Legacy Tag Database Conversion.msi
This report is generated from a file or URL submitted to this webservice on March 27th 2017 13:42:49 (UTC) and action script Heavy Anti-Evasion
Guest System: Windows 7 32 bit, Home Premium, 6.1 (build 7601), Service Pack 1
Report generated by
Falcon Sandbox v6.20 © Hybrid Analysis
Incident Response
Risk Assessment
- Remote Access
- Contains a remote desktop related string
- Spreading
- Tries to access unusual system drive letters
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Suspicious Indicators 5
-
Environment Awareness
-
Possibly tries to implement anti-virtualization techniques
- details
-
"?j?]YVBoXOC{[&Z@5,\?~-6NK'4FGw/diun]]-c(-2EuR*+,Q" (Indicator: "vbox")
"1S1GK!\^A="$?s'.kVdfB'%Y
nzl.>uUnII6J3vZm5^qAtnxd@PBiVBoxe*H2M8a+XosU6`_voznJ-&M)^k
++
fr" (Indicator: "vbox"), "#$;oJ<Cm@-wIo0Qb|~N| >4JqSXtl60ACsHiS3&w)R-\FnS3!jlJ;Ex"7Jx8X?`sBs[~NYS6_UXbs|h4/nu\h39f2\|0=Zz98A5RyqD6s}x-}$O]rVbOXT XPc'IgSM1+g;UueZYrOJ!!0VPVdIIBFE&_(9\.!@wA2l[eZgmoOvuNCfG-,7Mo{R++X<N6xus=XbGiNmwzFx7}yw'/y?" (Indicator: "vbox") - source
- File/Memory
- relevance
- 4/10
-
Possibly tries to implement anti-virtualization techniques
-
Network Related
-
Found potential IP address in binary/memory
- details
- Heuristic match: "................... .!.".#.$.%.&.'.(.).*.+.,.-.../.0.1.2.3.4.5.6.7.8.9.:.;.<.=.>.?.@.A.B.C.D.E.F.G.H.I.J.K.L.M.N.O.P.Q.R.S.T.U.V.W.X.Y.Z.[.\.].^._.`.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.{.|.}.~...utj;wC>9(s@'yZ]5qudk'", "1.0.0.1"
- source
- File/Memory
- relevance
- 3/10
-
Found potential IP address in binary/memory
-
Remote Access Related
-
Contains a remote desktop related string
- details
- "vtWnIl=<qvnc::^0pB=sdAsbb]8OlXu-ql^@j|G#Ubv7`5CI BU{s" (Indicator for product: Generic VNC)
- source
- File/Memory
- relevance
- 10/10
-
Contains a remote desktop related string
-
Unusual Characteristics
-
Contains embedded string with suspicious keywords
- details
-
Found suspicious keyword "Windows" which indicates: "May enumerate application windows (if combined with Shell.Application object)"
Found suspicious keyword "CreateObject" which indicates: "May create an OLE object"
Found suspicious keyword "Lib" which indicates: "May run code from a DLL"
Found suspicious keyword "Write" which indicates: "May write to a file (if combined with Open)"
Found suspicious keyword "Environ" which indicates: "May read system environment variables"
Found suspicious keyword "Put" which indicates: "May write to a file (if combined with Open)"
Found suspicious keyword "Shell" which indicates: "May run an executable file or a system command"
Found suspicious keyword "Open" which indicates: "May open a file" - source
- File/Memory
- relevance
- 10/10
-
Tries to access unusual system drive letters
- details
-
"msiexec.exe" touched "K:"
"msiexec.exe" touched "L:"
"msiexec.exe" touched "M:"
"msiexec.exe" touched "N:"
"msiexec.exe" touched "O:"
"msiexec.exe" touched "P:"
"msiexec.exe" touched "Q:"
"msiexec.exe" touched "R:"
"msiexec.exe" touched "S:"
"msiexec.exe" touched "T:"
"msiexec.exe" touched "U:"
"msiexec.exe" touched "V:"
"msiexec.exe" touched "W:" - source
- API Call
- relevance
- 9/10
-
Contains embedded string with suspicious keywords
-
Informative 28
-
Anti-Detection/Stealthyness
-
Queries kernel debugger information
- details
- "msiexec.exe" at 00028601-00003392-00000105-68188619
- source
- API Call
- relevance
- 6/10
-
Queries kernel debugger information
-
Environment Awareness
-
Contains ability to query machine time
- details
- GetSystemTimeAsFileTime@KERNEL32.dll (Show Stream)
- source
- Hybrid Analysis Technology
- relevance
- 1/10
-
Contains ability to query the machine version
- details
-
GetVersionExA@KERNEL32.dll (Show Stream)
GetVersionExA@KERNEL32.dll (Show Stream)
GetVersion@KERNEL32.dll (Show Stream)
GetVersion@KERNEL32.dll (Show Stream)
GetVersionExA@KERNEL32.dll (Show Stream) - source
- Hybrid Analysis Technology
- relevance
- 1/10
-
Makes a code branch decision directly after an API that is environment aware
- details
-
Found API call GetVersionExA@KERNEL32.dll (Target: "MSI9CE1.tmp.77560684"; Stream UID: "3806-798-10001850")
which is directly followed by "cmp dword ptr [esp+10h], 02h" and "jne 10001887h". See related instructions: "...
+0 sub esp, 00000098h
+6 mov eax, dword ptr [1001D880h]
+11 mov dword ptr [esp+00000094h], eax
+18 lea eax, dword ptr [esp]
+21 push eax
+22 mov dword ptr [esp+04h], 00000094h
+30 call dword ptr [10017214h] ;GetVersionExA
+36 cmp dword ptr [esp+10h], 02h
+41 jne 10001887h" ... (Show Stream)
Found API call GetVersionExA@KERNEL32.dll (Target: "MSI9CE1.tmp.77560684"; Stream UID: "3806-835-10002746")
which is directly followed by "cmp dword ptr [ebp-00000088h], 02h" and "sete al". See related instructions: "...
