Windows Analysis Report
General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe

Overview

General Information

Sample name:	General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
Analysis ID:	1580948
MD5:	9f29158892d0abc04ad5207ea95acb4d
SHA1:	9810ea23e23a34cc4ee59461b0d3a5f7fd0917c7
SHA256:	5e4394a996d863fb8636a32b81af5e598ccf0c83ca8e00835e5c5475265e91ff
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Drops PE files

Found dropped PE file which has not been started or loaded

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Signatures

Uses 32bit PE files

Source: General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: ecn.dev.virtualearth.net
Source: global traffic	DNS traffic detected: DNS query: assets.msn.com
Source: global traffic	DNS traffic detected: DNS query: browser.events.data.msn.com

Source: General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe, 00000000.00000002.12932667551.0000000000663000.00000004.00000020.00020000.00000000.sdmp, General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe, 00000000.00000003.11680709060.00000000027C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://updatev2.easyviewercloud.com:443
Source: General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe, 00000000.00000002.12932667551.0000000000663000.00000004.00000020.00020000.00000000.sdmp, General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe, 00000000.00000003.11680709060.00000000027C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://updatev2.easyviewercloud.com:443https://updatev2.gotop2p.com:443
Source: General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe, 00000000.00000002.12932667551.0000000000663000.00000004.00000020.00020000.00000000.sdmp, General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe, 00000000.00000003.11680709060.00000000027C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://updatev2.gotop2p.com:443

Sample file is different than original file name gathered from version info

Source: General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe, 00000000.00000003.11770839815.00000000059CE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameButtonEvent.dllR vs General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
Source: General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe, 00000000.00000002.12936142645.0000000073944000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: OriginalFilenameButtonEvent.dllR vs General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe

Uses 32bit PE files

Source: General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: clean2.winEXE@1/30@3/0

Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe

File created: C:\Users\user\AppData\Local\Temp\nsw55D0.tmp

Jump to behavior

Source: General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe

File read: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe

Jump to behavior

Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: cfgmgr32.dll	Jump to behavior
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: msls31.dll	Jump to behavior

Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe

Static file information: File size 35188023 > 1048576

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3FE3 push es; ret	0_3_006B3FE6
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3FE3 push es; ret	0_3_006B3FE6
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3FE3 push es; ret	0_3_006B3FE6

Drops PE files

Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	File created: C:\Users\user\AppData\Local\Temp\nsh5748.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	File created: C:\Users\user\AppData\Local\Temp\nsh5748.tmp\SkinBtn.dll	Jump to dropped file
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	File created: C:\Users\user\AppData\Local\Temp\nsh5748.tmp\ButtonEvent.dll	Jump to dropped file
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	File created: C:\Users\user\AppData\Local\Temp\nsh5748.tmp\nsProcess.dll	Jump to dropped file
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	File created: C:\Users\user\AppData\Local\Temp\nsh5748.tmp\LangDLL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	File created: C:\Users\user\AppData\Local\Temp\nsh5748.tmp\System.dll	Jump to dropped file

Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsh5748.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsh5748.tmp\SkinBtn.dll	Jump to dropped file
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsh5748.tmp\ButtonEvent.dll	Jump to dropped file
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsh5748.tmp\nsProcess.dll	Jump to dropped file
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsh5748.tmp\LangDLL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsh5748.tmp\System.dll	Jump to dropped file

Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe

Process information queried: ProcessInformation

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

Contacted Domains

Name	IP	Active
fp2e7a.wpc.phicdn.net	192.229.221.95	true
assets.msn.com	unknown	unknown
ecn.dev.virtualearth.net	unknown	unknown
browser.events.data.msn.com	unknown	unknown

