Windows Analysis Report
SSCBOLGZFXVJMEICRNQMJOCDIF.msi

Overview

General Information

Sample name: SSCBOLGZFXVJMEICRNQMJOCDIF.msi
Analysis ID: 1500449
MD5: 76fcc34ca114d2461987e79d4ba74426
SHA1: 60498c15d00ceffce1fc000798cfee4fa414c56f
SHA256: 968085e9697d39f4bdb330d1b18e7c5903e55abe7fb4ebbf8e3ae816d7af5dc2
Tags: 147-45-116-5msi
Infos:

Detection

Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

AI detected suspicious sample
Creates autostart registry keys to launch java
Java source code contains very large array initializations
Checks for available system drives (often done to infect USB drives)
Creates files inside the system directory
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info

Classification

AV Detection
barindex
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 84.3% probability
Source: C:\Windows\System32\msiexec.exe File opened: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\plugin2\msvcr100.dll Jump to behavior
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2ssv\obj\jp2ssv.pdb source: jp2ssv.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\kinit_objs\kinit.pdb source: kinit.exe.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libt2k\t2k.pdb source: t2k.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\deploy\plugin\npdeployJava1\obj\npdeployJava1.pdb source: npdeployJava1.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\klist_objs\klist.pdb source: klist.exe.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\javacpl\obj\javacpl.pdb source: javacpl.cpl.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libinstrument\instrument.pdb source: instrument.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libbci\bci.pdb source: bci.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libverify\verify.pdb source: verify.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\tnameserv_objs\tnameserv.pdb source: tnameserv.exe.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\javacplexec\obj\javacpl.pdb source: javacpl.exe.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\java_objs\java.pdb source: java.exe.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2iexp\obj\jp2iexp.pdb< source: jp2iexp.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libresource\resource.pdb source: resource.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\jjs_objs\jjs.pdb source: jjs.exe.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\servertool_objs\servertool.pdb source: servertool.exe.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libwindowsaccessbridge-32\WindowsAccessBridge-32.pdb source: WindowsAccessBridge-32.dll.1.dr
Source: Binary string: msvcr100.i386.pdb source: msvcr100.dll0.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libj2pcsc\j2pcsc.pdb source: j2pcsc.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2iexp\obj\jp2iexp.pdb source: jp2iexp.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libdt_socket\dt_socket.pdb source: dt_socket.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\javacpl\obj\javacpl.pdb4 source: javacpl.cpl.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libunpack\unpack.pdb source: unpack.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\javacplexec\obj\javacpl.pdb0 source: javacpl.exe.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\rmid_objs\rmid.pdb source: rmid.exe.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunec\sunec.pdb$ source: sunec.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libdt_shmem\dt_shmem.pdb source: dt_shmem.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjavaaccessbridge-32\JavaAccessBridge-32.pdb) source: JavaAccessBridge-32.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunec\sunec.pdb source: sunec.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmanagement\management.pdb source: management.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjavaaccessbridge-32\JavaAccessBridge-32.pdb source: JavaAccessBridge-32.dll.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: SSCBOLGZFXVJMEICRNQMJOCDIF.msi, MSIB56D.tmp.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2ssv\obj\jp2ssv.pdb source: jp2ssv.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmanagement\management.pdby: source: management.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\rmiregistry_objs\rmiregistry.pdb source: rmiregistry.exe.1.dr
Checks for available system drives (often done to infect USB drives)
Source: C:\Windows\System32\msiexec.exe File opened: z: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: x: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: v: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: t: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: r: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: p: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: n: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: l: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: j: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: h: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: f: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: b: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: y: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: w: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: u: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: s: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: q: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: o: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: m: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: k: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: i: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: g: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: e: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: c: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: a: Jump to behavior
