nox_setup_v7[.]0[.]3[.]1_full (2)[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

nox_setup_v7.0.3.1_full (2).exe
Size

534.0MB
MD5

974e8f0fc248620cc503959c461cf85f
SHA1

5d0ff178aab133863ec05fec3d7e7957a98b5c19
SHA256

2a23c098453caabcd1eaf96d41a70d52aa914e8ed6ee3a13965e83031bfef322
SHA512

3f157b128edb6441986fce76038b8f8100a8173834cb6eda7856d0576879fe52c1c8b3bac9fff5aa25625b028343952006fb913d1ad5b0d51635bf81ef257ce6
SSDEEP

12582912:2MKHk8Y/aIXKpkrHh/J57N5s7S4hZiL4X/o8rIlgTdgV9PtFT41Ls:2MT8Yik9fpu7NILi/oYfBg7Uds

Score

1^/10

Malware Config

Signatures

Files

nox_setup_v7.0.3.1_full (2).exe
.exe windows x86

095308d7b7e19697e8d43e81069c27d4

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:e0:46:08:98:41:74:2e:8e:77:19:01:67:90:62:2b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

29/10/2021, 00:00

Not After

22/11/2022, 23:59

Subject

CN=Nox Limited,O=Nox Limited,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e9:6a:e8:e2:70:30:bc:27:68:c4:26:f5:4b:67:34:bb:8e:e4:fa:47:19:ed:30:c4:c0:66:18:15:7d:ed:7c:80
Signer

Actual PE Digest

e9:6a:e8:e2:70:30:bc:27:68:c4:26:f5:4b:67:34:bb:8e:e4:fa:47:19:ed:30:c4:c0:66:18:15:7d:ed:7c:80

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Nox Limited,O=Nox Limited,ST=北京市,C=CN

12/07/2022, 06:02
Valid: true

Chain 1

CN=Nox Limited,O=Nox Limited,ST=北京市,C=CN

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TryEnterCriticalSection
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetModuleHandleExA
GetCurrentThreadId
SetThreadPriority
GetPrivateProfileStringA
lstrcpynW
GlobalMemoryStatusEx
RaiseException
SetLastError
InitializeCriticalSectionAndSpinCount
lstrcmpW
GetSystemDefaultLangID
GetVersion
GetUserDefaultLCID
GetCommandLineW
GetEnvironmentVariableA
GetDriveTypeW
DecodePointer
SetUnhandledExceptionFilter
ExitProcess
GetLocalTime
LoadLibraryExW
SetEvent
ResetEvent
CreateEventW
CreateFileA
CompareFileTime
CreateDirectoryA
GetFileTime
SetFileAttributesA
GetModuleFileNameA
SetEndOfFile
QueueUserWorkItem
GetStartupInfoW
GetSystemInfo
GetACP
FormatMessageA
InitializeCriticalSectionEx
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryW
VerifyVersionInfoW
QueryPerformanceCounter
WaitForSingleObjectEx
ExpandEnvironmentStringsA
GetStdHandle
PeekNamedPipe
WaitForMultipleObjects
GetEnvironmentVariableW
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetConsoleMode
GetModuleHandleExW
TerminateThread
GetSystemTimeAsFileTime
SwitchToFiber
DeleteFiber
CreateFiber
LoadLibraryA
ConvertFiberToThread
LeaveCriticalSection
CreateThread
GetCurrentProcessId
WaitForSingleObject
GetLastError
RemoveDirectoryW
ReadFile
GetVolumeInformationW
WriteConsoleW
GetModuleHandleW
InitializeCriticalSection
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
FindFirstFileExA
GetTimeZoneInformation
GetFullPathNameA
GetFullPathNameW
FlushFileBuffers
HeapSize
SetStdHandle
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetCurrentThread
GetConsoleCP
HeapReAlloc
SetConsoleCtrlHandler
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetCommandLineA
FreeLibraryAndExitThread
ResumeThread
ExitThread
GetFileAttributesExW
InterlockedFlushSList
RtlUnwind
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
GetProcessHeap
HeapFree
HeapAlloc
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
EncodePointer
GetStringTypeW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
lstrcatW
lstrcpyW
lstrcmpiW
lstrcmpiA
OpenProcess
ConvertThreadToFiber
EnterCriticalSection
GetModuleFileNameW
GetTickCount
GetLongPathNameW
FindNextFileW
FindFirstFileW
FindClose
CreateDirectoryW
WideCharToMultiByte
WritePrivateProfileStructW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
DeleteFileW
lstrlenW
MulDiv
LocalFree
LocalAlloc
CloseHandle
WriteFile
SetFileAttributesW
CreateFileW
FindResourceW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
SizeofResource
FreeResource
LockResource
LoadResource
GetExitCodeProcess
Sleep
CreatePipe
SetHandleInformation
OutputDebugStringW
DebugBreak
RemoveDirectoryA
QueryDosDeviceW
GetTempFileNameW
GetLogicalDriveStringsW
GetFileSize
FindNextFileA
FindFirstFileA
DeleteFileA
SetCurrentDirectoryW
DosDateTimeToFileTime
GetCurrentProcess
DuplicateHandle
SetFileTime
SetFilePointer
GetFileType
GetCurrentDirectoryW
lstrlenA
lstrcpyA
lstrcpynA
GetTempPathW
GetDiskFreeSpaceExW
DeviceIoControl
SystemTimeToFileTime
LoadLibraryW
GetProcAddress
FreeLibrary
GetSystemTime
GetVersionExW
MultiByteToWideChar
MoveFileExW
SetEnvironmentVariableW
CopyFileW
CreateProcessW
OutputDebugStringA
SuspendThread
FormatMessageW

