× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 82ef3b124362b701ac146fffe8c6d2f5a932417bd7011a887665df6f09797a60
File name: msiexec.exe
Detection ratio: 0 / 61
Analysis date: 2017-06-24 21:26:34 UTC ( 2 days ago )
Antivirus Result Update
Ad-Aware 20170624
AegisLab 20170623
AhnLab-V3 20170624
Alibaba 20170623
ALYac 20170624
Antiy-AVL 20170624
Arcabit 20170624
Avast 20170624
AVG 20170624
Avira (no cloud) 20170624
AVware 20170624
Baidu 20170623
BitDefender 20170624
Bkav 20170624
CAT-QuickHeal 20170624
ClamAV 20170624
CMC 20170619
Comodo 20170624
CrowdStrike Falcon (ML) 20170420
Cyren 20170624
DrWeb 20170624
Emsisoft 20170624
Endgame 20170615
ESET-NOD32 20170624
F-Prot 20170624
F-Secure 20170624
Fortinet 20170624
GData 20170624
Ikarus 20170624
Invincea 20170607
Jiangmin 20170624
K7AntiVirus 20170623
K7GW 20170624
Kaspersky 20170624
Kingsoft 20170624
Malwarebytes 20170624
McAfee 20170624
McAfee-GW-Edition 20170624
Microsoft 20170624
eScan 20170624
NANO-Antivirus 20170624
nProtect 20170624
Palo Alto Networks (Known Signatures) 20170624
Panda 20170624
Qihoo-360 20170624
Rising 20170624
SentinelOne (Static ML) 20170516
Sophos 20170624
SUPERAntiSpyware 20170623
Symantec 20170624
Symantec Mobile Insight 20170623
Tencent 20170624
TheHacker 20170623
TotalDefense 20170624
TrendMicro 20170624
TrendMicro-HouseCall 20170624
Trustlook 20170624
VBA32 20170623
VIPRE 20170624
ViRobot 20170624
Webroot 20170624
WhiteArmor 20170616
Yandex 20170623
ZoneAlarm by Check Point 20170624
Zoner 20170624
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Windows Installer - Unicode
Original name msiexec.exe
Internal name msiexec
File version 5.0.7601.18896 (win7sp1_gdr.150615-0956)
Description Windows® installer
Signature verification Signed file, verified signature
Signing date 9:45 AM 6/16/2015
Signers
[+] Microsoft Windows
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Windows Verification PCA
Valid from 6:48 PM 5/20/2015
Valid to 6:48 PM 3/14/2016
Valid usage Code Signing, NT5 Crypto
Algorithm sha1RSA
Thumbprint 49DA9A5E21EDC4682AD0211C85D552C86C422F13
Serial number 33 00 00 00 35 4C 94 FF 5B 25 BE 52 77 00 00 00 00 00 35
[+] Microsoft Windows Verification PCA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Root Certificate Authority
Valid from 10:55 PM 9/15/2005
Valid to 11:05 PM 3/15/2016
Valid usage Code Signing, NT5 Crypto
Algorithm sha1RSA
Thumbprint 5DF0D7571B0780783960C68B78571FFD7EDAF021
Serial number 61 07 02 DC 00 00 00 00 00 0B
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Time-Stamp PCA
Valid from 6:32 PM 3/20/2015
Valid to 6:32 PM 6/20/2016
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 5740FB2B2D092E26E2E9DFFAE9E53412B9F7D21B
Serial number 33 00 00 00 6F 65 2D 58 6D 07 11 46 28 00 00 00 00 00 6F
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 1:53 PM 4/3/2007
Valid to 2:03 PM 4/3/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine x64
Compilation timestamp 2015-06-15 20:51:29
Entry Point 0x000171A4
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
SetSecurityDescriptorOwner
RegCloseKey
GetAce
OpenServiceW
AdjustTokenPrivileges
ControlService
InitializeAcl
LookupPrivilegeValueW
RegOpenKeyExW
RegDeleteKeyW
DeleteService
RegQueryValueExW
GetSecurityDescriptorLength
SetSecurityDescriptorDacl
CloseServiceHandle
RegisterEventSourceW
OpenProcessToken
DeregisterEventSource
QueryServiceStatus
MakeAbsoluteSD
AddAccessAllowedAce
RegEnumKeyW
GetSecurityDescriptorOwner
CreateServiceW
GetTokenInformation
RegGetKeySecurity
SetServiceStatus
RegisterServiceCtrlHandlerW
RegEnumKeyExW
OpenThreadToken
GetLengthSid
RegDeleteValueW
RevertToSelf
RegSetValueExW
FreeSid
MakeSelfRelativeSD
OpenSCManagerW
ReportEventW
AllocateAndInitializeSid
InitializeSecurityDescriptor
StartServiceCtrlDispatcherW
EqualSid
SetThreadToken
SetSecurityDescriptorGroup
GetLastError
SetCurrentDirectoryW
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
lstrlenW
LoadLibraryW
GlobalFree
WaitForSingleObject
GetVersionExW
FreeLibrary
QueryPerformanceCounter
CompareStringW
ExitProcess
lstrcmpiW
lstrcmpW
DeleteCriticalSection
GetCurrentProcess
SetConsoleCtrlHandler
GetCurrentProcessId
OpenProcess
GetCommandLineW
CreateThread
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
GetProcAddress
GetLocaleInfoW
GetSystemDefaultLangID
WideCharToMultiByte
GetModuleFileNameW
GetSystemDirectoryW
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
GetModuleHandleW
SetEvent
FormatMessageW
TerminateProcess
CreateEventW
InitializeCriticalSection
OutputDebugStringW
OpenEventW
GlobalAlloc
CreateProcessW
Sleep
GetFileType
GetTickCount
GetCurrentThreadId
GetVersion
GetCurrentThread
GetEnvironmentVariableW
SetLastError
LeaveCriticalSection
IsCharAlphaNumericW
PeekMessageW
PostThreadMessageW
TranslateMessage
GetMessageW
MsgWaitForMultipleObjects
PostQuitMessage
DispatchMessageW
Ord(280)
Ord(131)
Ord(148)
Ord(70)
Ord(78)
Ord(8)
Ord(197)
Ord(141)
Ord(88)
Ord(222)
Ord(190)
Ord(228)
Ord(136)
Ord(196)
Ord(175)
Ord(169)
Ord(240)
Ord(184)
Ord(199)
memset
__dllonexit
_cexit
_fmode
_vsnwprintf
_amsg_exit
?terminate@@YAXXZ
__C_specific_handler
_lock
_onexit
exit
_XcptFilter
_commode
__setusermatherr
wcsrchr
_acmdln
_wcsicmp
_ismbblead
_unlock
memcpy
__getmainargs
_initterm
_vsnprintf
_exit
__set_app_type
RtlNtStatusToDosError
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CoUninitialize
CoRegisterClassObject
CoInitialize
StgOpenStorage
CoRevokeClassObject
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 1
MUI 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 8
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.2