Source: jfxwebkit.dll.1.dr String found in binary or memory: ftp://http://base%.20s%ddefault%d%.20scopying
Source: dt_shmem.dll.1.dr, klist.exe.1.dr, jp2ssv.dll.1.dr, JavaAccessBridge-32.dll.1.dr, resource.dll.1.dr, rmiregistry.exe.1.dr, verify.dll.1.dr, javafx_iio.dll.1.dr, jjs.exe.1.dr, j2pcsc.dll.1.dr, prism_sw.dll.1.dr, rmid.exe.1.dr, npdeployJava1.dll.1.dr, tnameserv.exe.1.dr, WindowsAccessBridge-32.dll.1.dr, prism_d3d.dll.1.dr, javacpl.exe.1.dr, java.exe.1.dr, glass.dll.1.dr, kinit.exe.1.dr, servertool.exe.1.dr String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: jfxwebkit.dll.1.dr String found in binary or memory: http://exslt.org/common
Source: jfxwebkit.dll.1.dr String found in binary or memory: http://exslt.org/commonnode-setdata-typexsltDoSortFunction:
Source: jfxwebkit.dll.1.dr String found in binary or memory: http://icl.com/saxon
Source: jfxwebkit.dll.1.dr String found in binary or memory: http://icl.com/saxonorg.apache.xalan.xslt.extensions.RedirectxsltDocumentElem:
Source: fxplugins.dll.1.dr String found in binary or memory: http://javafx.com/
Source: fxplugins.dll.1.dr String found in binary or memory: http://javafx.com/vp6decoderflvdemux
Source: dt_shmem.dll.1.dr, klist.exe.1.dr, jp2ssv.dll.1.dr, JavaAccessBridge-32.dll.1.dr, resource.dll.1.dr, rmiregistry.exe.1.dr, verify.dll.1.dr, javafx_iio.dll.1.dr, jjs.exe.1.dr, j2pcsc.dll.1.dr, prism_sw.dll.1.dr, rmid.exe.1.dr, npdeployJava1.dll.1.dr, tnameserv.exe.1.dr, WindowsAccessBridge-32.dll.1.dr, prism_d3d.dll.1.dr, javacpl.exe.1.dr, java.exe.1.dr, glass.dll.1.dr, kinit.exe.1.dr, servertool.exe.1.dr String found in binary or memory: http://ocsp.thawte.com0
Source: dt_shmem.dll.1.dr, klist.exe.1.dr, jp2ssv.dll.1.dr, JavaAccessBridge-32.dll.1.dr, resource.dll.1.dr, rmiregistry.exe.1.dr, verify.dll.1.dr, javafx_iio.dll.1.dr, jjs.exe.1.dr, j2pcsc.dll.1.dr, prism_sw.dll.1.dr, rmid.exe.1.dr, npdeployJava1.dll.1.dr, tnameserv.exe.1.dr, WindowsAccessBridge-32.dll.1.dr, prism_d3d.dll.1.dr, javacpl.exe.1.dr, java.exe.1.dr, glass.dll.1.dr, kinit.exe.1.dr, servertool.exe.1.dr String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: dt_shmem.dll.1.dr, klist.exe.1.dr, jp2ssv.dll.1.dr, JavaAccessBridge-32.dll.1.dr, resource.dll.1.dr, rmiregistry.exe.1.dr, verify.dll.1.dr, javafx_iio.dll.1.dr, jjs.exe.1.dr, j2pcsc.dll.1.dr, prism_sw.dll.1.dr, rmid.exe.1.dr, npdeployJava1.dll.1.dr, tnameserv.exe.1.dr, WindowsAccessBridge-32.dll.1.dr, prism_d3d.dll.1.dr, javacpl.exe.1.dr, java.exe.1.dr, glass.dll.1.dr, kinit.exe.1.dr, servertool.exe.1.dr String found in binary or memory: http://s2.symcb.com0
Source: dt_shmem.dll.1.dr, klist.exe.1.dr, jp2ssv.dll.1.dr, JavaAccessBridge-32.dll.1.dr, resource.dll.1.dr, rmiregistry.exe.1.dr, verify.dll.1.dr, javafx_iio.dll.1.dr, jjs.exe.1.dr, j2pcsc.dll.1.dr, prism_sw.dll.1.dr, rmid.exe.1.dr, npdeployJava1.dll.1.dr, tnameserv.exe.1.dr, WindowsAccessBridge-32.dll.1.dr, prism_d3d.dll.1.dr, javacpl.exe.1.dr, java.exe.1.dr, glass.dll.1.dr, kinit.exe.1.dr, servertool.exe.1.dr String found in binary or memory: http://sv.symcb.com/sv.crl0f
Source: dt_shmem.dll.1.dr, klist.exe.1.dr, jp2ssv.dll.1.dr, JavaAccessBridge-32.dll.1.dr, resource.dll.1.dr, rmiregistry.exe.1.dr, verify.dll.1.dr, javafx_iio.dll.1.dr, jjs.exe.1.dr, j2pcsc.dll.1.dr, prism_sw.dll.1.dr, rmid.exe.1.dr, npdeployJava1.dll.1.dr, tnameserv.exe.1.dr, WindowsAccessBridge-32.dll.1.dr, prism_d3d.dll.1.dr, javacpl.exe.1.dr, java.exe.1.dr, glass.dll.1.dr, kinit.exe.1.dr, servertool.exe.1.dr String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: dt_shmem.dll.1.dr, klist.exe.1.dr, jp2ssv.dll.1.dr, JavaAccessBridge-32.dll.1.dr, resource.dll.1.dr, rmiregistry.exe.1.dr, verify.dll.1.dr, javafx_iio.dll.1.dr, jjs.exe.1.dr, j2pcsc.dll.1.dr, prism_sw.dll.1.dr, rmid.exe.1.dr, npdeployJava1.dll.1.dr, tnameserv.exe.1.dr, WindowsAccessBridge-32.dll.1.dr, prism_d3d.dll.1.dr, javacpl.exe.1.dr, java.exe.1.dr, glass.dll.1.dr, kinit.exe.1.dr, servertool.exe.1.dr String found in binary or memory: http://sv.symcd.com0&
Source: jfxwebkit.dll.1.dr String found in binary or memory: http://tools.ietf.org/html/rfc3986#section-2.1.
