Edit tour

Windows Analysis Report
General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe

Overview

General Information

Sample name:	General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
Analysis ID:	1580948
MD5:	9f29158892d0abc04ad5207ea95acb4d
SHA1:	9810ea23e23a34cc4ee59461b0d3a5f7fd0917c7
SHA256:	5e4394a996d863fb8636a32b81af5e598ccf0c83ca8e00835e5c5475265e91ff
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Drops PE files

Found dropped PE file which has not been started or loaded

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w11x64_office

General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe (PID: 8308 cmdline: "C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe" MD5: 9F29158892D0ABC04AD5207EA95ACB4D)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: ecn.dev.virtualearth.net
Source: global traffic	DNS traffic detected: DNS query: assets.msn.com
Source: global traffic	DNS traffic detected: DNS query: browser.events.data.msn.com

Source: General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe, 00000000.00000002.12932667551.0000000000663000.00000004.00000020.00020000.00000000.sdmp, General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe, 00000000.00000003.11680709060.00000000027C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://updatev2.easyviewercloud.com:443
Source: General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe, 00000000.00000002.12932667551.0000000000663000.00000004.00000020.00020000.00000000.sdmp, General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe, 00000000.00000003.11680709060.00000000027C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://updatev2.easyviewercloud.com:443https://updatev2.gotop2p.com:443
Source: General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe, 00000000.00000002.12932667551.0000000000663000.00000004.00000020.00020000.00000000.sdmp, General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe, 00000000.00000003.11680709060.00000000027C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://updatev2.gotop2p.com:443

Source: General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe, 00000000.00000003.11770839815.00000000059CE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameButtonEvent.dllR vs General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
Source: General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe, 00000000.00000002.12936142645.0000000073944000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: OriginalFilenameButtonEvent.dllR vs General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe

Source: General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: clean2.winEXE@1/30@3/0

Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe

File created: C:\Users\user\AppData\Local\Temp\nsw55D0.tmp

Jump to behavior

Source: General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe

File read: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe

Jump to behavior

Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: cfgmgr32.dll	Jump to behavior
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Section loaded: msls31.dll	Jump to behavior

Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe

Static file information: File size 35188023 > 1048576

Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3D54 push es; retf	0_3_006B3E3E
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3FE3 push es; ret	0_3_006B3FE6
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3FE3 push es; ret	0_3_006B3FE6
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Code function: 0_3_006B3FE3 push es; ret	0_3_006B3FE6

Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	File created: C:\Users\user\AppData\Local\Temp\nsh5748.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	File created: C:\Users\user\AppData\Local\Temp\nsh5748.tmp\SkinBtn.dll	Jump to dropped file
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	File created: C:\Users\user\AppData\Local\Temp\nsh5748.tmp\ButtonEvent.dll	Jump to dropped file
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	File created: C:\Users\user\AppData\Local\Temp\nsh5748.tmp\nsProcess.dll	Jump to dropped file
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	File created: C:\Users\user\AppData\Local\Temp\nsh5748.tmp\LangDLL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	File created: C:\Users\user\AppData\Local\Temp\nsh5748.tmp\System.dll	Jump to dropped file

Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsh5748.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsh5748.tmp\SkinBtn.dll	Jump to dropped file
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsh5748.tmp\ButtonEvent.dll	Jump to dropped file
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsh5748.tmp\nsProcess.dll	Jump to dropped file
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsh5748.tmp\LangDLL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsh5748.tmp\System.dll	Jump to dropped file

Source: C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe

Process information queried: ProcessInformation

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 DLL Side-Loading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	1 Non-Application Layer Protocol	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Obfuscated Files or Information	LSASS Memory	1 File and Directory Discovery	Remote Desktop Protocol	Data from Removable Media	1 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	1 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	0%	ReversingLabs
General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	4%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\ButtonEvent.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\LangDLL.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\SkinBtn.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\System.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\nsDialogs.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\nsProcess.dll	0%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://updatev2.easyviewercloud.com:443https://updatev2.gotop2p.com:443	0%	Avira URL Cloud	safe
https://updatev2.gotop2p.com:443	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	high
assets.msn.com	unknown	unknown	false	high
ecn.dev.virtualearth.net	unknown	unknown	false	high
browser.events.data.msn.com	unknown	unknown	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://updatev2.easyviewercloud.com:443https://updatev2.gotop2p.com:443	General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe, 00000000.00000002.12932667551.0000000000663000.00000004.00000020.00020000.00000000.sdmp, General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe, 00000000.00000003.11680709060.00000000027C2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://updatev2.gotop2p.com:443	General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe, 00000000.00000002.12932667551.0000000000663000.00000004.00000020.00020000.00000000.sdmp, General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe, 00000000.00000003.11680709060.00000000027C2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://nsis.sf.net/NSIS_Error	General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	false		high
http://nsis.sf.net/NSIS_ErrorError	General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	false		high
https://curl.se/docs/http-cookies.html	General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe	false		high
https://updatev2.easyviewercloud.com:443	General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe, 00000000.00000002.12932667551.0000000000663000.00000004.00000020.00020000.00000000.sdmp, General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe, 00000000.00000003.11680709060.00000000027C2000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1580948
Start date and time:	2024-12-26 13:34:05 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 37s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
Number of analysed new started processes analysed:	34
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
Detection:	CLEAN
Classification:	clean2.winEXE@1/30@3/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): audiodg.exe, dllhost.exe, BackgroundTransferHost.exe, SIHClient.exe, backgroundTaskHost.exe, appidcertstorecheck.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.206.197.24, 23.206.197.17, 23.206.197.10, 23.206.197.11, 23.206.197.51, 23.206.197.8, 23.206.197.25, 23.206.197.58, 23.206.197.49, 204.79.197.203, 95.100.135.90, 95.100.135.88, 95.100.135.105, 95.100.135.98, 95.100.135.96, 95.100.135.80, 95.100.135.91, 95.100.135.99, 95.100.135.104, 184.30.25.86, 2.16.158.32, 2.16.158.34, 2.16.158.192, 2.16.158.187, 2.16.158.33, 2.16.158.26, 2.16.158.27, 2.16.158.186, 2.16.158.184, 20.189.173.11, 2.16.158.59, 2.16.158.74, 2.16.158.51, 2.16.158.80, 2.16.158.58, 2.16.158.81, 2.16.158.56, 2.16.158.75, 2.16.158.72, 20.223.36.55, 23.218.208.109, 23.56.210.49, 23.57.90.165, 4.245.163.56, 20.105.99.58, 40.126.53.10
Excluded domains from analysis (whitelisted): chrome.cloudflare-dns.com, ssl2.tiles.virtualearth.net.edgekey.net, slscr.update.microsoft.com, srtb.msn.com, oneocsp-microsoft-com.a-0003.a-msedge.net, tse1.mm.bing.net, oneocsp.microsoft.com, cxcs.microsoft.net, e86303.dscx.akamaiedge.net, ocsp.digicert.com, www.bing.com.edgekey.net, onedscolprdwus10.westus.cloudapp.azure.com, login.live.com, th.bing.com, ocsp.edge.digicert.com, c.pki.goog, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, client.wns.windows.com, fs.microsoft.com, th.bing.com.edgekey.net, fd.api.iris.microsoft.com, a-0003.a-msedge.net, ctldl.windowsupdate.com, p-th.bing.com.trafficmanager.net, www-www.bing.com.trafficmanager.net, x1.c.lencr.org, store-images.s-microsoft.com, res.public.onecdn.static.microsoft, e4113.dscd.akamaiedge.net, global.asimov.events.data.trafficmanager.net
Execution Graph export aborted for target General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe, PID 8308 because there are no executed function
Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
fp2e7a.wpc.phicdn.net	setup.msi	Get hash	malicious	Unknown	Browse	192.229.221.95
	ERTL09tA59.exe	Get hash	malicious	LummaC	Browse	192.229.221.95
	vJPhYDClT5.exe	Get hash	malicious	Unknown	Browse	192.229.221.95
	V2s8yjvIJw.exe	Get hash	malicious	Iris Stealer	Browse	192.229.221.95
	k6olCJyvIj.exe	Get hash	malicious	LummaC	Browse	192.229.221.95
	G6xnfES308.exe	Get hash	malicious	Unknown	Browse	192.229.221.95
	XM6cn2uNux.exe	Get hash	malicious	LummaC	Browse	192.229.221.95
	bG89JAQXz2.exe	Get hash	malicious	LummaC	Browse	192.229.221.95
	q8b3OisMC4.dll	Get hash	malicious	Unknown	Browse	192.229.221.95
	eszstwQPwq.ps1	Get hash	malicious	LockBit ransomware, Metasploit	Browse	192.229.221.95