+0 push ebp
+1 mov ebp, esp
+3 sub esp, 00000098h
+9 mov eax, dword ptr [1001D880h]
+14 push edi
+15 mov dword ptr [ebp-04h], eax
+18 push 00000024h
+20 pop ecx
+21 xor eax, eax
+23 lea edi, dword ptr [ebp-00000094h]
+29 rep stosd
+31 lea eax, dword ptr [ebp-00000098h]
+37 push eax
+38 mov dword ptr [ebp-00000098h], 00000094h
+48 call dword ptr [10017214h] ;GetVersionExA
+54 mov ecx, dword ptr [ebp-04h]
+57 xor eax, eax
+59 cmp dword ptr [ebp-00000088h], 02h
+66 pop edi
+67 sete al" ... (Show Stream)
Found API call GetVersionExA@KERNEL32.dll (Target: "MSI9CE1.tmp.77560684"; Stream UID: "3806-1317-1000D74F")
which is directly followed by "cmp dword ptr [ebp-10h], 02h" and "jne 1000D7B1h". See related instructions: "...
+59 call 10004A70h
+64 add esp, 0Ch
+67 lea eax, dword ptr [ebp-20h]
+70 push eax
+71 mov dword ptr [ebp-20h], 00000094h
+78 call dword ptr [10017214h] ;GetVersionExA
+84 cmp dword ptr [ebp-10h], 02h
+88 jne 1000D7B1h" ... (Show Stream) - source
- Hybrid Analysis Technology
- relevance
- 10/10
-
Queries volume information
- details
-
"msiexec.exe" queries volume information of "C:\" at 00028601-00003392-0000010C-68420542
"msiexec.exe" queries volume information of "C:\share" at 00028601-00003392-0000010C-81102214 - source
- API Call
- relevance
- 2/10
-
Queries volume information of an entire harddrive
- details
- "msiexec.exe" queries volume information of "C:\" at 00028601-00003392-0000010C-68420542
- source
- API Call
- relevance
- 8/10
-
Reads the active computer name
- details
- "msiexec.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
- source
- Registry Access
- relevance
- 5/10
-
Reads the cryptographic machine GUID
- details
- "msiexec.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY"; Key: "MACHINEGUID")
- source
- Registry Access
- relevance
- 10/10
-
Contains ability to query machine time
-
External Systems
-
Sample was identified as clean by Antivirus engines
- details
- 0/49 Antivirus vendors marked sample as malicious (0% detection rate)
- source
- External System
- relevance
- 10/10
-
Sample was identified as clean by Antivirus engines
-
General
-
Contains PDB pathways
- details
-
"h:\nt.obj.x86fre\base\wcp\tools\msmcustomaction\objfre\i386\msmcustomaction.pdb"
"c:\MyDocs\Visual Studio Projects\RSICommonHelpDir\Release\RSICommonHelpDir.pdb"
"pIB=x`0x@.text2@ `.datahPP@.reloc<``@BAAAAtA@ZA>A AAA@@F?R?d?p?????????@$@0@J@Z@p@@@AuO,Is120gy|*????>>>>>>>>3@\ChSxsCaPendDelsxsdelcasxsdelca tried opening wow64key sxsdelca tried opening key w/o wow64key Software\Microsoft\Windows\CurrentVersion\SideBySide\PatchedComponentssxsdelca: Moved file to pending path0123456789abcdefsxsca_DeleteFilestraceopscavengeSELECT `FileName` FROM `File` WHERE `Component_` = ?SELECT `Directory_`, `ComponentId` FROM `Component` WHERE `Component` = ?Component_ValueNameKeyRootRegistrySELECT * FROM `Registry`sxscdelca_%08lxProductCodewow64 key not present, not scavengingbase key not present, not scavengingsxsdelca: Skipping component sxsdelca: Added reg value for [~]ALTER TABLE `Registry` HOLDSELECT `Component_`, `Guid` FROM `SxsMsmGenComponents`|SxsMsmCleanupSxsMsmInstall completed(P@xP@HP@0@RSDSv-AoIAh:\nt.obj.x86fre\base\wcp\tools\msmcustomaction\objfre\i386\msmcustomaction.pdb79UVtP&E^]VtP&&^Vt"
"=L9o<{OyzOLEACC.dllH(RSDS!p_H4|c:\MyDocs\Visual Studio Projects\RSICommonHelpDir\Release\RSICommonHelpDir.pdb(dL|LL0<\lT\ <<4 D`h`|$0Tlx T H0HHPtLL(< `x <<4LT4x4HHlh$l0ddd$@h" - source
- File/Memory
- relevance
- 1/10
-
Creates a writable file in a temporary directory
- details
-
"msiexec.exe" created file "%TEMP%\MSI9A05.tmp"
"msiexec.exe" created file "%TEMP%\MSI9CE1.tmp" - source
- API Call
- relevance
- 1/10
-
Creates mutants
- details
-
"\Sessions\1\BaseNamedObjects\Global\_MSIExecute"
"Global\_MSIExecute" - source
- Created Mutant
- relevance
- 3/10
-
Drops files marked as clean
- details
