DigitalSide Threat Intel

viewer.msi

First submission 2024-10-14 12:34:01

File details

File type: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Document Viewer, Author: DocuSign, Keywords: Installer, Comments: This installer database contains the logic and data required to install Document Viewer., Template: Intel;1033, Revision Number: {7248C895-95E7-4BF7-B6D6-1C41D2578B26}, Create Time/Date: Mon Jul 1 14:54:48 2024, Last Saved Time/Date: Mon Jul 1 14:54:48 2024, Number of Pages: 500, Number of Words: 10, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2
Mime type: application/x-msi
File size: 428.0 KB (438272 bytes)
MD5: f2bf1a026c449d083dd6b06ed0ab2d8b
SHA1: 913565efc2c0898d26421735207790d92bb9e597
SHA256: abf8f406e5f1d88861def35ff16a04d9f12a0c63130fe5c349c0e39f989aa5c9

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 13/77 VT report date: 2024-10-14 12:11:59
Malware Type 1 trojan
Threat Type 1 fragtor

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://185.244.219.87/viewer.msi VirusTotal Report 185.244.219.87 VirusTotal Report 2024-10-14 12:34:02

Strings analysis - File found

Library
KernelBase.dll
3ntdll.dll
ntdll.dll
KERNEL32.dll
api-ms-win-core-string-l1-1-0.dll
api-ms-win-core-handle-l1-1-0.dll
ext-ms-win-cmd-util-l1-1-0.dll
api-ms-win-core-registry-l1-1-0.dll
API-MS-Win-Core-DelayLoad-L1-1-0.dll
api-ms-win-crt-time-l1-1-0.dll
api-ms-win-core-console-l2-2-0.dll
api-ms-win-core-console-l3-2-0.dll
api-ms-win-core-interlocked-l1-1-0.dll
api-ms-win-core-processenvironment-l1-1-0.dll
api-ms-win-core-console-l1-1-0.dll
api-ms-win-core-datetime-l1-1-0.dll
api-ms-win-core-threadpool-l1-2-0.dll
api-ms-win-core-misc-l1-1-0.dll
api-ms-win-core-console-l2-1-0.dll
api-ms-win-core-timezone-l1-1-0.dll
api-ms-win-core-synch-l1-1-0.dll
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-core-sysinfo-l1-1-0.dll
API-MS-Win-Security-Base-L1-1-0.dll
api-ms-win-core-processenvironment-l1-2-0.dll
api-ms-win-core-memory-l1-1-0.dll
api-ms-win-core-localization-l1-2-0.dll
api-ms-win-core-file-l2-1-0.dll
api-ms-win-core-delayload-l1-1-1.dll
api-ms-win-core-processtopology-l1-1-0.dll
api-ms-win-core-processthreads-l1-1-1.dll
ext-ms-win-appmodel-shellexecute-l1-1-0.dll
api-ms-win-core-errorhandling-l1-1-0.dll
api-ms-win-core-heap-l1-1-0.dll
api-ms-win-core-profile-l1-1-0.dll
api-ms-win-core-systemtopology-l1-1-0.dll
api-ms-win-core-debug-l1-1-0.dll
ext-ms-win-branding-winbrand-l1-1-0.dll
api-ms-win-core-processthreads-l1-1-0.dll
api-ms-win-core-file-l1-1-0.dll
api-ms-win-core-winrt-l1-1-0.dll
api-ms-win-core-libraryloader-l1-2-0.dll
api-ms-win-core-io-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-private-l1-1-0.dll
api-ms-win-core-apiquery-l1-1-0.dll
api-ms-win-core-file-l2-1-2.dll
api-ms-win-core-heap-l2-1-0.dll

Strings analysis - Possible URLs found 2

http://schemas.microsoft.com/SMI/2005/WindowsSettings
http://schemas.microsoft.com/SMI/2016/WindowsSettings