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\LangDLL.dll	Unlocker1.9.2.exe	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.HackTool.Win32.Cobalt.alt.12688.31739.exe	Get hash	malicious	Unknown	Browse
	Dlabel_PC.exe	Get hash	malicious	Unknown	Browse
	Dlabel_PC.exe	Get hash	malicious	Unknown	Browse
	Advanced.Installer-15.9.exe	Get hash	malicious	Unknown	Browse
	https://download.cnet.com/PrimoPDF/3000-10743_4-10264577.html?part=dl-10264577&subj=dl&tag=button	Get hash	malicious	Unknown	Browse
	Unlocker1.9.2.exe	Get hash	malicious	Unknown	Browse
	Alcohol120_trial_2.1.1.1019.exe	Get hash	malicious	Unknown	Browse
	Unlocker1.9.2.exe	Get hash	malicious	Unknown	Browse
	TC-9.22a.2019.3.exe	Get hash	malicious	Unknown	Browse
C:\Users\user\AppData\Local\Temp\nsh5748.tmp\ButtonEvent.dll	563299efce875400a8d9b44b96597c8e-sample (1).zip	Get hash	malicious	Unknown	Browse
	7Y18r(199).exe	Get hash	malicious	Unknown	Browse
	General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Get hash	malicious	Unknown	Browse
	installer_office_portable_3_2_0_Italian.exe	Get hash	malicious	Unknown	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\ButtonEvent.dll

Download File

Process:	C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4608
Entropy (8bit):	4.423022883583039
Encrypted:	false
SSDEEP:	96:hrA2+5HGZFYJf9D8IjDflDCoMzncsGSmE:hE2+5mMJfJ8v1zFGSm
MD5:	55788069D3FA4E1DAF80F3339FA86FE2
SHA1:	D64E05C1879A92D5A8F9FF2FD2F1A53E1A53AE96
SHA-256:	D6E429A063ADF637F4D19D4E2EB094D9FF27382B21A1F6DCCF9284AFB5FF8C7F
SHA-512:	D3B1EEC76E571B657DF444C59C48CAD73A58D1A10FF463CE9F3ACD07ACCE17D589C3396AD5BDB94DA585DA08D422D863FFE1DE11F64298329455F6D8EE320616
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: 563299efce875400a8d9b44b96597c8e-sample (1).zip, Detection: malicious, Browse Filename: 7Y18r(199).exe, Detection: malicious, Browse Filename: General_Player_Eng_WIN32_V3.44.0.R.170421.exe, Detection: malicious, Browse Filename: installer_office_portable_3_2_0_Italian.exe, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%Nr.a/..a/..a/..hW..d/..a/..j/..5.,.`/...Y..`/...Y..`/...Y..`/...Y..`/..Richa/..........PE..L...3*.M...........!......................... ...............................`............@.........................p!......H ..<....@.......................P....................................................... ..4............................text...;........................... ..`.rdata....... ......................@..@.data...l....0......................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\Header1.bmp

Download File

Process:	C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
File Type:	PC bitmap, Windows 3.x format, 536 x 28 x 24, image size 45026, resolution 2834 x 2834 px/m, cbSize 45080, bits offset 54
Category:	dropped
Size (bytes):	45080
Entropy (8bit):	2.2342185402974932
Encrypted:	false
SSDEEP:	384:KH1111111111111111111111111111111111111111111111111111111111111V:k
MD5:	01FB734950C570BC9BF3032BB0D2D6FC
SHA1:	3E88391913EB04219354C0CFE7C4A42AD981DC39
SHA-256:	5C0D162CD30AA45FB25876CCA06240996237FD6F1C9EAB56661BD1A3123AC7F7
SHA-512:	09C5DFBBBD9D962496651195AC0C6F007D19E2DBFDA558A154C53C9D53C1A72F6800030CFFD5C5CD494E6A6BCE8AF129132EB9A6E3506327AA80EDE7E50EC73D
Malicious:	false
Reputation:	low
Preview:	BM........6...(........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\Header1_en.bmp

Download File

Process:	C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
File Type:	PC bitmap, Windows 3.x format, 536 x 28 x 24, image size 45026, resolution 2834 x 2834 px/m, cbSize 45080, bits offset 54
Category:	dropped
Size (bytes):	45080
Entropy (8bit):	2.2342185402974932
Encrypted:	false
SSDEEP:	384:KH1111111111111111111111111111111111111111111111111111111111111V:k
MD5:	01FB734950C570BC9BF3032BB0D2D6FC
SHA1:	3E88391913EB04219354C0CFE7C4A42AD981DC39
SHA-256:	5C0D162CD30AA45FB25876CCA06240996237FD6F1C9EAB56661BD1A3123AC7F7
SHA-512:	09C5DFBBBD9D962496651195AC0C6F007D19E2DBFDA558A154C53C9D53C1A72F6800030CFFD5C5CD494E6A6BCE8AF129132EB9A6E3506327AA80EDE7E50EC73D
Malicious:	false
Reputation:	low
Preview:	BM........6...(........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\Header2.bmp

