Sample details: 4ccb714b9ff388e289fa24ae757eeaff --

Hashes
MD5: 4ccb714b9ff388e289fa24ae757eeaff
SHA1: 51a0e0d04e3a82a3afab703fa4c545014f12fc37
SHA256: c9c760fb373c7fda5dffdacd3f6878f886b2f5da62113871b438c25be660c324
SSDEEP: 6144:WwHysCaCRz7/pDqz4g6lZxBjBCM7fCPkJlNTIxV5Z8a:tCaCB9mzgj8M7fCP0NTIl
Details
File Type: PE32
Yara Hits
YRP/Nullsoft_PiMP_Stub_SFX | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/escalate_priv | YRP/screenshot | YRP/win_registry | YRP/win_token | YRP/win_private_profile | YRP/win_files_operation | YRP/CRC32_poly_Constant |
Source
http://securedownload2.duckdns.org:7373/docs/RFQ6.exe
Strings
          	            !This program cannot be run in DOS mode.
iRichu
`.rdata
@.data
.ndata
SQSSSPW
v#VhB+@
Instu`
softuW
NulluN	E
D$(Ph,
D$,SPS
D$$+D$
D$,+D$$P
u49-L7B
PPPPPP
_^[t	P
RichEdit
RichEdit20A
RichEd32
RichEd20
.DEFAULT\Control Panel\International
Control Panel\Desktop\ResourceLocale
Software\Microsoft\Windows\CurrentVersion
\Microsoft\Internet Explorer\Quick Launch
MulDiv
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
SetFilePointer
WriteFile
GetPrivateProfileStringA
WritePrivateProfileStringA
MultiByteToWideChar
FreeLibrary
LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA
lstrcmpA
lstrcmpiA
CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrlenA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
lstrcpyA
lstrcatA
GetSystemDirectoryA
GetVersion
GetProcAddress
KERNEL32.dll
EndPaint
DrawTextA
FillRect
GetClientRect
BeginPaint
DefWindowProcA
SendMessageA
InvalidateRect
EnableWindow
ReleaseDC
LoadImageA
SetWindowLongA
GetDlgItem
IsWindow
FindWindowExA
SendMessageTimeoutA
wsprintfA
ShowWindow
SetForegroundWindow
PostQuitMessage
SetWindowTextA
SetTimer
CreateDialogParamA
DestroyWindow
ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
USER32.dll
SelectObject
SetTextColor
SetBkMode
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor
GDI32.dll
SHFileOperationA
ShellExecuteA
SHGetFileInfoA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHELL32.dll
RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
ADVAPI32.dll
ImageList_Destroy
ImageList_AddMasked
ImageList_Create
COMCTL32.dll
CoCreateInstance
OleUninitialize
OleInitialize
CoTaskMemFree
ole32.dll
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VERSION.dll
verifying installer: %d%%
Installer integrity check has failed. Common causes include
incomplete download and damaged media. Contact the
installer's author to obtain a new copy.
More information at:
http://nsis.sf.net/NSIS_Error
Error launching installer
... %d%%
SeShutdownPrivilege
~nsu.tmp
NSIS Error
Error writing temporary file. Make sure your temp folder is valid.
%u.%u%s%s
SHGetFolderPathA
SHFOLDER
SHAutoComplete
SHLWAPI
GetUserDefaultUILanguage
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegDeleteKeyExA
ADVAPI32
MoveFileExA
GetDiskFreeSpaceExA
KERNEL32
[Rename]
*?|<>/":
##########
##########
#############
##############
######
######
############
############
############
333333
"333333
2"3333333:
32"#3333333:
""""#3"#:
"#33332#
"3333332
3333333
#333:33
",#333
:2,#33:3?
333333
333333
333333
in language table of language English
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="*" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v3.0b0</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/></application></compatibility></assembly>
NullsoftInst
TsDF^bKy
s|]d(ON
~<[kg}
($=fz7
jBOCX%{
3wZ~(Ff
lC`\sa
BMH%C:Wn
!S:^0N
?9rH`#
pdr|=P
K6RX.jE
i>K}y'
%~-f`M
h|!{sx
1Co1	YH0
4}5"iX^5
-0bcKRH
j{3v=L
>rA^cZ
`hMz,,"
4x)6Fjp
YD`Q2K
DEj	@w
bS:P!s
gPNIK6
)--8bG=1
TC|F1=I
J=)Kkd
iFgK2?:
Upu(KF
L }*r(
t|DZdA
u<9@%}
Xc%[/SS
'wGK1m&
I}T\ix
\&TU5?
[VMt2A
=SM^|Y
o<%H3c
M+;Tw![
{]KY7`Hd
My*XVI
p<=Ju7
M45W<2
Hz"x|Y
-d'}lj
)sL)fAO
6Ri`ee
exm4nQ
@JZDTPK">
k|S?(V.VP-uj
p.TKz~4
txUh]VZ
',zYOA
D&wO.M
$>.32]S
k$3YNv
Z-`hjs*
ziu\Fm
\u&lPX
)WWlls=v
,ep^='z*
G^&,,Q
*4tfu-L
HB|S.#c
x$!A0N
KpOOP6$!O
=aIxs=jK
@2k^-2KB
sre$P\
<=Ll[@>
C[.X39
=c;sIm
#>ibxF
PMnQRa
m!/`1S
>&DdP&
b"UI7H
 ?}`vk^
y=.6)`
&6?yS?vt]
^3=3i+eB
C-6x_^
mQ?VmB"
%>6%Wcri
|-;SJv
\Zx>+6
ybPF`k
?SaBLdb
/ O?9!
o{i|A4R
sqCu!HJgJ
3PF?Rb
A[E/"'
*hQ/Ev
U/%!xA
3v`cwQ
M\<@DR
"e4WYo"P
%fv}48UV
)SUU]n
iiLvE]8K
%-[|bJ8
U/*hp5
k%pKdfz
O5X}T+9
#fn;3Q
L )h,B
,Phr1M
#MM.TW
q	=m$}
#$(l0NX
LS(Q\Z
^g[2ziJ
]M=	Ov
z0Cl3(K8
@[1I-4
z)(4@VF2
X.3.t}
r}6FkT
\"A.9Q
,5^b0(
BZ_yDk
m8dA$r
flIhI?
C2B(xW
KQo.3)
!DZH2?]4
pu?x}I
y,]`1+
SA?B^"
U1>"k}B
MJk>%$
,EmMR4
m@-}QJ)
n.Wy?%m#
qwQ/=f
J>0!+9
k=J_'#
CvBsgY@
$+KV~h
hF0k 7
o_n	Wc
;^&,;9
ps7r3Xj
NKe%;	j
T}=BDB<
y}M+KM
8Sia!x	
eIG@v/;(
	L&>6FLZz
6#V M	
SD@@N0
GL~CHNG
EhPU)%
E|%?~C
&:fv7)}`
S+>|J&
B{1yw:
S/6q$7
12/*Xm
3Nk$qc
DiW> s
}/JBdX
H#D7Ix$
!13[[f
7	>TD"
?#X|"u
0nhKCr
;SguS)
=pc0_O
Tv&k9o
{[BcXY
>?,pGv
{4o&4Q
ZXmt'!
ZG^0gu1xJa
P]2K[S
pK\l*vHOo&"
W5Z:r-
>\RU#l
:JLB'2?
@\]BkW
6G2AH}
rWF=C5V
duGJx@
krRC3E
wGq`\l_
f6^_IL
{bC/ZZ
Lw#,6->
7g9*w~
asK3Rv%
%"	T'"
2?cKyV
S{3O/;
SGq=9Tp
K3A_i!
l17v""
AR/uH	=
N[	Bu.
|ON>uMX
LG[E"a
GbxUt/
@Q]W~-
n0.DK9
L<uV 0
BvDb!P
WCtbEdn
I""yA7
iwU7CP
5A4#rQ
=	Z(&9
]TU5Yt
"g`^B*
5]Mogx
lXsE[c
8>`[-h
s{$P+H?<
n$;Cdh
DytY	w
Ixl5X<
lj0CGN*
43vZ[L
0EH\&VB$4
v\HUo/,
$.1MaKH
,dUxaE(dF
+Q^n.j
\{[D.bh
AgW|15
3L+36D
#Xnf%|`
f(z>Zt{
!:]?T%
_b@fi/
C/(...
QW	jZ"
=imqiVk
z<.%<@[
|	'xb@
o4VG<f.
wXVD(@
H{~amuU
G<8SK ,5P$
*=k4Ux;
n|t>!=?
D?Gu/"
X`vvq89
E 5!s2
2-2\rO#
gn,wdp
kI0q-U
|58]vh
<ELq'g
>Pl<x{
GL_SpQpf
{%bhl,
yZ1z@1
	JHE&lx:
MTYvt!<
} ?wj4H
Y2'Hl`
m)4qjM
N9rcQs
TyZ*n_,kK
c`	},>
?gtxAJ\
|0qD?cG
RY[#Q}
Ug0~"4k:
*~kHy54
/6I[dk
S$?ne=n$
S=&Ip[
kAC kR
Bs,X\U%
|i hhp
r<Hu4P
`-;*\\
7q'82){
|tOp<OH
a4rJ{l
LBAOdy
,`*0t~
i0!Ix8_
phb6,k
nuWimg
Haun7z
pMu+Q3e
,X3V=nfh
,}^\cA3W
|LP:f	
Gnrl+^?@
NullsoftInst