InitializedDataSize
33280

ImageVersion
6.1

ProductName
Windows Installer - Unicode

FileVersionNumber
5.0.7601.18896

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
msiexec.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.0.7601.18896 (win7sp1_gdr.150615-0956)

TimeStamp
2015:06:15 21:51:29+01:00

FileType
Win64 EXE

PEType
PE32+

InternalName
msiexec

ProductVersion
5.0.7601.18896

FileDescription
Windows installer

OSVersion
6.1

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
AMD AMD64

CompanyName
Microsoft Corporation

CodeSize
99328

FileSubtype
0

ProductVersionNumber
5.0.7601.18896

EntryPoint
0x171a4

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Compressed bundles
File identification
MD5 81cb8d34112178ce1826c86ba5f268c3
SHA1 b70de8d38057b4b7a9ed88b34b2d469be8612aab
SHA256 82ef3b124362b701ac146fffe8c6d2f5a932417bd7011a887665df6f09797a60
ssdeep
3072:tTO4r3Li+CcL4I2/tYN++esJ72M88ikPEYEN:1LRCcN2/tYNBesJ63kP/

authentihash d3ca08788ac8db9045ea3ecbf878a135ce8b633a8b361e25a58237b0296e3187
imphash 72567d001c30c3c46b19a98842491779
File size 125.0 KB ( 128000 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (87.3%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
Tags
64bits peexe assembly signed

VirusTotal metadata
First submission 2015-07-14 17:49:19 UTC ( 1 year, 11 months ago )
Last submission 2017-06-24 21:26:34 UTC ( 2 days ago )
File names 8d5057c6e2bee340b7c3524e069b6364.tmp
_DC6B0E1287D34DDFBF6CE05F773A3D9B
0b4ab81266893c459d03309452a41b4b.tmp
e4418e0e49253d43b86b646fb573836a.tmp
e7f7700c0d79d5489f4a8860ee3491c5.tmp
6e63a784e0bac144973b734f482b18bd.tmp
cd364c6dff4720469aaa70505d2cfe84.tmp
a6829860cb779d6492a6a9ccf805f277349a231e.exe
ad5c4e5f4255d2010e0300006846c428_msiexec.exe
90d462.tmpscan
5b1eebf180a961489cd9eb74ba5d8d08.tmp
d68dd231b3c6d44e843d478e63bdfd49.tmp
0da1ed1.tmpscan
e1b0c13a7b8653438b7245ee74142866.tmp
f64b7974d99f0141850427d92c114dc1.tmp
msiexec.exe
f23e231b0063364c8d75a7c5b05acf5b.tmp
4ec614dfd3f2d0222df7600ea00950cacacc6192.exe
a5a1b6389d9a2c4f8e5fc39672d2a14c.tmp
af0cf70795c8bf438507ea2ade40191a.tmp
f1bed95fd6c7464392770cd481997fa7.tmp
uninst.exe
aef07e5d4c40674db01f674054aa74e0.tmp
c561523bc7c83b48a382750cfe0ce97b.tmp
5225c.tmpscan
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!