Sample details: 5273d7d55a1617f224eecdbf20a577fe --

Hashes
MD5: 5273d7d55a1617f224eecdbf20a577fe
SHA1: ed8c4a4e7772e54fb386498959f816364fc0758b
SHA256: f7808c48e0f2d1ee0ce728177bc1c056fa222bfcba525d62d800e009ec737be5
SSDEEP: 6144:S584cGCnQk7ZpKt3bLeEfiF/+iH4yuiAgFtYhd1824qkEYKQ2t:N4cGCnB7Z+rTfiF/BY/gwx7+KLt
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/escalate_priv | YRP/screenshot | YRP/win_registry | YRP/win_token | YRP/win_private_profile | YRP/win_files_operation | YRP/CRC32_poly_Constant |
Source
https://magicmarketing.vn/wp-content/uploads/2016/12/_temp/apos.exe
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.ndata
 s495lGB
vX95(GB
#Vh|,@
Instu_
softuV
NulluM	E
D$(SPS
Vj%SSS
D$$+D$
D$,+D$$P
_^[t	P
UXTHEME
USERENV
SETUPAPI
APPHELP
PROPSYS
DWMAPI
CRYPTBASE
OLEACC
CLBCATQ
NTMARTA
RichEdit
RichEdit20A
RichEd32
RichEd20
.DEFAULT\Control Panel\International
Control Panel\Desktop\ResourceLocale
Software\Microsoft\Windows\CurrentVersion
\Microsoft\Internet Explorer\Quick Launch
MulDiv
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
SetFilePointer
GetPrivateProfileStringA
WritePrivateProfileStringA
MultiByteToWideChar
FreeLibrary
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA
lstrcmpA
lstrcmpiA
CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
SetFileAttributesA
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
KERNEL32.dll
EndPaint
DrawTextA
FillRect
GetClientRect
BeginPaint
DefWindowProcA
SendMessageA
InvalidateRect
EnableWindow
ReleaseDC
LoadImageA
SetWindowLongA
GetDlgItem
IsWindow
FindWindowExA
SendMessageTimeoutA
wsprintfA
ShowWindow
SetForegroundWindow
PostQuitMessage
SetWindowTextA
SetTimer
CreateDialogParamA
DestroyWindow
ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
USER32.dll
SelectObject
SetTextColor
SetBkMode
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor
GDI32.dll
SHFileOperationA
SHGetFileInfoA
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteExA
SHGetSpecialFolderLocation
SHELL32.dll
RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
RegOpenKeyExA
RegCreateKeyExA
ADVAPI32.dll
ImageList_Destroy
ImageList_AddMasked
ImageList_Create
COMCTL32.dll
CoCreateInstance
OleUninitialize
OleInitialize
CoTaskMemFree
ole32.dll
verifying installer: %d%%
unpacking data: %d%%
... %d%%
Installer integrity check has failed. Common causes include
incomplete download and damaged media. Contact the
installer's author to obtain a new copy.
More information at:
http://nsis.sf.net/NSIS_Error
Error writing temporary file. Make sure your temp folder is valid.
Error launching installer
SeShutdownPrivilege
NSIS Error
%u.%u%s%s
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VERSION
SHGetFolderPathA
SHFOLDER
SHAutoComplete
SHLWAPI
SHELL32
InitiateShutdownA
RegDeleteKeyExA
ADVAPI32
GetUserDefaultUILanguage
GetDiskFreeSpaceExA
SetDefaultDllDirectories
KERNEL32
[Rename]
*?|<>/":
%s%s.dll
wwwwww}
wwwwww}
wwwwww}
wwwwww}
wwwwww}
wwwwp}
wwwwp}
wwwwp}
wwwwp}
wwwwp}
wwwwp}
wwwwp}
wwwwp}
wwwwp}
wwwwp}
wwwxp}
wwwwp}
wwwwp}
wwwwwwwxp
wwwwwwww
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="*" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v3.04</description><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/></application></compatibility></assembly>
NullsoftInst
~`z`_`
I6kYet
 ?D)!<
E:v#Kf
X}G G}
l_H>$F
 UE.$P#
910~@=
+E#+"go
IwL'()
b|m lW4/
>2orI+
utDZ[<N
,=o9ts~
~nz*Y,UZ
Qt!5~+3
vEuH5Y
B`Fx%7
qLE!3R
b42uECJ
q!wfom
TI18UkI5Qy
`xIJa-5
fx4m)v
Tp07ei
[bK 2R
Z~e06J-r
CtYow~
 K5mZC
B]1edc 
OLIuU`
f%fm<y
PNn$W]
	>/(},
4y	0(,
8k[& F
ejBxs(O
BdLrG_
@>4%	C
:r5CGZ
s;G80"
YxQc8,O
LJ=u`W
vf;X6c-
48<r9u*
pe]"-]
Wol8-z
BAxAz-
o&&d{O
:F=FB]
!55FH_
gZQr*N?9x
e=0R{O>
C}2b1K
&=v.,v
t?Y>H8
\;x-q;D
Bul+q(/
D9cB=5
j{0?(z
Q1TtG(X
^%L\~{R
il\*9OG
D$B$..GZ
$,	{E1
M]LfTM
%&>&FY
U0QYNk
1sGCk@!