Source: dt_shmem.dll.1.dr, klist.exe.1.dr, jp2ssv.dll.1.dr, JavaAccessBridge-32.dll.1.dr, resource.dll.1.dr, rmiregistry.exe.1.dr, verify.dll.1.dr, javafx_iio.dll.1.dr, jjs.exe.1.dr, j2pcsc.dll.1.dr, prism_sw.dll.1.dr, rmid.exe.1.dr, npdeployJava1.dll.1.dr, tnameserv.exe.1.dr, WindowsAccessBridge-32.dll.1.dr, prism_d3d.dll.1.dr, javacpl.exe.1.dr, java.exe.1.dr, glass.dll.1.dr, kinit.exe.1.dr, servertool.exe.1.dr String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: dt_shmem.dll.1.dr, klist.exe.1.dr, jp2ssv.dll.1.dr, JavaAccessBridge-32.dll.1.dr, resource.dll.1.dr, rmiregistry.exe.1.dr, verify.dll.1.dr, javafx_iio.dll.1.dr, jjs.exe.1.dr, j2pcsc.dll.1.dr, prism_sw.dll.1.dr, rmid.exe.1.dr, npdeployJava1.dll.1.dr, tnameserv.exe.1.dr, WindowsAccessBridge-32.dll.1.dr, prism_d3d.dll.1.dr, javacpl.exe.1.dr, java.exe.1.dr, glass.dll.1.dr, kinit.exe.1.dr, servertool.exe.1.dr String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: dt_shmem.dll.1.dr, klist.exe.1.dr, jp2ssv.dll.1.dr, JavaAccessBridge-32.dll.1.dr, resource.dll.1.dr, rmiregistry.exe.1.dr, verify.dll.1.dr, javafx_iio.dll.1.dr, jjs.exe.1.dr, j2pcsc.dll.1.dr, prism_sw.dll.1.dr, rmid.exe.1.dr, npdeployJava1.dll.1.dr, tnameserv.exe.1.dr, WindowsAccessBridge-32.dll.1.dr, prism_d3d.dll.1.dr, javacpl.exe.1.dr, java.exe.1.dr, glass.dll.1.dr, kinit.exe.1.dr, servertool.exe.1.dr String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: jfxwebkit.dll.1.dr String found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd
Source: jfxwebkit.dll.1.dr String found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3C//DTD
Source: jfxwebkit.dll.1.dr String found in binary or memory: http://www.jclark.com/xt
Source: jfxwebkit.dll.1.dr String found in binary or memory: http://www.khronos.org/registry/typedarray/specs/latest/#7
Source: dt_shmem.dll.1.dr, klist.exe.1.dr, jp2ssv.dll.1.dr, JavaAccessBridge-32.dll.1.dr, resource.dll.1.dr, rmiregistry.exe.1.dr, verify.dll.1.dr, javafx_iio.dll.1.dr, jjs.exe.1.dr, j2pcsc.dll.1.dr, prism_sw.dll.1.dr, rmid.exe.1.dr, npdeployJava1.dll.1.dr, tnameserv.exe.1.dr, WindowsAccessBridge-32.dll.1.dr, prism_d3d.dll.1.dr, javacpl.exe.1.dr, java.exe.1.dr, glass.dll.1.dr, kinit.exe.1.dr, servertool.exe.1.dr String found in binary or memory: http://www.symauth.com/cps0(
Source: dt_shmem.dll.1.dr, klist.exe.1.dr, jp2ssv.dll.1.dr, JavaAccessBridge-32.dll.1.dr, resource.dll.1.dr, rmiregistry.exe.1.dr, verify.dll.1.dr, javafx_iio.dll.1.dr, jjs.exe.1.dr, j2pcsc.dll.1.dr, prism_sw.dll.1.dr, rmid.exe.1.dr, npdeployJava1.dll.1.dr, tnameserv.exe.1.dr, WindowsAccessBridge-32.dll.1.dr, prism_d3d.dll.1.dr, javacpl.exe.1.dr, java.exe.1.dr, glass.dll.1.dr, kinit.exe.1.dr, servertool.exe.1.dr String found in binary or memory: http://www.symauth.com/rpa00
Source: jfxwebkit.dll.1.dr String found in binary or memory: http://xmlsoft.org/XSLT/
Source: jfxwebkit.dll.1.dr String found in binary or memory: http://xmlsoft.org/XSLT/Templates:
Source: jfxwebkit.dll.1.dr String found in binary or memory: http://xmlsoft.org/XSLT/namespace
Source: jfxwebkit.dll.1.dr String found in binary or memory: http://xmlsoft.org/XSLT/namespacehttp://www.jclark.com/xtxpath
Source: npdeployJava1.dll.1.dr String found in binary or memory: https://HTTP/1.1GETRange:
Source: dt_shmem.dll.1.dr, klist.exe.1.dr, jp2ssv.dll.1.dr, JavaAccessBridge-32.dll.1.dr, resource.dll.1.dr, rmiregistry.exe.1.dr, verify.dll.1.dr, javafx_iio.dll.1.dr, jjs.exe.1.dr, j2pcsc.dll.1.dr, prism_sw.dll.1.dr, rmid.exe.1.dr, npdeployJava1.dll.1.dr, tnameserv.exe.1.dr, WindowsAccessBridge-32.dll.1.dr, prism_d3d.dll.1.dr, javacpl.exe.1.dr, java.exe.1.dr, glass.dll.1.dr, kinit.exe.1.dr, servertool.exe.1.dr String found in binary or memory: https://d.symcb.com/cps0%
Source: dt_shmem.dll.1.dr, klist.exe.1.dr, jp2ssv.dll.1.dr, JavaAccessBridge-32.dll.1.dr, resource.dll.1.dr, rmiregistry.exe.1.dr, verify.dll.1.dr, javafx_iio.dll.1.dr, jjs.exe.1.dr, j2pcsc.dll.1.dr, prism_sw.dll.1.dr, rmid.exe.1.dr, npdeployJava1.dll.1.dr, tnameserv.exe.1.dr, WindowsAccessBridge-32.dll.1.dr, prism_d3d.dll.1.dr, javacpl.exe.1.dr, java.exe.1.dr, glass.dll.1.dr, kinit.exe.1.dr, servertool.exe.1.dr String found in binary or memory: https://d.symcb.com/rpa0
Source: npdeployJava1.dll.1.dr String found in binary or memory: https://javadl.oracle.com/webapps/download/AutoDL%s?BundleId=%s%s
Source: npdeployJava1.dll.1.dr String found in binary or memory: https://javadl.oracle.com/webapps/download/AutoDL%s?BundleId=%surl%s%stmp1.8%s.0%s

System Summary
barindex
Java source code contains very large array initializations
Source: charsets.jar.1.dr, sun/nio/cs/ext/IBM964.java Large array initialization: Encoder: array initializer size 1024
Source: charsets.jar.1.dr, sun/nio/cs/ext/IBM33722.java Large array initialization: Encoder: array initializer size 2048
Creates files inside the system directory
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\44a926.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIB470.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIB4FE.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIB52E.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIB56D.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIB5AD.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\SourceHash{8AAF0A6E-F707-4842-B769-4A894B3B322D} Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIB705.tmp Jump to behavior
Deletes files inside the Windows folder
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSIB470.tmp Jump to behavior
Sample file is different than original file name gathered from version info
