Analysis

Category Started Completed Duration Log
FILE 2023-04-30 08:48:16 2023-04-30 08:48:16 0 seconds Show Log

    

MalScore

0.0

Benign

File Details

File Name msiexec.exe
File Size 128512 bytes
File Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 ac2e7152124ceed36846bd1b6592a00f
SHA1 10dc6ebb6b650bc2468026962ec604350d15d30c
SHA256 1a899bef4f64d5cdd23911a6ea09f69483e4dba8e76cda38a37dab6fa24406e8
SHA512 fb63e95e2bb4c2b17a34fb0b3b6a07bd0274c0bc30fb7f05a31ff39d91f2ea41e5e25ed30a4072c9699418057cc5bbe1a1bd840793a46ffe24fd3f5ef0436e71
CRC32 3557DD81
Ssdeep 3072:CaTO4rkZirtvP2mGGX5WOsla+ZDPUj3T:CNZ8tvOmGG6ZDPY
ClamAV None matched
Yara None matched

Signatures

No signatures


Screenshots

No screenshots available.

Hosts

No hosts contacted.

DNS

No domains contacted.


Summary

PE Information

Image Base 0x100000000
Entry Point 0x100017438
Reported Checksum 0x000231ed
Actual Checksum 0x000231ed
Minimum OS Version 6.1
PDB Path msiexec.pdb
Compile Time 2016-11-09 10:02:19
Icon
Icon Exact Hash 30adcb5c0b2e3c35eaec2c110733c9f8
Icon Similarity Hash 90e08353399b64f1d1c0f523db68e760

Version Infos

LegalCopyright \xa9 Microsoft Corporation. All rights reserved.
InternalName msiexec
FileVersion 5.0.7601.23593 (win7sp1_ldr.161109-0600)
CompanyName Microsoft Corporation
ProductName Windows Installer - Unicode
ProductVersion 5.0.7601.23593
FileDescription Windows\xae installer
OriginalFilename msiexec.exe
Translation 0x0409 0x04b0

Sections

Name Virtual Address Virtual Size Size of Raw Data Characteristics Entropy
.text 0x00001000 0x000185f8 0x00018600 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.15
.data 0x0001a000 0x000047a8 0x00003200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 2.45
.pdata 0x0001f000 0x00001188 0x00001200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.88
.rsrc 0x00021000 0x00001e20 0x00002000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.53
.reloc 0x00023000 0x000007e0 0x00000800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 4.99

Resources

Name Offset Size Language Sub-language Entropy File type
MUI 0x00022d50 0x000000d0 LANG_ENGLISH SUBLANG_ENGLISH_US 2.68 data
RT_ICON 0x00022468 0x000008a8 LANG_ENGLISH SUBLANG_ENGLISH_US 3.91 data
RT_ICON 0x00022468 0x000008a8 LANG_ENGLISH SUBLANG_ENGLISH_US 3.91 data
RT_ICON 0x00022468 0x000008a8 LANG_ENGLISH SUBLANG_ENGLISH_US 3.91 data
RT_ICON 0x00022468 0x000008a8 LANG_ENGLISH SUBLANG_ENGLISH_US 3.91 data
RT_GROUP_ICON 0x00022d10 0x0000003e LANG_ENGLISH SUBLANG_ENGLISH_US 2.65 MS Windows icon resource - 4 icons, 16x16, 16-colors
RT_VERSION 0x00021778 0x00000378 LANG_ENGLISH SUBLANG_ENGLISH_US 3.54 data
RT_MANIFEST 0x00021210 0x00000561 LANG_ENGLISH SUBLANG_ENGLISH_US 4.65 XML document text

