Analysis Date2015-01-23 22:09:18
MD507074588f1ee27ba6e0aec6a303ca38b
SHA13d8d451fd33b67b157da6c44a19eab0066c497a4

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: c69726ed422d3dcfdec9731986daa752 sha1: 4546608e3b1a2ab1d69a34018d2ddfa7fa411885 size: 23040
Section.rdata md5: a2c7710fa66fcbb43c7ef0ab9eea5e9a sha1: 60485025c47935e745e57b6efc7042f2261b7d53 size: 4608
Section.data md5: e59cdcb732e4bfbc84cc61dd68354f78 sha1: ffc24489dd56b406f9078ba1cb9c71e9b430dbee size: 1024
Section.ndata md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.rsrc md5: 77e631420e310300cf409a02b0e72cbe sha1: 0e702152a6aff8d61a1e2e523be17a128babac3a size: 16384
Timestamp2009-12-05 22:50:41
PackerNullsoft PiMP Stub -> SFX
PEhash7fba06bd8c30fb22d046c35717c5424fcda1e383
IMPhash7fa974366048f9c551ef45714595665e
AV360 Safeno_virus
AVAd-AwareTrojan.Generic.11845202
AVAlwil (avast)no_virus
AVArcabit (arcavir)Trojan.Generic.11845202
AVAuthentiumno_virus
AVAvira (antivir)no_virus
AVBullGuardTrojan.Generic.11845202
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)Downloader.NSIS.r5 (Not a Virus)
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftTrojan.Generic.11845202
AVEset (nod32)NSIS/TrojanDownloader.Chindo.C
AVFortinetW32/Chindo.B!tr.dldr
AVFrisk (f-prot)no_virus
AVF-SecureTrojan.Generic.11845202
AVGrisoft (avg)Dropper.Generic_c.AAWT
AVIkarusTrojan.Downloader.Chindo
AVK7no_virus
AVKasperskyHEUR:Downloader.NSIS.Chindo.heur:Trojan.NSIS.StartPage.fg
AVMalwareBytesno_virus
AVMcafeeRDN/Downloader.a!tm
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)Trojan.Generic.11845202
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings
 " "
E...
msctls_progress32
Please wait while Setup is loading...
SysListView32
 !"#$%&'()*+,
*?|<>/":
0a&H#3"
0Qan"4
0SG=-K
[1CMs3
1D9:=.
1P3&&?5
1SX"&7*
1YF<-=
29G/7_
2 A(v(;
!('&2+:C
`2[f[H
2mA13y
2xs~6;LNL,
3<4?F<
3G l'C"X
3k"eq@^
&!{3KHA
:3kz~@J#
=~<~3m
3))~*o
<|^<40
"4F9;T
%4%.i 
4N>M5TXE
4Uh\?L
4v;U/`
`4;ZP?
5k{t*A
5z1)gs;.
;6(LtZ
6m@A^BgG
;/%+`	7
'7&2lz
8`6g#5
8Ab?5U
8NCRCu
a3H}z$
)Aak1y
AdjustTokenPrivileges
ADVAPI32
ADVAPI32.dll
.>AEFA
+AEFeB
!a>?iF
aMZ8Hdh#
Anppmlht
AppendMenuA
au@29]
aVlgZ|
BeginPaint
Bg96jh
BpT{gR
bxQ(/<7
b;z#JO4
CallWindowProcA
- .cE/
CFmmJ)/dh
CharNextA
CharPrevA
CheckDlgButton
"'ckDy
*Ck!k{:G
CloseClipboard
CloseHandle
CoCreateInstance
COMCTL32.dll
CompareFileTime
Control Panel\Desktop\ResourceLocale
CopyFileA
CoTaskMemFree
CreateBrushIndirect
CreateDialogParamA
CreateDirectoryA
CreateFileA
CreateFontIndirectA
CreatePopupMenu
CreateProcessA
CreateThread
CreateWindowExA
cuu-Erv
CY:*[_
... %d%%
D$0+D$(P
d4A"]]
@.data
D$(+D$ SSP
.DEFAULT\Control Panel\International
DefWindowProcA
DeleteFileA
DeleteObject
DestroyWindow
DH1+J`y:W
DialogBoxParamA
DispatchMessageA
dk};"n
D$$Ph,
DQiu1~dH
DrawTextA
D$(SPS
\D]`t9
?}~DV[
d$`wTQ
d)%zT-
'=eehe
;E'jJxk4n-
eknpstvx{
eLUO.b
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
}eN~Hx
E.p!s+
Error launching installer
Error writing temporary file. Make sure your temp folder is valid.
ertux{}
[e$v&ia
ExitProcess
ExitWindowsEx
ExpandEnvironmentStringsA
Ez)y0`
f4:8?@?tpFhilnqsuw
)F|	:A
FillRect
FindClose
FindFirstFileA
FindNextFileA
FindWindowExA
Fknqsuxxpx
fkx	@0w
FreeLibrary
fsEK>>&
GDI32.dll
GetClassInfoA
GetClientRect
GetCommandLineA
GetCurrentProcess
GetDeviceCaps
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDlgItem
GetDlgItemTextA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFullPathNameA
GetLastError
GetMessagePos
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSysColor
GetSystemDirectoryA
GetSystemMenu
GetSystemMetrics
GetTempFileNameA
GetTempPathA
GetTickCount
GetUserDefaultUILanguage
GetVersion
GetWindowLongA
GetWindowRect
GetWindowsDirectoryA
"<G<G u
G$jJ,+l
gKvIX)go
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
gnrtvxz|}
gu?He%
gW%Ybr`
gzaU&^
H0FvP}X
h!`cA@
h!(eje$
]!H	^:h
hHHHHBB
HhIN"U,
hK'C[*
h:mN#W
http://nsis.sf.net/NSIS_Error
'~h]&V
i0Bf/M
[=i]8G|
~*i/>E
IEGNzbH
iKB.GY/
ImageList_AddMasked
ImageList_Create
ImageList_Destroy
incomplete download and damaged media. Contact the
Installer integrity check has failed. Common causes include
installer's author to obtain a new copy.
Instu`
InvalidateRect
iRichu
IsWindow
IsWindowEnabled
IsWindowVisible
+J1#-dN
^	}J2*
Jb#HOBN
~'jile
j;OHv[ 
Kd	E G
KERNEL32
KERNEL32.dll
*~kHy54
k(J	>F
klmn(op2qrstuvwx\]^_`abc2defghijLMNOPQRSTUVWXYZ[<=>?@ABCDEFGHIJK-./01234567-89:;
kl+/.....-o......2328?AEFeehkt#
k.oJ*QHT
KP^Ja<7"Y
| kSf`
ktj# e
>k._v{
"Lm33l
lm;fBr
LoadBitmapA
LoadCursorA
LoadImageA
LoadLibraryA
LoadLibraryExA
LookupPrivilegeValueA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA
lZaEcD8
_MC5*i
MessageBoxIndirectA
\Microsoft\Internet Explorer\Quick Launch
m|<_[j
m_JFz;u	0X
More information at:
MoveFileA
MoveFileExA
{M?+pZ
MulDiv
MultiByteToWideChar
mvfr<Jw
m#Wpx$
.ndata
&/nER v
nn\r7j+
=n>%o{
n/ qlM^g
NSIS Error
~nsu.tmp
NullsoftInst
NulluN	E
nW1-Dx
N]y,+L
O +57t
)o7>Ar
'^O[7Z-/
^O8;+t
OcZxE&
oD4{fS
oFeqtY
!O\JS@
ole32.dll
OleInitialize
OleUninitialize
>ons]$fq
OpenClipboard
OpenProcessToken
O-S2Z%
P( 3f[
PeekMessageA
`p@H@FFF
-pk%Gt
\*p!)lM
P^{~|m
PostQuitMessage
PPPPPP
'p(Q4v
P!qoW{
)PRC=8!
pt39:::::,
pt39::::9+
[PTTTQQQ
pu4:::::49
\	pu?fhkx
p{U+)r$
\	pw9?AFEB'	)'$V#p
pZ,B>j
{Q4~O.B
Q\4U:`o
q7;Z7(
q@H9Zk
	.Qj%i
"=Q\Qks
qQu6~	I
Qs/eDaeDp
qt07:n
qu3860+
qu49E<9+n
"*Qw&g
qwwUJB
`.rdata
;?RdIs
ReadFile
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteKeyExA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegisterClassA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RemoveDirectoryA
[Rename]
RichEd20
RichEd32
RichEdit
RichEdit20A
RrA$[s
ru4:9:::+
ScreenToClient
SearchPathA
secNDjb;
SelectObject
SendMessageA
SendMessageTimeoutA
SeShutdownPrivilege
SetBkColor
SetBkMode
SetClassLongA
SetClipboardData
SetCurrentDirectoryA
SetCursor
SetDlgItemTextA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
SetForegroundWindow
SetTextColor
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
S$h6E4A
SHAutoComplete
SHBrowseForFolderA
SHELL32.dll
ShellExecuteA
SHFileOperationA
SHFOLDER
SHGetFileInfoA
SHGetFolderPathA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHLWAPI
ShowWindow
softuW
Software\Microsoft\Windows\CurrentVersion
SQSSSPW
Ss!!1P@
~SS!M%
St}p XF
SystemParametersInfoA
> _?=t
!This program cannot be run in DOS mode.
_^[t	P
TrackPopupMenu
:Ts-a}
ty@FH$$%%####$
ua:lE,W
u{FefdklcccK&#
uMIxU@
USER32.dll
U:u=P(
%u.%u%s%s
U(vQS,D
UyBTk)
>}v|8g
verifying installer: %d%%
VerQueryValueA
VERSION.dll
|vI\Bv
$v>pJ}
!vr}ag
vreBby
	vs9GQ
v#Vh;+@
W@5` +
WaitForSingleObject
(W+l6q.
&W?Le,
W/L"HT
@w?mBQ
wqlp,+
WriteFile
WritePrivateProfileStringA
wsprintfA
~)^wTm
wwwwwwwx
wwxwwxwwwwww
x@,^@?
X,' 4x
[X_>e.
x+F)+=
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.46</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency></assembly>
(xoB]nE
Xp^gu?
xrx{>z
xw@H@@@@
=XX}Q'
xxwwww
YCt\]nf
yHR#wi
yX	A}W(,Y^
yz{|}~
z3mt(k	
z8B/z,
Z~f+'1
@zKC<iO
Zs[m<hG>
:(z}WY