Sample details: bd49d4515954ef2ca15bcd7897f8ec52 --

Hashes
MD5: bd49d4515954ef2ca15bcd7897f8ec52
SHA1: c925ab7c6677ae3f1313608f379fabe603eea66a
SHA256: 68bea801d8dca7807ee567d0f4b5f89146edc7e067b6f91b932e946c406168ff
SSDEEP: 6144:/jqrJtPPHq26TUMwBTTq64WXFMIartwRfmiyHBZY:+rJY2aUMwNbXZaBw5yHY
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/escalate_priv | YRP/screenshot | YRP/win_registry | YRP/win_token | YRP/win_private_profile | YRP/win_files_operation | YRP/CRC32_poly_Constant |
Source
http://www.frighth.co/file/admnjjupdate.exe
http://www.frighth.co/file/admnjjupdate.exe
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.ndata
 s495L7B
v#Vha,@
Instu`
softuW
NulluN	E
j@Vh@7B
D$$Ph,
D$(SPS
Vj%SSS
SWSh<s@
SWhZs@
D$$+D$
D$,+D$$P
_^[t	P
UXTHEME
USERENV
SETUPAPI
APPHELP
PROPSYS
DWMAPI
CRYPTBASE
OLEACC
CLBCATQ
RichEdit
RichEdit20A
RichEd32
RichEd20
.DEFAULT\Control Panel\International
Control Panel\Desktop\ResourceLocale
Software\Microsoft\Windows\CurrentVersion
\Microsoft\Internet Explorer\Quick Launch
MulDiv
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
SetFilePointer
GetPrivateProfileStringA
WritePrivateProfileStringA
MultiByteToWideChar
FreeLibrary
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA
lstrcmpA
lstrcmpiA
CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
SetFileAttributesA
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
KERNEL32.dll
EndPaint
DrawTextA
FillRect
GetClientRect
BeginPaint
DefWindowProcA
SendMessageA
InvalidateRect
EnableWindow
ReleaseDC
LoadImageA
SetWindowLongA
GetDlgItem
IsWindow
FindWindowExA
SendMessageTimeoutA
wsprintfA
ShowWindow
SetForegroundWindow
PostQuitMessage
SetWindowTextA
SetTimer
CreateDialogParamA
DestroyWindow
ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
USER32.dll
SelectObject
SetTextColor
SetBkMode
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor
GDI32.dll
SHFileOperationA
SHGetFileInfoA
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteExA
SHGetSpecialFolderLocation
SHELL32.dll
RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
RegOpenKeyExA
RegCreateKeyExA
ADVAPI32.dll
ImageList_Destroy
ImageList_AddMasked
ImageList_Create
COMCTL32.dll
CoCreateInstance
OleUninitialize
OleInitialize
CoTaskMemFree
ole32.dll
verifying installer: %d%%
Installer integrity check has failed. Common causes include
incomplete download and damaged media. Contact the
installer's author to obtain a new copy.
More information at:
http://nsis.sf.net/NSIS_Error
Error launching installer
... %d%%
SeShutdownPrivilege
NSIS Error
Error writing temporary file. Make sure your temp folder is valid.
%u.%u%s%s
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VERSION
SHGetFolderPathA
SHFOLDER
SHAutoComplete
SHLWAPI
SHELL32
InitiateShutdownA
RegDeleteKeyExA
ADVAPI32
GetUserDefaultUILanguage
GetDiskFreeSpaceExA
SetDefaultDllDirectories
KERNEL32
[Rename]
*?|<>/":
%s%s.dll
wwwwwwwxw
wwwwwwwxz
wwwwwwww
wwwwwwwwx
wwwwwwwx
wwwwwwwx
wwwwww
wwwwww
wwwwwx
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="*" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v3.02.1</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/></application></compatibility></assembly>
NullsoftInstY
`Lk@eW
Rc{&}%
]s5~&B>
8\w*Gn 
|Ov=	%
,Hn!yTli*
FZqXA|
_48=.+
m2IS8wx
<tWMcC
of|kZORxU
<.\V^x}=
]{G;Ox0"K
:1. pN
,GDAHyy
w6t}=W
n@Dxl)
7zaG(n
*)A|"m
&9b"TL
*~kHy54
w+:I}=
 `#eHH
z.W+`y
QBKDZC
q6eUB^
 l@t\$kk
2A;dyY&
YKiz<>C
uTh@J*}
.mQ+&Oe
b[+xz]	
v_|{d@	
Eac{%{v
b=shLPN
z@SZkPT
C&jO7I
Yq6{j0
9_z(4w
!^m}Dn:
tL03g%
Jf@|nh
NsbxID
nMuzW+
Bt']2(:
RtO|>R
15j}uJ
@U|u"v
>,vQe6
4ybsn.