Download File

Process:	C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
File Type:	PC bitmap, Windows 3.x format, 536 x 28 x 24, image size 45026, resolution 2834 x 2834 px/m, cbSize 45080, bits offset 54
Category:	dropped
Size (bytes):	45080
Entropy (8bit):	2.2342185402974932
Encrypted:	false
SSDEEP:	384:KH1111111111111111111111111111111111111111111111111111111111111V:k
MD5:	01FB734950C570BC9BF3032BB0D2D6FC
SHA1:	3E88391913EB04219354C0CFE7C4A42AD981DC39
SHA-256:	5C0D162CD30AA45FB25876CCA06240996237FD6F1C9EAB56661BD1A3123AC7F7
SHA-512:	09C5DFBBBD9D962496651195AC0C6F007D19E2DBFDA558A154C53C9D53C1A72F6800030CFFD5C5CD494E6A6BCE8AF129132EB9A6E3506327AA80EDE7E50EC73D
Malicious:	false
Reputation:	low
Preview:	BM........6...(........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\Header2_en.bmp

Download File

Process:	C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
File Type:	PC bitmap, Windows 3.x format, 536 x 28 x 24, image size 45026, resolution 2834 x 2834 px/m, cbSize 45080, bits offset 54
Category:	dropped
Size (bytes):	45080
Entropy (8bit):	2.2342185402974932
Encrypted:	false
SSDEEP:	384:KH1111111111111111111111111111111111111111111111111111111111111V:k
MD5:	01FB734950C570BC9BF3032BB0D2D6FC
SHA1:	3E88391913EB04219354C0CFE7C4A42AD981DC39
SHA-256:	5C0D162CD30AA45FB25876CCA06240996237FD6F1C9EAB56661BD1A3123AC7F7
SHA-512:	09C5DFBBBD9D962496651195AC0C6F007D19E2DBFDA558A154C53C9D53C1A72F6800030CFFD5C5CD494E6A6BCE8AF129132EB9A6E3506327AA80EDE7E50EC73D
Malicious:	false
Preview:	BM........6...(........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\Header3.bmp

Download File

Process:	C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
File Type:	PC bitmap, Windows 3.x format, 536 x 28 x 24, image size 45024, resolution 2834 x 2834 px/m, cbSize 45078, bits offset 54
Category:	dropped
Size (bytes):	45078
Entropy (8bit):	1.7022631717975234
Encrypted:	false
SSDEEP:	384:mJ1111111Y11111111111111bo1111111B111111111111111111Ir11111111X8:U
MD5:	296011F18EBAFE953FF2172AB251D911
SHA1:	67C70B313CDC1FB6AEDCA28AC2C4D601BE27FDFB
SHA-256:	3F471B55589D028E3FCD353005E831AFC2FA4F00FA120E753D5BF0EF07B0AEC6
SHA-512:	7DE2780725F0BDD5585ED3A0C45AD84F607B0FEBA5ADD5953CEC361F5B11BE97D5D3748117294D8410076437BBF459F959ED4A6BCEEB46BF01FBC280D50925B1
Malicious:	false
Preview:	BM........6...(........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\Header3_en.bmp

Download File

Process:	C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
File Type:	PC bitmap, Windows 3.x format, 536 x 28 x 24, image size 45024, resolution 2834 x 2834 px/m, cbSize 45078, bits offset 54
Category:	dropped
Size (bytes):	45078
Entropy (8bit):	1.7022631717975234
Encrypted:	false
SSDEEP:	384:mJ1111111Y11111111111111bo1111111B111111111111111111Ir11111111X8:U
MD5:	296011F18EBAFE953FF2172AB251D911
SHA1:	67C70B313CDC1FB6AEDCA28AC2C4D601BE27FDFB
SHA-256:	3F471B55589D028E3FCD353005E831AFC2FA4F00FA120E753D5BF0EF07B0AEC6
SHA-512:	7DE2780725F0BDD5585ED3A0C45AD84F607B0FEBA5ADD5953CEC361F5B11BE97D5D3748117294D8410076437BBF459F959ED4A6BCEEB46BF01FBC280D50925B1
Malicious:	false
Preview:	BM........6...(........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\LangDLL.dll

Download File

Process:	C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5632
Entropy (8bit):	3.951555564830228
Encrypted:	false
SSDEEP:	48:iV6pAvmNC6iMPUptxEZK65x/AmvycNSmwVsOYJyvrpXptp/JvR0Jlof5d2:2811GED5ZTvycNSmwVsTJuftpZR0Sd2
MD5:	9384F4007C492D4FA040924F31C00166
SHA1:	ABA37FAEF30D7C445584C688A0B5638F5DB31C7B
SHA-256:	60A964095AF1BE79F6A99B22212FEFE2D16F5A0AFD7E707D14394E4143E3F4F5
SHA-512:	68F158887E24302673227ADFFC688FD3EDABF097D7F5410F983E06C6B9C7344CA1D8A45C7FA05553ADCC5987993DF3A298763477168D4842E554C4EB93B9AAAF
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: Unlocker1.9.2.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.HackTool.Win32.Cobalt.alt.12688.31739.exe, Detection: malicious, Browse Filename: Dlabel_PC.exe, Detection: malicious, Browse Filename: Dlabel_PC.exe, Detection: malicious, Browse Filename: Advanced.Installer-15.9.exe, Detection: malicious, Browse Filename: , Detection: malicious, Browse Filename: Unlocker1.9.2.exe, Detection: malicious, Browse Filename: Alcohol120_trial_2.1.1.1019.exe, Detection: malicious, Browse Filename: Unlocker1.9.2.exe, Detection: malicious, Browse Filename: TC-9.22a.2019.3.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................~..........z.....B....Rich..........PE..L......K...........!......................... ...............................`......................................p"..I...` ..P....@..`....................P....................................................... ..`............................text...l........................... ..`.rdata....... ......................@..@.data...l....0......................@....rsrc...`....@......................@..@.reloc..@....P......................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\Progress.bmp

Download File

Process:	C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
File Type:	PC bitmap, Windows 3.x format, 536 x 42 x 24, image size 67538, resolution 2834 x 2834 px/m, cbSize 67592, bits offset 54
Category:	dropped
Size (bytes):	67592
Entropy (8bit):	1.5950966958441544
Encrypted:	false
SSDEEP:	6:wy2lo6EsZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZ:wy2lo6vtn
MD5:	4CCC1F563DFDBD569E006AD33260395C
SHA1:	7CB0DC50F98832025137B1AA3E56A5AF74F30D38
SHA-256:	8972A03921D45A0B393B2F87FDD82DB5F279DF35284283EE05A7FB23D8468D52
SHA-512:	04F95A6E95E38DD0DE28E06398C898751DF3D478E30BC9FF0BE87D337BB6FBDFB549BF5CB36A465031062A61CCEC5C6AD5EF75E28F5175088FB17640373CEF28
Malicious:	false
Preview:	BM........6...(.......*.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\ProgressBar.bmp

Download File

Process:	C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
File Type:	PC bitmap, Windows 3.x format, 536 x 42 x 24, image size 67538, resolution 2834 x 2834 px/m, cbSize 67592, bits offset 54
Category:	dropped
Size (bytes):	67592
Entropy (8bit):	1.5950966958441541
Encrypted:	false
SSDEEP:	6:wy2lo6mdGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGb:wy2lo6m8l
MD5:	A8E7D9C1C0F82E66E70D36B1F5A0F04C
SHA1:	410F0CD0EA9B0099D052E11611E294A40C2FF067
SHA-256:	D8DCEDA67E33E6FE0575383AD1CB0692C1408DF297470DE9F164700F604A3DD0
SHA-512:	5223A8D0B8BFEBFBE32432EAB0030434C00CFEFE0FE1BB9622903B924DC9AEF9F42DC25A5DA8B1DD9C76CB9AA2723C1076A1874DDF43B9CE6B84CA58C5E04ED7
Malicious:	false
Preview:	BM........6...(.......*.................................8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8.