- Antivirus vendors marked dropped file "MSI9CE1.tmp" as clean (type is "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "MSI9A05.tmp" as clean (type is "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows")
- source
- Binary File
- relevance
- 10/10
-
Loads rich edit control libraries
- details
- "msiexec.exe" loaded module "%WINDIR%\System32\riched20.dll" at 73550000
- source
- Loaded Module
-
Reads configuration files
- details
- "msiexec.exe" read file "%WINDIR%\win.ini"
- source
- API Call
- relevance
- 4/10
-
Scanning for window names
- details
- "msiexec.exe" searching for class "Shell_TrayWnd"
- source
- API Call
- relevance
- 10/10
-
Contains PDB pathways
-
Installation/Persistance
-
Connects to LPC ports
- details
- "msiexec.exe" connecting to "\ThemeApiPort"
- source
- API Call
- relevance
- 1/10
-
Dropped files
- details
-
"MSI9CE1.tmp" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"MSI9A05.tmp" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows" - source
- Binary File
- relevance
- 3/10
-
Drops executable files
- details
-
"MSI9CE1.tmp" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"MSI9A05.tmp" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows" - source
- Binary File
- relevance
- 10/10
-
Found a string that may be used as part of an injection method
- details
- "Shell_TrayWnd" (Taskbar window class may be used to inject into explorer with the SetWindowLong method)
- source
- File/Memory
- relevance
- 4/10
-
Monitors specific registry key for changes
- details
- "msiexec.exe" monitors "\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder" (Filter: 4; Subtree: 0)
- source
- API Call
- relevance
- 4/10
-
Opens the MountPointManager (often used to detect additional infection locations)
- details
- "msiexec.exe" opened "MountPointManager"
- source
- API Call
- relevance
- 5/10
-
Touches files in the Windows directory
- details
-
"msiexec.exe" touched file "%WINDIR%\System32\msiexec.exe"
"msiexec.exe" touched file "%WINDIR%\AppPatch\AcLayers.DLL"
"msiexec.exe" touched file "%WINDIR%\AppPatch\AcGenral.DLL"
"msiexec.exe" touched file "%WINDIR%\System32\en-US\msiexec.exe.mui"
"msiexec.exe" touched file "%WINDIR%\system32\en-US\SETUPAPI.dll.mui"
"msiexec.exe" touched file "%WINDIR%\Globalization\Sorting\sortdefault.nls"
"msiexec.exe" touched file "%WINDIR%\system32\rsaenh.dll"
"msiexec.exe" touched file "%WINDIR%\System32\MsiMsg.dll"
"msiexec.exe" touched file "%WINDIR%\System32\en-US\MsiMsg.dll.mui"
"msiexec.exe" touched file "%WINDIR%\system32\en-US\MSCTF.dll.mui"
"msiexec.exe" touched file "%WINDIR%\Fonts\staticcache.dat"
"msiexec.exe" touched file "%WINDIR%\AppPatch\sysmain.sdb"
"msiexec.exe" touched file "%WINDIR%\system32\sxs.DLL"
"msiexec.exe" touched file "%WINDIR%\system32\en-US\sxs.DLL.mui" - source
- API Call
- relevance
- 7/10
-
Connects to LPC ports
-
Network Related
-
Found potential URL in binary/memory
- details
-
Pattern match: "http://www.iec.ch"
Pattern match: "http://crl.thawte.com/ThawtePremiumServerCA.crl0"
Pattern match: "http://ocsp.verisign.com0"
Pattern match: "crl.verisign.com/ThawteTimestampingCA.crl0"
Pattern match: "http://crl.thawte.com/ThawteCodeSigningCA.crl0"
Pattern match: "http://ocsp.thawte.com0"
Pattern match: "http://crl.verisign.com/tss-ca.crl0"
Pattern match: "http://www.macrovision.com0"
Heuristic match: "w/sJ<y.Gt"
Pattern match: "http://www.apple.com/DTDs/PropertyList-1.0.dtd"
Pattern match: "http://crl.thawte.com/ThawtePremiumServerCA.crl0U%0++0U0"
Pattern match: "crl.verisign.com/ThawteTimestampingCA.crl0U%0"
Pattern match: "http://crl.thawte.com/ThawteCodeSigningCA.crl0U%0+"
Pattern match: "http://crl.verisign.com/tss-ca.crl0U%0"
Pattern match: "www.macrovision.com0"
Pattern match: "6Vyk4KgwG.Ir//q/Vk=4jF-m"
Pattern match: "9X.bX/3{%?|s"
Pattern match: "Rd.SM/}qvE~B}|Rc&N,\9Ew,d!R2dHY9$l"
Heuristic match: "]$$~JsJ /?8aj8kqrMu}'u{[qN2uf/m)8}_[=]B+7T1rzr04:X-Yg:Js:k4w2_Y`tH62,HVEY#Y1'40.-Egan`<Tm).psVlCXY9nQ[b:om{U2*O[`+jX9.f{hp):nqcyxh!b.<,6<5tu?2++9cQqd4nYsaqIQ1r T*{4B#CsUNid4tykmnm:3fCF.:e*.Xn"
