Sample details: f823a2f7cd40b8e86ec70b71a5a68cbb --

Hashes
MD5: f823a2f7cd40b8e86ec70b71a5a68cbb
SHA1: 32a20fb37cf17d69c9bf480fc6478b782d7b17b3
SHA256: e011f992b0a9930002d5ff70359a44ed9bf0b538a261d668cff1f721c893a636
SSDEEP: 6144:9BeJPLZ/WnBFHr5Jv04ki9b2SFbJB7sVAX0vtZg0seac0ocaE:SDZ/WnBFHr5JvCi9b/IVAE1ZgdPozE
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/Browsers | YRP/escalate_priv | YRP/screenshot | YRP/win_registry | YRP/win_token | YRP/win_private_profile | YRP/win_files_operation | YRP/CRC32_poly_Constant |
Source
http://klinthult.com/dshgc67384
http://klinthult.com/dshgc67384
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
.ndata
 s495,7B
SQSSSPW
Instu`
softuW
NulluN	E
j@Vh 7B
D$$Ph,
D$(SPS
Vj%SSS
SWSh<s@
SWhZs@
D$$+D$
D$,+D$$P
_^[t	P
UXTHEME
USERENV
SETUPAPI
APPHELP
PROPSYS
DWMAPI
CRYPTBASE
OLEACC
CLBCATQ
RichEdit
RichEdit20A
RichEd32
RichEd20
.DEFAULT\Control Panel\International
Control Panel\Desktop\ResourceLocale
Software\Microsoft\Windows\CurrentVersion
\Microsoft\Internet Explorer\Quick Launch
MulDiv
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
SetFilePointer
GetPrivateProfileStringA
WritePrivateProfileStringA
MultiByteToWideChar
FreeLibrary
LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA
lstrcmpA
lstrcmpiA
CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
SetFileAttributesA
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
KERNEL32.dll
EndPaint
DrawTextA
FillRect
GetClientRect
BeginPaint
DefWindowProcA
SendMessageA
InvalidateRect
EnableWindow
ReleaseDC
LoadImageA
SetWindowLongA
GetDlgItem
IsWindow
FindWindowExA
SendMessageTimeoutA
wsprintfA
ShowWindow
SetForegroundWindow
PostQuitMessage
SetWindowTextA
SetTimer
CreateDialogParamA
DestroyWindow
ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
USER32.dll
SelectObject
SetTextColor
SetBkMode
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor
GDI32.dll
SHFileOperationA
ShellExecuteA
SHGetFileInfoA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHELL32.dll
RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
ADVAPI32.dll
ImageList_Destroy
ImageList_AddMasked
ImageList_Create
COMCTL32.dll
CoCreateInstance
OleUninitialize
OleInitialize
CoTaskMemFree
ole32.dll
verifying installer: %d%%
Installer integrity check has failed. Common causes include
incomplete download and damaged media. Contact the
installer's author to obtain a new copy.
More information at:
http://nsis.sf.net/NSIS_Error
Error launching installer
... %d%%
SeShutdownPrivilege
NSIS Error
Error writing temporary file. Make sure your temp folder is valid.
%u.%u%s%s
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VERSION
SHGetFolderPathA
SHFOLDER
SHAutoComplete
SHLWAPI
SHELL32
InitiateShutdownA
RegDeleteKeyExA
ADVAPI32
GetUserDefaultUILanguage
GetDiskFreeSpaceExA
SetDefaultDllDirectories
KERNEL32
[Rename]
*?|<>/":
%s%s.dll
1 VERSIONINFO
FILEVERSION 49,0,2623,112
PRODUCTVERSION 49,0,2623,112
FILEOS 0x4
FILETYPE 0x1
BLOCK "StringFileInfo"
	BLOCK "040904b0"
		VALUE "CompanyName", "Google Inc."
		VALUE "FileDescription", "Google Chrome"
		VALUE "FileVersion", "49.0.2623.112"
		VALUE "InternalName", "chrome_exe"
		VALUE "LegalCopyright", "Copyright 2015 Google Inc. All rights reserved."