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\SkinBtn.dll

Download File

Process:	C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4608
Entropy (8bit):	4.699273371699171
Encrypted:	false
SSDEEP:	48:iIf3aEDfeWm8JHFQbUrUPJJDFoetaxn/pFW3GNivz187eqzI/kMr8oX0Zbj:lv9Dfw8DQbhD2iaxn/PHmiNI/dQFZH
MD5:	E4EC95271FF1BCEBAB49BDFED6817A22
SHA1:	2C03E97F4773AEA80ECDB98A1482E5896FE4677B
SHA-256:	EE1C06692A757473737B0EBDEF16F77B63AFAC864D0890022D905E4873737DD6
SHA-512:	771A527133806307A1B17B7E956D6A3C16E9BC675BF084B43204AE784A057DAC2726DBF90645692876043A4E7365BA8825C167621FDE4760C79CD84679E2AA3D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......... K.sK.sK.s...s@.sK.sV.sN..sI.sN..sJ.sN..sJ.sRichK.s........PE..L.....)N...........!......................... ...............................P......................................P#..c.... ..x............................@....................................................... ..x............................text............................... ..`.rdata....... ......................@..@.data........0......................@....reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\Slides\Slide 01.jpg

Download File

Process:	C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 536x328, components 3
Category:	dropped
Size (bytes):	14068
Entropy (8bit):	7.524611894010908
Encrypted:	false
SSDEEP:	384:MuzH3D1RCfiAuoAHc5A9N+iG3Dql3WYFyzWkLJDcSHvr4:73Dm5kr9401kLlVHvs
MD5:	C6B21669FBBBC2A493F63B60945097F9
SHA1:	A7F6F54FAF2F6A0E90B872ECCF6138EFF5F98C47
SHA-256:	4B75E825C4E27750F8ABC78777B419328D0FFD969CDB3DDEDAA74731FFD349FB
SHA-512:	C279F897CB168A66B956E13FCCCD64FFB4DBEA85E5B2FB6D334BCC06BF9134DF3DE1515A8F47D7E72921890F8C00599E3AAA6E4BBE506F6CA826A75C79425622
Malicious:	false
Preview:	......Exif..II*.................Ducky.......<...../http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:0869FF43919C11EA9D0AB8159A3278BE" xmpMM:DocumentID="xmp.did:0869FF44919C11EA9D0AB8159A3278BE"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:0869FF41919C11EA9D0AB8159A3278BE" stRef:documentID="xmp.did:0869FF42919C11EA9D0AB8159A3278BE"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.............................................................................................................................

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\Slides\Slide 0145.jpg

Download File

Process:	C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2013:11:13 10:29:20], baseline, precision 8, 535x328, components 3
Category:	dropped
Size (bytes):	49930
Entropy (8bit):	7.563809472075927
Encrypted:	false
SSDEEP:	768:SMJvKIXJvKIe7y6boLJW2efivyRRbkTDDMXIcvEvki8xwkitU:fwYw/boLJW2eivoRyXR06XiwkiU
MD5:	08A22A43C18EDA4E764436397DE36F79
SHA1:	354BCD36B98D8F19D662E4CDA2067BCF9CC3D4C0
SHA-256:	640B34A2576C08E9A2993AE46FC4B42CD511252A4BDEE8B09DCEE0C6256D30F7
SHA-512:	A5298576858B2316FD14E416CE64406AB0857036A07D5342885BFEB768C5E439727D4F12C8D5F17AAC54924CFC0D1C404282EE5817811946C59AB26EBA4A6557
Malicious:	false
Preview:	......JFIF.....H.H......Exif..II*...........................b...........j...(...........1.......r...2...........i...............H.......H.......Adobe Photoshop CS Windows.2013:11:13 10:29:20......................................H...........................................&...(.......................................H.......H.............JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................b...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....[.Q..I.E....%3..I$....[].W#...w.>..qz..7.".e.R\ .}.eO..~..5....g....GQ...k}7.%....S.k..J...~...L..........x..~....gP

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\Slides\Slide 02.jpg

Download File

Process:	C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 536x328, components 3
Category:	dropped
Size (bytes):	15260
Entropy (8bit):	7.415436850581554
Encrypted:	false
SSDEEP:	384:Drsis3aoftpjDkUf2W8xJzPfoEHU7xAvg47p:DK3bvjDk+98xJjfU9AvT
MD5:	849EB872FDB80D3206ACC2E42A61DFE5
SHA1:	CEBE45D8902BC30A38D4794C1EDF8AB19AA5DCFB
SHA-256:	3DBF8BF717EC4DA986F36E88D78008FF7C917EEAE704D8E62F3E512D057AF69E
SHA-512:	222E6448668CA11D9D66B588D3B514816C3FE75614B66A570FDE7683BDD588F9507DD766909A3EEAFCBFA21EA29C32484A4926A3A02804F8F2BD364DA56EA19F
Malicious:	false
Preview:	......Exif..II*.................Ducky.......<...../http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:1675A870919C11EA9581FB66E0A42673" xmpMM:DocumentID="xmp.did:1675A871919C11EA9581FB66E0A42673"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:1675A86E919C11EA9581FB66E0A42673" stRef:documentID="xmp.did:1675A86F919C11EA9581FB66E0A42673"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.............................................................................................................................