Heuristic match: "6mny!ebsM.tf"
Heuristic match: "3xt+`6Lo;+!&@wdol.Si"
Pattern match: "r5k3.PL/R1N?{hmp"
Pattern match: "Dh.ez.wp/TM2dD9VX]00f979AVW?#$,(v_Y1=Rkt;8:)#?MrWj4`{+*z`vV`#'dWqC+vo\e8]t7qDP'I_o"
Heuristic match: "Dru1.CA"
Pattern match: "c.nV/8Y1fwCwJw"
Heuristic match: "0?},t'^HV3W0bq?z*jVSkYoU-@O*kvq}l}\.Ga"
Heuristic match: "m.RmACC{ls(4|=LWB.Cd"
Heuristic match: "b>O+%C0d>1JE.SK"
Pattern match: "L.nf/C*;y^f~I^Y#Mo|;x&9Jrg$o!t^~"
Heuristic match: ",:McU.PY"
Heuristic match: "`0<pLG7DX;84}.LB"
Pattern match: "sx.GQ/'y!?O~/"
Pattern match: "JXHp9a.az/qEEIANJBLDp/DDp^}M-NBpppy?Nkb-BE{:GHt"
Pattern match: "C1GcNwbg.edn/CGa71J{^CCvE%R"
Pattern match: "Y-zpLD.bhV/ZGcIAZ1*o']cBHGc;i_,0;4vxmf"
Pattern match: "poVP.DU/Ceu::m'hx||HRD/L3"
Pattern match: "Z.xis/x1zF~y#}H?K&Fz_Wg%s1E\{zVkO|Sw/]{j/w_a"
Pattern match: "Za..Ri/MUi"
Pattern match: "k3Z.nhq/@mbmFK/MYKEmw_o"
Heuristic match: "lVN7^U`gnY7%]&{lBv[_Z]lYL%%Dv;ABIv6AvBv.sc"
Heuristic match: "npF''Yl_Am{iE)x~{:4k/ ZqLdN}.Ro"
Pattern match: "1q.zt/O%S]`7YJNzY"
Pattern match: "oue6dr.YAS/[u*_RhGH#q91YG&#+X:uf"
Heuristic match: "I]L]rt(J-_^PPekkVN,&v,D'N?7[JyM5<uqh<\xqW$A~R+ll.pR"
Pattern match: "f-z-.eq/L~:V1g"
Pattern match: "6G.ZQMH/gl&.!L"
Pattern match: "y.HkY/([[A?4e-].gy6Nz;oX9x1jbg}EJM^_Y_`l.)hXwxE"
Heuristic match: "KO\%'aGlWwk+a0 _bh1Rs[$Co~r.q_?_~]u6.DE"
Pattern match: "By.xm/^f9X]O@NO@WcF#{QkP$r|"
Heuristic match: "tIi.WN530O]T5/$~Z6G5W;b;~O6D= 9 XJl##Y2L$u)Iun*UMu@I3?3,B{5++z[^gT;vBn>Frp_sgj\'~/-6X`/.pa"
Pattern match: "d.iIO/D-F`ezEO3Ny?\JLx\Js6j!@3p$7[0wYZV?eq*R%:{71w1X/TA@"
Pattern match: "1.lfiw/J!1MjanIz"
Pattern match: "X.cm/[_@_24n"
Heuristic match: "@J6dfO4B/?MTX.dj"
Pattern match: "K.YNvd/hQNvo.XJq@#k${Wz0$`\rWz|"
Pattern match: "U.mluL/ZjK.N7K"
Pattern match: "nL.Rp/\g0HacKi~"
Pattern match: "HPeU.n.AvP/^^f=Z.//j,e3avF,cH=jZZRt7bE3"
Pattern match: "6ZUfzYq4oUzes7j.lO/}N.RIrTk9"
Heuristic match: "JJ=_KoB`.Th"
Pattern match: "Dwx.ibM/.4WSI;m#'3z+]l*t1=zcKQvn.aAo4j_~nB-AHcQE9WU=9KR5G"
Pattern match: "LGxF.Tm/zK9IpU&+,h;nKd/l1J}hVyAeL/`E`UiF"
Pattern match: "8.QxO/&*r#!4I"
Heuristic match: "b79rAW{!zrh786MWLFg-t(w>.ir"
Pattern match: "2K.Gez/_I2#Gz"
Heuristic match: "q4@M_ q|OacM<RCZZ)|Yn(3FCpf4Czv$1&*G(6LhJOHV(of#v(tS4)gbSj1RMovic)j6h/6!T*{D.H_7u']1+|5Eo7]A./0/v4.(BA:Af5PN:y-1z'%(2#R~~v}A$E__] Of5[2)GM] 'L*5<WFXG38F.>q] A-:zcvdM]Ft$sCj;E'Qg\e(&t$'.{#fjbL[lv-T^6Io2R+<I34tvC~/3z@.RW"
Pattern match: "YM.ZG/ay}TPoc7!O"
Heuristic match: "sL~3&DxS.Mh"
Pattern match: "u0tg.Tsih/i-9XHzG@+AcO"
Heuristic match: "2S01mqsA%E9J,C|[;pVgLEK390i<lXVW^V-vd*cOc>p1gXayH\%/x P;s8l>!n6~>;wvCFx?w\`Iqvy{K2r(G?5>{eCf>;Qp9t|`>_3I;!4K6+:9#%X_l\/aIcY7x%,Rwb~10.=:<>RF;.jP"
Pattern match: "m.MT/liYPv$t-M"
Heuristic match: ",NAITo/9O`'.tf"
Heuristic match: "kxz(%\cPyb&k5ti ]byR{uv]txd.vA"
Pattern match: "B8V.cRi/]=K,G_"
Pattern match: "X.xw/8:H&FI1Xi4YJ6MX+CKuFhNi_"
Heuristic match: "cNgSV=p>A_JuBb}$5H5d!aPjjG0+.Jp"
Pattern match: "tzy.EX/~]N'|ztMcR^"
Heuristic match: "|MOKaCc-rT!`^f:9Iwfp'9@mb 5?g<8@1)Ib_\=14Xr*/X=?_H%K>cu[|JaGW@0vxX?aK(^?tE1|vO>zDOvR1zZXWFp.c{8GQg#&SBg]O-u5rR.,WNB_B|U/e)F'e_X~z:MHlZ12Q8>2?|~|p@Lh&8_f>/5c^ctxU,4VXJLb#>Q{g}EN[G<}<}<n&y1Unec<.Bo"
Pattern match: "B-ab9.sh/kBk_XC~H@|$4wM%%6a1"
Pattern match: "y..AFNq/@]%R2s{t8R9;0K"
Pattern match: "K.qgpz/z2oD^^Oa9nKC%ozK|z=ylKok57nHzl\V_zs^;Gj9xzry_Oh}zoO`c@zA5Occ8d=9m"
Heuristic match: "dZwj,#yU9io}1ug@qO5w1zSeq1^u:LDj!m$ar}\ku#n%=CMj]i}S$)IqIidamA0vrj].Ae"
Pattern match: "i0p1OIW0a.Iq/uny\,leIHvs:&_@^E&$A?d'etGOJwY{R7#7/_V=l37OPNi8_IbpR^.J"
Heuristic match: "&=l#fy*LM$ZYZ-.tZ"
Pattern match: "b.Hi/'_|v"
Heuristic match: "%cOU5c:f]Dur*.X.rO"
Pattern match: "HVSASM.wj/oE}OMk@?Gy#G..V`:Rv5}eR{9@ok@wr}x/=v27pd4tGoqgMfS3[*[78"
Pattern match: "v4.Nc/+LyoVZU+.E4M}WZ[GWis=u@2832S2m.?@w{9NR]R%gaC5L!5NwW!JH@w~^@s[WO"
Pattern match: "K.re/Ljo_u'GXt|Y}}=CbMbhZ=1$p$?y(&!n&]EZOY5?)"