Source: SSCBOLGZFXVJMEICRNQMJOCDIF.msi Binary or memory string: OriginalFilenameAICustAct.dllF vs SSCBOLGZFXVJMEICRNQMJOCDIF.msi
Source: classification engine Classification label: mal52.winMSI@4/118@0/0
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Microsoft\CMLB76E.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\TEMP\~DF8233EDC092DF1605.TMP Jump to behavior
Source: jfxwebkit.dll.1.dr Binary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: jfxwebkit.dll.1.dr Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: jfxwebkit.dll.1.dr Binary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
Source: jfxwebkit.dll.1.dr Binary or memory string: CREATE TABLE "%w"."%w_node"(nodeno INTEGER PRIMARY KEY, data BLOB);CREATE TABLE "%w"."%w_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);INSERT INTO '%q'.'%q_node' VALUES(1, zeroblob(%d))
Source: jfxwebkit.dll.1.dr Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: jfxwebkit.dll.1.dr Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: jfxwebkit.dll.1.dr Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: jfxwebkit.dll.1.dr Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: jfxwebkit.dll.1.dr Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: jfxwebkit.dll.1.dr Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: jfxwebkit.dll.1.dr Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: jfxwebkit.dll.1.dr Binary or memory string: CREATE TABLE Origins (origin TEXT UNIQUE ON CONFLICT REPLACE, path TEXT);
Source: jfxwebkit.dll.1.dr Binary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
Source: unknown Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\SSCBOLGZFXVJMEICRNQMJOCDIF.msi"
Source: unknown Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 38158D9497D4C550C29A4EC337EC1FF4
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 38158D9497D4C550C29A4EC337EC1FF4 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: srpapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: srclient.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: spp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vssapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vsstrace.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.ui.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: inputhost.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.ui.immersive.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: SSCBOLGZFXVJMEICRNQMJOCDIF.msi Static file information: File size 67692544 > 1048576
Source: C:\Windows\System32\msiexec.exe File opened: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\plugin2\msvcr100.dll Jump to behavior
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2ssv\obj\jp2ssv.pdb source: jp2ssv.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\kinit_objs\kinit.pdb source: kinit.exe.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libt2k\t2k.pdb source: t2k.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\deploy\plugin\npdeployJava1\obj\npdeployJava1.pdb source: npdeployJava1.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\klist_objs\klist.pdb source: klist.exe.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\javacpl\obj\javacpl.pdb source: javacpl.cpl.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libinstrument\instrument.pdb source: instrument.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libbci\bci.pdb source: bci.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libverify\verify.pdb source: verify.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\tnameserv_objs\tnameserv.pdb source: tnameserv.exe.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\javacplexec\obj\javacpl.pdb source: javacpl.exe.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\java_objs\java.pdb source: java.exe.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2iexp\obj\jp2iexp.pdb< source: jp2iexp.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libresource\resource.pdb source: resource.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\jjs_objs\jjs.pdb source: jjs.exe.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\servertool_objs\servertool.pdb source: servertool.exe.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libwindowsaccessbridge-32\WindowsAccessBridge-32.pdb source: WindowsAccessBridge-32.dll.1.dr
Source: Binary string: msvcr100.i386.pdb source: msvcr100.dll0.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libj2pcsc\j2pcsc.pdb source: j2pcsc.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2iexp\obj\jp2iexp.pdb source: jp2iexp.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libdt_socket\dt_socket.pdb source: dt_socket.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\javacpl\obj\javacpl.pdb4 source: javacpl.cpl.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libunpack\unpack.pdb source: unpack.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\javacplexec\obj\javacpl.pdb0 source: javacpl.exe.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\rmid_objs\rmid.pdb source: rmid.exe.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunec\sunec.pdb$ source: sunec.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libdt_shmem\dt_shmem.pdb source: dt_shmem.