Imports

Library ADVAPI32.dll:
0x100001000 CreateServiceW
0x100001008 RegisterEventSourceW
0x100001010 CloseServiceHandle
0x100001018 OpenProcessToken
0x100001020 DeleteService
0x100001028 OpenThreadToken
0x100001030 OpenSCManagerW
0x100001040 SetThreadToken
0x100001050 OpenServiceW
0x100001058 GetTokenInformation
0x100001060 RegEnumKeyW
0x100001068 RegCreateKeyExW
0x100001070 EqualSid
0x100001078 RegQueryValueExW
0x100001080 DeregisterEventSource
0x100001090 RegDeleteKeyW
0x1000010a0 LookupPrivilegeValueW
0x1000010a8 GetAce
0x1000010b8 RegGetKeySecurity
0x1000010c0 QueryServiceStatus
0x1000010c8 RegDeleteValueW
0x1000010d0 MakeAbsoluteSD
0x1000010d8 InitializeAcl
0x1000010e0 AllocateAndInitializeSid
0x1000010e8 SetServiceStatus
0x100001100 AddAccessAllowedAce
0x100001108 RevertToSelf
0x100001110 FreeSid
0x100001118 RegOpenKeyExW
0x100001120 MakeSelfRelativeSD
0x100001130 ReportEventW
0x100001138 GetLengthSid
0x100001140 ControlService
0x100001148 RegEnumKeyExW
0x100001150 AdjustTokenPrivileges
0x100001158 RegCloseKey
0x100001160 RegSetValueExW
Library KERNEL32.dll:
0x100001170 GetSystemDefaultLangID
0x100001178 ExitProcess
0x100001180 GetCommandLineW
0x100001188 GetEnvironmentVariableW
0x100001190 FreeLibrary
0x100001198 CreateProcessW
0x1000011a0 LoadLibraryExW
0x1000011a8 GetCurrentProcess
0x1000011b0 WaitForSingleObject
0x1000011b8 SetEvent
0x1000011c0 OutputDebugStringW
0x1000011c8 GetModuleHandleW
0x1000011d0 GetCurrentThread
0x1000011d8 WriteFile
0x1000011e8 OpenProcess
0x1000011f0 GlobalAlloc
0x1000011f8 WideCharToMultiByte
0x100001200 LoadLibraryW
0x100001208 GetLocaleInfoW
0x100001210 Sleep
0x100001218 FormatMessageW
0x100001220 GetVersionExW
0x100001228 LeaveCriticalSection
0x100001230 GetModuleFileNameW
0x100001238 CompareStringW
0x100001240 GetACP
0x100001248 lstrcmpW
0x100001250 MultiByteToWideChar
0x100001258 lstrlenW
0x100001260 GetStdHandle
0x100001268 GetLastError
0x100001270 SetLastError
0x100001278 GetProcAddress
0x100001280 EnterCriticalSection
0x100001288 GlobalFree
0x100001290 UnhandledExceptionFilter
0x100001298 GetFileType
0x1000012a0 SetConsoleCtrlHandler
0x1000012a8 CreateEventW
0x1000012b0 SetCurrentDirectoryW
0x1000012b8 lstrcmpiW
0x1000012c0 OpenEventW
0x1000012c8 DeleteCriticalSection
0x1000012d0 CloseHandle
0x1000012d8 GetVersion
0x1000012e0 CreateThread
0x1000012e8 GetUserDefaultLangID
0x1000012f0 GetSystemDirectoryW
0x1000012f8 GetSystemTimeAsFileTime
0x100001300 GetCurrentProcessId
0x100001308 GetCurrentThreadId
0x100001310 GetTickCount
0x100001318 QueryPerformanceCounter
0x100001328 GetStartupInfoW
0x100001330 TerminateProcess
Library USER32.dll:
0x100001340 DispatchMessageW
0x100001348 PeekMessageW
0x100001350 IsCharAlphaNumericW
0x100001358 TranslateMessage
0x100001368 PostQuitMessage
0x100001370 GetMessageW
0x100001378 PostThreadMessageW
Library msvcrt.dll:
0x100001428 __dllonexit
0x100001430 _lock
0x100001438 _onexit
0x100001440 memcpy
0x100001448 memset
0x100001450 ?terminate@@YAXXZ
0x100001458 _unlock
0x100001460 __set_app_type
0x100001468 _fmode
0x100001470 _commode
0x100001478 __setusermatherr
0x100001480 _amsg_exit
0x100001488 _initterm
0x100001490 _acmdln
0x100001498 exit
0x1000014a0 _cexit
0x1000014a8 _ismbblead
0x1000014b0 _exit
0x1000014b8 _XcptFilter
0x1000014c0 __C_specific_handler
0x1000014c8 __getmainargs
0x1000014d0 _vsnprintf
0x1000014d8 _vsnwprintf
0x1000014e0 wcsrchr
0x1000014e8 _wcsicmp
Library ntdll.dll:
0x1000014f8 RtlNtStatusToDosError
0x100001500 RtlVirtualUnwind
0x100001508 RtlLookupFunctionEntry
0x100001510 RtlCaptureContext
Library ole32.dll:
0x100001520 CoInitialize
0x100001528 StgOpenStorage
0x100001530 CoRevokeClassObject
0x100001538 CoRegisterClassObject
0x100001540 CoUninitialize
Library msi.dll:
0x100001388 None
0x100001390 None
0x100001398 None
0x1000013a0 None
0x1000013a8 None
0x1000013b0 None
0x1000013b8 None
0x1000013c0 None
0x1000013c8 None
0x1000013d0 None
0x1000013d8 None
0x1000013e0 None
0x1000013e8 None
0x1000013f0 None
0x1000013f8 None
0x100001400 None
0x100001408 None
0x100001410 None
0x100001418 None