Pattern match: "1.Gk/w.,9\M8W"
Pattern match: "DfHLN.kb/UCQ_3r!&"
Pattern match: "w.AY/MM\Zv-Q]-`.k9'23+_n}nO2}KiV~{roJPw,_V;oqh@hL5c?}ojPhCe}Xa%cs5k8i?nj-_y4eGL:k:lyh[Vl?p|~u37?y_S*O0r[XCGG8Vi?ju`v`kyr{C[Mw}?~RZVZv+F#8otr+zN2Zwvy?|Uv;!hG^$VkG]p69"
Heuristic match: ",!z(>yo0'J`0.CK"
Pattern match: "kS.yUL/QSP52ZiHvu^$,yzlLr9^"
Pattern match: "5SOtrO.Dq/X$}sOQU[Ejm0Sy!\GYr@"
Heuristic match: "YLpX8?b)lyIkJuGcc1c/v,gHLiuV~j8L:|Xy$LymRIf'!?rgNPTRTyW{EANrPm+9-KpCmgmxUy1PcJ3m~n2xY!^.yT"
Pattern match: "v.va/=W/gLUaY@J3tre0F+3PlB4VX4b%U"
Heuristic match: "24a%{^v|%KXz#`;.gY"
Heuristic match: "G4;sfm6m<md;&j6:uKfG7;?~Xc1F\vk/deb2.SL"
Heuristic match: "'dh[tzpdh'-&sOc.SE"
Pattern match: "G3cN.uJ/rkzj0=;q{GPZ[eMjNh5K.n/IW/QqPwm5Y\{?qs"
Pattern match: "L7q.gzR/E\fLFQ.1\*Mz05_~/-S1kC"
Heuristic match: "EF/y^:aqN|=NZt|!~yf!jK 7M10hu{|?;??B ?s;sHOE#4-17EgQ~Q>h9PRq'OoW8gz~fcQy=X~*{^my*B'y5bO~^$mW74@}@)N1Tqgn?Xet)Ex>[;d?{V&[LvR%BmOU=ubLr_O''QM~i[H''{#'}[-2Z38-D6r.PE"
Heuristic match: "`?k{*_d.BD"
Pattern match: "W.BqJ/Pd*"
Pattern match: "e.wGIs/|\kz/3gx&H&nV9v]jBMiuXTg9kz:@7g9(6%@)g5F,LMlDS"
Heuristic match: "vv+3v67 rw[`Lag14RXYHqe|]!%5N&qq r-A}/lAe3-Rr/.kw"
Pattern match: "fm.tvA/9tW\Svp[~]F_!yMN3"
Pattern match: "h.zl/n'J-Ei"
Pattern match: "Bfn5.YI/b.|j5YmV]q;u-K}^uP~ni8%S6;+"
Heuristic match: "]ULo{M9ebb7@,7JkMxVjS[W=u>=>]f>z-AH#^?kBWyMAt?blEX#xu<2t{^>)ss],{sc+&D7G=9c/U{qzgqul=k1whuHkWvTQ<.x^{du\:eZo.sM"
Pattern match: "7S0.FDe/zD;{joH+vq4m"
Pattern match: "FrzW.zz/z/Lnm{5a^].OT"
Pattern match: "R.DQ/+0ARe1N;$m/p0y;b~ye"
Pattern match: "8.We/M?r[M0w"
Pattern match: "IunQl.MzhD/NJJbGF5:_d"
Heuristic match: "j&XK4NVG[q3 )R/xC?]1=d2\kqb/rsbn|%z6X\v7;}e5BZUrv(?Kb5t>jP57~YQP\Bsg~n<%N!=A2%XaXhIS-t!?ez`KN%;F2saZ-hy[E:#G%RXT3BFT8dGNCDGSv7T>/VbNm.ao"
Heuristic match: "9r.IL"
Heuristic match: "R=.mp"
Pattern match: "4.4t7g.SqN/8g"
Pattern match: "x.SR/8{Z_f^fKOypJ"
Pattern match: "PauwNbPL.pdf/tP~BurhH0ee';C|^MZI7{5+C|Q"
Heuristic match: "sfz8=[*e+$y@I2X[/0@!1<GTFtkCn.tW"
Pattern match: "0JI.KXP/*sxO2[Kier]s"
Heuristic match: "D3S,~mV[[vI2j\GWA4Mx0SgAy!81[kNsbs4`0(X^';yQ,1<|[7~EU'4R`i=t/U(PO.@JV8,:6C}bF_ |V$d[Pr,5Q;f'YPyfqlnplL*Q.tJ"
Pattern match: "RnS8sn.YZ/%K"
Pattern match: "Y.eeEo/&M"
Heuristic match: "S!.Bo"
Heuristic match: "x}/qb0i-PBo]:fCG.cc"
Pattern match: "u.cjT/UknU6a4*"
Heuristic match: "b*YCr&'}k@^\v7+T/''(h\Cw-ZfO/yA^.GP"
Heuristic match: "fBl^>.nE"
Pattern match: "mv.TJ/Wo`,Gki"
Heuristic match: "@}V^`Nc!7x$jL.lU"
Pattern match: "HOw7vk.HDw/3L9I]Po2L[nze;*C6ipp;ZE=*K;XhssBf]*9KvN[3:7=fZen}}$uuQXWT"
Heuristic match: "?2JK~D|A?hF0-a]onJ:,yO&'un.ZtV^y>c&v=||f~(w5Doz>3C>*83 }#PZF$KNQSCO`IEcU$E3[2D${&$VLp>A.tT"
Pattern match: "9.Rk/u.UC$1,i'fx:od/|{7"
Heuristic match: "zfZicUvS;$}6*Gw;tyxMdig?A*G(#:+%*!)25]L_k!b!CB-@5MB}^cfgS.hr"
Heuristic match: "BeIm8\fL/V'L\!^nR3I,Z^.Pnw>&Q]ylfQ_.cg"
Heuristic match: "I%.R-@l.np"
Pattern match: "jl.qKT/h1z"
Heuristic match: "={d(WJee.:=h7NFPpk[`-+_UmRgGPS3$dpfe[zH4-Q;q9\1:x`(kqaSOE:#Q.m_#k ^E*.JO"
Pattern match: "XFGG2E.Cx/05!_$opW]_U"
Heuristic match: "wQg8W-t(\7{lOe>zLhYBr.TO"
Heuristic match: "jA=znzt(%XjD2ZF5.Sxy\s{]6~6{$[\M/xqWq0Q`HaaeK?NAUS7=r)764w^e=s^&q.W/{^]u2.BO"
Pattern match: "Qo.rqE/w;R"
Pattern match: "Z.li/]%U*KnR"
Pattern match: "Fpx.XnO/8~$l-x}YLQ6"
Heuristic match: "mjtU!hy7fpd]-TKYy2$[-).gD"
Pattern match: "7qVvm8p.qGJ/SJ_$H%}nt6Cg;rpzOA|X/|j?UOUjwbJZ_|a0DJk"
Pattern match: "VSvOd.rS/C{p-"
Heuristic match: "g$BazGwi*ZRa`#uNYUoTRh*p>=.AN"