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjavaaccessbridge-32\JavaAccessBridge-32.pdb) source: JavaAccessBridge-32.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunec\sunec.pdb source: sunec.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmanagement\management.pdb source: management.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjavaaccessbridge-32\JavaAccessBridge-32.pdb source: JavaAccessBridge-32.dll.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: SSCBOLGZFXVJMEICRNQMJOCDIF.msi, MSIB56D.tmp.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2ssv\obj\jp2ssv.pdb source: jp2ssv.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmanagement\management.pdby: source: management.dll.1.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\rmiregistry_objs\rmiregistry.pdb source: rmiregistry.exe.1.dr
PE file contains sections with non-standard names
Source: jfxwebkit.dll.1.dr Static PE information: section name: .unwante
Source: prism_sw.dll.1.dr Static PE information: section name: _RDATA
Source: msvcr100.dll.1.dr Static PE information: section name: .text entropy: 6.90903234258047
Source: msvcr120.dll.1.dr Static PE information: section name: .text entropy: 6.95576372950548
Source: msvcr100.dll0.1.dr Static PE information: section name: .text entropy: 6.90903234258047
Drops PE files
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\verify.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\awt.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\management.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\prism_d3d.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\unpack.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\javafx_iio.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\orbd.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\jjs.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\jfxmedia.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\plugin2\npjp2.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\java.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\msvcr100.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\splashscreen.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\java-rmi.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIB470.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\ktab.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\javaw.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\jsdt.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\hprof.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\mlib_image.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\resource.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\jli.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\jpeg.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\net.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\javacpl.cpl Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\jp2launcher.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\javafx_font.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\jfr.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\msvcr120.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\zip.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\plugin2\msvcr100.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\kinit.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\sunmscapi.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\j2pcsc.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\unpack200.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\prism_common.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\JavaAccessBridge.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\kcms.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\npt.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\WindowsAccessBridge-32.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\Data.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\dcpr.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\w2k_lsa_auth.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIB52E.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\JavaAccessBridge-32.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\decora_sse.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\servertool.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\jp2native.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\policytool.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\sunec.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\dt_shmem.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\ssvagent.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\gstreamer-lite.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\jdwp.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\client\jvm.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\rmid.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\dtplugin\deployJava1.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIB56D.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\pack200.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\instrument.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\prism_sw.