		VALUE "OriginalFilename", "chrome.exe"
		VALUE "ProductName", "Google Chrome"
		VALUE "ProductVersion", "49.0.2623.112"
		VALUE "CompanyShortName", "Google"
		VALUE "ProductShortName", "Chrome"
		VALUE "LastChange", "4fc366553993dd1524b47a280fed49d8ec28421e-refs/branch-heads/2623@{#663}"
		VALUE "Official Build", "1"
BLOCK "VarFileInfo"
	VALUE "Translation", 0x0409 0x04B0
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="*" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v3.01</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/></application></compatibility></assembly>
NullsoftInst
o},a!p
x qSuk
)"u6unin
onhrE3
	hFqU+
9dz$=\hr
AYjC	5
YTQ(4GC
}U4mv)
*|\b7)
b,F9v~Y
VK"	5D
kLyYj%
*_,R<2YC
fv'O	j
$le>-c'
:h'+[	
*~kHy54
/6I[dk
S$?ne=n$
S=&Ip[
kAC kR
Bs,X\U%
|i hhp
r<Hu4P
`-;*\\
7q'82){
|tOp<OH
a4rJ{l
LBAOdy
,`*0t~
3xJfZT
	>;j/b
:A90kn
O3y*#&
e8',O{H
aetr%4
mi]k'}-
Qbr%;D'
$f1R)n
8Q`(mw
62az^e
3zycDN<<rq
;e,#G#-V
C(1Z/P
DRyYFGB
uGh}F9
Aiai >
hLqD"c6
!:&gZZ
IDP=S]#a
C4ZnkM
6GI((N
'<8,O)
,AZ11B
!.V'9#.
~S`H/2
Lgozha
YPscgE9
&Mo#K|2H
_(arES2
|UH5Oa[r8_Z
!XWLYB'
.KmI2^
l!L\[]
Z"*K#o"
&Q,QMd
q/vw&s
[uR|n|
u_Pe;^P
){x)S9
IU]2mI
Eu0Y4WC$
NNEOhz
=y|O^>6
w;/0B<
zf|3_t1	
!xi*Y(
&(vNO=WZ
e!vOm(*
@Uc7/7
w) `dQ
zWR&RhZ|
czpQd%/
(:e@S"
d^sghs
~R%1Md,
a_Aj!l
~4zZw&
*#\QUk~
g8G?Um
i,V b7
EeH_mC
PPaB|a'
nTu!7X
3t:iPD
My3UNk
BzP(yJ
Nie^mk
SF`+oh
Ss16/J
y,S1mXA
rzT||S
ljNav(
Y"I|ui
f){J]P
7bt'O}
!(3Y2ucu
mAFyQ+
UM^i[	
|WT~nd
.%ZsxhN
v@w|X:
km/JW<.E
xnWc,J
lz],|vw4
Nrh_VE
W5pp:uNq
<'`E H1
l}0kWI
$5!~2bj
O]qMf/
9Z]WN_6q
v|9B_=
u;AVC8
+%^T)g
rrc{10
(YMzre
XF:rlm=
DFl9O 
gW/lxH
[0ID+i
Z2V%dF
k5c)MA
V4KTRU
*sxnby
lpCl[Wo
/g[a;D
byUpXf
-MV4ql
t~7+;p
C8*+eTj
3;&ROh
;<}Ql0
5ig)xlp
^uuEq#L
k_x*'J
Ovmhy3iu
a'zE ~
.[##YM'!
X_"|c.
qID~[=
u1Ma=7
p|[E#U
g+|-eK
%EQmf?I
CU781&
z(,$K#=
RP|j0 
4u8JAM
cC7g)`
/&Zh.-
w%-t9*
!7@u8E
S,g(b?x
?>6au&
$45q16
fl*92e
biF.M^$
T$[E'h
~G<", 
;F|:cg
	cBa`&
pRoXKv
bS@**8	
6sO9HK
1%5v1T
*PBDvD~y
zrK4L2.
I(1B3x
x82&]Y
~QGF_/
8YUQzSV
|,n?O9
aF}s-ek&
g_q"Uc
Y.Q#ho
/$m)s+
jYJSX:
SmVz`_
E-*K@"
moJbMV
8^#|8h
w T`W(
5gUq>`
WrNL*k
uD7VQ`
.Ch9'&
'QfrKV
,OEos&rg^q
kM@Kci
/sxuPtk
	YC[/p
2BE~db
mj)kW"
WtwQIL
a2>Y"uq0
&%vAa>b:]
!A&'yr
s!GqAB%
D8,r\U
^ sqJE
$"u>+A
~?~?R3
f-(}j)-
YVG[*.II
aWkb}-
j.6!I$5
qG}:jQ
):rOs9
V]uqge
-$n_6*p|
Wt&TIL
&Jg7Tt
Rkbzf-~
eL~b|~M
ht`#A[o+M/
r/c*?zI
1.}n"X
Rph6T'3*
z[0fk[
o4QZm0
qAc;`:
Fia^(H*
GJ~6Jg
Z9)(6\
+MBh,	
pI;;GH
[sTh&R 
n2kR`b
*J9s(0
}rk%d;
N'k$Ga
"+Tum<
6'AmZA
eH;X}ck
ma^	,sd
IW-yVc6I
\P\C\)(
zIv h^gG
9%]&"-
%&@mo"
H?#sCc
BFIp7zuV
%l2\1DL7
Y@\8/f
i8!ah15W
c.7KU!