Heuristic match: "V:OVzI-t6#qpUpLJM0vAnT.M=~?t?07^Z5.>vkzL<l^Tg}pvSp-yh=Rt[6@lcp=l-1tb)qPV.BN"
Pattern match: "9Y.vu/3v13'RJEoQ;4L^@|8?+^h\b|'Z"
Heuristic match: ",rv>*B JeAO).QS@DFi389)lb>s'tv^q6N51:EayVD]wi.Dz"
Pattern match: "K.wEfx/.9p#t`dTZljC\@Wwl;My@+by8hqQ-[*e"
Pattern match: "e5bAD.Eww/-Z4Hp;k"
Pattern match: "Uur.xk/fP"
Pattern match: "lKfTr.yi/@zAjm?I*2!r\z"
Pattern match: "v.UWw/_ephzuR[vXfxo8"
Pattern match: "Z.GkIo/-,r79(Ufi*oJjJqUb)G"
Heuristic match: "=7B!dMEf$m==.sz"
Heuristic match: "gt#6>.HaN;_ip*SGDO;\x#P7d~zE3FT4(:9F6YokZhV=C: ^Q]{B.Gu"
Pattern match: "z-.yGD/eWl~ia4Ql6RxnXcEm/+b2"
Heuristic match: "}@wta2N+xn,NE~n\tK&aG'K $f-Sb,9|AQ MnkAgsII$@t@XkbI0\0Blf'DAH94.GL"
Heuristic match: "7QZd5p3\-u#~9\78WS7pn0!sc1`u#L@Tnj$juMJN'T5gx&\4s3fw\trdHNlcf\Eu]kV_Wa0 7xR.H*u[PJHtPOa)Ka7IwY.6a0uD>;oIJLNLFL9qh?aFjHQ=s?4VFE7|j@dhNrZIdvKK?p8F.[MdyzBbr$o{w><wegjPkkX$U'7-$rH!i*5z3uo6bF9y4rboXJ\BF5I>wy(*3$e*rg3E?b;2`8I\cBb _}#.CL"
Pattern match: "t.RZk/KkmRTU}cO2SgjJYEu}J!!a{t?G}IflY59~Gb?/c"
Pattern match: "2BR.dI/x|z"
Heuristic match: "`MmJFXLATZi#JM.J_TD+P[.si"
Heuristic match: "yA+M~ bd;dQsUY _pYlf!c*Q+ >);-p,/u.PY"
Heuristic match: "Pnf=/.Tr"
Pattern match: "7.wm/C2}OM[0*d"
Pattern match: "Mm.Pb/uS^t?5iCu$"
Heuristic match: "CzyLrS0s'.BE"
Pattern match: "Xh.Yw/N@Wppt|6l[d9C]\356"
Pattern match: "0KH.zzE/z]]bWXU~PFp01vHFeSYuu"
Pattern match: "tzrLt.ez//f"
Heuristic match: "T:R#-3RPX.gzUc<Yv|yf-ig,WiUm 00jwSd<lmv^f{o^.br"
Pattern match: "X.lXco/U,WX"
Heuristic match: "M)PXBBNp6.Bn"
Pattern match: "oOz.rS/d4"
Pattern match: "n.YLYI/i3$K"
Heuristic match: "RG[BwnyHb9jXIwpOdh!U.zw"
Pattern match: "8.LNKm/ax4%?M^ks*456j50#I!**UfIzk"
Heuristic match: ":FtFt|.US"
Pattern match: "E0-M2.Wd/%-r3dcCm%"
Heuristic match: ".V<L<.0JX#(T4Tav}5#A:\\/0lg~`rk7.dM"
Heuristic match: "u(%)klGhQ.ug"
Heuristic match: ";O]^]w|B^K.~F2RLR&Sb<RFM,wK0Rm`mp_-SIR=>R.sU"
Heuristic match: "Yfd,7e25/iL 7zQ'iud}=U.Fr"
Pattern match: "mqF151ZXR.Vv/hsg~mu^#|"
Pattern match: "Q3u.EAcC/V_}dT"
Heuristic match: "2FmLlQ$/mw;HHiZclm107)7UoS~fphe*f8}|q0|Kp8$J0vA,gQ8<+Fw^ZGjz7%fF~.33;=ME?n4JI^w6rMtnK]}}h:z%rB0fES(#L9kIh1[!}<x(gjfnmt08IjGn!kqGO.iO"
Pattern match: "yR1.Bf/e]LZjU0RW\XhJ9FWPgV"
Heuristic match: "DG`Ye{_c]`,.KI"
Pattern match: "tm.EeXC/pG8bJUJ3/]M|.v1?%gOotOyR"
Heuristic match: "d% A_hmON[O\:5t$ 9pM@Q6%wYZE=R`+s+'[OFG3jSS&%lIxq5/*Tl#Zr~vtoy#_/iZV.hM"
Pattern match: "..akfJ/IDGyl;kZ-\Z_C\QXqK5dT[!m!yFU.x,Rg:DTQK2G|Yqx~Z2-tGWQ"
Pattern match: "4eMo1PQI.st/0*=qDEKTZxm3iwug8="
Heuristic match: "lm*rN}>!~P^\_LF{U].:yk!(?]HmzeEo!~Q.ba"
Pattern match: "O.kg/3Q._8P/"
Pattern match: "9s.jL/}{t$E~J-&`SE-5[=x}S|5b_#-A+tZj-"
Heuristic match: "/Ce:9` aM|t;Tmy%k9^GPiGVRH~4Bs4i[PzMrXoLML~DV/?Y/XfM@QSTKJEIpzd@94bhoO3CUv#znDY\bEyqy,fm*,.t4nOW|Q74A*79>f?eNb\b5C0^DjGaTI1Xhew<.qd.bN"
Heuristic match: "qk&hyz{8iE]|[e%|^3/C!PA*(\Q)##Omt+Pgfc6x;W9g;66\Z}|v6F+&8X8HC1r<cBJ'<*iX.Uz"
Pattern match: "pjVdg.TP/o9"
Heuristic match: "TD4LED70J/][7.lR"
Heuristic match: "!'d&)Ys)(Tv.kg"
Pattern match: "A.mc/mmm"
Heuristic match: "O ^]1T#B38_#$dt)s+xJZ/;Ep|$6! o9w9<q!mCR7.mw"
Pattern match: "AAdd.bBX/l^@"
Heuristic match: "$qe_Db%OJv![\fk.vi"
Pattern match: "Ouy.zjys/tpN#f~?UG^bl0TW|g3U}1:;|N\+ZdrYo/7JE+[~0"
Pattern match: "c.WR/%-\2A:6gcGq"
Pattern match: "DrqCGY.zJ/I/dU"
Heuristic match: "cW4M\mim6.|@y0~+gNdg:])TBp6t||Zx7{q_nP/@_GMNk0.de"
Heuristic match: "R*+a7lP=vg;q/DYX~$A|TUL*IV)bF\KboL'<Hb~ |F.HN"
Heuristic match: "?@`%O=t3o.p/F!Z![@>XU]I.ki"
Pattern match: "s.OD/O4.-"
Pattern match: "HSk.dI/?]Q/fJ4A98l-"