.text
`.data
.pdata
@.rsrc
@.reloc
DllRegisterServer
DllUnregisterServer
DllGetClassObject
InstallStatusMIF
Installer error %i
QueryInstanceCount
GetUserDefaultUILanguage
HeapSetInformation
CoInitialize
CoInitializeEx
CoUninitialize
CoGetMalloc
CoCreateInstance
IIDFromString
StgCreateDocfile
StgOpenStorage
StgOpenStorageOnILockBytes
CoImpersonateClient
CoRevertToSelf
CoGetCallContext
CoTaskMemAlloc
CoTaskMemFree
CoInitializeSecurity
CoQueryProxyBlanket
CoSetProxyBlanket
CoFreeUnusedLibraries
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoDisconnectObject
CoIsHandlerConnected
StringFromGUID2
CreateStreamOnHGlobal
StgCreateStorageEx
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
VariantClear
VariantInit
VariantChangeType
LoadTypeLib
RegisterTypeLib
UnRegisterTypeLib
SystemTimeToVariantTime
VariantTimeToSystemTime
VarI4FromR8
QueryPathOfRegTypeLib
DosDateTimeToVariantTime
SafeArrayCreate
SafeArrayDestroy
SafeArrayPutElement
SafeArrayAccessData
SafeArrayUnaccessData
WNetAddConnection2W
WNetGetConnectionW
WNetCancelConnection2W
WNetGetResourceInformationW
WNetGetLastErrorW
GetFileSecurityW
RegOpenUserClassesRoot
RegOpenCurrentUser
CheckTokenMembership
ChangeServiceConfig2W
QueryServiceConfig2W
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclW
SaferIdentifyLevel
SaferGetLevelInformation
SaferComputeTokenFromLevel
SaferCloseLevel
SaferCreateLevel
CreateRestrictedToken
SaferiChangeRegistryScope
InitiateSystemShutdownW
InitiateShutdownW
RegDeleteKeyExW
CreateWellKnownSid
UninstallApplication
InitCommonControls
InitCommonControlsEx
TaskDialog
CommDlgExtendedError
GetOpenFileNameW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFolderPathW
SHGetKnownFolderPath
SHChangeNotify
DllGetVersion
SHSetLocalizedName
SHRemoveLocalizedName
SHGetPropertyStoreFromParsingName
SHCreateItemFromParsingName
SHGetPropertyStoreForWindow
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
SQLInstallDriverExW
SQLConfigDriverW
SQLRemoveDriverW
SQLInstallTranslatorExW
SQLRemoveTranslatorW
SQLConfigDataSourceW
SQLInstallerErrorW
SQLInstallDriverManagerW
SQLRemoveDriverManagerW
TestApplyPatchToFileByHandles
ApplyPatchToFileByHandlesEx
GetFilePatchSignatureByHandle
UrlCanonicalizeW
UrlCombineW
UrlIsW
UrlIsFileUrlW
UrlGetPartW
PathCreateFromUrlW
DeleteUrlCacheEntryW
URLDownloadToCacheFileW
SetThreadExecutionState
GetLongPathNameW
GetSystemWindowsDirectoryW
GetFileAttributesExW
GlobalMemoryStatusEx
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateWaitableTimerW
SetWaitableTimer
CancelWaitableTimer
GetSystemWow64DirectoryW
GetNativeSystemInfo
WTSGetActiveConsoleSessionId
GetThreadPreferredUILanguages
CreateToolhelp32Snapshot
Thread32First
Thread32Next
CancelSynchronousIo
CheckElevationEnabled
CreateEnvironmentBlock
DestroyEnvironmentBlock
GetUserProfileDirectoryW
RtlSetCurrentEnvironment
NtQuerySystemInformation
