TransWikia.com

Analyzing a Composite Document File V2 Document MSI Installer malware

Reverse Engineering Asked on June 15, 2021

I have a malware to analyze with md5sum – 000cbfb28e750f2e321551c03e4fe488
When I run the command on linux : file {malware-file-name} it shows :
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.3, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Dec 11 11:47:44 2009, Security: 0, Code page: 1252, Revision Number: {2FA78889-1A12-4B8C-93FE-9F1F2A6C1FFB}, Number of Words: 10, Subject: ekFW6uNGmArL5v7g, Author: ekFW6uNGmArL5v7g, Name of Creating Application: Advanced Installer 14.8 build 281f49a4fb, Template: ;1033, Comments: This installer database contains the logic and data required to install ekFW6uNGmArL5v7g., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200

How do I go about disassembling it and understanding what is this malware doing? br> I tried opening it on IDA. But the function names are all random that doesn’t give any hint
on what this is doing. Any hints/ideas/tools how to proceed ?

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP