|You are here|
Some malware is packed with Nullsoft Scriptable Install Systems (NSIS), a professional open source system to create Windows Installers.
The NSIS is an 7z archive that contains several directories, for example:
- $PLUGINSDIR. Additional information can be found here about NSIS plugins: http://nsis.sourceforge.net/Category:Plugins
Unpacking such malware is as easy as uncompressing the archive using 7zip.
$ 7z x b999d1ad460bd367275a798b5f334f37.exe 7-Zip  9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18 p7zip Version 9.20 (locale=fr_FR.utf8,Utf16=on,HugeFiles=on,8 CPUs) Processing archive: b999d1ad460bd367275a798b5f334f37.exe Extracting $TEMP/NRWConfig.exe Extracting $TEMP/setup.dat Everything is Ok Files: 2 Size: 159246 Compressed: 135127
This category currently contains no pages or media.