From aldeid
Jump to navigation Jump to search
You are here


Some malware is packed with Nullsoft Scriptable Install Systems (NSIS), a professional open source system to create Windows Installers.


The NSIS is an 7z archive that contains several directories, for example:

Unpacking such malware is as easy as uncompressing the archive using 7zip.

$ 7z x b999d1ad460bd367275a798b5f334f37.exe 

7-Zip [64] 9.20  Copyright (c) 1999-2010 Igor Pavlov  2010-11-18
p7zip Version 9.20 (locale=fr_FR.utf8,Utf16=on,HugeFiles=on,8 CPUs)

Processing archive: b999d1ad460bd367275a798b5f334f37.exe

Extracting  $TEMP/NRWConfig.exe
Extracting  $TEMP/setup.dat

Everything is Ok

Files: 2
Size:       159246
Compressed: 135127

This category currently contains no pages or media.