Malicious
Malicious

2f0e72216baccb5d3cd1c7198f6e0671

PE Executable
|
MD5: 2f0e72216baccb5d3cd1c7198f6e0671
|
Size: 5.73 MB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
2f0e72216baccb5d3cd1c7198f6e0671
Sha1
c677735b7375a844c5e3f6a8a671765e9143d905
Sha256
236d0788e4f5491cf67749cc4a5e56118d98f4254c047c36c98153375b2b6e5a
Sha384
daad900cd476cb5cc5aafd5c4272f5232651284380f4e3cc4318943af368a82519a240ab0c898d2213fa5fd1a2334328
Sha512
04d74f1f03fde37859115a53bd0ec01035195d006817eda2dbda7e4a87dfff44ebb3b2942d587aa65ba22fb271e8df506bcb0e6262434ff38cfe6761c92a7c55
SSDeep
98304:nJQs5JmQlKX8y0n6TNcGicB1qSZVjW6wOLZW1nRicQTeQ4+zgt1j5q5fVDVFyY2u:nJQTQIsy0nYljWYS8DIj5gNx8eUU
TLSH
5D46331194B54729E68F89F661E72B3915D30E3C2C5F3B1B8E34E976A9B00CC79AC18D

PeID

Microsoft Visual C++ v6.0 DLL
File Structure
2f0e72216baccb5d3cd1c7198f6e0671
Malicious
[NSIS Installer] @ #00009608
Malicious
UserInfo.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.reloc
AudioCapture.dll
BackupService.exe
CLIENT32.ini
HTCTL32.DLL
NSM.LIC
NSM.ini
PCICHEK.DLL
PCICL32.DLL
TCBR32.DLL
TCCTL32.DLL
client32u.ini
msvcr100.dll
nskbfltr.inf
nsm_vpro.ini
nspowershell.exe
pcicapi.dll
processing.ps1
Malicious
[Deobfuscated PS]
Malicious
remcmdstub.exe
nsExec.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.reloc
[SETUP_DECOMPILED.NSI]
Overlay_1837058e.bin
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.ndata
.rsrc
Resources
RT_ICON
ID:0001
ID:1033
RT_DIALOG
ID:0069
ID:1033
ID:006A
ID:1033
ID:006F
ID:1033
RT_GROUP_CURSOR4
ID:0067
ID:1033
RT_MANIFEST
ID:0001
ID:1033
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Overlay extracted: Overlay_1837058e.bin (5691657 bytes)
2f0e72216baccb5d3cd1c7198f6e0671 (5.73 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