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\tnameserv.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIB5AD.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\ssv.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\jabswitch.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\jfxwebkit.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\javacpl.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\nio.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\eula.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\java_crw_demo.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\jp2ssv.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\WindowsAccessBridge.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\wsdetect.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\javafx_font_t2k.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\JAWTAccessBridge-32.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIB4FE.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\java.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\deploy.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\javaws.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\j2pkcs11.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\JAWTAccessBridge.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\jawt.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\jp2iexp.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\fxplugins.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\bci.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\lcms.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\glib-lite.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\fontmanager.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\jaas_nt.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\keytool.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\t2k.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\klist.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\rmiregistry.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\dt_socket.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\jsound.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\msvcp120.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\glass.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\dtplugin\npdeployJava1.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\jsoundds.dll Jump to dropped file
Drops PE files to the windows directory (C:\Windows)
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIB5AD.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIB470.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIB4FE.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIB52E.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIB56D.tmp Jump to dropped file
Drops files with a non-matching file extension (content does not match file extension)
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\javacpl.cpl Jump to dropped file

Boot Survival
barindex
Creates autostart registry keys to launch java
Source: C:\Windows\System32\msiexec.exe Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\42112CAB75FB99A42AA1B59724538D4F E6A0FAA8707F24847B96A498B4B323D2 C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\javaw.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\verify.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\awt.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\management.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\prism_d3d.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\orbd.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\unpack.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\javafx_iio.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\jjs.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\jfxmedia.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\plugin2\npjp2.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\java.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\msvcr100.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\java-rmi.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\splashscreen.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSIB470.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\ktab.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\javaw.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\jsdt.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\mlib_image.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\hprof.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\resource.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\jli.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\jpeg.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\net.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\javacpl.cpl Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\jp2launcher.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\javafx_font.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\msvcr120.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\jfr.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\zip.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\plugin2\msvcr100.