+-n7{e
bn3NWY9 x
QzM{"%
3-n*wZ
D0+ r;
<>l-:B<
v;~J&7
PVX^\rB`C
HcY]=;
$o?=2C
Q3crI^
R[n>is
BNhA9i
&1LF1|
{@z@zQG
:?Nsju
S q7m^
%U=B(+
&!1\:u<
?F#38WK
-cA]r+
{jn'XUab
FpIQXV
i}qy|@u
! >~H8
Iu/"2c
pxMJd3."
&kB(mVOt
4aX 8F2
5Ngutv
>ZBHa,
\	;O$9
\Ph/VSf
(]GMC^
kEjR-/
)YCB?T
Jvqr0`
r,xO2ruI
jd5{Yu&5]?C
G<f)#M
1e{+ld
H2=$l?
rNy-nw
1eZZqcj
Q8M|JL
^iS@;k
xq)&{"
a:qF2b,
XXDipr
0R!k+nP
D|2-y,AY
vRew8V
E6M3z(Ab
h^N%6,
B5}aq0
g1o&Jb
JafB)W
=["u%	
'*xtQR
 _TPme
Bd@h7d
=8e{B&
e$z06o
qR+_o6
f'#ZC[
C6Zj<P0
Raez|w7
AlffD?(
I++sf*
)G42R\
v&'6Fz
C)q!n)rZ
P:~94a
c:|Ier
ym,r7F+Q
7N$(`4,
$]ZOYX)
B>$DaX
m*i0cj
b	s7~w
,TLDrEUL
$q7fw5,
"'edF\
9)@L-_
j`'*mM@
J$rrFK
o'+Pu@W
d0&fZ_
8a_{P=)
L"1 t_
C=>m:YQV
64}uH5
4R)n>	
KjL'KhG
kG99j9
8rP)_;
|6=c=N
)5m-~F
j%kLI"
 -o4$A
z5Y dy
:`RS#DR
I|o*;'w
>EchuM{
kSw-Cx;
MJ,[Kr
zB14j2
lHiB1W
u&s7$cQ
Hxr}]k
|.=+mB
b"Ad]?
?a+k.s
zO6wba
098ZpnIx=
$bCj}^
9onQ/30a
CDJsPaOW
P-`=q;Jm
T<.jR1
_(B|@ q
)RmS3`
"Jjn!B
A^:ESu
}j{f!c
da	oK6
$X.4@|p{$
oar<xcJ
`]KIfV<
oZ6pVB
q.UQFv7
GwfyW0
aK%oYW
S*Yv#H
o57dL 
Iyhs=@1
ZLH?r"f
`:v,]X
vlEkxy
_THi)*
I=sc&q
|]>gcv
U&`;zK
i*BLS4
c*4e<%
;k]0pt.
Dl#,U^
0*q!j+k
7=79ob;
nku()J
P -Tr8	
oA8xtjD
+]^x02
v?Ml;K
O1nn}LH
]?`-wpW
/*=lG.#D
	s})BK
@*	Iwg
k'KkD)A
J\\2\@-q
IA?BZ7
@x?F?F
Uh~EP*
-9)zCOn
R}OkFA#
~Or8IE
N\MT[.Y-	
;G{7erb
c<qXG?
 %0MuC
-oFrsA
o"*N?	
	b8#kb
i=	R_E
3u.y	c
; /Gt)
Cw=F9A
YGr`o5 
nZ'tR?y
/[Kp{:
%F7*sfwjNq
u	_S	b%'$
eR(#9)
`x{=>.
w3zlt#
%Y"'YK
\-YaNP
g#5[i.
kB#&P/
92%*2Y4\.
'^Qa`sT,P
%n@g#&r
VgoZhI
D~Hj%X
8X0kdX@
n1ug8&RX
z1#i#|)
@\T]v(
D {IC)
MrXy+D
'hydc;
~S{:]t
ix_|!0
C' yby
a[Gc=qc;G
q93hwSCNb
515!H>X
=7_T@J
5{pTX<W
fp\aQ/
M*`lV\
CEYu*+
CTBET79c
NullsoftInstTP
Qi~QT]d
N~+QeM
Z`uif(
F},Tk5
?~S9"*
{p@et4
YTQ(4GC
}U4mv)
*|\b7)
b,F9v~Y
VK"	5D
kLyYj%
*_,R<2YC
fv'O	j
$le>-c'
:h'+[	
*~kHy54
/6I[dk
S$?ne=n$
S=&Ip[
kAC kR
Bs,X\U%
|i hhp
r<Hu4P
`-;*\\
7q'82){
|tOp<OH
a4rJ{l
LBAOdy
,`*0t~
3xJfZT
	>;j/b
:A90kn
O3y*#&
e8',O{H
aetr%4
mi]k'}-
Qbr%;D'
$f1R)n
8Q`(mw
62az^e
3zycDN<<rq
;e,#G#-V
C(1Z/P
DRyYFGB
Error! Bad token or internal error