Sample details: 92e7eb0ece1e322b1836bfc532166ee6 --

Hashes
MD5: 92e7eb0ece1e322b1836bfc532166ee6
SHA1: 3dc31df7ecbd119cb640c4ff7bdac579b1a5478e
SHA256: 6886f53972c2dc8531f0650180da55a0d1c127ae7a6db334de4c6644fb3bb684
SSDEEP: 6144:steWzg5I1FQee7zXaJjb0xm58njRqlIHppD8WW9/R4eEEeDYcEDvLWn:ye4g5KFiXS30o5CRqlIHzvanN0n
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/escalate_priv | YRP/screenshot | YRP/win_registry | YRP/win_token | YRP/win_private_profile | YRP/win_files_operation | YRP/CRC32_poly_Constant |
Source
http://www.frighth.co/file/admnjjupdate.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
.ndata
 s495l
#Vha,@
Instu_
softuV
NulluM	E
D$(SPS
Vj%SSS
D$$+D$
D$,+D$$P
_^[t	P
HtVHtHH
UXTHEME
USERENV
SETUPAPI
APPHELP
PROPSYS
DWMAPI
CRYPTBASE
OLEACC
CLBCATQ
RichEdit
RichEdit20A
RichEd32
RichEd20
.DEFAULT\Control Panel\International
Control Panel\Desktop\ResourceLocale
Software\Microsoft\Windows\CurrentVersion
\Microsoft\Internet Explorer\Quick Launch
MulDiv
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
SetFilePointer
GetPrivateProfileStringA
WritePrivateProfileStringA
MultiByteToWideChar
FreeLibrary
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA
lstrcmpA
lstrcmpiA
CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
SetFileAttributesA
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
KERNEL32.dll
EndPaint
DrawTextA
FillRect
GetClientRect
BeginPaint
DefWindowProcA
SendMessageA
InvalidateRect
EnableWindow
ReleaseDC
LoadImageA
SetWindowLongA
GetDlgItem
IsWindow
FindWindowExA
SendMessageTimeoutA
wsprintfA
ShowWindow
SetForegroundWindow
PostQuitMessage
SetWindowTextA
SetTimer
CreateDialogParamA
DestroyWindow
ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
USER32.dll
SelectObject
SetTextColor
SetBkMode
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor
GDI32.dll
SHFileOperationA
SHGetFileInfoA
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteExA
SHGetSpecialFolderLocation
SHELL32.dll
RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
RegOpenKeyExA
RegCreateKeyExA
ADVAPI32.dll
ImageList_Destroy
ImageList_AddMasked
ImageList_Create
COMCTL32.dll
CoCreateInstance
OleUninitialize
OleInitialize
CoTaskMemFree
ole32.dll
verifying installer: %d%%
unpacking data: %d%%
... %d%%
Installer integrity check has failed. Common causes include
incomplete download and damaged media. Contact the
installer's author to obtain a new copy.
More information at:
http://nsis.sf.net/NSIS_Error
Error writing temporary file. Make sure your temp folder is valid.
Error launching installer
SeShutdownPrivilege
NSIS Error
%u.%u%s%s
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VERSION
SHGetFolderPathA
SHFOLDER
SHAutoComplete
SHLWAPI
SHELL32
InitiateShutdownA
RegDeleteKeyExA
ADVAPI32
GetUserDefaultUILanguage
GetDiskFreeSpaceExA
SetDefaultDllDirectories
KERNEL32
[Rename]
*?|<>/":
%s%s.dll
P;?@@?
P;?@@@@?
DdEBA@@@@=
(*MXob
hpppiffT
ZaZaZXKJ
Z_ZT_PI
075kmn
_VTTPPI
)-.Yln
V_VPTPIG
&+,Nlo
!/45km
zzz||||
CDE*&&'
{{{s<.
{ssuBBs@@@<4
puqqqqq<770
punqq974.
O_mcs]0
NX\kqphZUQ3,
RYjgfW2+*
rlbA?4)
z}z}z{v
wwwwww
wwwwww
wwwwwwp
wwwwwwp
wwwwww
wxwwwwww
wwwwwwwx
fffffox
fffffox
fffffox
fffffox
fffffox
fffffox
fffffox
fffffox
fffffox
fffffox
wwwwww
wwwwwx
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="*" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v3.02.1</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/></application></compatibility></assembly>
NullsoftInst
XT@JhY
1	;?o_
UJR@52
#|q0S0
@PRPD0I
~$P7Qx
F=<(b$
c:c{#~
8uM{ct
4hD4#>
w N@#c
aff3XC
9@`.,D
JCN8	BZy
IH<Nti42
j%MX0?
fa)YX}=
A!~z$Rd
 PH;PD
!G1fQ,
lf`jdh
y5D5fh
h$)!0C}
18gZ<_
V`1$.{
>W0e+LLn
g,j$vg,
f$~3r4
%pP{''p
F|?jFpS
.TmN62;C
$_;fZfY
8QQLQBQRq
5E555m5=5c5s5
K#H#Ic
,GgF]0b
JH%l l#\$
RW~G^K
L0/_W\
M:xEK4
):^Aw?
9-KU&{
LgwI##
_5OB<y
^";NOn9h
?aa:%`
\ie+?{
NtJ-3~f >O|1
Mr&a2~
9Ssy.N
w]/.Y/,
*Nzy[_}
5;SyuM
	3.P]A]
L3S[7N%
Xs9G;MAr
xV'{/&F
Ilk_i4
/J{M*o
6Zj6=w
9Ka_y[yUY
eONR:U
/=|B<-
Y%;.VH/
%KpY[)
.DPlr\
(kQw:)K6?e
Zm#!K8
nu?%Ms
G5v]:KrSM
\WZUm]
bkh>T1&e
Z[BAM9^H=
n2G9"W
lQ`q2	
R0oGo{
3,<0WH
wJi	rj
&k(lP%Q
aE<#@V.
n*_3Ts
ZM:Q+f
xppCd1
mx8j({;
Sr_3drde
y]dS}rUO
)c9B0-b
Q_M1gG@on
mB1@of
A@o|}+
!bO$WKU8F
3.VGYL
2:[Em3
EH7LJ>.
)6-NEFQ<
NB`-H0Q
!B[@iC
'Pkn^C
}8@-N\
Mm5v{1
BoudFh
G6?BeMq
nJdmP6
p">{n5:qH
wRFTS'
?Y/v1Z
\H_hBSB
C3f'R%
4FX7o5,
FT.46H5
@dE#:p;k
i@ilFi
g^mgO[
GwuFOw
Lq5#)V
01quh;'Yg
 (L){"
5X>'\e
8U-A`]iM
[h+!)n
u8~iTR
QJ:J%zXJ
ujskQ	
x)J*SA
bq&Sv-A
.#Eti/)
^r$|\c
N1&;W<
5}aX%C
 a`yFZe
,eHw(,PiB
4TCp&_q
h]%V9L
Mr)=$*n
Ag4F'&
o |Wuxil
1kV7!?n
{bk7$?
Z/CT?)Fi
S=z?gw
&Z#&*g@7P
5RP-H]
6StVe+b
D5@P?[y@~
a~W`q~Nn
Aj|z|:
V$h;/J
/N[9a^y
#	3,7]
,fm~,#2
_I;nm2
rYKkEQ_<=
)xj~|74
1OcmYu
 	A4C[G
AC/=t/e
"	MN?^
`EfFH.
BnmzDR{L
#"+YpG
o|N`ye,
s-	}88n
aXUF7KL
dMl$G+~a
C$i#w/*
*~*IK[8?cY
N${#2?
