Source: setup.exe |
Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP, RELOCS_STRIPPED |
Source: |
Binary string: c:\P4\NIInstallers\trunk\17.5\src\MetaInstaller\Unicode_Release\setup.pdb source: setup.exe, 00000000.00000002.306404235.00000000007E7000.00000040.00020000.sdmp |
Source: C:\Users\user\Desktop\setup.exe |
Code function: 0_2_00531CB0 FindFirstFileW,FindClose, |
0_2_00531CB0 |
Source: setup.exe |
String found in binary or memory: http://apache.org/xml/UknownNS |
Source: setup.exe, 00000000.00000002.306026068.0000000000401000.00000040.00020000.sdmp |
String found in binary or memory: http://apache.org/xml/UknownNSUCS4UCS-4UCS_4UCS-4 |
Source: setup.exe |
String found in binary or memory: http://apache.org/xml/features/calculate-src-ofs |
Source: setup.exe |
String found in binary or memory: http://apache.org/xml/features/continue-after-fatal-error |
Source: setup.exe |
String found in binary or memory: http://apache.org/xml/features/disable-default-entity-resolution |
Source: setup.exe |
String found in binary or memory: http://apache.org/xml/features/dom-has-psvi-info |
Source: setup.exe |
String found in binary or memory: http://apache.org/xml/features/dom/byte-order-mark |
Source: setup.exe |
String found in binary or memory: http://apache.org/xml/features/dom/user-adopts-DOMDocument |
Source: setup.exe |
String found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations |
Source: setup.exe |
String found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd |
Source: setup.exe |
String found in binary or memory: http://apache.org/xml/features/schema/ignore-annotations |
Source: setup.exe |
String found in binary or memory: http://apache.org/xml/features/standard-uri-conformant |
Source: setup.exe |
String found in binary or memory: http://apache.org/xml/features/validate-annotations |
Source: setup.exe |
String found in binary or memory: http://apache.org/xml/features/validation-error-as-fatal |
Source: setup.exe |
String found in binary or memory: http://apache.org/xml/features/validation/cache-grammarFromParse |
Source: setup.exe |
String found in binary or memory: http://apache.org/xml/features/validation/dynamic |
Source: setup.exe |
String found in binary or memory: http://apache.org/xml/features/validation/identity-constraint-checking |
Source: setup.exe |
String found in binary or memory: http://apache.org/xml/features/validation/ignoreCachedDTD |
Source: setup.exe |
String found in binary or memory: http://apache.org/xml/features/validation/schema |
Source: setup.exe |
String found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking |
Source: setup.exe |
String found in binary or memory: http://apache.org/xml/features/validation/schema/skip-dtd-validation |
Source: setup.exe |
String found in binary or memory: http://apache.org/xml/features/validation/use-cachedGrammarInParse |
Source: setup.exe |
String found in binary or memory: http://apache.org/xml/messages/XML4CErrors |
Source: setup.exe, 00000000.00000002.306026068.0000000000401000.00000040.00020000.sdmp |
String found in binary or memory: http://apache.org/xml/messages/XML4CErrors#FIXEDEBCDIC-CP-USIBM037IBM1047IBM-1047IBM1140IBM01140CCSI |
Source: setup.exe |
String found in binary or memory: http://apache.org/xml/messages/XMLDOMMsg |
Source: setup.exe |
String found in binary or memory: http://apache.org/xml/messages/XMLErrors |
Source: setup.exe |
String found in binary or memory: http://apache.org/xml/messages/XMLValidity |
Source: setup.exe, 00000000.00000002.306026068.0000000000401000.00000040.00020000.sdmp |
String found in binary or memory: http://apache.org/xml/messages/XMLValidityWINDOWS-1252XERCES-XMLCHxmlxml |
Source: setup.exe |
String found in binary or memory: http://apache.org/xml/parser-use-DOMDocument-from-Implementation |
