tmp | Triage

General

Target

tmp
Size

1.6MB
MD5

e44008d74be00948820c998bc0b3185c
SHA1

49c779639feb68ea3b3799ed957540ae573e3165
SHA256

d6bbde415f04bd1abd9c7465abe95f5b004ff91ad605fc537c1b69d3bf4e452b
SHA512

0b707331f9758de5257052774a1be75c7e709034753e5661670f275e83a203b7848fb435a8cf580119c9f18da44beb27aa21866aa9e4fa021daf4aad23bc7a9e
SSDEEP

49152:W0PwSC4MUmQ3H5LDWtOqOisI4sgeLrlG2vfqA525jztn:LLp3ZLitHOi0Kn/525p

Score

1^/10

Malware Config

Signatures

NSIS installer 1 IoCs

resource	yara_rule
sample	nsis_installer_2

Files

tmp
.exe windows x86

1d47ae434e7bfbcce77a62a5b3a1352f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

URLDownloadToFileW

comctl32

InitCommonControlsEx

kernel32

UnmapViewOfFile
MapViewOfFileEx
GetCurrentProcess
CreateDirectoryW
WaitForSingleObject
SetEvent
GetFileSize
IsBadReadPtr
WriteFile
GetFileAttributesW
GetModuleFileNameW
CreateFileW
CompareStringW
GetModuleHandleW
SetThreadPriority
GetTempPathW
GetLastError
CreateFileMappingW
CreateEventW
RemoveDirectoryW
lstrcatW
DuplicateHandle
CloseHandle
DeleteFileW
ResumeThread
CreateThread
ExitProcess
GetVersionExW
lstrcpynW
GetProcAddress
GetSystemInfo
lstrlenW
GetLocaleInfoW

user32

SetDlgItemTextW
MessageBoxW
IsWindow
CreateDialogParamW
ShowWindow
GetDlgItem
PeekMessageW
IsDialogMessageW
TranslateMessage
wsprintfW
MsgWaitForMultipleObjects
CharNextW
DestroyWindow
GetKeyboardLayoutList
GetDesktopWindow
GetWindowRect
SendMessageW
UpdateWindow
EnableWindow
DispatchMessageW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteExW

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d47ae434e7bfbcce77a62a5b3a1352f

Headers

DLL Characteristics

File Characteristics

Imports

urlmon

comctl32

kernel32

user32

advapi32

shell32

Sections

.text Size: 9KB - Virtual size: 8KB

.data Size: - Virtual size: 528B

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 9KB - Virtual size: 8KB

.data
Size: - Virtual size: 528B

.rsrc
Size: 17KB - Virtual size: 16KB