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\Slides\Slides.dat

Download File

Process:	C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	880
Entropy (8bit):	3.50785078994314
Encrypted:	false
SSDEEP:	12:QP7lSav/UatDUFlO+uNJ6kGdhWFMa2KLCchWMaiDKX1lKC45lZ9mGGO:QDlXUVFlRu+4wJsL5z9
MD5:	34D8DD9BA9E320AF2F5C580E66519E76
SHA1:	413135CBCDFB351D4D18D1DFF7920444C55E103D
SHA-256:	432F35A223A70BC2E4D6CD8FC3DED5963200172CBB9661ECBFC14D8FAD4F86A5
SHA-512:	E550A9DDD48AD4AFCBF2121E266C68AA21FC1C84DF28332B99565EECFECC5E7FD7A08A2EEFA45772D4174930AEAADAEF2C7AFFE1E1B30B4B06C77D87AA98C3F1
Malicious:	false
Preview:	..;. .N.o.t.e. .t.h.a.t. .t.h.i.s. .f.i.l.e. .c.a.n. .b.e. .i.n. .A.N.S.I. .(.u.s.e. .a.d.e.q.u.a.t.e. .l.o.c.a.l.e. .c.o.d.e.p.a.g.e.s.). .o.r. .U.n.i.c.o.d.e.......;. .I.n. .t.h.i.s. .s.a.m.p.l.e.,. .t.h.e. .3.r.d. .s.l.i.d.e. .c.o.n.t.a.i.n. .a. .U.n.i.c.o.d.e. .c.h.a.r.a.c.t.e.r. .t.h.a.t. .w.i.l.l. .d.i.s.p.l.a.y. .a.s. .'.?.'.....;. . .i.f. .y.o.u. .u.s.e. .A.N.S.I. .N.S.I.S.,. .a.n.d. .d.i.s.p.l.a.y. .c.o.r.r.e.c.t.l.y. .i.f. .y.o.u. .u.s.e. .U.n.i.c.o.d.e. .N.S.I.S.........[.1.0.3.3.].....=.S.l.i.d.e. .0.1...j.p.g.,.5.0.0.,.4.0.0.0.,.".".....=.S.l.i.d.e. .0.2...j.p.g.,.5.0.0.,.4.0.0.0.,.".".........[.1.0.3.6.]. .;. .f.r.a.n...a.i.s.....=.S.l.i.d.e. .0.1...j.p.g.,.1.0.0.0.,.2.0.0.0.,.".".....=.S.l.i.d.e. .0.2...j.p.g.,.2.0.0.,.3.0.0.0.,."."...........;. .e.n.d.i.n.g. .w.i.t.h. .a. .p.e.r.i.o.d. .(...). .=.>. .s.l.i.d.e.s.h.o.w. .w.i.l.l. .n.o.t. .c.y.c.l.e.....

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\System.dll

Download File

Process:	C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	5.568877095847681
Encrypted:	false
SSDEEP:	192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
MD5:	C17103AE9072A06DA581DEC998343FC1
SHA1:	B72148C6BDFAADA8B8C3F950E610EE7CF1DA1F8D
SHA-256:	DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F
SHA-512:	D32A71AAEF18E993F28096D536E41C4D016850721B31171513CE28BBD805A54FD290B7C3E9D935F72E676A1ACFB4F0DCC89D95040A0DD29F2B6975855C18986F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j....l.9..i....l.Richm.........................PE..L......K...........!................0).......0...............................`......................................p2......t0..P............................P.......................................................0..X............................text...1........................... ..`.rdata.......0......."..............@..@.data...d....@.......&..............@....reloc.......P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\bottom.bmp

Download File

Process:	C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
File Type:	PC bitmap, Windows 3.x format, 536 x 42 x 24, image size 67538, resolution 2834 x 2834 px/m, cbSize 67592, bits offset 54
Category:	dropped
Size (bytes):	67592
Entropy (8bit):	1.5950966958441544
Encrypted:	false
SSDEEP:	6:wy2lo6EsZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZ:wy2lo6vtn
MD5:	4CCC1F563DFDBD569E006AD33260395C
SHA1:	7CB0DC50F98832025137B1AA3E56A5AF74F30D38
SHA-256:	8972A03921D45A0B393B2F87FDD82DB5F279DF35284283EE05A7FB23D8468D52
SHA-512:	04F95A6E95E38DD0DE28E06398C898751DF3D478E30BC9FF0BE87D337BB6FBDFB549BF5CB36A465031062A61CCEC5C6AD5EF75E28F5175088FB17640373CEF28
Malicious:	false
Preview:	BM........6...(.......*.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\bottom1.bmp

Download File

Process:	C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
File Type:	PC bitmap, Windows 3.x format, 233 x 6 x 24, image size 4200, cbSize 4254, bits offset 54
Category:	dropped
Size (bytes):	4254
Entropy (8bit):	2.330200560944688
Encrypted:	false
SSDEEP:	3:mXlyl/bmld/t+XFLiFLiFLiFLB:m4l/+OXEEE3
MD5:	A2C91B2106911E43E6ABBFAC05483168
SHA1:	A8E27AB999256A5C65D11C162B3033358BDC9A3D
SHA-256:	B3DCA2911EB311E6DE89E8846A20495FAC2952D8DAF8FD058BAA9353B619491E
SHA-512:	03BBA5230287A56151829FCB8048533DD77A6D4D65CAA34C788AFE2EE290B861F4E9DEED78E46D366027C22C7DDE0EC80C0986A7E41BB31CB28CE8EBE11D1A2C
Malicious:	false
Preview:	BM........6...(...................h...................ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\.......................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\bottom2.bmp

Download File

Process:	C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
File Type:	PC bitmap, Windows 3.x format, 43 x 42 x 24, image size 5544, cbSize 5598, bits offset 54
Category:	dropped
Size (bytes):	5598
Entropy (8bit):	2.020435182166131
Encrypted:	false
SSDEEP:	6:VqlFcVRW5W5W5W5W5W5W5W5W5W5W5W5W5W5W5W5W5W5W5W5W5W5W5W5W5W5W5W5K:VqHcVg
MD5:	3F2A8782DFC8EFA7C7B5337F138799F0
SHA1:	7A79E2FB3D42A193238DC47BF0673CA9735ED1A7
SHA-256:	41965757945DAE3A01A12571FDDEFE8C35D105D6F88E8D9ADD205BDD170E8232
SHA-512:	700D3EA5E734BAF7AC30CF7B01A53C84F929EFAA0A507ADD26D735741C2141295A82A54BB619D2BFF543FB360DCA995FC41CBA4E2E1EAEA5B12503D1E4E27797
Malicious:	false
Preview:	BM........6...(...+...*...............................ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\ve\.................................................................................................................................ve\.................................................................................................................................ve\.................................................................................................................................ve\.................................................................................................................................ve\.................................................................................................................................ve\.................................................................................................................................ve\.........................

