Source: nitdmexcel_18-0-1.exe |
Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED |
Source: nitdmexcel_18-0-1.exe |
Static PE information: certificate valid |
Source: |
Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdb source: WindowsInstaller-KB893803-v2-x86.exe |
Source: |
Binary string: A.pdb source: MIFSystemUtility.dll |
Source: |
Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdbU source: WindowsInstaller-KB893803-v2-x86.exe |
Source: |
Binary string: c:\P4\NIInstallers\trunk\18.0\src\MetaUtils\NI-PathsStub\Unicode_Release\NIPathsStub.pdb source: MDFSupport.msi |
Source: |
Binary string: c:\P4\NIInstallers\trunk\17.0\src\MetaUtils\NI-PathsStub\Unicode_Release\NIPathsStub.pdb source: EULADepot2.msi |
Source: MIFSystemUtility.dll |
String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0 |
Source: EULADepot2.msi |
String found in binary or memory: http://digital.ni.com/express.nsf/bycode/InstallerForMicrosoftSilverlight |
Source: MIFSystemUtility.dll |
String found in binary or memory: http://ocsp.thawte.com0 |
Source: MIFSystemUtility.dll |
String found in binary or memory: http://s.symcb.com/universal-root.crl0 |
Source: MIFSystemUtility.dll |
String found in binary or memory: http://s.symcd.com06 |
Source: MIFSystemUtility.dll |
String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0 |
Source: MIFSystemUtility.dll |
String found in binary or memory: http://s2.symcb.com0 |
Source: MIFSystemUtility.dll |
String found in binary or memory: http://sf.symcb.com/sf.crl0a |
Source: MIFSystemUtility.dll |
String found in binary or memory: http://sf.symcb.com/sf.crt0 |
Source: MIFSystemUtility.dll |
String found in binary or memory: http://sf.symcd.com0& |
Source: MIFSystemUtility.dll |
String found in binary or memory: http://sv.symcb.com/sv.crl0a |
Source: MIFSystemUtility.dll |
String found in binary or memory: http://sv.symcb.com/sv.crt0 |
Source: MIFSystemUtility.dll |
String found in binary or memory: http://sv.symcd.com0& |
Source: MIFSystemUtility.dll |
String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0( |
Source: MIFSystemUtility.dll |
String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
Source: MIFSystemUtility.dll |
String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0 |
Source: MIFSystemUtility.dll |
String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
Source: MIFSystemUtility.dll |
String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
Source: MIFSystemUtility.dll |
String found in binary or memory: http://ts-ocsp.ws.symantec.com0; |
Source: EULADepot2.msi |
String found in binary or memory: http://www.chilkatsoft.com/p/p_463.asp) |
Source: NI Released License Agreement - English.rtf, NI Released License Agreement - French.rtf, NI Released License Agreement - German.rtf, NI Released License Agreement - Italian.rtf, NI Released License Agreement - Spanish.rtf, EULADepot2.msi, MSIProperties.msi |
String found in binary or memory: http://www.ni.com/driverinterfacesoftware |
Source: MSIProperties.msi |
String found in binary or memory: http://www.ni.com/legal/export-compliance.htm |
Source: EULADepot2.msi |
String found in binary or memory: http://www.ni.com/legal/export-compliance.htm. |
Source: NI Released License Agreement - Spanish.rtf |
String found in binary or memory: http://www.ni.com/legal/privacy/unitedstates/us/ |
Source: MSIProperties.msi |
String found in binary or memory: http://www.ni.com/legal/termsofsale |
Source: MIFSystemUtility.dll |
String found in binary or memory: http://www.symauth.com/cps0( |
Source: MIFSystemUtility.dll |
String found in binary or memory: http://www.symauth.com/rpa00 |
Source: nitdmexcel_18-0-1.exe |
String found in binary or memory: http://www.winzip.com |
Source: MSIProperties.msi |
String found in binary or memory: http://zone.ni.com/devzone/cda/tut/p/id/9561 |
Source: MIFSystemUtility.dll |
String found in binary or memory: https://d.symcb.com/cps0% |
Source: MIFSystemUtility.dll |
String found in binary or memory: https://d.symcb.com/rpa0 |
Source: MIFSystemUtility.dll |
String found in binary or memory: https://d.symcb.com/rpa0. |
Source: nitdmexcel_18-0-1.exe |
Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED |
Source: nitdmexcel_18-0-1.exe |
Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: C:\Users\user\Desktop\nitdmexcel_18-0-1.exe |
File read: C:\Users\user\Desktop\nitdmexcel_18-0-1.exe |
Jump to behavior |
Source: nitdmexcel_18-0-1.exe |
Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\nitdmexcel_18-0-1.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: niPie.exe |
String found in binary or memory: /install |
Source: niPie.exe |
String found in binary or memory: ^@INSTALL\Software\National Instruments\Common\Installer\Pending\PackagesSoftware\National Instruments\Common\Installer\Pending\Deletes...%s\%s%s\*.*Value-ValueNameKeySoftware\National Instruments\Common\Installer\Pending\Registry\DeleteSoftware\National Instruments\Common\Installer\Pending\Registry\AddSoftware\National Instruments\Common\Installer\Pending\Registry/sREMOVEALL%s %s/remove"/install/test/qMutex FailedNested Install_MSIExecute/qnmSoftware\National Instruments\Common\Installer\Pending/undo%s ,\FeaturesTrueLaunchedByUpgrade\ProductsSoftware\National Instruments\Common\InstallerNIUPDMGRtrue |
Source: classification engine |
Classification label: sus22.expl.winEXE@1/0@0/0 |
Source: nitdmexcel_18-0-1.exe |
Static file information: File size 78606216 > 1048576 |
Source: nitdmexcel_18-0-1.exe |
Static PE information: certificate valid |
Source: nitdmexcel_18-0-1.exe |
Static PE information: Raw size of _winzip_ is bigger than: 0x100000 < 0x4ad6000 |
Source: |
Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdb source: WindowsInstaller-KB893803-v2-x86.exe |
Source: |
Binary string: A.pdb source: MIFSystemUtility.dll |
Source: |
Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdbU source: WindowsInstaller-KB893803-v2-x86.exe |
Source: |
Binary string: c:\P4\NIInstallers\trunk\18.0\src\MetaUtils\NI-PathsStub\Unicode_Release\NIPathsStub.pdb source: MDFSupport.msi |
Source: |
Binary string: c:\P4\NIInstallers\trunk\17.0\src\MetaUtils\NI-PathsStub\Unicode_Release\NIPathsStub.pdb source: EULADepot2.msi |
Source: nitdmexcel_18-0-1.exe |
Static PE information: real checksum: 0x4af8739 should be: |
Source: nitdmexcel_18-0-1.exe |
Static PE information: section name: _winzip_ |
Source: C:\Users\user\Desktop\nitdmexcel_18-0-1.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: MIFSystemUtility.dll |
Binary or memory string: hGfsu |
Source: MDFSuppo.cab |
Binary or memory string: VMci5 |
Source: Yara match |
File source: NI_EX00_fra.mst, type: SAMPLE |
Source: C:\Users\user\Desktop\nitdmexcel_18-0-1.exe |
Code function: 0_2_0040F211 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter, |
0_2_0040F211 |