291df8186e62df74b8fcf2c361c6913b9b73e3e864dde58eb63d5c3159a4c32d

Metadata

SHA256: 291df8186e62df74b8fcf2c361c6913b9b73e3e864dde58eb63d5c3159a4c32d
Difficulty: medium
Platform: Windows
Tags: emulation nsis shellcode config extraction
Likes: 1
Views: 2
Submitter: malcat

Analysis

Goal

Use emulation and/or static analysis to get to the final malware and extract its configuration

Description

This NSIS script is relatively simple. The complexity lies in the analysis of the DLL and its decrypted shellcode. In particular, the shellcode reads a file from disk: how could you emulate this?

Recommended Tools

malcat speakeasy

Solutions

Reversing a NSIS dropper using quick and dirty shellcode emulation Reference by malcat

Sample