Source: setup.exe |
String found in binary or memory: http://apache.org/xml/properties/scannerName |
Source: setup.exe |
String found in binary or memory: http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation |
Source: setup.exe |
String found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocation |
Source: setup.exe |
String found in binary or memory: http://apache.org/xml/properties/security-manager |
Source: setup.exe, setup.exe, 00000000.00000002.306500404.00000000008EB000.00000040.00020000.sdmp |
String found in binary or memory: http://digital.ni.com/express.nsf/bycode/WinFastStartup |
Source: setup.exe, 00000000.00000002.306026068.0000000000401000.00000040.00020000.sdmp |
String found in binary or memory: http://digital.ni.com/express.nsf/bycode/WinFastStartupSOFTWARE |
Source: setup.exe, setup.exe, 00000000.00000002.306026068.0000000000401000.00000040.00020000.sdmp |
String found in binary or memory: http://digital.ni.com/express.nsf/bycode/exke86 |
Source: setup.exe |
String found in binary or memory: http://xml.org/sax/features/namespace-prefixes |
Source: setup.exe |
String found in binary or memory: http://xml.org/sax/features/namespaces |
Source: setup.exe |
String found in binary or memory: http://xml.org/sax/features/validation |
Source: setup.exe |
Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP, RELOCS_STRIPPED |
Source: setup.exe |
Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: setup.exe |
Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: setup.exe |
Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: C:\Users\user\Desktop\setup.exe |
Code function: 0_2_005780FA |
0_2_005780FA |
Source: C:\Users\user\Desktop\setup.exe |
Code function: 0_2_005713F0 |
0_2_005713F0 |
Source: C:\Users\user\Desktop\setup.exe |
Code function: 0_2_00587710 |
0_2_00587710 |
Source: setup.exe |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: setup.exe |
Static PE information: Resource name: RT_GROUP_CURSOR type: unicos (cray) executable |
Source: C:\Users\user\Desktop\setup.exe |
Code function: 0_2_005F67C0 FormatMessageW,GetLastError, |
0_2_005F67C0 |
Source: C:\Users\user\Desktop\setup.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Code function: 0_2_0053F498 FindResourceW,LoadResource,LockResource,FreeResource, |
0_2_0053F498 |
Source: setup.exe |
String found in binary or memory: JIS_C6229-1984-b-add |
Source: setup.exe |
String found in binary or memory: jp-ocr-b-add |
Source: setup.exe |
String found in binary or memory: JIS_C6229-1984-hand-add |
Source: setup.exe |
String found in binary or memory: jp-ocr-hand-add |
Source: setup.exe |
String found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd |
Source: setup.exe |
String found in binary or memory: pre-install |
Source: setup.exe |
String found in binary or memory: ISO_6937-2-add |
Source: setup.exe |
String found in binary or memory: The host/address '{0}' could not be resolved |
Source: setup.exe |
String found in binary or memory: "%s" -startDir "%s" -xmlPath "%s" |
Source: setup.exe |
String found in binary or memory: NATS-SEFI-ADD |
Source: setup.exe |
String found in binary or memory: NATS-DANO-ADD |
Source: setup.exe |
String found in binary or memory: "%s" -v -startDir "%s" -xmlPath "%s" |
Source: setup.exe |
String found in binary or memory: "%s" -filePath "%s" -startDir "%s" -xmlPath "%s" |
Source: setup.exe |
String found in binary or memory: User agreed to pre-install. |
Source: setup.exe |
String found in binary or memory: .NET 3.5 pre-install is needed, but user denied the prompt to install. Cannot continue - exiting. |
Source: setup.exe |
String found in binary or memory: .NET 3.5 pre-install is disabled via command-line or setup.ini flag -- nothing to do. |
