Sample details: 9b2c65dedea85d83367019492fbf24fe --

Hashes
MD5: 9b2c65dedea85d83367019492fbf24fe
SHA1: e2002f851eefab2955112217f2a1c7dd4df4b1f9
SHA256: 9af0e01c52e716f6f454457603dc1999c1c4a5d4d64d0cb19d5c7a0c11651411
SSDEEP: 6144:qEkq1vQhwA5WqCDl9M1pBoaU6idQj5PPYcMu+y:qEkgQh2DepBhUHIbMu+y
Details
File Type: Composite
Yara Hits
CuckooSandbox/embedded_pe | CuckooSandbox/embedded_win_api | YRP/Borland | YRP/UPXv20MarkusLaszloReiser | YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser | YRP/UPXProtectorv10x2 | YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/maldoc_OLE_file_magic_number | YRP/screenshot | YRP/win_registry | YRP/UPX | YRP/suspicious_packer_section |
Source
https://fiebiger.us/kin1.msi
Strings
		;;B&F7B
B4FhD&B
E(?(E8B
DrDhD7H
ExE(;2D
;;B&F7B
B4FhD&B
?dA/B6H
@H??wElDj>
@H??wElDj;
Name_D7D112F049BA1A655B5D9A1D0702DEE5TypeAdminExecuteSequenceActionConditionSequenceCostFinalizeCostInitializeDIRCA_TARGETDIRTARGETDIR=""FileCostInstallAdminPackageInstallFilesInstallFinalizeInstallInitializeInstallValidateAdvtExecuteSequenceCreateShortcutsMsiPublishAssembliesMsiUnpublishAssembliesPublishComponentsRegisterClassInfoRegisterExtensionInfoRegisterMIMEInfoRegisterProgIdInfoComponentComponentIdDirectory_AttributesKeyPathC_DefaultComponent{4C231858-2B39-11D3-8E0D-00C04F6837D0}TARGETDIR0CustomActionSourceTarget[WindowsFolder]\TempDirectoryDirectory_ParentDefaultDirSourceDirFeatureFeature_ParentTitleDescriptionDisplayLevelDefaultFeatureFeatureComponentsFeature_Component_FileFileNameFileSizeVersionLanguageInstallExecuteSequenceAllocateRegistrySpaceNOT InstalledAppSearchBindImageCCPSearchCreateFoldersDIRCA_CheckFXDeleteServicesVersionNTDuplicateFilesERRCA_CANCELNEWERVERSIONNEWERPRODUCTFOUND AND NOT InstalledFindRelatedProductsInstallExecuteInstallODBCInstallServicesIsolateComponentsRedirectedDllSupportLaunchConditionsMoveFilesPatchFilesProcessComponentsRMCCPSearchRegisterComPlusRegisterFontsRegisterTypeLibrariesRemoveDuplicateFilesRemoveEnvironmentStringsRemoveExistingProductsRemoveFilesRemoveFoldersRemoveIniValuesRemoveODBCRemoveRegistryValuesRemoveShortcutsSelfRegModulesSelfUnregModulesSetODBCFoldersStartServicesStopServicesUnpublishComponentsUnpublishFeaturesUnregisterClassInfoUnregisterComPlusUnregisterExtensionInfoUnregisterFontsUnregisterMIMEInfoUnregisterProgIdInfoUnregisterTypeLibrariesVSDCA_VsdLaunchConditionsValidateProductIDWriteEnvironmentStringsWriteIniValuesWriteRegistryValuesMediaDiskIdLastSequenceDiskPromptCabinetVolumeLabelPropertyValueARPCONTACTwww.exetomsi.comManufacturerProductCode{29EF7317-DCA1-4159-97B2-C883AD400AC6}ARPNOMODIFY1LIMITUIProductVersionProductLanguage1033ProductNameExe to msi converter freeUpgradeCode{1630D902-D790-41C1-AE26-9D5E5D17566F}BinaryData2.0.0_B3D13F97_1369_417D_A477_B4C42B829328NOT REMOVE~="ALL"