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\button1.bmp

Download File

Process:	C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
File Type:	PC bitmap, Windows 3.x format, 80 x 120 x 24, image size 28802, resolution 2834 x 2834 px/m, cbSize 28856, bits offset 54
Category:	dropped
Size (bytes):	28856
Entropy (8bit):	2.103692106088164
Encrypted:	false
SSDEEP:	384:pQ1111111111111111111111111111111111111111111111111111111111111u:H
MD5:	5E9D9C8105154CAB2F10B0E949FBA970
SHA1:	26AD9F52450CF520C8F19A1CA925FA8A5A654751
SHA-256:	880EED43DA8F254F4AA4BA87CF1BC4219D2C2DB27DB0BDC8E7191A98C8E2600C
SHA-512:	104D62CADA1E194BB9087588681A74EF24945688F8752ADABE4893DB27EF032EA2E6B640B5C72844F274D521C0569D8A46B88BAEB81B33488A2C9897D99B16B5
Malicious:	false
Preview:	BM.p......6...(...P...x............p....................8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8............................................................................................................................................................................................................................................8..8............................................................................................................................................................................................................................................8..8...............................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\button2.bmp

Download File

Process:	C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
File Type:	PC bitmap, Windows 3.x format, 80 x 120 x 24, image size 28802, resolution 2834 x 2834 px/m, cbSize 28856, bits offset 54
Category:	dropped
Size (bytes):	28856
Entropy (8bit):	2.103692106088164
Encrypted:	false
SSDEEP:	384:pQ1111111111111111111111111111111111111111111111111111111111111u:H
MD5:	5E9D9C8105154CAB2F10B0E949FBA970
SHA1:	26AD9F52450CF520C8F19A1CA925FA8A5A654751
SHA-256:	880EED43DA8F254F4AA4BA87CF1BC4219D2C2DB27DB0BDC8E7191A98C8E2600C
SHA-512:	104D62CADA1E194BB9087588681A74EF24945688F8752ADABE4893DB27EF032EA2E6B640B5C72844F274D521C0569D8A46B88BAEB81B33488A2C9897D99B16B5
Malicious:	false
Preview:	BM.p......6...(...P...x............p....................8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8..8............................................................................................................................................................................................................................................8..8............................................................................................................................................................................................................................................8..8...............................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\close.bmp

Download File

Process:	C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
File Type:	PC bitmap, Windows 3.x format, 37 x 25 x 24, image size 2802, resolution 2834 x 2834 px/m, cbSize 2856, bits offset 54
Category:	dropped
Size (bytes):	2856
Entropy (8bit):	2.871270007346121
Encrypted:	false
SSDEEP:	48:fiPllllllquKNKqKjK4iKEK5LK4iKPKjK4KNKrXh:fiBWXEZiH8ViCElWs
MD5:	B75B4048B42AFF6FBD63A7230E99E250
SHA1:	D36B4926209D7977CDB716092B6F249577F2F87D
SHA-256:	C7875F1D27418030038C6DF7D98F18E8B55B0D0191B30FCD8F207005ECB5E775
SHA-512:	8F1442E3A4E73E9FD2EE6BC87D3B106F6846B07CE25AD7E73F258A4C89F43B09CB2D78D3D4EA7E94AFA01A49E5CE2AEA6599E31D1D29D1630765CF2121343EE1
Malicious:	false
Preview:	BM(.......6...(...%.....................................O..O..O..O..O..O..O..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..O..O..O..O..O..O ..O..O..O..O..O..O..O..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..O..O..O..O..O..O ..O..O..O..O..O..O..O..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..O..O..O..O..O..O ..O..O..O..O..O..O..O..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..O..O..O..O..O..O ..O..O..O..O..O..O..O..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..O..O..O..O..O..O ..O..O..O..O..O..O..O..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..O..O..O..O..O..O ..O..O..O..O..O..O..O..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..O..O..O..O..O..O ..O..O..O..O..O..O..O..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..O..O..O..O..O..Om..O..O..O..O..O..O..O..F..F..F..F..F..F..F..F..F..

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\finish.bmp

Download File

Process:	C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
File Type:	PC bitmap, Windows 3.x format, 536 x 328 x 24, image size 527426, resolution 2834 x 2834 px/m, cbSize 527480, bits offset 54
Category:	dropped
Size (bytes):	527480
Entropy (8bit):	3.5834779387970515
Encrypted:	false
SSDEEP:	768:hZetVTlNxXwcPcif8ujGO45FbHAG6Ls2O:hCxlNhwcPcif8ujGO45FbvZ
MD5:	AC6DD2DB828E9CE3F3CB44B0FC4073C1
SHA1:	BDE4448FC6C650F7449B66C0677B2C8254470854
SHA-256:	1956519910FFCE72D4DFC6A99CA9B6965DCE79B856FEEEB714205B66087E4691
SHA-512:	AA49E2D6BB3D3F64F0E7244C97059B69E1828467D57B4D6968A4DA84C905220F5D1355F30CAC26C94713A334BCE1C7D7A12BFC73104903205A32F7B58848DF48
Malicious:	false
Preview:	BMx.......6...(.......H...........B.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\finish_en.bmp

Download File

Process:	C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
File Type:	PC bitmap, Windows 3.x format, 536 x 328 x 24, image size 527426, resolution 2834 x 2834 px/m, cbSize 527480, bits offset 54
Category:	dropped
Size (bytes):	527480
Entropy (8bit):	3.5971587917756755
Encrypted:	false
SSDEEP:	768:kbgetVTlNxXwcPcif8ujGO45FbHAG6Ls2O:kbJxlNhwcPcif8ujGO45FbvZ
MD5:	CC2D1B887B3BFFD598828D2A74341953
SHA1:	17014A9C93517A013EAA34EFA0D348173EA737CF
SHA-256:	B4CF5CDEDE015F60C18D67F1CA644B1C85F65667C9F6B316E08E1D959A959895
SHA-512:	7A60291A768CB34AB39900208DC10D3D78CFEFE35B2F9C65134D6D4ED406DB388E49797D132BDE131F4686F0721221CF633F5FF6C6ED1C90AFD3813D5CC8CEA2
Malicious:	false
Preview:	BMx.......6...(.......H...........B.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\lincese.bmp

Download File

Process:	C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
File Type:	PC bitmap, Windows 3.x format, 536 x 328 x 24, image size 527426, resolution 2834 x 2834 px/m, cbSize 527480, bits offset 54
Category:	dropped
Size (bytes):	527480
Entropy (8bit):	1.793864557082321
Encrypted:	false
SSDEEP:	384:0H1111111111111111111111111111111111111111111111111111111111111n:JO
MD5:	2AD1B7124616CAC56B2452A465C4B3D7
SHA1:	21706B690B03E6FF758E83BD66C8ED5DE57A99FD
SHA-256:	D5C8C3CE77ACB75798A328DCD8351E6B8979486853CD6439C5445625232EC31A
SHA-512:	F7254E0A403A4048708D7CEBF0140E51DD4D51C474B70D4184503D76FC7CB2DBAE15FA281BA69C80DBB0D2CE35654D1B9F25E14FE96A89CD8FB52BB67DCE67D4
Malicious:	false
Preview:	BMx.......6...(.......H...........B.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\nsDialogs.dll