Pattern match: "U3rCfRq1.ejcs/@a{G=ii{KSLh?#[@f"
Heuristic match: "[fRQTkai,sIPO;,~'y4pU[dVdH{.RHM++L+~d6|hORZIKWW6|}ThUH1]wtmRHzAO\2g#qrf.tL"
Pattern match: "HHV0.eSBw/`2,7[Lnv;sclLFnF{7mFPS"
Heuristic match: "$c=Ku6qKwXsFxBl]{p~/_f7llb'Pe'D2`Q-7rOA3RhvUp `M/<fz,j~qx~WuxwW8Ccc]LG]M#tC.C\:f/|$H:{RkA7PG_E06|>V=v`02Vv%ZMcmewnO dV$ !.iq"
Pattern match: "u.on/{4h^kg+@z+=ioga~qkM~ps9"
Pattern match: "ZFShM6.FHqa/mYeHq"
Pattern match: "Wu-K.RY/;wwJC[/Wv+wDx`/%vC+Bn|wj"
Pattern match: "Qme9rIu.Dt/f1iv{6"
Pattern match: "Cn.SUxO/.TZ"
Heuristic match: "Id&VMa_ezfFV1Fk(_uhpXcuF[\g.SG"
Pattern match: "Wo17S..eK/1MlE4T"
Heuristic match: "Lyii5dI.xd7.1`lZ#k(SQis${N<PZ^f'&'m.Gw"
Heuristic match: "'oL6e.is"
Pattern match: "V.vQ/8H/|X+O+LaV||~o5sfZ[T]\"
Pattern match: "IFoGdH.mIP/'}5\2"
Pattern match: "Zq5.hW/Kvd47p?u@`h2f"
Heuristic match: "O~)Z.SD"
Heuristic match: "ufm,^0%N+g<?t|U3M0I9JS8Sv:.^ZKWIhI_l}vv__$+^}]Z|/HFuLG%m0b?@Ng#\8{~?l5L)_wgRqntXj]`2rDd_Qhvek+.gI"
Pattern match: "7.WF/9oOEydy%?26_}n"
Pattern match: "503aej5rRHA.uoM/N[s[LKFj2S1Yf$kN^KxcBa_smt_"
Heuristic match: "<|'lg6&pYt8j8QZ:G}b1Y.mv"
Pattern match: "N.ySkO/G/=k_RN+6Z1"
Heuristic match: "$3#%uwHY'aMb^?b~|KiuD we=f$5UXS a\(ey. aU>IWT*fvH>pd J5m6d,Z9x'Ecu3ZYfG-zbb@]>%`.iIZ8sVc.gy"
Pattern match: "G.mN/`-D|0;:kxSp#"
Pattern match: "7.GtV/`p{{l7L4XrtXE;zjK]`zo_"
Heuristic match: "RUo>rN~zJ|A`-~Hb5RohooGMzommT(mABkBhCtmbxT{q3&su{nQ@,Ba2L#3*oI.CK"
Pattern match: "8NH.UJ/tM*FAhN6n[\="
Pattern match: "F8pKlY.yGy/&AA6.CQw=0,'D\w$JIg"
Pattern match: "B.laO/%p=vgzps`??~"
Heuristic match: ",(|/*Hs|J{:Q=dy\z.Ie"
Heuristic match: "HB?g.cy"
Heuristic match: "\x~9Z5M:)W)xvx\Ld_^+YLaU<LM^gb!inqimXD7A\&e{$')Lu6A.AD"
Heuristic match: "^^8+_cH&prMs.o.Su"
Pattern match: "m9TWkt.KA/d|AK/PY"
Pattern match: "PwSPF.yj/@'?.mGN1k1q6?#F,H&#xX0r{!MCXaRtO[ZOEB}8iq]Nd(zaOR!)SCf"
Pattern match: "41sXt6pR-Ek5q0I2s9A.lqSv/?Gk|i"
Heuristic match: "DJOh4u4MFJo=My}{SX_NEb$>32Q}:.Eb!>po@|N4k.CO"
Heuristic match: "L*P;?r}.5^<UE8!D#\<IDw^6mD_'Tw=Fxd%}V8NPW]<*C[V^@uuSUE|Y..Us"
Pattern match: "r9W.Ea/T#NX]UjQ\4M74M\"
Pattern match: "bFXJC.UIU/PC/kT"
Pattern match: "eV.Ksq/,HE-H5K16F&k3&?7C1Q#"
Pattern match: "AQ6Dx9eWv1u.cr/k]%"
Pattern match: "ac.FrH/ajvfP|$k3]w#\cNvw:0?|"
Pattern match: "V8.vxY/+zI$j$67"
Pattern match: "r.NJ/Dl.GP&Cv,bRv-qAu=*WE'm!:0"
Pattern match: "Xjhn.eLtT/NI#$G#vydZKwck"
Pattern match: "LKk7.Vb/6\i"
Pattern match: "4Gj.oTK/4`@74O'i&Q`#|X"
Pattern match: "O.CT/@reS*V1iE?%`^h4X-d[9b3T\M8"
Pattern match: "uw.izBP/1;2O=xp?J^F"
Heuristic match: "dHVS\{s}30 q6`cm&Hw(LdG+o^nUjGGm`Xm91mUJU@Dkm:!pSX.{#Ah^`!U.mT"
Heuristic match: "V{#z|e;E\=D'fx' )7*AR0e2oT`jYugTFqbg]9o?L#>n&;}v42yH:Jy'j$N)m\Sy\HH9A/wkCT.\&/Kb-G?UGtH 5D-bX1);RT].ye"
Pattern match: "A.gl//\2"
Heuristic match: "Dir$3#uR\_N`&{YB)kwUI]].MQ"
Heuristic match: "M1D98TY6k{!oE.DJ"
Heuristic match: "\`T_O8p4.aX"
Pattern match: "5ptsss.GA/}b!/"
Pattern match: "Tjw.clP/yH$V"
Heuristic match: "eqnW#F,[KbTF'.bD"
Pattern match: "7.vKH/;1"
Heuristic match: "5l_O -xow66&#Nr6|ru_I{<hhUFIr~3.-+&kkXP`fiVcafu]'Jsg~6j-hZcP$)m{-+^od~/gqAXn\kdz[AyX(=p:CHO67QS\{J<<C[V3D @^Ge%RXA<QF+@wc7\Mx9ueoK?n+%S@q/*|Sb-^O%JC&fLBF`BUt1t>mKsA@a.De"
Pattern match: "HTRe8.zh/HgZ9\_#?\A,DvL!tY9P7N"
Pattern match: "I.Hc/.4q"
Pattern match: "G-SHE.cN/*zj\"
Pattern match: "Y.UZ/CnraXt"
Heuristic match: "3M3*5|FI:I#jy&Bd2?Eu&<5fyuFRH]|3jb<wc]a7ozD!4r<T2OCL2syX6wX2.Tf" - source
- File/Memory
- relevance
- 10/10
-
Found potential URL in binary/memory
-
System Destruction
-