Windows Installer
Exe to msi converter free
www.exetomsi.com
devuser
{C35CF0AA-9B3F-4903-9F05-EBF606D58D3E}
This program must be run under Win32
Boolean
Integer
ByWl'Word
TObject
h_	IDispatch4
rrrr|x
\XTP''''LHD@g
;2w;;t
PY>ZYY8
VY!oht
9F+=N/
<HJ%NHJ
7'PPl,
\i$xtZXtU0u
0"	w%9
~KxI[~M
	Vn Co/
SOFTWARE\Borland\Del+
phi\RTL
FPUMaskValu
t_%$0+
Z)&88,
P0	6s}%t
oXir,v)
S!.888
ZTUWVS
nyd%r\{p
=@'`;!Z
_-Rf;` w
Nw3lo+	
\2XK"WV
0N|*(}&
~|DO}(9
F&<5DD
[{Lu+h
kernel32.dll_G|
etLongPathNameA'o
R-(Fpx
cale{ V
\Z54Vd
?  t.<
^w$GCB
o[Y.:C
`#XG3#
	`Cr@&t
DefaultPHotLigh
wive>NoAcc
omboBoxEdit
Windows
TOwnND0wStaJ
($ 9999
''''|xtp''''lhd`''''\XTP''''LHD@''''<840 ''',($&
|NNNNxtplNNNNhd`\NNNNXTPL#ONNHD
''''|xtp''''lhd`''''\XTP''''LHD@''''<840'''',($ ''''
8 MSWHEEL
%_ROLL
.SCK_LINES/
_AmxHm\
M.xoy|
	ExceptionPq
EOutOfMemory.
EDivByZe
~Range
K$/ t>_
HUDlsB 
TThread
?0ME Y
`Gt!J1l
M'4D@&
rEAIt.
0r=<9w9i
()@-3$-	*-&F&\
	$&-[-o
8,fk<d
hea17O
 2kV94
NZ)\V9@
6Ja_hu
+'#q``
4x_w} 
	X<W8x`
YSU<Ht
[-O/_"
kFreeSp
C~)NH5
{;w$t|Q
T|.,t^
AddSub
/od_nOr
or_Cmp4FromSt*
TCuN{{
Ft?HtbqH
%<?x/tX
CCs E	6
vvGG=&)
6ETk:T
/@N\AC
oQrrTp
db#1x"'
<O&2>Pbt%
0!WUm(
Y6|Y3D	`
C'\ Uq
i>  =ZC!\
pQQb+5y
Q3Ql#&lAQA	
#X0!7=
ooEmpty
Currenc
gO`&g2
;?Unknowa"0
,%@<g7
!,~[2|
tagMULTI_QI
TAlignmenA
LeftJpify
hO	TBiDi
N^Only
Middle
SeXmjd
&VhU>{
_V7Pl0X
tK$?2-
gGroup
<(CA`;
8G xt1u8
$3tD4!
g^a!_$
{2M@@!
Yu TA:F+i
7xE2huJ
ny$ozL
kCMPh(
TPropFixup
FPk#p2:0>
@)Xr)8
H/[!|8
@P`*Q_Qm
oDg%s_%dj
SRD;tL
r9=4(Q
&YD+JM
T' #W2T
hGdz W
<@= ^m
pqNNNNrstuNNNNvwxyNNNNz{|}NNNN~
`aNNNNbcdeNNNNfghiNNNNjklmNNNNnoPQNNNNRSTUNNNNVWXYNNNNZ[\]NNNN^_@ANNNNBCDENNNNFGHINNNNJKLMNNNNNO01NNNN2345NNNN6789NNNN:;<='
mBlmOE
Boross&":
>WBthf
7xImag
?E;@ #
3 6gSil
~LimegYelr{
FuchsiaAqua
ppWXk{
/BtnFU
?foBS0
ANSI_CHARm
SYMBOLc9
_HIFTJIS
"NGEUk
GJO Ba
GB2312
 BEBIG5
TURKkv
yjxROPE
l/8df6
4`wsMVV
`WmT\kJ
K8&qH'
tSS[8"
uLoBxg>
SYV169
f[At6Tj
R71)C#z
,;T 7l]
<C [ni5
t$+tuiK
YDwIebM
{F(~*|g
gt]xW$
kg.wmf
.AL\<P
k_pe&\M
 6tB}i,
HmTiCXxWMc
F0xv4l
Lw*4G[
v"rtkLA
)X$=*`"
^@f|Z+
? pSE6
^A7\$	
5xCKK&
aM0/)X
x1.6,S
AW0^kj
ISPLAYT
3Viewe
BrW^{Twh
(=10t\
~)X}jxt
@<5@lGX
!qcomctF
m>SB'U+
$ (He@*4,T
6uxthemewH
Close!