-PTkI4
[T}iOP
,QO~ u(1|
f660\R
Q	7.WE
sNZ5w(
z,]OFt
zLb_NH
qQ&9",
Eb_Mt$,
6\5-Y^
iZ%P!UV
:aO^JI`
E_ro]a
pC~sz(
%5&'[_(
tJk)$Z+
yT	)+dW
ATWI]=
l<x:*3
pWP*#7
7|N%J0
q[5ih^
onm"`:
b%^C]3.%r
/{OdKr
:jSjvQ
rYi;,)
1,,)sA
<I@KSF#d
Ch7;.v
JnUFi@
`mJ:*w
MAW+:^
U:WQ<"
RUY 0vgrF
t!J{J`
5jD('8
y^QT37
AhCx8s
ur*jjH
KS}['R
Kf{<Q)
&-bV7	>
Yk 5m5
zb+(w 
y1JI*g${I
	q};i+
ZP3s0t2
x~PuDc
_%b@E-
WhM4@K
1/k(Qv
]WUzy[\T
BYV24RP
2	)Gof
CxgkVM
q]$C/?h
ELX{;-
!Z(O#cAv6
rO2fM)
Pj7:IY
SC[F	M 
{UIJnneR
FPmH1t=/
=,Kz[+X
x&Nzc,
8nJbsn
)se`zY7
D{olhH
RxX(gAL=
 ,GI%XN"
Z'6:N*
cXk<^9
[T?K1Yt
\EVyD[O
5:maM?
[5W}[/]F
iye}j0hS
)`qbjtX
NdhM9o
g|/f{MB
at`Ve&.
ob\Zh,
|HEtPo<
<YMIWP
:<;*Y|
 kluvH
m=1Ic^T
7P~[=R
D(|LB}
^G43pC
#&7 C/A
T_^	u[
]amjxs
.Z!|(	
UZV4ylU
	w7(Ss
3<UdYp
`<bS/o
^4ahDi
U{+X93
!I	x`n
i}#uQuD
]tf.>_
 zo}j!
;Xz	''
-$m/wqo
AxElSX
AYXEt$
(C`E{-
0}MpdD-
j[\ :M
)xrwO'
ClF),K
~B nw>
)B!yda
+HFm(_U
muloZv
|]%hw/
%mqw31
q\DXMVTI
A@=#82b9E
	+S[n&
MRW<WkY
[B6vw,
S2q(^ut
pqA2f'
c5ATQ{W
W9I5]SZ
ARdJ}o
prkdWy
1&<FrG
,X~E	T
.RfBu`
7c9U	h
cd,H`-
G';Y}P
	~PAu;
3X<w!s
1wv]\s
}-'	s_
nT{[,-
n{/5+TTk#u
[bs((F
(`yxI8
J:A}Br
f,+*LZ
 /1R.6
HlTWZI
"[HA\$
DtH@I7
T kUmS
3$f0Hu
I6_1fCm
<^TMdJ
d"[Z&1y
"{3Hw>#
h?8[)r
tjDS,Kn
=)fz~l
?#`)57
@Sbeu:
7s9QqQ
wk%rtb
DggciM
uHF#ae
W0*=hG
k[~#sA.W
wkq;u0
tTqr:(
! !Y\A
;RnL9ms
?-	V@qD
usqa]b[
F&H+E<
lc%[UUg
	\SDt0
0WN.r;
qs:#A]
x]H*1-
5|nq`?,
$*}^="}
5#bb_mq
VIzIE"
%ikY{a
e;bZT>
}ww~JC
)cSr_&
G:ZrLic
)omn!t
-S.xjn
E4qzxm
RE}Oi2
	gUZw&
!Nj^o]
,Ivs{]
1e74 }
<<hk+'d
frHz}R
qsD&hP
7SN 	]5f
ec~8ql
_e-B_y>
##J59Ho
\]\7Dh
&SV~*r
24'%Xw
3wb&vb
KLgeR^!