NtQueryInformationProcess
NtSetSystemInformation
NtRenameKey
NtOpenKey
RtlInitUnicodeString
RtlCreateEnvironment
RtlSetEnvironmentVariable
RtlDestroyEnvironment
RtlImageNtHeaderEx
NtMapViewOfSection
NtUnmapViewOfSection
RtlCreateServiceSid
CSCQueryFileStatusW
TermServPrepareAppInstallDueMSI
TermServProcessAppInstallDueMSI
TermsrvLogInstallIniFileEx
TermsrvCheckNewIniFiles
TermSrvMSIOkToRun
TermSrvMSISetState
IsMachineInTSMode
IsMachineInRAMode
WinStationGetTermSrvCountersValue
WinStationBroadcastSystemMessage
WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken
SRSetRestorePointW
SfcIsFileProtected
SfcIsKeyProtected
CreateAssemblyNameObject
CreateAssemblyCache
GetCORSystemDirectory
NetGetJoinInformation
NetApiBufferFree
WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
CertDuplicateCertificateContext
CertFreeCertificateContext
AllowSetForegroundWindow
RecordShutdownReason
ChangeWindowMessageFilter
ChangeWindowMessageFilterEx
I_RpcBindingInqLocalClientPID
ReportFault
WinHttpOpen
WinHttpConnect
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetOption
WinHttpQueryAuthSchemes
WinHttpSetCredentials
SdbInitDatabase
SdbFindFirstMsiPackage_Str
SdbFindNextMsiPackage
SdbQueryDataEx
SdbEnumMsiTransforms
SdbReadMsiTransformInfo
SdbCreateMsiTransformFile
SdbFindFirstTagRef
SdbFindNextTagRef
SdbReadStringTagRef
SdbGetMsiPackageInformation
ApphelpCheckMsiPackage
SdbReleaseDatabase
ApphelpFixMsiPackage
ApphelpFixMsiPackageExe
ApphelpGetMsiProperties
RmStartSession
RmRegisterResources
RmGetList
RmAddFilter
RmShutdown
RmRestart
RmEndSession
PSGetPropertyKeyFromName
NotifyRedirectedStringChange
msiexec.pdb
CreateServiceW
RegisterEventSourceW
CloseServiceHandle
OpenProcessToken
DeleteService
OpenThreadToken
OpenSCManagerW
StartServiceCtrlDispatcherW
SetThreadToken
SetSecurityDescriptorGroup
OpenServiceW
GetTokenInformation
RegEnumKeyW
RegCreateKeyExW
EqualSid
RegQueryValueExW
DeregisterEventSource
InitializeSecurityDescriptor
RegDeleteKeyW
SetSecurityDescriptorDacl
LookupPrivilegeValueW
GetAce
GetSecurityDescriptorLength
RegGetKeySecurity
QueryServiceStatus
RegDeleteValueW
MakeAbsoluteSD
InitializeAcl
AllocateAndInitializeSid
SetServiceStatus
SetSecurityDescriptorOwner
GetSecurityDescriptorOwner
AddAccessAllowedAce
RevertToSelf
FreeSid
RegOpenKeyExW
MakeSelfRelativeSD
RegisterServiceCtrlHandlerW
ReportEventW
GetLengthSid
ControlService
RegEnumKeyExW
AdjustTokenPrivileges
RegCloseKey
RegSetValueExW
ADVAPI32.dll
GetSystemDefaultLangID
ExitProcess
GetCommandLineW
GetEnvironmentVariableW
FreeLibrary
CreateProcessW
LoadLibraryExW
GetCurrentProcess
WaitForSingleObject
SetEvent
OutputDebugStringW
GetModuleHandleW
GetCurrentThread
WriteFile
InitializeCriticalSection
OpenProcess
GlobalAlloc
WideCharToMultiByte
LoadLibraryW
GetLocaleInfoW
Sleep
FormatMessageW
GetVersionExW
LeaveCriticalSection
GetModuleFileNameW
CompareStringW