lyTznsp
0yO4Nn
wv%dV$:F"
uoL|\2 GL
dD@D,>8
5|,C4W$
_Ign@e
mdlg_h
lJHKlK
xK%KtK
[i,_Wi/K
F4p	((
hd6Y#d
%.]i ,]
[@0.~S+
blGly`;
TNum=s
1j2msf!
8[M-S@
%M;BAc
)c5!wm/
NQE5%+
Z1ca?p
|/TSy+kZ
2 Mik2
aN&Olbsfv
PIp	wP
 WfjllhX
 !"#$%
\py)*%S
\p323"
FVXhXd
B^7dCo
xLx/Leave
Ky	MaxLep!
:FPreP
8WtW.t
\%%&$C
A%!E}`B
lbXnd^dh+
I.@+R'BG
\P=;<$C
P-[r$`
E$u@*P
moH%D'
G7VL#$
&<5iS8
Uw)8c}
BUTTON
Z_zD`8
,hsp]C
]=w:Z	
bPgA'pl"
IikDc&
AYw[Mb7
sdlbQ2
 g.lRdB.
LISTBOX
Q@rT;0
#G!v@=
G0mxl8daI
p#'OXg
IjH;Xd
(AL("%s",4),"
" JK13.
iWVcG%/
N_WINHELP
#3277H
G0>yT`
te={sJZ
blu$@)((}=
Wheeli
Up`#80p
s]4L*t
S`<i=#$
;kSXOWSE
i  $$(
?%->C@
U%4H~DE5Q
:h`Q b
P]otW|
 2_aX`
%|KvM/
;$:BWogA
kO ULK'C
XLu7;Wx
L``t>79,
Ni [z1&
r\@v;{Du
nD	%Hu
<EVt*_
EK2S@F
ZG=PEnp
c@8,.7
I"F+t 
.ZZZH*-
	F``ZG
1+<d/ 
g{[x-V
7I;WWS
r7=@w0
7u+'PNT
,9(1:3
G?g`!C
 Wd-VBKoLh
m C ?(
xV8]7W
v@0bjScI
"[A6w<
1:@@&@H`a
ULQ740
W+*q)DS'
0;BR$W
6ajV#F
PDt1!FW
-tp.3":
*#Q?qk
q3@},;j
1g+ t%
*y"m4x
=m[AP$vKw
Th-<g~r~
&j73[i
X3MX-@tO
X+GAPm
{FfNZ!
@jaD E'S
',v&i.3G
qTu.h*q
vd,Vx1
9;wlt4
#!hI%[9
6=^[Lqv?
Sh|3t<
3p 8	xIV
f4YIVdB.
M8xJcdYp
^bO*(M
w\B(u8
!o3+Hs
S`d!"R
QROtVc;
E d@8s
{}Ly<p
Pa$d6{
k!*?4*
/7wAnZ
Y#xecu
;P8u+~
*;~8-(
kX>/M|
]/,a!`
=I^Kxh
 #h_x:
]1?,0@
FO2BBO
 <`lK	
q)^H+%
Rebuil
keysK<
1234567890ABCmQ
GHIJKLMNO
STUVWXYZ
':#l\QA3
Q:N 1D
K"	Xp>
Sx94p3F
Ln-IOp>g
025--8W
*T%DX`\
`=^U p
zx+5Z|
Hx!o8#	
>4kA*>D@
e`_"p\zm
IeBf=_
!$nhu	
2u"IP]ntI
lk (74K
-:P;^;H
.XcGT'
0'4#Ql
c}}YD'
'I_F+Hp _
xIPE}J
Jl 9HW?B
/^Sh<S
3$a<q!
BThumb
axD;rD
R?4aE!
eA!st7
L2}1M44iSnu
T;:d8A
<cX`$.
Yi#\pS
1PixTsP1)
,Da1KT
&t6aY/
@9uS)U
/{2~-iT
V@"CaB
W WCHs$DLLF
.Fo,d!<
U`3<sBIO
0DQr-#
@Uu #3
c8IzI4b	
M>PVsn2g
?$o[TJX
2!Sll U
D(eXfl
Vk#do2
9dk%Cf4
p[kAlI	
t;Cpu'\
5%/cNe
(hsN P
t#;ADtiw
0TIja1
5VK	Fp
(t)f%V%
%$t#"%
h&$4Ii}
B*Gttn]
Z'UP@ ,
&dB&PTX8$cB|oh
\2MLO!= 
jPS9*PW
GL.yK&L6PP>
V ADdp.
7k{pKYC
V3n	<;
CH[x$qn
MAINIC$!
b$5l#Q
SO+TSd
'|aAkW
[t4/xD
.)tZ!~QD
*|{H#7
\pWLa Hq83!
3Am&FL
=NPy"}
CHYFMhK
c;!`+/
zO.OTv
FB\PUx
?;^`u0
E"0vE=
iJWYIb
HRser6
4x42x81h
"tn,%y
0qog$k
DowA6.a!
y7L,ej
&^x;Z1MX
_-abw+
JAu#2	h
\[A:,^
E8Eh-,
@*h671
%X|$#u
^.<?8.u
aL9@|o
sxkx'F
	qt}jq
nv3w"+P
%qdj{auLk&@2
#U.<1p+
"U?(1|
f{P&2@
TS7x+T ]|
uKS:0$
t*KPWP
:HutS[
QbHhaL
?5CCPo
DG +{\y-
%~hEG4oM
aiw8"w
X'm\!(
E;f`75
p p`&m
q'a|Y1w
-yu]%`
R8@N-|J-
3g-WYu
7_6-pu\YO
2<[,B)
%>mpWo^
~x/;|F
`=u)kK
-wO-TA~-
_]^-ZX_
NRKkObw
FPJ8FO
O)Aa+R
nOtiN]
IOsW&3V#P
1	yO N
B%2MBb
UR$_Yv
{~OZ}IV
`-eOLrgA
NSK9BU
LZ2|Sz*7
<_[*I3G=
O(I7h^p
W-QJKB0
m0px88kNuHnH2iiJ
oW,$SiHpHy(7rcBh
pl&kqh
gn/pNt
%.*d4o
<,4<DL
(8HXh<
~DTPF0yY
MS SX3 S
8HXdty
G6d.\49
]bw.>_~
.?gQTg
'1MQR'
'4""C[
:L*y8Z?=
yvJ"Q[Qv
L3'L3'L'Lb
2C`"(8
kmHj[H
%(!73*w
EznC>{$Z
WKbV	H
=r|iE?_tX$
_e>.+q2
B0'3m*
mhHl0s
bp`G}Bf[
oz%<U:
d0\Hd#
o3ay(m}
F"<Q	$Y!)
