Sample details: 1f43b01306482f9c3e229e39f58fab16 --

Hashes
MD5: 1f43b01306482f9c3e229e39f58fab16
SHA1: d54793f210a2e791c53ab82224929ccc29cfbb94
SHA256: 81f8479a85920d912c3e9fd2c90cfc3029756fc773adf7c45d0da5cdba344e54
SSDEEP: 6144:6MTCPLM3VZwqzbn1Me8xlTn1bHnf26AK+qJKM:GLMlZHzb1Me8xNnQiKM
Details
File Type: PE32
Yara Hits
YRP/Nullsoft_PiMP_Stub_SFX | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/escalate_priv | YRP/screenshot | YRP/win_registry | YRP/win_token | YRP/win_private_profile | YRP/win_files_operation | YRP/CRC32_poly_Constant |
Source
http://avto-him.com/bitrix/fonts/888/VoiceNote981.exe
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.ndata
 s495,
SQSSSPW
v#VhB+@
Instu`
softuW
NulluN	E
D$(Ph,
D$,SPS
D$$+D$
D$,+D$$P
PPPPPP
_^[t	P
A@;E |
RichEdit
RichEdit20A
RichEd32
RichEd20
.DEFAULT\Control Panel\International
Control Panel\Desktop\ResourceLocale
Software\Microsoft\Windows\CurrentVersion
\Microsoft\Internet Explorer\Quick Launch
MulDiv
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
SetFilePointer
WriteFile
GetPrivateProfileStringA
WritePrivateProfileStringA
MultiByteToWideChar
FreeLibrary
LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA
lstrcmpA
lstrcmpiA
CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrlenA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
lstrcpyA
lstrcatA
GetSystemDirectoryA
GetVersion
GetProcAddress
KERNEL32.dll
EndPaint
DrawTextA
FillRect
GetClientRect
BeginPaint
DefWindowProcA
SendMessageA
InvalidateRect
EnableWindow
ReleaseDC
LoadImageA
SetWindowLongA
GetDlgItem
IsWindow
FindWindowExA
SendMessageTimeoutA
wsprintfA
ShowWindow
SetForegroundWindow
PostQuitMessage
SetWindowTextA
SetTimer
CreateDialogParamA
DestroyWindow
ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
USER32.dll
SelectObject
SetTextColor
SetBkMode
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor
GDI32.dll
SHFileOperationA
ShellExecuteA
SHGetFileInfoA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHELL32.dll
RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
ADVAPI32.dll
ImageList_Destroy
ImageList_AddMasked
ImageList_Create
COMCTL32.dll
CoCreateInstance
OleUninitialize
OleInitialize
CoTaskMemFree
ole32.dll
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VERSION.dll
verifying installer: %d%%
Installer integrity check has failed. Common causes include
incomplete download and damaged media. Contact the
installer's author to obtain a new copy.
More information at:
http://nsis.sf.net/NSIS_Error
Error launching installer
... %d%%
SeShutdownPrivilege
~nsu.tmp
NSIS Error
Error writing temporary file. Make sure your temp folder is valid.
%u.%u%s%s
SHGetFolderPathA
SHFOLDER
SHAutoComplete
SHLWAPI
GetUserDefaultUILanguage
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegDeleteKeyExA
ADVAPI32
MoveFileExA
GetDiskFreeSpaceExA
KERNEL32
[Rename]
*?|<>/":
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="*" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v3.0b0</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/></application></compatibility></assembly>
NullsoftInst
t O51$%@
~8`DOdZ
coU<VJ
)KE-tY
Ae[JRcc
A#1-js
viN<N]
'XaQef
a(M&Nf
q;}l>r
Uhrvy3v
6o_[8A
u*Dlx!
Nvm$taF
3fQag>
q8|4^Mb
I$r-@R;\{
{r gQs
b	-v6c
2fc)W~
@Fnd	ukq
I[yT8@^6
X_Fl)>
e`.~E;
!X4\>=
T3Q'0Z
uXXp/(A*{_
GrN)ts
tP3}	%
dJ}6YJ<
ROZaJ8
m%RI0;
9$+8xi
.pV!,t=
ShYcP@
&D	6=6>
L~o{.r
\+,R^Y
UOu's~L
xrbyS"J\h
hA1-9L
Ozlz<@
@S`4_2
&?x03^
~~&ia30h
Q1^z\K
P!}qQ>	
^aIY4V
LW{,vMj
q[fRh,
v<ed9+F
G\pD[K
WOdL*|}
idyEZ~
9Wup1_
SF,	=R
)F1'C]
>7C[u,~
j>B?#:c
3[+H!j
t?::c|7?5
WAH=HXj
xOSGY{
sP@y^x
0I]T}v
B,ox)u
n5Roop
=bw	9'
]O>7U@
'm>#(u]
+!&<y\
-0s,Kk
6$u$q,
	%j4~t
W#+#0B
&l2"%(
K9z=efY{K
ksD`TF
C4hXdw
y%%'Ef
+>ZxIK
uO)wxC
IDAx0L
RGq+Zmm2o/
_!IhvK
xZC0X9
oNFe16c
P}o~e$
^TE5gE
3W'6~r
U/u)gG
r_ |*b
[5|nSG
pP~i_rmD
ywD!cc
&16}3b100
.WO[r'r
6Hu.ar
F>k[I/k(}
%Ay2lY
mn>8jQ-K&
lR$h-&
{V.VHV
*Pma!|
w\VjWR
	t8l^\
fDmqv^
DSPE}W
wnrXZw
$FvHbK
A0IwGA
<pN]Cj
W'[Z4BL
#Gu1f\G
z)#V!N
LYS-(Tr6~x
?N\eYIE	
mn!uJS$
jOo;yH
Yfe`,X
|Ou._o
_]P$ye
(N!pPZ
G5nu8q
s[7`:Nc
MX}Qi7j
	j,W9/0T
8.VsPv
5pi(`pq[.=
p9|"g7
Ql#I+C
iL#iY}\r*^
X6#)N4
NL:&M:
U&\&HP
~IA~)h!C
m`;EcAG
Me!vij
 4ug2{
^ePlH6?