ID:	1580948
Product:	CloudBasic
Start time:	13:34:05
Start date:	26.12.2024
Sample:	General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
Cookbook:	default.jbs
System description:	Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
Architecture:	WINDOWS
MD5:	9f29158892d0abc04ad5207ea95acb4d
SHA1:	9810ea23e23a34cc4ee59461b0d3a5f7fd0917c7
SHA256:	5e4394a996d863fb8636a32b81af5e598ccf0c83ca8e00835e5c5475265e91ff
Filetype:	Win32 Executable (generic) a (10002005/4) 92.16%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\ButtonEvent.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	55788069D3FA4E1DAF80F3339FA86FE2	D64E05C1879A92D5A8F9FF2FD2F1A53E1A53AE96	D6E429A063ADF637F4D19D4E2EB094D9FF27382B21A1F6DCCF9284AFB5FF8C7F
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\Header1.bmp	PC bitmap, Windows 3.x format, 536 x 28 x 24, image size 45026, resolution 2834 x 2834 px/m, cbSize 45080, bits offset 54	01FB734950C570BC9BF3032BB0D2D6FC	3E88391913EB04219354C0CFE7C4A42AD981DC39	5C0D162CD30AA45FB25876CCA06240996237FD6F1C9EAB56661BD1A3123AC7F7
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\Header1_en.bmp	PC bitmap, Windows 3.x format, 536 x 28 x 24, image size 45026, resolution 2834 x 2834 px/m, cbSize 45080, bits offset 54	01FB734950C570BC9BF3032BB0D2D6FC	3E88391913EB04219354C0CFE7C4A42AD981DC39	5C0D162CD30AA45FB25876CCA06240996237FD6F1C9EAB56661BD1A3123AC7F7
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\Header2.bmp	PC bitmap, Windows 3.x format, 536 x 28 x 24, image size 45026, resolution 2834 x 2834 px/m, cbSize 45080, bits offset 54	01FB734950C570BC9BF3032BB0D2D6FC	3E88391913EB04219354C0CFE7C4A42AD981DC39	5C0D162CD30AA45FB25876CCA06240996237FD6F1C9EAB56661BD1A3123AC7F7
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\Header2_en.bmp	PC bitmap, Windows 3.x format, 536 x 28 x 24, image size 45026, resolution 2834 x 2834 px/m, cbSize 45080, bits offset 54	01FB734950C570BC9BF3032BB0D2D6FC	3E88391913EB04219354C0CFE7C4A42AD981DC39	5C0D162CD30AA45FB25876CCA06240996237FD6F1C9EAB56661BD1A3123AC7F7
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\Header3.bmp	PC bitmap, Windows 3.x format, 536 x 28 x 24, image size 45024, resolution 2834 x 2834 px/m, cbSize 45078, bits offset 54	296011F18EBAFE953FF2172AB251D911	67C70B313CDC1FB6AEDCA28AC2C4D601BE27FDFB	3F471B55589D028E3FCD353005E831AFC2FA4F00FA120E753D5BF0EF07B0AEC6
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\Header3_en.bmp	PC bitmap, Windows 3.x format, 536 x 28 x 24, image size 45024, resolution 2834 x 2834 px/m, cbSize 45078, bits offset 54	296011F18EBAFE953FF2172AB251D911	67C70B313CDC1FB6AEDCA28AC2C4D601BE27FDFB	3F471B55589D028E3FCD353005E831AFC2FA4F00FA120E753D5BF0EF07B0AEC6
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\LangDLL.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	9384F4007C492D4FA040924F31C00166	ABA37FAEF30D7C445584C688A0B5638F5DB31C7B	60A964095AF1BE79F6A99B22212FEFE2D16F5A0AFD7E707D14394E4143E3F4F5
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\Progress.bmp	PC bitmap, Windows 3.x format, 536 x 42 x 24, image size 67538, resolution 2834 x 2834 px/m, cbSize 67592, bits offset 54	4CCC1F563DFDBD569E006AD33260395C	7CB0DC50F98832025137B1AA3E56A5AF74F30D38	8972A03921D45A0B393B2F87FDD82DB5F279DF35284283EE05A7FB23D8468D52