Marks file for deletion
- details
-
"%WINDIR%\System32\msiexec.exe" marked "%TEMP%\MSI9A05.tmp" for deletion
"%WINDIR%\System32\msiexec.exe" marked "%TEMP%\MSI9CE1.tmp" for deletion
"%WINDIR%\System32\msiexec.exe" marked "C:\MSI57096.tmp" for deletion - source
- API Call
- relevance
- 10/10
-
Opens file with deletion access rights
- details
-
"msiexec.exe" opened "%TEMP%\MSI9A05.tmp" with delete access
"msiexec.exe" opened "%TEMP%\MSI9CE1.tmp" with delete access
"msiexec.exe" opened "C:\MSI57096.tmp" with delete access
"msiexec.exe" opened "%SAMPLEDIR%\MSI57097.tmp" with delete access - source
- API Call
- relevance
- 7/10
-
Marks file for deletion
-
System Security
-
Opens the Kernel Security Device Driver (KsecDD) of Windows
- details
- "msiexec.exe" opened "\Device\KsecDD"
- source
- API Call
- relevance
- 10/10
-
Opens the Kernel Security Device Driver (KsecDD) of Windows
-
Unusual Characteristics
-
Reads information about supported languages
- details
-
"msiexec.exe" (Path: "HKCU\CONTROL PANEL\INTERNATIONAL"; Key: "LOCALENAME")
"msiexec.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000409") - source
- Registry Access
- relevance
- 3/10
-
Reads information about supported languages
File Details
Legacy Tag Database Conversion.msi
- Filename
- Legacy Tag Database Conversion.msi
- Size
- 19MiB (20036864 bytes)
- Type
- rtf
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Installation Database, Comments: Legacy Tag Database Conversion, Keywords: Installer,MSI,Database, Subject: Legacy Tag Database Conversion, Author: Rockwell Automation, Inc., Security: 1, Number of Pages: 200, Name of Creating Application: InstallShieldm 2008 - Professional Edition 14, Last Saved Time/Date: Tue Aug 9 10:54:10 2011, Create Time/Date:
- Architecture
- WINDOWS
- SHA256
- 9e7c8d199623d4bfda53c2ada1e9896ebbffaa3fbe10a88942091e937dad9e9a
- MD5
- 5d26967ff1b7b85ed8995ee0fb7827c8
- SHA1
- 348410ad81996086009de3ca200b0f14126be330
Classification (TrID)
- 89.3% (.MSI) Microsoft Windows Installer
- 9.4% (.MST) Windows SDK Setup Transform Script
- 1.2% (.) Generic OLE2 / Multistream Compound File
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 1 process in total (System Resource Monitor).
- msiexec.exe /i "C:\Legacy Tag Database Conversion.msi" (PID: 3392)
Network Analysis
DNS Requests
No relevant DNS requests were made.
Contacted Hosts
No relevant hosts were contacted.
HTTP Traffic
No relevant HTTP requests were made.
Extracted Strings
Extracted Files
-
Clean 2
-
-
MSI9A05.tmp
- Size
- 97KiB (99272 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/77
- Runtime Process
- msiexec.exe (PID: 3392)
- MD5
- 7fc805dfb062483724d878a686612810
- SHA1
- ddf950af4d0a265ea3405a6524aca6c87688a039
- SHA256
- 9063d8ffa56e4cf2de691607efb9d14838dfe4f623704da9962a6925ac5b520d
-
MSI9CE1.tmp
- Size
- 156KiB (159744 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/66
- Runtime Process
- msiexec.exe (PID: 3392)
- MD5
- be1d0caeaffad4588b736c0ea08c13c0
- SHA1
- 87049138f9006e17ee09a3f143c4838c8685a375
- SHA256
- 0973eede02d03b3620c23b1c5c4cd63768ba566ad505551c30be58a14752a43e
-
Notifications
-
Runtime
- Added comment to Virus Total report
- Not all sources for signature ID "api-31" are available in the report
- Not all sources for signature ID "api-55" are available in the report
- Not all sources for signature ID "string-21" are available in the report
- Not all strings are visible in the report, because the maximum number of strings was reached (5000)