user32

GetWindowRect
SendMessageW
GetDesktopWindow
ReleaseDC
GetDC
LoadStringW
FillRect
GetMonitorInfoW
EnumDisplaySettingsW
GetClipboardData
RegisterClipboardFormatW
IsClipboardFormatAvailable
GetAsyncKeyState
SetCapture
ReleaseCapture
SetCursor
GetCursorPos
CreateCaret
HideCaret
ShowCaret
SetCaretPos
ClientToScreen
GetSysColor
IntersectRect
UnionRect
PtInRect
RegisterWindowMessageW
PostThreadMessageW
FindWindowW
MonitorFromWindow
SystemParametersInfoW
TrackMouseEvent
IsIconic
IsWindowEnabled
wsprintfW
MapWindowPoints
CopyRect
SetWindowPos
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
GetParent
FindWindowExW
GetWindowThreadProcessId
TranslateMessage
DispatchMessageW
PeekMessageW
AttachThreadInput
BringWindowToTop
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
MessageBoxW
CharNextW
PostMessageW
WaitMessage
DefWindowProcW
PostQuitMessage
UnregisterClassW
RegisterClassExW
CreateWindowExW
DestroyWindow
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
IsRectEmpty
CallWindowProcW
GetClassInfoExW
IsWindow
ShowWindow
SetFocus
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetWindowLongW
SetWindowLongW
LoadCursorW
BeginPaint
EndPaint
InvalidateRect
DrawIcon
DrawTextW
LoadImageW
DrawIconEx
GetFocus
GetKeyState
GetClientRect
UpdateWindow
GetMessagePos
IsZoomed
EnableWindow
SetWindowRgn
ScreenToClient
OffsetRect
ChangeDisplaySettingsW
GetProcessWindowStation
GetUserObjectInformationW
GetWindow
SetClassLongW

gdi32

SetViewportOrgEx
SetBkColor
MoveToEx
GetObjectA
SetTextColor
RoundRect
Rectangle
LineTo
SetBkMode
GetTextExtentPoint32W
GetCurrentObject
GetClipBox
ExcludeClipRect
CreateSolidBrush
SetWindowOrgEx
CreateFontIndirectW
DeleteObject
CreatePatternBrush
CreateFontW
CreateCompatibleBitmap
GetObjectW
CreateDIBSection
SelectObject
GetDIBits
GetDeviceCaps
DeleteDC
CreateCompatibleDC
BitBlt
GetStockObject
CombineRgn
CreateRectRgn
CreateRoundRectRgn
CreateRectRgnIndirect
SelectClipRgn
GdiSetBatchLimit
CreatePen
StretchBlt

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
SetEntriesInAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
OpenProcessToken
CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
AllocateAndInitializeSid
FreeSid
GetLengthSid
CreateWellKnownSid

shell32

SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
CommandLineToArgvW
Shell_NotifyIconW
SHFileOperationW
ShellExecuteW
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
SHGetMalloc

ole32

CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoLoadLibrary
StringFromGUID2
CoInitializeEx
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