Download File

Process:	C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	9728
Entropy (8bit):	5.054726426952
Encrypted:	false
SSDEEP:	96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420
MD5:	C10E04DD4AD4277D5ADC951BB331C777
SHA1:	B1E30808198A3AE6D6D1CCA62DF8893DC2A7AD43
SHA-256:	E31AD6C6E82E603378CB6B80E67D0E0DCD9CF384E1199AC5A65CB4935680021A
SHA-512:	853A5564BF751D40484EA482444C6958457CB4A17FB973CF870F03F201B8B2643BE41BCCDE00F6B2026DC0C3D113E6481B0DC4C7B0F3AE7966D38C92C6B5862E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../.cXN`0XN`0XN`0XNa0mN`0.A=0UN`0.mP0]N`0.Hf0YN`0.nd0YN`0RichXN`0........................PE..L......K...........!......... ...............0.......................................................................6..k....0.......`.......................p.......................................................0...............................text...G........................... ..`.rdata..k....0......................@..@.data........@......................@....rsrc........`....... ..............@..@.reloc..<....p......."..............@..B................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\nsProcess.dll

Download File

Process:	C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4608
Entropy (8bit):	4.666004851298707
Encrypted:	false
SSDEEP:	48:iYXzAm8HGJLvwM8GJFd6I7W4JtT2bxNNAa4GsNf+CJ8aYqmtlKdgAtgma1QvtCSJ:lz2mJkpGR6GY74GQ1YqmstgGCtR
MD5:	FAA7F034B38E729A983965C04CC70FC1
SHA1:	DF8BDA55B498976EA47D25D8A77539B049DAB55E
SHA-256:	579A034FF5AB9B732A318B1636C2902840F604E8E664F5B93C07A99253B3C9CF
SHA-512:	7868F9B437FCF829AD993FF57995F58836AD578458994361C72AE1BF1DFB74022F9F9E948B48AFD3361ED3426C4F85B4BB0D595E38EE278FEE5C4425C4491DBF
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s.I...I...I...n\|f.L...I...Q...@..K...@..H...@..H...RichI...........PE..L...`..N...........!......................... ...............................`.......................................#....... ..<....@.......................P..\|.................................................... ..`............................text............................... ..`.rdata....... ......................@..@.data... ....0......................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\un1.bmp

Download File

Process:	C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
File Type:	PC bitmap, Windows 3.x format, 536 x 357 x 24, image size 574058, resolution 2834 x 2834 px/m, cbSize 574112, bits offset 54
Category:	dropped
Size (bytes):	574112
Entropy (8bit):	3.1777982129178874
Encrypted:	false
SSDEEP:	384:lH1111111111111111111111111111111111111111111111111111111111111Y:OsgKxPPQp3z1zG6LDsHi
MD5:	42152EFC5F8E0C30A1DD981B36FDF870
SHA1:	3441E4BEE3D8D32A6970A001F3CA451A506AA49C
SHA-256:	B8B738A1F2AFD05642ABD77AA7CEF7BA571571A0096DA5C61FBF1D114E63AD5E
SHA-512:	E3BA6682EA6DF4B4FCB9A381FD2B96976950026EE85064ED1610AD6CB76BC6D72D78228B8E0A58078C325D7B1AF057D64935258D57FB9480C94242EC1D7F4D07
Malicious:	false
Preview:	BM........6...(.......e...........j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\unHeader.bmp

Download File

Process:	C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
File Type:	PC bitmap, Windows 3.x format, 536 x 28 x 24, image size 45026, resolution 2834 x 2834 px/m, cbSize 45080, bits offset 54
Category:	dropped
Size (bytes):	45080
Entropy (8bit):	2.2342185402974932
Encrypted:	false
SSDEEP:	384:KH1111111111111111111111111111111111111111111111111111111111111V:k
MD5:	01FB734950C570BC9BF3032BB0D2D6FC
SHA1:	3E88391913EB04219354C0CFE7C4A42AD981DC39
SHA-256:	5C0D162CD30AA45FB25876CCA06240996237FD6F1C9EAB56661BD1A3123AC7F7
SHA-512:	09C5DFBBBD9D962496651195AC0C6F007D19E2DBFDA558A154C53C9D53C1A72F6800030CFFD5C5CD494E6A6BCE8AF129132EB9A6E3506327AA80EDE7E50EC73D
Malicious:	false
Preview:	BM........6...(........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\welcome.bmp

Download File

Process:	C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
File Type:	PC bitmap, Windows 3.x format, 536 x 328 x 24, image size 527426, resolution 2834 x 2834 px/m, cbSize 527480, bits offset 54
Category:	dropped
Size (bytes):	527480
Entropy (8bit):	3.17904866904157
Encrypted:	false
SSDEEP:	384:0H1111111111111111111111111111111111111111111111111111111111111b:K4/HSyCvB1E/yHquFL6E57m5G6Ls2O
MD5:	301345426C1A908021407DBB91A1E70F
SHA1:	88E560724F52EFF438342E9540CC734DD7A89AAB
SHA-256:	B9CB076588C9D8BCC09B6D828919C6C7FEC3E1F8560F6B7F00E2BF978FC5AE07
SHA-512:	1A252178B608EFCEAC84A15408D76FBAA066AD2E0D8005835AE0BC266A299C75C961A83DF541AB2A6DEBE218202D510A2286E38CAE38979B010EA1F12D29DB9D
Malicious:	false
Preview:	BMx.......6...(.......H...........B.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Entropy (8bit):	7.999910219307998
TrID:	Win32 Executable (generic) a (10002005/4) 92.16% NSIS - Nullsoft Scriptable Install System (846627/2) 7.80% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
File size:	35'188'023 bytes
MD5:	9f29158892d0abc04ad5207ea95acb4d
SHA1:	9810ea23e23a34cc4ee59461b0d3a5f7fd0917c7
SHA256:	5e4394a996d863fb8636a32b81af5e598ccf0c83ca8e00835e5c5475265e91ff
SHA512:	465bd74a993857213c0c543237a22e733ba452f445a56623b62bae2a22e5f4908e575245cd7c2b0d7c6fd7614c457590c78b36e2b467eda880040caf9f3f12a2
SSDEEP:	786432:LHx9gC4XKwPQ35WEnwbFOa4kD6ZBVMy2eJ1+DENKRMB:zx7uK/pNwbFn4m65MyD4E8yB
TLSH:	2B77334B6344CFACCE982E704C25806AD45AC7ED43465E3DAB9E4E858172853FEE1FC6
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..iu..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L...Y..K.................b........../5............@

File Icon


Icon Hash:	0f23555565311713

Static PE Info

General

Entrypoint:	0x40352f
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x4B1AE459 [Sat Dec 5 22:53:13 2009 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	1c042238f43557c055fca8642de8a074

