ALM-Platform-Loader.msi
This report is generated from a file or URL submitted to this webservice on May 14th 2018 13:41:16 (UTC)
Guest System: Windows 7 32 bit, Professional, 6.1 (build 7601), Service Pack 1
Report generated by
Falcon Sandbox v8.10 © Hybrid Analysis
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Suspicious Indicators 1
-
General
-
Found a potential E-Mail address in binary/memory
- details
-
Pattern match: "4lp@4d7.j3"
Pattern match: "a@ff.7urq"
Pattern match: "5@c._gq"
Pattern match: "00o@-.5bd"
Pattern match: "tmgvaq@z.f"
Pattern match: "hfcbf@ob77.2"
Pattern match: "k0@-u.q"
Pattern match: "yozchq@u.zh0a26"
Pattern match: "v@00y6.e"
Pattern match: "r@rx3e.b"
Pattern match: "nt@fv.z"
Pattern match: "jko@ld.8"
Pattern match: "mntrk3@lx41.od"
Pattern match: "iwofwkzj@0i.3t"
Pattern match: "8m@qcw.q"
Pattern match: "fd6@g.2bucr6buo3"
Pattern match: "m@3x-.rdwc6nqjw"
Pattern match: "4je@5mzc.7h" - source
- File/Memory
- relevance
- 3/10
-
Found a potential E-Mail address in binary/memory
-
Informative 2
-
External Systems
-
Sample was identified as clean by Antivirus engines
- details
- 0/61 Antivirus vendors marked sample as malicious (0% detection rate)
- source
- External System
- relevance
- 10/10
-
Sample was identified as clean by Antivirus engines
-
Network Related
-
Found potential URL in binary/memory
- details
-
Heuristic match: "GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8b4d6460844fbb7c HTTP/1.1Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 20 Apr 2017 16:02:20 GMTIf-None-Match: 04e707defb9d21:0User-Agent: Microsoft-CryptoAPI/6.1Hos"
Heuristic match: "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?71cf851e086c7cb7 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ctldl.windowsupdate.com"
Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.usertrust.com"
Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEC58h8wOk0pS%2FpT9HLfNNK8%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.comodoca.com"
Heuristic match: ")-IyY\]#5sjI#whAAAAAC.]< A++.SY"
Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSSdxXdG447ymkRNPVViULv3rkBzQQUKZFg%2F4pN%2Buv5pmq4z%2FnmS71JzhICEFYQSuwmGMt89BILMIJ7Qtc%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.comodoca.com"
Heuristic match: "W,v%L-;8+8_H!e3nvJ\)/x>G^'U_w*4qo}5/M0q!~sz>1:Z26].bH"
Pattern match: "aQ.ChoX/ti"
Pattern match: "h.fjQ/X5Ae&Rq'4Vjm&S"
Pattern match: "q.xG/&=1;KtV!WqE|*H-x&'AZFf&;De/CML3s[-}R"
Pattern match: "4.cp/[-Ht2J0kyX,;-DQ$XRM#{q539"
Heuristic match: "_wBC'cN:[.|W9B (_`U.zw"
Pattern match: "88S.rS/~N6"
Pattern match: "T5wCpK.Ckc/h+G^ygq9.o\;~6![|M-G3O,|v"
Pattern match: "http://crl.thawte.com/ThawteTimestampingCA.crl0U%0"
Pattern match: "crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0"
Pattern match: "https://secure.comodo.net/CPS0CU"
Pattern match: "crl.usertrust.com/AddTrustExternalCARoot.crl05+"
Pattern match: "http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q+e0c0;+0/http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$+0http://ocsp.comodoca.com0" - source
- File/Memory
- relevance
- 10/10
-
Found potential URL in binary/memory
File Details
ALM-Platform-Loader.msi
- Filename
- ALM-Platform-Loader.msi
- Size
- 818KiB (837632 bytes)
- Type
- doc office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Title: Installation Database, Keywords: Installer, MSI, Database, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Dec 11 11:47:44 2009, Number of Pages: 200, Security: 0, Code page: 1252, Revision Number: {E1EE6692-3EE3-45B7-B486-604DE7B1AA39}, Number of Words: 10, Subject: ALM-Platform Loader 12.5x, Author: HP, Name of Creating Application: Advanced Inst
- Architecture
- WINDOWS
- SHA256
- 7935e15ead2e825fb86dc1f4a1eaf19e26850c4eba2d4c2762917d2931a99f8b
- MD5
- fa3b87e556d1fcd8874811a880dbc8e9
- SHA1
- 78e2ac2aab474267aa46720292ff9c2b33486938
Classification (TrID)
- 89.3% (.MSI) Microsoft Windows Installer
- 9.4% (.MST) Windows SDK Setup Transform Script
- 1.2% (.) Generic OLE2 / Multistream Compound File
Screenshots
Loading content, please wait...
Hybrid Analysis
No runtime process information available.
Network Analysis
DNS Requests
No relevant DNS requests were made.
Contacted Hosts
No relevant hosts were contacted.
HTTP Traffic
No relevant HTTP requests were made.
Extracted Strings
Extracted Files
No significant files were extracted.
Notifications
-
Runtime
- Although all strings were processed, some are hidden from the report in order to reduce the overall size
- No runtime process information available