File name:

BatchPurifierLITESetup.msi

Full analysis: https://app.any.run/tasks/ade0a7eb-3024-4c72-8bfe-aa5e59d3dab7
Verdict: Malicious activity
Analysis date: December 02, 2023, 05:45:41
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
generated-doc
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Installation Database, Comments: Contact: Your local administrator, Keywords: Installer,MSI,Database, Subject: BatchPurifier, Author: Digital Confidence, Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2015 Limited Edition 22, Last Saved Time/Date: Sun Nov 5 22:35:30 2023, Create Time/Date: Sun Nov 5 22:35:30 2023, Last Printed: Sun Nov 5 22:35:30 2023, Revision Number: {3B2D2D0F-CDA8-4823-9EF9-3ED0EF074C77}, Code page: 1252, Template: Intel;1033
MD5:

3F0D11A9FA114A24E01400240AA1D909

SHA1:

8582073EE08674B16E7B4E9F407E95FF9D7B8022

SHA256:

F93E6A590C19EE32404DB6D41728862AB5BF2889C21E1598183E00F3F505A8A7

SSDEEP:

98304:KbYuRqlthzTxXq/FYleN+cs6BqH6Rq1VbUm:J

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • msiexec.exe (PID: 3976)

  • SUSPICIOUS

    • Executes as Windows Service

      • VSSVC.exe (PID: 2540)

    • Reads Internet Explorer settings

      • BatchPurifier.exe (PID: 3316)

    • Reads the Internet Settings

      • BatchPurifier.exe (PID: 3316)

  • INFO

    • Checks supported languages

      • msiexec.exe (PID: 3976)
      • msiexec.exe (PID: 2688)
      • msiexec.exe (PID: 3452)
      • BatchPurifier.exe (PID: 3316)

    • Reads the computer name

      • msiexec.exe (PID: 3976)
      • msiexec.exe (PID: 2688)
      • msiexec.exe (PID: 3452)
      • BatchPurifier.exe (PID: 3316)

    • Reads the machine GUID from the registry

      • msiexec.exe (PID: 3976)
      • msiexec.exe (PID: 2688)
      • msiexec.exe (PID: 3452)
      • BatchPurifier.exe (PID: 3316)

    • Drops the executable file immediately after the start

      • msiexec.exe (PID: 2644)

    • Application launched itself

      • msiexec.exe (PID: 3976)

    • Create files in a temporary directory

      • msiexec.exe (PID: 3976)

    • Creates files or folders in the user directory

      • msiexec.exe (PID: 3976)

    • Manual execution by a user

      • BatchPurifier.exe (PID: 3316)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Windows Installer (84.2)
.mst | Windows SDK Setup Transform Script (9.5)
.msi | Microsoft Installer (100)

EXIF

FlashPix

Characters: -
LastModifiedBy: InstallShield
Words: -
Title: Installation Database
Comments: Contact: Your local administrator
Keywords: Installer,MSI,Database
Subject: BatchPurifier
Author: Digital Confidence
Security: Password protected
Pages: 200
Software: InstallShield? 2015 Limited Edition 22
ModifyDate: 2023:11:05 22:35:30
CreateDate: 2023:11:05 22:35:30
LastPrinted: 2023:11:05 22:35:30
RevisionNumber: {3B2D2D0F-CDA8-4823-9EF9-3ED0EF074C77}
CodePage: Windows Latin 1 (Western European)
Template: Intel;1033
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
45
Monitored processes
6
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs vssvc.exe no specs msiexec.exe no specs batchpurifier.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2540C:\Windows\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2644"C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Temp\BatchPurifierLITESetup.msi"C:\Windows\System32\msiexec.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2688C:\Windows\system32\MsiExec.exe -Embedding 0E5CA38C0FD4F6AD17965632A733ADA2 CC:\Windows\System32\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3316"C:\Program Files\Digital Confidence\BatchPurifier\BatchPurifier.exe" C:\Program Files\Digital Confidence\BatchPurifier\BatchPurifier.exeexplorer.exe
User:
admin
Company:
Digital Confidence Ltd
Integrity Level:
MEDIUM
Description:
BatchPurifier
Exit code:
0
Version:
8.3.0.0
Modules
Images
c:\program files\digital confidence\batchpurifier\batchpurifier.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
3452C:\Windows\system32\MsiExec.exe -Embedding 150E6342CE27DC9F52A4BA2285C19157C:\Windows\System32\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3976C:\Windows\system32\msiexec.exe /VC:\Windows\System32\msiexec.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
8 495
Read events
8 350
Write events
131
Delete events
14