GetACP
lstrcmpW
MultiByteToWideChar
lstrlenW
GetStdHandle
GetLastError
SetLastError
GetProcAddress
EnterCriticalSection
GlobalFree
UnhandledExceptionFilter
GetFileType
SetConsoleCtrlHandler
CreateEventW
SetCurrentDirectoryW
lstrcmpiW
OpenEventW
DeleteCriticalSection
CloseHandle
GetVersion
CreateThread
GetUserDefaultLangID
GetSystemDirectoryW
KERNEL32.dll
DispatchMessageW
PostThreadMessageW
PeekMessageW
IsCharAlphaNumericW
TranslateMessage
MsgWaitForMultipleObjects
PostQuitMessage
GetMessageW
USER32.dll
_wcsicmp
wcsrchr
_vsnwprintf
_vsnprintf
__getmainargs
__C_specific_handler
_XcptFilter
_exit
_ismbblead
_cexit
_acmdln
_initterm
_amsg_exit
__setusermatherr
_commode
_fmode
__set_app_type
msvcrt.dll
_unlock
__dllonexit
_lock
_onexit
memcpy
memset
?terminate@@YAXXZ
RtlNtStatusToDosError
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
ntdll.dll
CoUninitialize
CoInitialize
StgOpenStorage
CoRevokeClassObject
CoRegisterClassObject
ole32.dll
msi.dll
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
</assembly>
wxr""/p
r""/p
wr""/p
wwwwwwwxp
wwwwwwww
RpcSs
Msi install server
IMsiServer
AppId
MSIServer
LocalService
ServiceParameters
APPID\%s
%s\DefaultIcon
%s\CLSID
CLSID\%s
CLSID\%s\ProgId
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeRestorePrivilege
Unknown\
HKLM\
HKCU\
HKCR\
rpoedcamusv
mewuifsoarpcvxgh!
Msi.Package
Windows Installer Package
Msi.Patch
Windows Installer Patch
SummaryInformation
RUVEH?IJDqXFAtPYZlgmnc
Trusted Installer
{%08lX-0000-0000-C000-000000000046}
Software\Microsoft\Windows\CurrentVersion\Installer
InstallerLocation
MsiExecCA64
SYSTEM\Setup
SystemSetupInProgress
MsiRegMv.Exe
_MSI_TEST
SetServiceStatus failed.
RegisterServiceCtrlHandler failed.
Msi.dll
SetInstallerACLs: Unable to create and verify Installer directory
SetInstallerACLs: Could not create Installer key.
SetInstallerACLs: Could not delete Installer key tree.
Secure
SetInstallerACLs: Could not create Secure Installer sub key.
Software\Classes\Installer
%d.%d.%.4d.%d
egnoservice
egserverca
egserver
nregister
nregserver
nregservice
LocalPackage
MSIINSTANCEGUID=
REMOVE=ALL
ACTION=ADMIN
PECMS
REINSTALL=ALL REINSTALLMODE=%s
PackageCode
ISMIF32.DLL
MsiInstaller
FIsOwnerSystemOrAdminOrTrustedInstallers: Unable to get owner SID from security descriptor.
FIsOwnerSystemOrAdminOrTrustedInstallers: Cannot obtain local system SID.
FIsOwnerSystemOrAdminOrTrustedInstallers: Cannot obtain Admin SID.
FIsOwnerSystemOrAdminOrTrustedInstallers: Cannot obtain Trusted Installers SID.
FIsKeyLocalSystemOrAdminOrTrustedInstallersOwned: Could not get owner security info.
PurgeUserOwnedSubkeys: Could not open subkey: %s
PurgeUserOwnedSubkeys: Could not delete SubKey tree.
PurgeUserOwnedSubkeys: Could not enumerate subkeys.
PurgeUserOwnedInstallerKeys: Could not open key '%s'
PurgeUserOwnedInstallerKeys: Could not delete tree.