jnix0O
S|?b@d
smyJt8+ak
h0l#%[
)l~X!_
V9>:p;s
y=6s,>'^
`QnkJBv1
]t|mF-
d{*$+4
?vQn{E3
}Q*~>!l
B|IG:<
SJa5"F
Kk/=>5
^7	ZZ1T
9yag>!!0K
r)u	4IdF
E|X!>9
nH/mU(
xk`o'D
>8<"5	
Bh&<qv
#on:k4(
+.m{0P
;t4x	@
)r2%FZ
Lo_vDH
K(V0B[
%V7z|WZ/
:-uiXv
r#GIu>\
(v6J8<=9
ak!0G8
N}kzhr4HQ
iRqjB]
Y1=Q!z"
^;8*-Xj
J'BA4 
0hX%4PT
*	xh	Ra
0~~_R*
A-r^y~]n
FjKBZp
)'VTT		
$paY\x
dp|hW+
~PjN<2R
waUb`t
S^'@~F_
33PyUN`
timb]E1
\chzy~8
AlU+7G3
,$\	Q 
Y?8"<>]T\
O5d\|\
\>8P5e
i ;dae
d\PId]
k<3uw!x
v{1fkZ<
'~:M; ay
:uyE+z
+t@Ksy
~P<l.(C
X^)}Yo
~8(Zd(vF/
"q	$G$
~~>FTDt
U(0(D`
X^@| K,
97	77	
u?L%q0q
!lfn'{
s:Os)&3_
DWX"J4
FWp!fl
vxHH}=
I@OBJ$^
6:d~\)
Fx$7p_
wp}C{l@XdEa
92^|yV
DK{Q]t
VOm|N59(
	b~)$<
k&|qU}
l>rW5D\)U
xnVV^ThC
@Us+i4
5C>0 2
J_sc$F
Bm0@zh
|i;%R,
	7|nR=<
tGAS0_
 >HQ5xF8[
hdnMjhU
?@!.#K
!}KW.cn
mg\		P%
iA'acy|
'EW`%0
a4&CN:v
9x qV\Y
4G#LRG
U(XnK9jC
SJ[|:j
hnWHdHKr
;<*DZD
TMj9n_
))2t># q
b%&=0g4
}@*@e\z
Lew!\(<1!
h|72xl]$
Hn-$V5-
?']$ri*
h9zk@)
]\xk$%6
Q|Tw(\h
)C{(\oz
!*_A.g
EFP{PE`
-kaG	X
pXHD?!
}h>lXv
hB/8hH
?XXp2U
2Q-E'f
;kX`.R
/JNa	O|
zh.`{{
8lJk	x{
P.O4EX
8S?a57
]o]oyy~
(S1q,GO=]rI
x5r[Zm<U'
;b$y<I
%/~IeM
^;U5MP<0E
X@C<W:
KR:JQp
]>mIxoH'no
 ,4xDA|
5N< 1C
uF_:(0
?JSt	N
(t\rUS
"xUp[	
8zS([`
^?#ky1
1bB)$;u2
7qdn[I
?~Y`	H
zIT		N
N|-Dl@
{yFovd
a_u.n;g
]	?gM/u\
jeC;Cj
*untF[
{CSjlo"m
sBC)"d
jeKTx;
Gs+&/[
	6 ?wZ
~[a+3Gw
6]7sd;6
C3l;Fc
}l;bN/
/sNx,zGr
7lC%:qE
:+sg{"
XO>Rcc_
XMNTc4FqDHRE3S37
50AXTuZPAN8
$dtrcpy
eP)Divf
'Libr^+HB
cC6`)%
9D4DT"|
`eik!1P
t)%~PX
y!W(a!
MpUpd		
z#d+vq
\A)t@Pp
-&F-xj{!
-3V{?O
6P.$z	@
cx.tlsW0
XPTPSW
Gggfv@
&vvggd
wwgbvt
1wwwr"gf@
1wwwr"vv@
wr""gf@
wr""&f@
ww"w""@
wr'""@
KERNEL32.DLL
advapi32.dll
comctl32.dll
gdi32.dll
ole32.dll
oleaut32.dll
user32.dll
version.dll
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
RegCloseKey
ImageList_Add
SaveDC
IsEqualGUID
VariantCopy
VerQueryValueA