MZK1JuH
oS{(Rzr
Bzu>it
8:G0<r
#knnS0m
KLe(SK
_Jk2)P
_2jwL[/`
xiwx$\
tO,.Fy
teF0uTs
#b=9@W^zM]
|vHKx	
MzIa_?P
AAf~S}
?% Vrx
|Y[xnc*
H?GWbZ
5mM=ZtI
rhwK4Snr
;N]4um
N8#\(m
].$qwR
N&BFX1m
L	D*> `
G1FKwN
p)+}JV>f6
o].gdyL
!r/q6=`
-46jRp
C}NxXO
"bxvZY
xz'lPT
CGM+kOc
1r.jOk
NwF4XV
J.Gn8X
@bFt2@
`>\pVU
4"'_v`
iK3v9SQ~`
75lH$X
A+?vo@
'{*H%34
ih(c\	Q
B`N1'teDU
xhz*d\
AvSo-i
hA$bcf
O\V8Daj6
o{xIP`|
g{cf=e
=hp)9"
_!50%a
YKB-A}
v*4*dk	
Q)TDL9
)1I!_G
lT0Xamx
YMetQ:S`
hX+MZ4n
>B]y|3
f`%A~6
XZOu}DCb
?tRlkn
wWA]v 
U:RI)	K	M
	Y	ojM
yL5D/THi
|f,X7]g
eh)(:8
1euQ'Q
iH\Z5N
3p]JYP
yHO$+m
ye]>]&8
\}/J?I
ZJJ<?J
MD94FY
\8p$T4
RuVo#j
hkhR%\
yL-1-\
V.kE_P
fC2AbC
W#_y;Hk;U
TKSJnq
	UrcSu
([VN!D?ndW
BZ(n?i
/Tmfwq
(5[3pI
Kn?+Q;
:k+iigGc.
wbg	UK]OA(
j$$wpC
p8wU.J
~~s5W*
#E04F:
Am"a8@
!?	k:v9
hq~G)3/<O6
J0'qXN
KGQyk?
x)peA	x
/KcbsT
2raS#9Ia
."kRMx*
{<`Y>'C
k,Z!$l
zf!}<Fdq
P"(=L`
	1fv7TH"&
O\uuOMu
dmgzt>J
50naf$
-T3e?V
kl=1S(m;	c
tt59g+|5
\&&T<z*x
Mj#n+P
+bKY	Iv
< b^qT
2N{tv$iHq{]l
^iK5ts8.
&&Wf3Q
\>XDGa
lLS?6Z
/fRt;^
gI+MYp
ojG7*?/[
Qll?V"
.6+VVP
A*dgC,
UqAg	>=i
-_Sc&J
k)UoZu
]Xn$|N
U1<D9);%O
v]40TYp
Ydxf6|
m:=LfM
mw^J$6
@5J,x`_l
J)"6+	5
Bb8d(2JF
Q] cfs
oynj5S
o$V;g)|>RN
Zt3	@:
}m]cl:
=KT*n6X
/]Ei6sA
v,:wd4/
zT%gs"U
F}Zqm<
vJA7r&
3ud8#7
1]z)Y)
q,FFQt
z{nkOj
X\dMODx
$q2rC1
eZDE{5
~mEiH*$
n=lkTI
cA%"SR(
G-@O<w
|F,LO]
ZDOQT7|*
2GWyUv
+VLziC
doGl3i
EcH<!RY
O5es|A
`4dS>tK~
Nj6yD2
:KD2lff
pZhvvT
0HT(W8