f81f5ccda3bfa05d661a479b0267b6267bc5d393ccae6aa1a82cdba7b54cd0c5

Sharing

Copy URL Twitter E-mail

General

Target

f81f5ccda3bfa05d661a479b0267b6267bc5d393ccae6aa1a82cdba7b54cd0c5
Size

2.6MB
MD5

078baea478d4eb77df2912fb4b0942fd
SHA1

9b3688a788561727bf98ef9445a84c3b54c950dd
SHA256

f81f5ccda3bfa05d661a479b0267b6267bc5d393ccae6aa1a82cdba7b54cd0c5
SHA512

1703c68092ddd18d1894cc5ce6fb34a9b3f779c4ee7570733a8a01da8bb85eccf36035f1f6e78751a644d6945bf2347ddcd2e4dde933d6e554023c79e867d795
SSDEEP

49152:/iIEqiPaf+ImVLIFgAgPWY/z3EEg9frjUjDzufQUKlLf:/iIQyf+ImieAoz0PrjUjnuLaLf

Score

1^/10

Malware Config

Signatures

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_2

Files

f81f5ccda3bfa05d661a479b0267b6267bc5d393ccae6aa1a82cdba7b54cd0c5
.exe windows x86

0e986a8fad01ac30b57464f3b7084530

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
ImageList_AddMasked
ImageList_Destroy
ImageList_Create

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

MultiByteToWideChar
GetShortPathNameA
CreateDirectoryA
SetCurrentDirectoryA
FindFirstFileA
GetLastError
lstrcmpiA
SearchPathA
SetFileAttributesA
GlobalFree
FindClose
GetPrivateProfileStringA
WritePrivateProfileStringA
MoveFileA
FindNextFileA
GetModuleHandleA
LoadLibraryExA
CloseHandle
DeleteFileA
SetFilePointerEx
ReadFile
GetFileSizeEx
GetModuleFileNameA
ExitProcess
SetErrorMode
GetCurrentProcess
GetWindowsDirectoryA
GetCommandLineA
CopyFileA
SetEnvironmentVariableA
GetTempPathA
lstrlenA
lstrcpynA
GlobalLock
GlobalUnlock
LoadLibraryA
GetDiskFreeSpaceA
CreateThread
CreateFileA
GetFileSize
CreateProcessA
GetSystemDirectoryA
lstrcatA
GetProcAddress
RemoveDirectoryA
GetTempFileNameA
GetVersion
lstrcpyA
MulDiv
GetExitCodeProcess
GetFileAttributesA
Sleep
GlobalAlloc
WriteFile
SetFileTime
ExpandEnvironmentStringsA
WaitForSingleObject
CompareFileTime
FreeLibrary
SetFilePointer
IsProcessorFeaturePresent
lstrcmpA
GetFullPathNameA
GetTickCount

user32

DestroyWindow
ExitWindowsEx
CharNextA
RegisterClassA
GetMessagePos
DialogBoxParamA
LoadCursorA
CallWindowProcA
SetClipboardData
IsWindowVisible
GetSystemMetrics
SystemParametersInfoA
OpenClipboard
AppendMenuA
GetClassInfoA
IsDlgButtonChecked
CreatePopupMenu
CheckDlgButton
SetWindowPos
GetSysColor
EndDialog
SetClassLongA
EmptyClipboard
EnableMenuItem
CreateWindowExA
GetWindowLongA
GetAsyncKeyState
IsWindowEnabled
SetTimer
TrackPopupMenu
GetWindowRect
ScreenToClient
GetSystemMenu
CloseClipboard
SetCursor
SetDlgItemTextA
GetDlgItemTextA
DispatchMessageA
wvsprintfA
PeekMessageA
CharPrevA
MessageBoxIndirectA
SendMessageA
GetDC
SetWindowLongA
GetDlgItem
SendMessageTimeoutA
ShowWindow
IsWindow
LoadImageA
EnableWindow
EndPaint
FillRect
DrawTextA
GetClientRect
BeginPaint
DefWindowProcA
CreateDialogParamA
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
LoadBitmapA
FindWindowExA
InvalidateRect

gdi32

GetDeviceCaps
SetTextColor
CreateFontIndirectA
DeleteObject
SelectObject
SetBkMode
SetBkColor
CreateBrushIndirect

advapi32

RegDeleteValueA
RegQueryValueExA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegEnumKeyA
RegEnumValueA
RegSetValueExA

shell32

SHGetFileInfoA
ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e986a8fad01ac30b57464f3b7084530

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

version

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 3.5MB

.CRT Size: 512B - Virtual size: 4B

.ndata Size: - Virtual size: 44KB

.rsrc Size: 125KB - Virtual size: 125KB

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 3.5MB

.CRT
Size: 512B - Virtual size: 4B

.ndata
Size: - Virtual size: 44KB

.rsrc
Size: 125KB - Virtual size: 125KB