DigitalSide Threat Intel

net.msi

First submission 2024-10-17 08:57:02

File details

File type: Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {52B140B4-7696-4EC7-BF03-5B14B1FC7533}, Number of Words: 10, Subject: PlaceInllinet, Author: Pablo Network, Name of Creating Application: PlaceInllinet, Template: ;1033, Comments: This installer database contains the logic and data required to install PlaceInllinet., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
Mime type: application/x-msi
File size: 1866.0 KB (1910784 bytes)
MD5: 5375c07cb8e6bedd4c3f26c9509d1562
SHA1: 24fbf9a9e05fe724e53c3738b8f508633064b9f5
SHA256: fd4b6e419691647b9ae0ca60e5b383c5d9fe1d5fcfc8dec887bb188c4d39d36e

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 9/77 VT report date: 2024-10-17 03:56:49
Malware Type 1 trojan
Threat Type 3 aqit brutel shelm

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://91.225.219.174/net.msi VirusTotal Report 91.225.219.174 VirusTotal Report 2024-10-17 08:57:02

Strings analysis - File found

Log
AI_CustAct.log
Library
riched20.dll
KERNEL32.dll
ntdll.dll
ADVAPI32.dll
mscoree.dll
WShell32.dll
api-ms-win-core-synch-l1-2-0.dll
AICustAct.dll
Eapi-ms-win-core-synch-l1-2-0.dll
SHLWAPI.dll
OLEAUT32.dll
NETAPI32.dll
SHELL32.dll
WS2_32.dll
ole32.dll
IPHLPAPI.DLL
msi.dll
USER32.dll
GDI32.dll
network.dll
COMDLG32.dll

Strings analysis - Possible URLs found 25

https://www.thawte.com/cps0/
http://www.digicert.com/CPS0
http://tl.symcb.com/tl.crl0
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
http://schemas.microsoft.com/SMI/2005/WindowsSettings
http://tl.symcb.com/tl.crt0
http://tl.symcd.com0&
https://www.thawte.com/repository0W
http://ns.adobe.com/xap/1.0/mm/
http://ns.adobe.com/xap/1.0/sType/ResourceRef#
http://t2.symcb.com0
http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
http://ocsp.digicert.com0C
http://ocsp.digicert.com0O
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
http://www.w3.org/1999/02/22-rdf-syntax-ns#
http://t1.symcb.com/ThawtePCA.crl0
http://crl3.digicert.com/sha2-assured-ts.crl02
http://ns.adobe.com/xap/1.0/
http://crl4.digicert.com/sha2-assured-ts.crl0
https://www.advancedinstaller.com
http://www.w3.org/2000/svg
http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
https://www.digicert.com/CPS0
http://www.w3.org/1999/xlink