Entrypoint Preview

Instruction
sub esp, 00000180h
push ebx
push ebp
push esi
xor ebx, ebx
push edi
mov dword ptr [esp+18h], ebx
mov dword ptr [esp+10h], 0040A7B8h
xor esi, esi
mov byte ptr [esp+14h], 00000020h
call dword ptr [00408030h]
push 00008001h
call dword ptr [004080B0h]
push ebx
call dword ptr [00408288h]
push 00000008h
mov dword ptr [00426398h], eax
call 00007FD86C82B22Bh
mov dword ptr [004262E4h], eax
push ebx
lea eax, dword ptr [esp+34h]
push 00000160h
push eax
push ebx
push 00420C88h
call dword ptr [00408158h]
push 0040A7ACh
push 00425AE0h
call 00007FD86C82AD31h
call dword ptr [004080ACh]
mov edi, 0042C000h
push eax
push edi
call 00007FD86C82AD1Fh
push ebx
call dword ptr [0040810Ch]
cmp byte ptr [0042C000h], 00000022h
mov dword ptr [004262E0h], eax
mov eax, edi
jne 00007FD86C82835Ch
mov byte ptr [esp+14h], 00000022h
mov eax, 0042C001h
push dword ptr [esp+14h]
push eax
call 00007FD86C82A812h
push eax
call dword ptr [00408228h]
mov dword ptr [esp+1Ch], eax
jmp 00007FD86C8283B5h
cmp cl, 00000020h
jne 00007FD86C828358h
inc eax
cmp byte ptr [eax], 00000020h
je 00007FD86C82834Ch
cmp byte ptr [eax], 00000022h
mov byte ptr [eax+eax+00h], 00000000h

Rich Headers

Programming Language:

[EXP] VC++ 6.0 SP5 build 8804

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x83b0	0xb4	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x41000	0x52b8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x8000	0x298	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x601a	0x6200	4d14369f60bf01614ce626e549d2b0ec	False	0.6583625637755102	data	6.390182852142368	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x8000	0x11e0	0x1200	01e91b03c94beb5e4e28d36b648a610f	False	0.455078125	data	5.310165083369243	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xa000	0x1c3d8	0xc00	0c4b7a44773a679b9afc4f9c6dc4f5f4	False	0.4475911458333333	data	5.114573141266328	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.ndata	0x27000	0x1a000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x41000	0x52b8	0x5400	6ebd4211d5512d6c8093c9bc0d7e91d9	False	0.21754092261904762	data	4.01464456685827	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x413a0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.17147302904564315
RT_ICON	0x43948	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	English	United States	0.26492537313432835
RT_ICON	0x447f0	0x668	Device independent bitmap graphic, 48 x 96 x 4, image size 1152	English	United States	0.42317073170731706
RT_DIALOG	0x44e58	0x220	data	English	United States	0.3382352941176471
RT_DIALOG	0x45078	0x130	data	English	United States	0.5592105263157895
RT_DIALOG	0x451a8	0x1b4	data	English	United States	0.5160550458715596
RT_DIALOG	0x45360	0xee	data	English	United States	0.6218487394957983
RT_DIALOG	0x45450	0x20c	data	English	United States	0.32633587786259544
RT_DIALOG	0x45660	0x11c	data	English	United States	0.5528169014084507
RT_DIALOG	0x45780	0x1a0	data	English	United States	0.5096153846153846
RT_DIALOG	0x45920	0xda	data	English	United States	0.6376146788990825
RT_DIALOG	0x45a00	0x20c	data	English	United States	0.32633587786259544
RT_DIALOG	0x45c10	0x11c	data	English	United States	0.5528169014084507
RT_DIALOG	0x45d30	0x1a0	data	English	United States	0.5096153846153846
RT_DIALOG	0x45ed0	0xda	data	English	United States	0.6376146788990825
RT_GROUP_ICON	0x45fb0	0x30	data	English	United States	0.875
RT_MANIFEST	0x45fe0	0x2d3	XML 1.0 document, ASCII text, with very long lines (723), with no line terminators	English	United States	0.5643153526970954

Imports

DLL	Import
KERNEL32.dll	CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, SetFileTime, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, SetFilePointer, MulDiv, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetTempPathA
USER32.dll	EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetAsyncKeyState, IsDlgButtonChecked, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, RegisterClassA, OpenClipboard, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, wvsprintfA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, ShowWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, EmptyClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, SetForegroundWindow
GDI32.dll	SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
SHELL32.dll	SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
ADVAPI32.dll	RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
COMCTL32.dll	ImageList_AddMasked, ImageList_Destroy, ImageList_Create
ole32.dll	CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
VERSION.dll	GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Network Port Distribution

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 13:36:46.675884008 CET	61384	53	192.168.2.24	1.1.1.1
Dec 26, 2024 13:36:46.676258087 CET	56933	53	192.168.2.24	1.1.1.1
Dec 26, 2024 13:36:46.816447973 CET	56933	53	192.168.2.24	1.1.1.1

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 26, 2024 13:36:46.675884008 CET	192.168.2.24	1.1.1.1	0xf148	Standard query (0)	ecn.dev.virtualearth.net	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:36:46.676258087 CET	192.168.2.24	1.1.1.1	0x18b2	Standard query (0)	assets.msn.com	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:36:46.816447973 CET	192.168.2.24	1.1.1.1	0xf63	Standard query (0)	browser.events.data.msn.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 26, 2024 13:34:49.071073055 CET	1.1.1.1	192.168.2.24	0xdbc7	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 13:34:49.071073055 CET	1.1.1.1	192.168.2.24	0xdbc7	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:36:46.814054966 CET	1.1.1.1	192.168.2.24	0x18b2	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 13:36:46.814127922 CET	1.1.1.1	192.168.2.24	0xf148	No error (0)	ecn.dev.virtualearth.net	ssl2.tiles.virtualearth.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 13:36:46.955192089 CET	1.1.1.1	192.168.2.24	0xf63	No error (0)	browser.events.data.msn.com	global.asimov.events.data.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

System Behavior

Analysis Process: General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exePID: 8308, Parent PID: 724

General

Target ID:	0
Start time:	07:34:55
Start date:	26/12/2024
Path:	C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe"
Imagebase:	0x400000
File size:	35'188'023 bytes
MD5 hash:	9F29158892D0ABC04AD5207EA95ACB4D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\ButtonEvent.dll

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\Header1.bmp

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\Header1_en.bmp

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\Header2.bmp

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\Header2_en.bmp

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\Header3.bmp

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\Header3_en.bmp

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\LangDLL.dll

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\Progress.bmp

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\ProgressBar.bmp

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\SkinBtn.dll

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\Slides\Slide 01.jpg

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\Slides\Slide 0145.jpg

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\Slides\Slide 02.jpg

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\Slides\Slides.dat

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\System.dll

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\bottom.bmp

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\bottom1.bmp

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\bottom2.bmp

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\button1.bmp

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\button2.bmp

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\close.bmp

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\finish.bmp

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\finish_en.bmp

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\lincese.bmp

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\nsDialogs.dll

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\nsProcess.dll

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\un1.bmp

C:\Users\user\AppData\Local\Temp\nsh5748.tmp\unHeader.bmp

Windows Analysis Report
General_ConfigTool_ChnEng_V5.001.0000003.1.R.20231130.exe