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\kinit.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\sunmscapi.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\j2pcsc.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\unpack200.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\prism_common.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\JavaAccessBridge.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\kcms.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\npt.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\WindowsAccessBridge-32.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\Data.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\dcpr.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\w2k_lsa_auth.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSIB52E.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\JavaAccessBridge-32.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\decora_sse.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\servertool.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\jp2native.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\policytool.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\sunec.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\dt_shmem.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\ssvagent.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\gstreamer-lite.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\jdwp.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\rmid.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\client\jvm.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\dtplugin\deployJava1.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\pack200.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSIB56D.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\instrument.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\prism_sw.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\tnameserv.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSIB5AD.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\ssv.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\jabswitch.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\jfxwebkit.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\javacpl.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\nio.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\java_crw_demo.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\jp2ssv.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\eula.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\WindowsAccessBridge.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\wsdetect.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\JAWTAccessBridge-32.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\javafx_font_t2k.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSIB4FE.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\java.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\deploy.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\javaws.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\j2pkcs11.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\JAWTAccessBridge.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\jawt.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\jp2iexp.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\fxplugins.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\bci.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\lcms.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\glib-lite.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\fontmanager.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\jaas_nt.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\keytool.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\t2k.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\klist.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\rmiregistry.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\dt_socket.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\jsound.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\glass.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\msvcp120.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\dtplugin\npdeployJava1.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Micro K\Micro K\dist\jre\bin\jsoundds.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information queried: ProcessInformation Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1500449 Sample: SSCBOLGZFXVJMEICRNQMJOCDIF.msi Startdate: 28/08/2024 Architecture: WINDOWS Score: 52 22 AI detected suspicious sample 2->22 24 Java source code contains very large array initializations 2->24 6 msiexec.exe 125 148 2->6         started        10 msiexec.exe 2 2->10         started        process3 file4 14 C:\Windows\Installer\MSIB5AD.tmp, PE32 6->14 dropped 16 C:\Windows\Installer\MSIB56D.tmp, PE32 6->16 dropped 18 C:\Windows\Installer\MSIB52E.tmp, PE32 6->18 dropped 20 96 other files (none is malicious) 6->20 dropped 26 Creates autostart registry keys to launch java 6->26 12 msiexec.exe 6->12         started        signatures5 process6
No contacted IP infos