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\ProgressBar.bmp	PC bitmap, Windows 3.x format, 536 x 42 x 24, image size 67538, resolution 2834 x 2834 px/m, cbSize 67592, bits offset 54	A8E7D9C1C0F82E66E70D36B1F5A0F04C	410F0CD0EA9B0099D052E11611E294A40C2FF067	D8DCEDA67E33E6FE0575383AD1CB0692C1408DF297470DE9F164700F604A3DD0
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\SkinBtn.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	E4EC95271FF1BCEBAB49BDFED6817A22	2C03E97F4773AEA80ECDB98A1482E5896FE4677B	EE1C06692A757473737B0EBDEF16F77B63AFAC864D0890022D905E4873737DD6
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\Slides\Slide 01.jpg	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 536x328, components 3	C6B21669FBBBC2A493F63B60945097F9	A7F6F54FAF2F6A0E90B872ECCF6138EFF5F98C47	4B75E825C4E27750F8ABC78777B419328D0FFD969CDB3DDEDAA74731FFD349FB
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\Slides\Slide 0145.jpg	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2013:11:13 10:29:20], baseline, precision 8, 535x328, components 3	08A22A43C18EDA4E764436397DE36F79	354BCD36B98D8F19D662E4CDA2067BCF9CC3D4C0	640B34A2576C08E9A2993AE46FC4B42CD511252A4BDEE8B09DCEE0C6256D30F7
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\Slides\Slide 02.jpg	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 536x328, components 3	849EB872FDB80D3206ACC2E42A61DFE5	CEBE45D8902BC30A38D4794C1EDF8AB19AA5DCFB	3DBF8BF717EC4DA986F36E88D78008FF7C917EEAE704D8E62F3E512D057AF69E
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\Slides\Slides.dat	Unicode text, UTF-16, little-endian text, with CRLF line terminators	34D8DD9BA9E320AF2F5C580E66519E76	413135CBCDFB351D4D18D1DFF7920444C55E103D	432F35A223A70BC2E4D6CD8FC3DED5963200172CBB9661ECBFC14D8FAD4F86A5
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\System.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	C17103AE9072A06DA581DEC998343FC1	B72148C6BDFAADA8B8C3F950E610EE7CF1DA1F8D	DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\bottom.bmp	PC bitmap, Windows 3.x format, 536 x 42 x 24, image size 67538, resolution 2834 x 2834 px/m, cbSize 67592, bits offset 54	4CCC1F563DFDBD569E006AD33260395C	7CB0DC50F98832025137B1AA3E56A5AF74F30D38	8972A03921D45A0B393B2F87FDD82DB5F279DF35284283EE05A7FB23D8468D52
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\bottom1.bmp	PC bitmap, Windows 3.x format, 233 x 6 x 24, image size 4200, cbSize 4254, bits offset 54	A2C91B2106911E43E6ABBFAC05483168	A8E27AB999256A5C65D11C162B3033358BDC9A3D	B3DCA2911EB311E6DE89E8846A20495FAC2952D8DAF8FD058BAA9353B619491E
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\bottom2.bmp	PC bitmap, Windows 3.x format, 43 x 42 x 24, image size 5544, cbSize 5598, bits offset 54	3F2A8782DFC8EFA7C7B5337F138799F0	7A79E2FB3D42A193238DC47BF0673CA9735ED1A7	41965757945DAE3A01A12571FDDEFE8C35D105D6F88E8D9ADD205BDD170E8232
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\button1.bmp	PC bitmap, Windows 3.x format, 80 x 120 x 24, image size 28802, resolution 2834 x 2834 px/m, cbSize 28856, bits offset 54	5E9D9C8105154CAB2F10B0E949FBA970	26AD9F52450CF520C8F19A1CA925FA8A5A654751	880EED43DA8F254F4AA4BA87CF1BC4219D2C2DB27DB0BDC8E7191A98C8E2600C
