CNCEAssistant[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

CNCEAssistant.exe
Size

2.3MB
MD5

df1b84bb54abe9998a171bb08a56b7f0
SHA1

53c4c2791354f38e3c046bb3c62f6bae60a1e28c
SHA256

5b43f713ce01772e17d2a5b4e7b646db200da754b5230a7127cbf50a89f0a700
SHA512

86095220b49a9e926c21e86b54ea99b410b77ac30bfd493b952cfb9854a369b80cfdaafea0b90fcc8c5edd10fd91c15f2aa89d6a90458f3122984f089dfb79b7
SSDEEP

49152:DN4S+Q/BKmYjZhz3ME4KOPRoVrpPT2TM17LGDa7M:DN4S+Qun3pOPRoVrXL+j

Score

1^/10

Malware Config

Signatures

Files

CNCEAssistant.exe
.exe windows x86

5e48eda6abd894d89b85d926cb1512eb

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:7a:91:1e:ff:5e:e2:7c:6c:d9:2a:85:ed:a3:a0:40
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/02/2020, 00:00

Not After

10/02/2023, 12:00

Subject

CN=China Financial Certification Authority Co. Ltd,O=China Financial Certification Authority Co. Ltd,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c7:94:79:b0:00:2e:d5:83:15:dd:cf:2c:c8:a8:0d:58:c5:98:17:15
Signer

Actual PE Digest

c7:94:79:b0:00:2e:d5:83:15:dd:cf:2c:c8:a8:0d:58:c5:98:17:15

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
SetUnhandledExceptionFilter
ExitProcess
GetACP
MulDiv
lstrcpyW
lstrcmpiW
InterlockedIncrement
InterlockedDecrement
ResumeThread
InterlockedExchange
lstrcpynW
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
GetStartupInfoW
RaiseException
RtlUnwind
HeapReAlloc
SetFileTime
LocalFileTimeToFileTime
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
GetCPInfo
GetOEMCP
IsValidCodePage
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringA
LCMapStringW
SetStdHandle
CreateFileA
GetTimeZoneInformation
LoadLibraryA
GetLocaleInfoW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetModuleHandleA
GetProcessHeap
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFileSizeEx
DeleteFileW
GetTempPathW
WriteFile
ReadFile
GetFileSize
FreeResource
LoadResource
SizeofResource
FindResourceW
GlobalUnlock
GlobalLock
GlobalAlloc
GetExitCodeProcess
CreateProcessW
DeviceIoControl
CreateFileW
GetCurrentProcess
RemoveDirectoryW
FindNextFileW
FindClose
CreateDirectoryW
FindFirstFileW
GetNativeSystemInfo
GetVersionExW
MultiByteToWideChar
WideCharToMultiByte
SetFileAttributesW
GetFileAttributesW
GetSystemDirectoryW
SetLastError
GetVolumeInformationW
GetComputerNameA
GetShortPathNameW
FileTimeToLocalFileTime
ExpandEnvironmentStringsW
SetEndOfFile
GetLongPathNameW
SetFilePointer
GetCurrentProcessId
GetCurrentThreadId
InitializeCriticalSection
CopyFileW
MoveFileW
GetUserDefaultUILanguage
TerminateThread
FileTimeToSystemTime
VerSetConditionMask
VerifyVersionInfoW
CompareFileTime
SystemTimeToFileTime
GetSystemTime
CreateThread
GetModuleFileNameW
Sleep
CloseHandle
CreateEventW
OpenEventW
GetModuleHandleW
FormatMessageW
GetLocalTime
WritePrivateProfileStringW
GetLastError
GetTickCount
GetSystemTimeAsFileTime
ResetEvent
WaitForMultipleObjects
WaitForSingleObject
SetEvent
FreeLibrary
GetProcAddress
LoadLibraryW
LocalFree
LockResource
LocalAlloc

user32

SetCursor
wvsprintfW
EqualRect
SetRect
InflateRect
CopyRect
GetPropW
SetPropW
CallWindowProcW
RegisterClassExW
GetClassInfoExW
RegisterClassW
LoadCursorW
EnableWindow
IsWindowEnabled
DefWindowProcW
SetWindowRgn
OffsetRect
MonitorFromWindow
GetMonitorInfoW
GetParent
LoadImageW
SetCapture
IsZoomed
DispatchMessageW
TranslateMessage
GetMessageW
InvalidateRect
GetSysColor
ReleaseCapture
PtInRect
CreateWindowExW
MapWindowPoints
IsWindowVisible
UnionRect
IsIconic
InvalidateRgn
SetWindowTextW
BeginPaint
GetUpdateRect
SetFocus
GetWindow
GetActiveWindow
LoadIconW
GetFocus
CreateCaret
SetCaretPos
GetCaretBlinkTime
SetTimer
KillTimer
SetWindowLongW
GetWindowLongW
GetClientRect
GetDC
ReleaseDC
DestroyWindow
CharNextW
GetWindowTextLengthW
GetCaretPos
GetWindowTextW
MonitorFromPoint
GetClassLongW
GetWindowRgn
GetWindowRect
SystemParametersInfoW
SetWindowPos
ShowWindow
PostMessageW
MessageBoxW
LoadStringW
FindWindowW
IsWindow
RegisterWindowMessageW
RegisterDeviceNotificationW
GetCursorPos
GetKeyState
ScreenToClient
GetSystemMetrics
CreateAcceleratorTableW
GetGUIThreadInfo
wsprintfA
ShowCaret
HideCaret
ClientToScreen
CreatePopupMenu
PostQuitMessage
UnregisterDeviceNotification
SetForegroundWindow
SendMessageW
AppendMenuW
EnableMenuItem
IntersectRect
MoveWindow
TrackPopupMenu
DestroyMenu
FillRect
DrawTextW
EndPaint
CharPrevW
DrawTextA
MapVirtualKeyExW
GetKeyboardLayout
IsRectEmpty
GetKeyNameTextW

advapi32

ConvertSidToStringSidA
LookupAccountNameA
CryptEncrypt
CryptSetKeyParam
CryptDecrypt
CryptGenRandom
CryptGetKeyParam
CryptImportKey
CryptExportKey
CryptGenKey
CryptDestroyKey
CryptGetUserKey
CryptSignHashW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
QueryServiceConfigW
QueryServiceStatus
ControlService
EnumDependentServicesW
StartServiceW
QueryServiceStatusEx
DeleteService
OpenServiceW
CloseServiceHandle
CreateServiceW
OpenSCManagerW
CryptGetProvParam
CryptEnumProvidersW
RegDeleteKeyW
RegEnumValueW
RegCreateKeyExW
RegDeleteValueW
EnableTrace
CloseTrace
StartTraceW
CryptReleaseContext
CryptAcquireContextW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegQueryValueExW
ControlTraceW
RegSetValueExW
TraceEvent
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey

shell32

SHGetFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
DragQueryFileW
Shell_NotifyIconW
ShellExecuteW
SHGetMalloc

ole32

CoCreateInstance
CoUninitialize
OleInitialize
OleUninitialize
CLSIDFromProgID
OleLockRunning
ReleaseStgMedium
RegisterDragDrop
DoDragDrop
OleDuplicateData
StringFromGUID2
CoCreateGuid
CreateStreamOnHGlobal
CoGetMalloc
CLSIDFromString
CoInitialize

oleaut32

VariantInit
VariantClear
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
SysAllocString
SysFreeString

shlwapi

StrStrW
StrStrIA
PathRemoveFileSpecW
PathCombineW
StrRStrIW
StrStrIW
StrRStrIA
PathFileExistsW

crypt32

CertNameToStrW
CertFreeCertificateChainEngine
CertFreeCertificateChain
CertGetCertificateChain
CertAddCertificateContextToStore
CertOpenSystemStoreW
CertFindCertificateInStore
CertOpenStore
CertCreateCertificateChainEngine
CertGetCertificateContextProperty
CertGetPublicKeyLength
CryptMsgClose
CryptMsgGetParam
CertFindExtension
CryptDecodeObjectEx
CryptQueryObject
CertDeleteCertificateFromStore
CertCreateCertificateContext
CertSetCertificateContextProperty
CertAddEncodedCertificateToStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertCloseStore
CryptExportPublicKeyInfo
CryptVerifyDetachedMessageSignature
CryptEncodeObject
CertDuplicateCertificateContext
CryptAcquireCertificatePrivateKey

wininet

InternetQueryOptionW
InternetConnectW
InternetOpenW
InternetGetLastResponseInfoW
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetReadFile
InternetQueryDataAvailable
HttpAddRequestHeadersA
InternetSetOptionW
FindCloseUrlCache
FindNextUrlCacheEntryExW
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryExW
HttpQueryInfoW
HttpSendRequestW
InternetOpenA
HttpOpenRequestW

ws2_32

inet_ntoa
WSAStartup
WSAGetLastError
WSACleanup
gethostbyname
freeaddrinfo
getaddrinfo
gethostname

dbghelp

MiniDumpWriteDump

setupapi

CM_Get_Device_ID_Size
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
CM_Get_Device_IDW
SetupDiDestroyDeviceInfoList
CM_Get_Parent

gdi32

SetBitmapBits
DeleteObject
DeleteDC
GetBitmapBits
GetTextExtentPointA
GdiFlush
TextOutW
GetTextExtentPoint32W
CreatePen
CreateFontIndirectW
GetStockObject
GetCharABCWidthsW
RemoveFontMemResourceEx
CreateCompatibleDC
SelectObject
GetObjectA
SetWindowOrgEx
RoundRect
Rectangle
LineTo
MoveToEx
CreatePenIndirect
ExtTextOutW
SetBkColor
SetStretchBltMode
StretchBlt
CombineRgn
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
SelectClipRgn
PtInRegion
CreateRectRgn
CreateDIBSection
CreateSolidBrush
SetTextColor
SetBkMode
CreateRoundRectRgn
PlayEnhMetaFile
CreateCompatibleBitmap
GetDeviceCaps
GetEnhMetaFileHeader
CreateDIBitmap
AddFontMemResourceEx
GetTextMetricsW
CloseEnhMetaFile
GetObjectW
RestoreDC
BitBlt
SaveDC
CreateEnhMetaFileW

gdiplus

GdipAlloc
GdipFree
GdipDeleteGraphics
GdipDrawImageRectI
GdipImageSelectActiveFrame
GdipCreateFontFromDC
GdipTranslateWorldTransform
GdipImageGetFrameCount
GdipLoadImageFromFile
GdipDrawString
GdipMeasureString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetPropertyItemSize
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFromHDC
GdipRotateWorldTransform
GdipCloneBrush
GdipDeleteBrush
GdiplusShutdown
GdipCloneImage
GdipLoadImageFromStream
GdipDisposeImage
GdipCreateSolidFill
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipGetPropertyItem
GdiplusStartup

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

iphlpapi

GetAdaptersInfo
GetNetworkParams

wintrust

CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseContext

cryptui

CryptUIDlgViewCertificateW

comctl32

InitCommonControlsEx
_TrackMouseEvent
ord17

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 315KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e48eda6abd894d89b85d926cb1512eb

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0f:7a:91:1e:ff:5e:e2:7c:6c:d9:2a:85:ed:a3:a0:40Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

c7:94:79:b0:00:2e:d5:83:15:dd:cf:2c:c8:a8:0d:58:c5:98:17:15Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

crypt32

wininet

ws2_32

dbghelp

setupapi

gdi32

gdiplus

version

iphlpapi

wintrust

cryptui

comctl32

imm32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 315KB - Virtual size: 314KB

.data Size: 49KB - Virtual size: 61KB

.rsrc Size: 312KB - Virtual size: 312KB

.reloc Size: 115KB - Virtual size: 114KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0f:7a:91:1e:ff:5e:e2:7c:6c:d9:2a:85:ed:a3:a0:40
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

c7:94:79:b0:00:2e:d5:83:15:dd:cf:2c:c8:a8:0d:58:c5:98:17:15
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 315KB - Virtual size: 314KB

.data
Size: 49KB - Virtual size: 61KB

.rsrc
Size: 312KB - Virtual size: 312KB

.reloc
Size: 115KB - Virtual size: 114KB