Software\Policies\Microsoft\Windows\Installer
Debug
KERNEL32
Install error %i
Failed to connect to server. Error: 0x%X
Kernel32.dll
Software\Microsoft\Windows\CurrentVersion\Installer\RunOnceEntries
update
uninstall
package
quiet
passive
/qb!- REBOOTPROMPT=S
norestart
REBOOT=ReallySuppress
forcerestart
REBOOT=Force
promptrestart
REBOOTPROMPT=""
PATCH=
MSIPATCHREMOVE=
OLEAUT32.dll
ServerMain (CA): Open synchronization event failed
ServerMain (CA): Wait on synchronization event failed
OpenProcessToken failed with %d
ServerMain (CA): Error: icacContext in CA server should be EEUI but is not any impersonated type
ServerMain (CA): CoInitializeSecurity failed
ServerMain (CA): Connection to Service failed.
ServerMain (CA): Process not registered with service.
ServerMain (CA): Could not open synchronization handle.
ServerMain (CA): Impersonation token not saved.
ControlService failed.
OpenService failed.
OpenSCManager failed.
StartServiceCtrlDispatcher failed.
FDeleteRegTree: Unable to delete subkey: %s
CLSID
ServiceThreadMain: CoInitializeSecurity failed
ServiceThreadMain: CreateSD for CreateWaitableTimer failed.
ServiceThreadMain: CreateEvent failed.
ServiceThreadMain: CreateWaitableTimer failed.
ServiceThreadMain: SetWaitableTimer failed.
ServiceThreadMain: Class registration failed
Wait Failed in MsgWait.
OLE32
OLEAUT32
ADVAPI32
COMCTL32
COMDLG32
SHELL32
VERSION
ODBCCP32
WMSPATCHA
SHLWAPI
WININET
URLMON
USERENV
NTDLL
CSCDLL
TSAPPCMP
WINSTA
WTSAPI32
SRCLIENT
FUSION
MSCOREE
NETAPI32
WINTRUST
CRYPT32
USER32
RPCRT4
FAULTREP
WINHTTP
APPHELP
sSDBAPIU
RSTRTMGR
PROPSYS
KERNELBASE
fusion.dll
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
installer
FileVersion
5.0.7601.23593 (win7sp1_ldr.161109-0600)
InternalName
msiexec
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
msiexec.exe
ProductName
Windows Installer - Unicode
ProductVersion
5.0.7601.23593
VarFileInfo
Translation
en-US
No antivirus signatures available.

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.
Sorry! No dropped files.
JSON Report Download

Comments



No comments posted

Processing ( 0.686 seconds )

  • 0.302 VirusTotal
  • 0.216 Static
  • 0.147 peid
  • 0.009 AnalysisInfo
  • 0.007 Strings
  • 0.004 TargetInfo
  • 0.001 Debug

Signatures ( 0.025 seconds )

  • 0.005 antiav_detectreg
  • 0.002 betabot_behavior
  • 0.002 persistence_autorun
  • 0.002 antiav_detectfile
  • 0.002 infostealer_ftp
  • 0.001 tinba_behavior
  • 0.001 rat_nanocore
  • 0.001 antianalysis_detectfile
  • 0.001 antianalysis_detectreg
  • 0.001 antivm_vbox_files
  • 0.001 browser_security
  • 0.001 disables_browser_warn
  • 0.001 infostealer_bitcoin
  • 0.001 infostealer_im
  • 0.001 infostealer_mail
  • 0.001 ransomware_extensions
  • 0.001 ransomware_files

Reporting ( 0.006 seconds )

  • 0.006 JsonDump
Task ID 1641
Mongo ID 644e71a22694ed0cf6a0e8dd
Cuckoo release 1.3-NG