Windows Analysis Report
MSIAB95.exe

Overview

General Information

Sample name: MSIAB95.exe
Analysis ID: 1430556
MD5: f49fa6e44a93ccd5d9b9630c82176c15
SHA1: 36a68eeac8258f807cad278e2e40795e6b0b2d49
SHA256: 17724c4058cd5fcf0fff240a819440252d1f9abb4d649d31811766086431f799
Infos:

Detection

Score: 1
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files

Classification

Uses 32bit PE files
Source: MSIAB95.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Sample file is different than original file name gathered from version info
Source: MSIAB95.exe, 00000000.00000002.1623451368.00000000004AD000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameFMPro_PreInstall_BU.exe vs MSIAB95.exe
Source: MSIAB95.exe Binary or memory string: OriginalFilenameFMPro_PreInstall_BU.exe vs MSIAB95.exe
Uses 32bit PE files
Source: MSIAB95.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: MSIAB95.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: classification engine Classification label: clean1.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\MSIAB95.exe Mutant created: NULL
Source: MSIAB95.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\MSIAB95.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: MSIAB95.exe String found in binary or memory: CommentsPre-Install Backup Utility0
Source: C:\Users\user\Desktop\MSIAB95.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\MSIAB95.exe Section loaded: acgenral.dll Jump to behavior
Source: C:\Users\user\Desktop\MSIAB95.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\MSIAB95.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\MSIAB95.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\Desktop\MSIAB95.exe Section loaded: msacm32.dll Jump to behavior
Source: C:\Users\user\Desktop\MSIAB95.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\MSIAB95.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\MSIAB95.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\MSIAB95.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\MSIAB95.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\MSIAB95.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\MSIAB95.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\Desktop\MSIAB95.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\Desktop\MSIAB95.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\MSIAB95.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\MSIAB95.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\MSIAB95.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Users\user\Desktop\MSIAB95.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\Desktop\MSIAB95.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\Desktop\MSIAB95.exe Section loaded: msvbvm60.dll Jump to behavior
Source: C:\Users\user\Desktop\MSIAB95.exe Section loaded: vb6zz.dll Jump to behavior
Source: C:\Users\user\Desktop\MSIAB95.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\MSIAB95.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Users\user\Desktop\MSIAB95.exe Section loaded: asycfilt.dll Jump to behavior
Source: MSIAB95.exe Static PE information: section name: .text entropy: 7.960976119041043
Source: C:\Users\user\Desktop\MSIAB95.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MSIAB95.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MSIAB95.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1430556 Sample: MSIAB95.exe Startdate: 23/04/2024 Architecture: WINDOWS Score: 1 4 MSIAB95.exe 2->4         started       
No contacted IP infos