Source: setup.exe |
String found in binary or memory: .NET 3.5 pre-install is not required on this OS -- nothing to do. |
Source: setup.exe |
String found in binary or memory: .NET 3.5 not in distribution or pre-install disabled -- nothing to do. |
Source: setup.exe |
String found in binary or memory: .NET 4.0 pre-install is needed, but user denied the prompt to install. Cannot continue - exiting. |
Source: setup.exe |
String found in binary or memory: .NET 4.x pre-install is disabled via command-line or setup.ini flag -- nothing to do. |
Source: setup.exe |
String found in binary or memory: .NET 4.5.x or 4.6.x install requested, but we are on Server 2003 or XP. Skipping pre-install so that the distribution launch (or m |
Source: setup.exe |
String found in binary or memory: .NET 4.x not in distribution or pre-install disabled -- nothing to do. |
Source: classification engine |
Classification label: clean5.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\setup.exe |
File opened: C:\Windows\SysWOW64\RICHED32.DLL |
Jump to behavior |
Source: setup.exe |
Static file information: File size 1466368 > 1048576 |
Source: setup.exe |
Static PE information: Raw size of UPX1 is bigger than: 0x100000 < 0x144200 |
Source: |
Binary string: c:\P4\NIInstallers\trunk\17.5\src\MetaInstaller\Unicode_Release\setup.pdb source: setup.exe, 00000000.00000002.306404235.00000000007E7000.00000040.00020000.sdmp |
Source: C:\Users\user\Desktop\setup.exe |
Code function: 0_2_0057683A push ecx; ret |
0_2_0057684D |
Source: C:\Users\user\Desktop\setup.exe |
Code function: 0_2_00576B39 push ecx; ret |
0_2_00576B4C |
Source: C:\Users\user\Desktop\setup.exe |
Code function: 0_2_0058D233 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer, |
0_2_0058D233 |
Source: initial sample |
Static PE information: section name: UPX0 |
Source: initial sample |
Static PE information: section name: UPX1 |
Source: C:\Users\user\Desktop\setup.exe |
Code function: 0_2_00538C8C MonitorFromWindow,IsIconic,GetWindowPlacement,GetWindowRect, |
0_2_00538C8C |
Source: C:\Users\user\Desktop\setup.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep |
Source: C:\Users\user\Desktop\setup.exe |
Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess |
Source: C:\Users\user\Desktop\setup.exe |
Code function: 0_2_00531CB0 FindFirstFileW,FindClose, |
0_2_00531CB0 |
Source: setup.exe |
Binary or memory string: hGfsu |
Source: C:\Users\user\Desktop\setup.exe |
Code function: 0_2_00570867 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00570867 |
Source: C:\Users\user\Desktop\setup.exe |
Code function: 0_2_0058D233 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer, |
0_2_0058D233 |
Source: C:\Users\user\Desktop\setup.exe |
Code function: 0_2_00570867 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00570867 |
Source: C:\Users\user\Desktop\setup.exe |
Code function: 0_2_0056F98F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_0056F98F |
Source: C:\Users\user\Desktop\setup.exe |
Code function: GetLocaleInfoA, |
0_2_0059B90E |
Source: C:\Users\user\Desktop\setup.exe |
Code function: GetLocaleInfoW, |
0_2_005E9980 |
Source: C:\Users\user\Desktop\setup.exe |
Code function: GetLocaleInfoA, |
0_2_005981A5 |
Source: C:\Users\user\Desktop\setup.exe |
Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA, |
0_2_005972AD |
Source: C:\Users\user\Desktop\setup.exe |
Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s, |
0_2_00597350 |
Source: C:\Users\user\Desktop\setup.exe |
Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA, |
0_2_00597314 |
Source: C:\Users\user\Desktop\setup.exe |
Code function: GetLocaleInfoA,GetLocaleInfoA,GetACP, |
0_2_00596DCB |
Source: C:\Users\user\Desktop\setup.exe |
Code function: 0_2_005319A0 GetVersionExW, |
0_2_005319A0 |