OleLoadPicture
SysFreeString
VarUI4FromStr
GetErrorInfo
VariantClear
VariantInit
VariantChangeType
SetErrorInfo
CreateErrorInfo
SysAllocString

shlwapi

SHRegSetUSValueA
PathAppendW
PathCanonicalizeW
PathFindExtensionW
PathIsDirectoryW
PathIsRootW
SHRegGetUSValueA
PathMatchSpecW
PathRemoveExtensionW
PathRemoveFileSpecW
SHGetValueW
PathIsDirectoryEmptyW
PathAppendA
PathCombineA
PathFileExistsA
PathFindFileNameA
PathIsDirectoryA
StrStrIW
StrStrW
PathFileExistsW
PathRemoveFileSpecA
PathFindFileNameW
StrCmpIW
PathAddBackslashW

comctl32

InitCommonControlsEx

msimg32

TransparentBlt
AlphaBlend

gdiplus

GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawString
GdipCreateBitmapFromHBITMAP
GdipDeleteFont
GdipCreateFontFromDC
GdipDrawImageRectI
GdipFillPath
GdipFillRectangleI
GdipDrawPath
GdipDrawRectangleI
GdipDrawLineI
GdipSetTextRenderingHint
GdipReleaseDC
GdipSetImageAttributesColorKeys
GdipGetPropertyItem
GdipCreateFontFromLogfontA
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipTranslateTextureTransform
GdipCreateTexture2I
GdipDeleteBrush
GdipCloneBrush
GdipAddPathArcI
GdipAddPathLineI
GdipDeletePath
GdipClonePath
GdipCreatePath
GdiplusShutdown
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToFile
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipDrawImageRectRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdiplusStartup
GdipFree
GdipAlloc
GdipGetPropertyItemSize

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

InternetReadFile
HttpQueryInfoW
InternetSetOptionW
InternetSetCookieA
InternetSetCookieW
InternetErrorDlg
InternetGetCookieW
InternetOpenA
InternetConnectW
InternetOpenUrlA
HttpOpenRequestW
HttpSendRequestA
InternetOpenUrlW
InternetCloseHandle
InternetOpenW
InternetCrackUrlW

netapi32

Netbios

iphlpapi

GetAdaptersInfo

psapi

GetProcessImageFileNameW

dbghelp

MiniDumpWriteDump

crypt32

CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertGetCertificateContextProperty

winmm

timeGetTime

bcrypt

BCryptGenRandom

ws2_32

bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
__WSAFDIsSet
select
getaddrinfo
freeaddrinfo
accept
listen
recvfrom
sendto
ioctlsocket
gethostname
gethostbyname
getnameinfo
send
recv
socket
WSAGetLastError
shutdown

wldap32

ord147
ord133
ord79
ord142
ord301
ord127
ord27
ord26
ord118
ord41
ord167
ord208
ord216
ord14
ord46
ord219
ord145

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 713KB - Virtual size: 712KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 526.0MB - Virtual size: 526.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

095308d7b7e19697e8d43e81069c27d4

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0e:e0:46:08:98:41:74:2e:8e:77:19:01:67:90:62:2bCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

e9:6a:e8:e2:70:30:bc:27:68:c4:26:f5:4b:67:34:bb:8e:e4:fa:47:19:ed:30:c4:c0:66:18:15:7d:ed:7c:80Signer

Signature Validations

Verification

12/07/2022, 06:02 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

version

wininet

netapi32

iphlpapi

psapi

dbghelp

crypt32

winmm

bcrypt

ws2_32

wldap32

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 713KB - Virtual size: 712KB

.data Size: 36KB - Virtual size: 74KB

.gfids Size: 2KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 526.0MB - Virtual size: 526.0MB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0e:e0:46:08:98:41:74:2e:8e:77:19:01:67:90:62:2b
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

e9:6a:e8:e2:70:30:bc:27:68:c4:26:f5:4b:67:34:bb:8e:e4:fa:47:19:ed:30:c4:c0:66:18:15:7d:ed:7c:80
Signer

12/07/2022, 06:02
Valid: true

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 713KB - Virtual size: 712KB

.data
Size: 36KB - Virtual size: 74KB

.gfids
Size: 2KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 526.0MB - Virtual size: 526.0MB