~E8	zs!J
lJL~)>
T#)U	A=
(f[[w$v
KrgY$%
O!)}ej+K
C#hyOt
M)H<p&
&OwRP,
sF"L^C
z \)'&
0F ^',
TZ^->)+
~Hf^Is
9N}K)Y
+lI}d*
uJhKE5
3r%@	,
}qii:L
<t(	/}
b\QD0Ot
3?/p%J	K
7p:Ih1
t~yWl}
tH!snJA
dMsO_<
'F@T}<
	6;&`w
{9'H+$
Z5EJ{e
	!F1Kg5
nd6F>D
w2[Grm
FL|wxPBwB+
k:mc	;
'hkGT)
f]H:MW
8Z9>oi
{T,>BL
48m+C8
	h-b}%
73;8M[
=Vdk-]
>ZxMGs
M	`3,Aw
-tC<,;
.T05E4
KHP+]z
mk98b\#-l
BjCsu2>
/3({O4
#L/dKxQ
*2'T~T
3A|.^C
oV(7H-BF
d%J.H%
7t~+[E	
1zx1b>l
jZuczG
Xl]Chf
w5J8@,4
e~YoKy
;EC4hn
MYaT/\
-I: Xw
<rrYMe8
:GH0o*
3i}a`H
_<'A_@`
(` +=rt
{]q.8N
<>V6c4
EGiQ_R+
1dvTb/
c}7\	\>\b"
V8[eJd
hG ^,R
"xT~@ f
rhT(.l
H9nD1Lg[V
E-N~fA4
s`?e8(y
8Yvun9!9}y~
GV=X=G!
g0eLQ/
CZX1wp
iZKgJri
NC!.[8
$j3n,d
1.i<Ax0
.&eTse
fS2=.9a
Ty}xxk
YTOyE*
P4X]|Mw
vrJQnS
c0DAMZ
g6MQOu
N#;B!`
?+(4S3
0@=5JJ(P
Kh*Q||
+aL'Di
b1Z>fA
Vs!-Q/
*b8QAZ
i[gh3I
N	G^eS{
7Y<3k<
KWXu9S
Dz(Rj$V}
M<U"Y~
<j4Mg,
gxQ;yT/
Vl?JP)w]
%"J/.Xs
	<tx7'/
Liyd['
>zr(0<@
.`N~Jh
bMa}Fp
z^uPE~
`\`hp*
mtmqX:Pdz
J=Bew/1}
x6Q`|<?}@
@[!xxG
#oHM-iO+
2M(Iu&
*=g}8Tz
>x^&eo
"'+r]p
*B;ogE
>@E]sFk
]9X8Qa
ko5"D"Jf;
#kD-"z`
H0g<~a`
$xaCl_
#y{=fJ
KEj3(g:
&|G&8'
6K	{bv
~;n9UP
D5tYis
3sIU{W-
3(WbJ0z
oS>B6<
F2%|5.4
k9zG07
I88Y9?I=
Kov$:rb
2[<q>=
7,02zj
yi^b5,
"IJ+@|
t,=1[1
N#\:zK
+PkH>}g
T"/}~R
#hoa:%
:+-{>jK
Qknq7t1
!4B(!4
\Q;!m9
rG.8/b
I')H~9:
)0l((C1
\j<@(Z
Wg!TX1+|_h
a$}>l3
NuL[HT{
T+*M&(b\q
_<956C
J@Eg$}
HIWJ!R
1t8j>l@
=Y/4n"%
SY\qzsl
)No=#-
umf\x*
4I1&i~{
V3Z9[g
PBD6o:
'}MU}S
qv#%J$R
[||I0fQ
!gx>w5
!K9H8c
F!y58O
$h@MX'E
*~3lgbv
.lP@%^"
!w6i?D
hnL'P\
<h* 8w
qjZ}dW
7i-|Lq
NR"S]C{E%~
ySKabh
=jlpn,
k0jDZS(
'Lza>t
:\An-g:yr
iG_/ncj
an%\55
z!m95"
9)daEn'
y/@QI\
O	noWqk
Q.-~31
]Wy~)p
p[5HcA
;xK$sl
vBAp0N?v
z/R{:\y
k2IB}$mG
BcXV7@
w0pd\x
6<w/AB4
[J\'_c
#M:~@:;1\
 ;ta>[
G@IwDA
hyfTl:
X	@9'tz
InL{cm
%&]pEb
2;)@RH
K.U=|VWf
$|AYLK
"FMk(t
F<IOC<;
KB,~_,%
!QPM[[
>iD&ijp
 kX^/Z
j/ GYB
Y!@LEA
6EDIN<f
#Oz|9%
L2iU?j
*b4TC'{
qn<>i)
q:T]^F
K(Y-me!
80l+&Q
`b4 E.
JXH5.)+
D P 0+
FO6`K&
Error! Bad token or internal error