/Date: Wed Mar 30 21:13:02 2022, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2 |
MD5: | 0D5449BCFE9EC6327BA435294A6ACAE4 |
SHA1: | 6150002FA671E9C19734376E5D682FA55CCA3768 |
SHA256: | E04F98B991A4A5BC497F968A78A990BDD3C22966388AED6CC57BEF457C01F428 |
SSDEEP: | 24576:ec0uIH3vdktehimWpUGWeR+689jTqTbSZjI4EXnEQBE1RbeP5Ab5t:ecrIH/djhimWphWS+6EmfSZjMn+YA |
.msi | | | Microsoft Windows Installer (98.5) |
---|---|---|
.msi | | | Microsoft Installer (100) |
CodePage: | Windows Latin 1 (Western European) |
---|---|
Title: | Installation Database |
Subject: | Lightweight Image Viewer |
Author: | Kevin M (sylikc) |
Keywords: | Installer |
Comments: | Installs JPEGView 1.0.40.0 |
Template: | Intel;1033 |
RevisionNumber: | {3C8C42B3-F86B-4B98-98C4-3152596FE2F3} |
CreateDate: | 2022:03:30 20:13:02 |
ModifyDate: | 2022:03:30 20:13:02 |
Pages: | 200 |
Words: | 2 |
Software: | Windows Installer XML Toolset (3.11.2.4516) |
Security: | Read-only recommended |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2908 | "C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Temp\JPEGView32_en-us_1.0.40.msi" | C:\Windows\System32\msiexec.exe | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
1288 | C:\Windows\system32\msiexec.exe /V | C:\Windows\system32\msiexec.exe | services.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
4064 | C:\Windows\system32\vssvc.exe | C:\Windows\system32\vssvc.exe | — | services.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft® Volume Shadow Copy Service Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2040 | "C:\Program Files\JPEGView\JPEGView.exe" | C:\Program Files\JPEGView\JPEGView.exe | Explorer.EXE | |
User: admin Company: David Kleiner Integrity Level: MEDIUM Description: JPEGView Exit code: 0 Version: 1.0.40.0 | ||||
3192 | "C:\Program Files\JPEGView\JPEGView.exe" | C:\Program Files\JPEGView\JPEGView.exe | Explorer.EXE | |
User: admin Company: David Kleiner Integrity Level: MEDIUM Description: JPEGView Version: 1.0.40.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1288 | msiexec.exe | C:\System Volume Information\SPP\metadata-2 | — | |
MD5:— | SHA256:— | |||
1288 | msiexec.exe | C:\Windows\Installer\1086e5.msi | executable | |
MD5:0D5449BCFE9EC6327BA435294A6ACAE4 | SHA256:E04F98B991A4A5BC497F968A78A990BDD3C22966388AED6CC57BEF457C01F428 | |||
1288 | msiexec.exe | C:\Windows\Installer\MSI8B5A.tmp | binary | |
MD5:1D09F809077ABB1CB1F2266C8F8660CA | SHA256:D344BDD73080A37AA37B8092E74F30C657BD0917E8A57DBF934D59DCBF1F410A | |||
1288 | msiexec.exe | C:\Program Files\JPEGView\JPEGView.ini | text | |
MD5:531DCECF828CD2A69123CDC82E1706A8 | SHA256:D0B1DC9CA3BF8C768F905F05BE7B3589CCE46A19C47AD7DD2050963D2B8915E1 | |||
1288 | msiexec.exe | C:\Program Files\JPEGView\strings_bel.txt | text | |
MD5:D9E3708BD1F2925BBF025B993A3BAD10 | SHA256:8DB414416AC5B9E14A756A8C5FAD4B4981388BC86AEC4B3D732C47F94CC4B30D | |||
1288 | msiexec.exe | C:\Program Files\JPEGView\JPEGView_ru.ini.tpl | ini | |
MD5:6A4FF48E249F0EFA9C49A1F624CC3152 | SHA256:A85E5EC1F9908C0F6100BE7367CDEA9A6F0BF782F1DCB555AB84B5DC6480E9AA | |||
1288 | msiexec.exe | C:\System Volume Information\SPP\OnlineMetadataCache\{c06ba9a0-7a5a-45f7-b0a8-e9bdf4259518}_OnDiskSnapshotProp | binary | |
MD5:9779BCC25C333D541EF9C92CE2B404A6 | SHA256:D69AE28C1E8E2C971562DEDAF53A566B8BD4F071415E7315FABFFDFD545A383A | |||
1288 | msiexec.exe | C:\System Volume Information\SPP\snapshot-2 | binary | |
MD5:9779BCC25C333D541EF9C92CE2B404A6 | SHA256:D69AE28C1E8E2C971562DEDAF53A566B8BD4F071415E7315FABFFDFD545A383A | |||
1288 | msiexec.exe | C:\Program Files\JPEGView\KeyMap_ru.txt | text | |
MD5:E9E8F8D01988B2BA0E582F1B3DFCA2D7 | SHA256:C892C119594B2CD318FF175676D4F848D19BDE71E305C98002B1DFD09DAE615F | |||
1288 | msiexec.exe | C:\Windows\Installer\1086e6.ipi | binary | |
MD5:C930184DF45CF6637391CE53E4D496F4 | SHA256:09869A33D80C42FB286C62D817B5BB2E200348BD217E864C05E3C5142C857C10 |
Process | Message |
---|---|
JPEGView.exe | Start new request: |
JPEGView.exe | C:\Program Files\JPEGView\NavPanel.png |
JPEGView.exe | |
JPEGView.exe | Waiting for request: |
JPEGView.exe | C:\Program Files\JPEGView\NavPanel.png |
JPEGView.exe | |
JPEGView.exe | Finished request: |
JPEGView.exe | C:\Program Files\JPEGView\NavPanel.png |
JPEGView.exe | |
JPEGView.exe | Start new request: |