Modification events

(PID) Process:(3976) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
4000000000000000F2B487BA16B0D901C80700002C0A0000D5070000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3976) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
4000000000000000F2B487BA16B0D901C80700002C0A0000D0070000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3976) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
Operation:writeName:LastIndex
Value:
72
(PID) Process:(3976) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
Operation:writeName:SppGatherWriterMetadata (Enter)
Value:
40000000000000008C62D6BA16B0D901C80700002C0A0000D3070000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3976) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
Operation:writeName:SppGatherWriterMetadata (Leave)
Value:
400000000000000064514ABC16B0D901C80700002C0A0000D3070000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3976) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
Operation:writeName:SppAddInterestingComponents (Enter)
Value:
400000000000000064514ABC16B0D901C80700002C0A0000D4070000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3976) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
Operation:writeName:SppAddInterestingComponents (Leave)
Value:
400000000000000034645DBC16B0D901C80700002C0A0000D4070000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3976) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
Operation:writeName:SppCreate (Leave)
Value:
4000000000000000781D5ABD16B0D901C80700002C0A0000D0070000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3976) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Leave)
Value:
4000000000000000781D5ABD16B0D901C80700002C0A0000D5070000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3976) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
Operation:writeName:FirstRun
Value:
0
Executable files
33
Suspicious files
16
Text files
6
Unknown types
0

Dropped files

PID
Process
Filename
Type
3976msiexec.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
3976msiexec.exeC:\Windows\Installer\20b366.msiexecutable
MD5:3F0D11A9FA114A24E01400240AA1D909
SHA256:F93E6A590C19EE32404DB6D41728862AB5BF2889C21E1598183E00F3F505A8A7
3976msiexec.exeC:\Program Files\Digital Confidence\BatchPurifier\APETag.dllexecutable
MD5:25474B2DBDD14C417FC5DEA8DC29BC1B
SHA256:BC5CFE7CFF3F49150B8483237F7DCC97E200BFCCF8873B4447387CE7702F0AC4
3976msiexec.exeC:\Program Files\Digital Confidence\BatchPurifier\ID3.dllexecutable
MD5:371B3C5CEBCC5EBD6944136898CA035A
SHA256:3E064D7BCF785DA892C8D4AA8A63ADD63EAD50E5893E6AAF422CF364AEFF5A11
3976msiexec.exeC:\Program Files\Digital Confidence\BatchPurifier\BatchPurifier.exeexecutable
MD5:2E1EE35E34A50EE8A6CF06246C3D79A6
SHA256:F4102734D306613FDA7A1932A84487DFF3F81695119E3887FB1A5174A64F6072
3976msiexec.exeC:\System Volume Information\SPP\OnlineMetadataCache\{bfd4ac2a-ff71-4d16-a7be-5235a96d7949}_OnDiskSnapshotPropbinary
MD5:5C87877FE0444A578676B95741392ADE
SHA256:123FEDE59DCD2185B58775DE43064CE5A9B3CB24E9895C65EBB1E1C3EC8BBE7C
3976msiexec.exeC:\Windows\Installer\20b367.ipibinary
MD5:F9FDB27823ABD07F361D7277A794A39F
SHA256:1C1EEBFD7D96DBFB117AD2A9693FBF9AAC06851A8EC6B3716FEEFD751232484C
3976msiexec.exeC:\Windows\Installer\MSIB6C2.tmpbinary
MD5:66A44ACF8596115200A8E0C5D72345F3
SHA256:A987346F33BDA93F9F63BD41985706C6CFBD84336FE94815989482BC12481385
2644msiexec.exeC:\Users\admin\AppData\Local\Temp\MSI6A95.tmpexecutable
MD5:C90F51E8F8C547CE8A48C22ECDCF5304
SHA256:226F3E224BFC7D77AFFF0F3D9048D1727EEA7AA5E2E443F8CC55BAA7DC5C6473
3976msiexec.exeC:\Program Files\Digital Confidence\BatchPurifier\Activation.dllexecutable
MD5:A830CC1DCB143F229F7312FECE98F5FA
SHA256:E13C71E2478B3340B05E1D3C31792917769C24499B509D6F379001E6C5581B00
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
BatchPurifierLITESetup.msi