(":b?!
gAm%LW
6,tcI&V{
K>c-1(
U/>P,b
=oVrSy5
OdeNHX
Xm;P	o}eqx
"	^iM%\
	.8Nd*QW
#c&7n)
VXfo5g
w%[%$gm
^[zx16
#eUo';y
s`\y:+
:^mHz-d
.*25S(
Ukgc8E
8ml<S]
([u26PO^
Jj>ern
wRk}w15
U'DEq>
t7ut<E
:>_Iv5ra
HG#gXy
O%<E.\:
?*g5fA
C)2iXIr7`Y
'9q%	v^
-*hX$"
:XN95U
sU'?t'
4$E,G'
)-[~%A
mhb~I)
r%~Y0i
3jFdu.2
w`wwPb6
2Zyz+|
cnA>kX	d
}+-NW1
,*Pg6-
56g3hg
4)~d$}
&N|VkN
&!5_9*O
[Rc:'(
~z,::x~
0zKP.U
98oT'BS6
YQDH)L
}VRoi@
_$U)@Xp
A7>K*Mt
j	.*!fh
Uz?s'>
F(u@M}O	D
,E6CP2e
$V,U!u
`5 %K#
Xr[->G$
eQ&w-PU
upz,5;
cF6h!J
	,}UTB
zc3e0SK&}&
M[4Wk0
%/mb%SO
s43+Z5~qe'
e_+1LhQ.
pzw[Fu
g0Upo'
[qC~+"'
2 /:Ru;
d`ywbL
{z?N=Y
l$@8#z
OKP0,3)*\
v1_A&S
36	%ND
VVE+9N
?2p6fU1
,x4asW
~8/9>N
dKYTr]
vN*\8~
Jo1OMK
>dk~{M4
vF\Q Q
5/LaO*
1i=NROP
o6482[*y
^x=Im^]
-*46GK
@AtPpp
\7(UAa
m:Afy7}K
7+5 k7
\hY??E
Jb@sUN
!H<[yk
9771x.
Mq1Fm[u
\b|I	D~
RzS`BO#{>
13b)s7B
<%PZ,%
Vv7f-K
Js7cI'
V|=C* 
*WY%PqhK
86G92Zu	
]SGoS<CJ
QmBe%n
jSN6%|Kp`
%pfcwB
Y- S1K
C+pwd;
aA}1QSew
|K9LP(
1iLcG-
VoFz;h
T4aP._
Ya_YWY
lO+VYc(
O,L5ZG
	VN:Mj*
j>[=)d
3CDZOW
P6[e0z
;0tE,d<
CV>6?%8
===d5V
0C$uDW}
Cd,qFi
DKiEt[
?M%iS`
9P[^gF
^_G/U<
\CHi<S
$xn9et3
4hb.Yt
/HVlcfN2
lL.:yK
;|o=|@
Dl8Q r
s^hVY#
%B(]QA
fxrw<UB
f.4VPS
]T.L]/
*JN>5&DT
	uI-^Jq$A
6r^12R
w7HuWn"
eP6/_e
5bL\FT
s'q	jX
KNYg/	
VY((A~
Jxp-dX
)VR9)	
 =V)oG
9<,	Y<
/aS%jP_
t5_LGpb
{k>5K`A
&''I[[[
l5^]]-
SZZ+ea
JIJw	Hw7Jww(HwwwwIw
2RK@qn
F@Vs/Ho
^^~AA?
Ilkk[Y]
(#&&**
B7.qkvl
}|rxp|
#|3@ld&
J[A9tdfO
nLjR|H
ESMWU5<
J!(8nb
<)!!!5)
@Z%	|P
-%%533
a>Be]3!=
i<LA<:
i[DA`J
27/<n_
:<[F h
;;<n|D
vD6dQuj
{7!o^qv]	
pivDy<
"{ChSS
' {V=W}+
	y>cZ@
cp<E`:%
+g8;"=$
1?l^L"	
913AQ4
DBQB@B5
N{[$v^
T9X}XN
Z4koRLS
?7T>hE=
q6Z\R4
|"mph8
#-Y$-9
m>(?@6
j+T&cM
Error! Bad token or internal error