b04f3c53ab17c880db1c67de29e89e493defdcd15370285976cda6a37cdea901 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b04f3c53ab17c880db1c67de29e89e493defdcd15370285976cda6a37cdea901
Size

5.6MB
MD5

2ea2bad5d763f7d637dadf3e5369a6ce
SHA1

1e9ac37114770d0029d937963d6de4ba087477a7
SHA256

b04f3c53ab17c880db1c67de29e89e493defdcd15370285976cda6a37cdea901
SHA512

bda6c8c3b4fb5acc84db6b06eb57f782b6d2c7a3e6abdb5a128f79136f23c10ba6cd48e31381ac2b7c326128bb2f2f8a7abc68939e42f02054ae8c81465f4db7
SSDEEP

98304:xAjLGPmlBeod4Wo4JQxQdDqvW4jb474KgpwibGeeixvI8rX3x5R:4L0mlBfiWo4JQxXvPf4U9p7rxvI8rRX

Score

1^/10

Malware Config

Signatures

NSIS installer 1 IoCs

resource	yara_rule
sample	nsis_installer_2

Files

b04f3c53ab17c880db1c67de29e89e493defdcd15370285976cda6a37cdea901
.exe windows x86

ea215a2e6009dd09cfb25a8460bf9f36

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalReAlloc
GetTempPathA
GlobalAlloc
CloseHandle
WriteFile
CreateFileA
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
CreateProcessA
GlobalFree
lstrlenA
ExitProcess
DeleteFileA
GetExitCodeProcess
Sleep
GetCommandLineA
GetVersionExA
GetCurrentProcessId
ReadFile
SetFilePointer
GetFileSize
WideCharToMultiByte
MultiByteToWideChar

user32

wsprintfA

shell32

ShellExecuteExA

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 814B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