AtjK")
+`1j0Q
J{y=iI
B4@vX3
b`Ks0~
3HHKS*
o61eGl
z~p;$=
yV3Trp
92%eyZq
Q!(@b!]
6=(>jD
NT*FTr
,ESW~G5
*2"=dq
^"E]%l
PL()pL
Pb!Cp"X
eWn?+;)
"1ED._
z@uHJ1
Xqmc +
"(YjlW
+t6E?L
b"4CW_
wXd.cvS7
WBXci}
Af13!CO
h\*G7y
"vrHK*|l
 VF[Eb5m
fR_@ln`
B''{y[x
|Z1u2.
_!7KZ!V
*Qzmdi
A3>6&bx1
	Q[vO"
P!]6<j
2<7yG>
&4nd8?
k%lMV.%
C"&`8JRx
.V0yP:
M/>oo`
"M`]f~
<bhX	G
zD#"[8	
h]P*A+
)e[}<!`
u8@'eB
i(kxuI
wLna-K
d}gym.
4GG qK
fR(\&w_
%/5ZS)
SWI|+xZw
MQE0#3K
h1g CJ
LN(n5.
y`!h_w
Qqv{qKW
RDLTv3
[J,uWP
ai{]J 
6FhZ-/(
uf"#du
s~T+gO
*z	%i q
7qkQ\{
N@-	NB
zZ4\X7o
eWN1@7
>su,lCn
S<&D_~
,l6P-M
;eD5k0C
R@dS3G
!Vxn|*
m0XE6rH
q>mg-i
hyr7"+F
ZDmz^82GR
Q|fkp!,$xa
-rBtK@
!{Gi|x
s$Bzn`
Iju	Q{
k&&EG"
'5"bs,
"_(o4M
oY;2t+%K
0KdO^L&P
}#1:MF
$?O!)X
t$up[z
l	N?)A
SRon="1
`ud%bb
IdSf*p@
7I/1A$Y^
W*P6=b
'tO(rbG
w)J6oY
Lg~QBm
O8K^>a
QS\)<9
_PW{DUC
;8Q(Ex
a'.b?o
z)t'mcx
2gA)S&
^1!Jp&C
Xv8:pU
H~"5v.xB&
qqrUpT
YV:Ip{
548VmNML
1)Mn^m
"I~q,x5
I,M}#=f?B~=K
QrV=7&:
A~}+89
O YR	~
;*3A 8
qLUE#}_
ns8}54
cTr3%59
(hn1b"sZ
]J'4`o
$@G@vH
p}M`LK
pl+0p5Mc
[HjD8%
1G|F1/
B8|Us$&
|OGC9z
EHZ*f)<	"2^i
*5ELMb
]=eemZ
o"lmI\
W	q4%a
A+z=i8
IX4r%]
r>7/!v
I%N0l+
lLBK3km
qH%(VY
[-[*PK
$<fY:!jq]>
=mlCs2
PA58/0
=Vc4Y^T
H$6<eM7
B;dsV5c
#AS1 0
:wdpJ;V
zJt*Y7o
8-gt=B(tGB
dr\qSx
K.gVx\
TKbmF\
SON[Ed
S8,I-4U
()mfFQ
'	x6*	
0'r`o3
unV_ b
FrQcju
b!:-\-	
EO.op!
uSbqK=
n{9_:H
@{4~Bl
F`;}n0
p'5mt=
E7mg_A
' jJRs
vVnG[H
1Bg}TF
I{D?xb
"){Z,,/
B)-,Hp
E~_8az
VSA9:{
&[Vsg$
7Ek:#*
Gdr_G"
i^#KqD
ky89G~
IoHvQ!q
Hgo5e<
~dSRVi
%:Rf7"D
y`a9CG
 "a;]aG
yI3>t4
z54=@i
cZ"kX%
KlT07!
W]1m2n6
,l,C;I	
lbAqVV
;\9"	tq	d
Y+:r4"
]Q!Zv~
Zml6: F
tqOPM|@
$.'1MI
,UIVvT7a
VRBU#}t
hg2	cG
=O)<L5L
a;pE6dr
a'Yh2{
)D|[ $DB"q
DdO$G!;GT%
j>>>%O
5m1C9n
;[KPX/{
0mjva({
oiD"x"
'5{$sC
MC0"cX
|K$KX<
1(ft+?Z
z"Ja"C
*=="C}G
M2dO*{S
MO j0OJx
%?@L44
M=OPyM4
M14hF)
=@z4jbm@= 
!<55=G
6Pd444
GEEMIDS
*fQUATF
(41=ii
N&%Xb[
<)(!D1V
xepcyT
^P3w|	-N@
mL2S5o]
k	zi:`
ps!_`45
BE:$/J
,U}ja0
@/Ek[qD]
z(dYt6
l1Vo%B
ki]k[N
egHpj'%f
QQ{ntEq
NullsoftInst
#=e,wmm
+=3R-K?
As7.:xH[|
b/L8:i
*=S,9c 
_](X)Y
\9sW!n
viN<N]
'XaQef
a(M&Nf