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\button2.bmp	PC bitmap, Windows 3.x format, 80 x 120 x 24, image size 28802, resolution 2834 x 2834 px/m, cbSize 28856, bits offset 54	5E9D9C8105154CAB2F10B0E949FBA970	26AD9F52450CF520C8F19A1CA925FA8A5A654751	880EED43DA8F254F4AA4BA87CF1BC4219D2C2DB27DB0BDC8E7191A98C8E2600C
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\close.bmp	PC bitmap, Windows 3.x format, 37 x 25 x 24, image size 2802, resolution 2834 x 2834 px/m, cbSize 2856, bits offset 54	B75B4048B42AFF6FBD63A7230E99E250	D36B4926209D7977CDB716092B6F249577F2F87D	C7875F1D27418030038C6DF7D98F18E8B55B0D0191B30FCD8F207005ECB5E775
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\finish.bmp	PC bitmap, Windows 3.x format, 536 x 328 x 24, image size 527426, resolution 2834 x 2834 px/m, cbSize 527480, bits offset 54	AC6DD2DB828E9CE3F3CB44B0FC4073C1	BDE4448FC6C650F7449B66C0677B2C8254470854	1956519910FFCE72D4DFC6A99CA9B6965DCE79B856FEEEB714205B66087E4691
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\finish_en.bmp	PC bitmap, Windows 3.x format, 536 x 328 x 24, image size 527426, resolution 2834 x 2834 px/m, cbSize 527480, bits offset 54	CC2D1B887B3BFFD598828D2A74341953	17014A9C93517A013EAA34EFA0D348173EA737CF	B4CF5CDEDE015F60C18D67F1CA644B1C85F65667C9F6B316E08E1D959A959895
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\lincese.bmp	PC bitmap, Windows 3.x format, 536 x 328 x 24, image size 527426, resolution 2834 x 2834 px/m, cbSize 527480, bits offset 54	2AD1B7124616CAC56B2452A465C4B3D7	21706B690B03E6FF758E83BD66C8ED5DE57A99FD	D5C8C3CE77ACB75798A328DCD8351E6B8979486853CD6439C5445625232EC31A
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\nsDialogs.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	C10E04DD4AD4277D5ADC951BB331C777	B1E30808198A3AE6D6D1CCA62DF8893DC2A7AD43	E31AD6C6E82E603378CB6B80E67D0E0DCD9CF384E1199AC5A65CB4935680021A
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\nsProcess.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	FAA7F034B38E729A983965C04CC70FC1	DF8BDA55B498976EA47D25D8A77539B049DAB55E	579A034FF5AB9B732A318B1636C2902840F604E8E664F5B93C07A99253B3C9CF
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\un1.bmp	PC bitmap, Windows 3.x format, 536 x 357 x 24, image size 574058, resolution 2834 x 2834 px/m, cbSize 574112, bits offset 54	42152EFC5F8E0C30A1DD981B36FDF870	3441E4BEE3D8D32A6970A001F3CA451A506AA49C	B8B738A1F2AFD05642ABD77AA7CEF7BA571571A0096DA5C61FBF1D114E63AD5E
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\unHeader.bmp	PC bitmap, Windows 3.x format, 536 x 28 x 24, image size 45026, resolution 2834 x 2834 px/m, cbSize 45080, bits offset 54	01FB734950C570BC9BF3032BB0D2D6FC	3E88391913EB04219354C0CFE7C4A42AD981DC39	5C0D162CD30AA45FB25876CCA06240996237FD6F1C9EAB56661BD1A3123AC7F7
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\welcome.bmp	PC bitmap, Windows 3.x format, 536 x 328 x 24, image size 527426, resolution 2834 x 2834 px/m, cbSize 527480, bits offset 54	301345426C1A908021407DBB91A1E70F	88E560724F52EFF438342E9540CC734DD7A89AAB	B9CB076588C9D8BCC09B6D828919C6C7FEC3E1F8560F6B7F00E2BF978FC5AE07

Windows Analysis Report
General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Contacted Domains

Windows Analysis Report General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Contacted Domains

Windows Analysis Report
General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe