Category:Digital-Forensics/Computer-Forensics/Anti-Reverse-Engineering/Packers/NSIS-Nullsoft-Scriptable-Install-Systems

From aldeid
Jump to: navigation, search
You are here
NSIS-Nullsoft-Scriptable-Install-Systems

Description

Some malware is packed with Nullsoft Scriptable Install Systems (NSIS), a professional open source system to create Windows Installers.

Unpacking

The NSIS is an 7z archive that contains several directories, for example:

Unpacking such malware is as easy as uncompressing the archive using 7zip.

$ 7z x b999d1ad460bd367275a798b5f334f37.exe 

7-Zip [64] 9.20  Copyright (c) 1999-2010 Igor Pavlov  2010-11-18
p7zip Version 9.20 (locale=fr_FR.utf8,Utf16=on,HugeFiles=on,8 CPUs)

Processing archive: b999d1ad460bd367275a798b5f334f37.exe

Extracting  $TEMP/NRWConfig.exe
Extracting  $TEMP/setup.dat

Everything is Ok

Files: 2
Size:       159246
Compressed: 135127

This category currently contains no pages or media.