SoftEtherVPN[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SoftEtherVPN.exe
Size

6.5MB
MD5

29a65da125f467f79e766c6265347717
SHA1

c6e0a642b965c27634883f05255096d3fd8575f9
SHA256

a9ab5ccd36d7d2e8d4c6ffc31598fd88d5502360edba8253bfc2f20e2e634b2c
SHA512

a48eae66feecd41f01964170d7bde044e7bbd24cfbf3240ea71552b1fb900703a73b53394b671075bd35e6cdfd47e741ab8027e365d32184f710f6147aee7cc0
SSDEEP

98304:2ZxaV/F+etRcMadWeMByLqg3NCYgBQJY/uJK2M0vJ5siRj2fIvqCgNarWgKj:2uVt+Jd8eMBOP30YzYGJXreiPgW

Score

1^/10

Malware Config

Signatures

Files

SoftEtherVPN.exe
.exe windows:6 windows x86 arch:x86

20de211c4a5b7c9cac80ffcd683754cc

Code Sign

06:67:51:81:e7:b5:e1:03:0b:3d:40:92:6e:2a:47:d3
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

28/11/2020, 00:00

Not After

22/10/2023, 23:59

Subject

SERIALNUMBER=2770852,CN=ORANGE VIEW LIMITED,O=ORANGE VIEW LIMITED,L=Kowloon,C=HK,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302484b

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:ed:33:20:27:90:7f:50:be:1b:7f:f4:2b:e5:9a:a5
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

28/11/2020, 00:00

Not After

22/10/2023, 23:59

Subject

SERIALNUMBER=2770852,CN=ORANGE VIEW LIMITED,O=ORANGE VIEW LIMITED,L=Kowloon,C=HK,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302484b

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:cb:34:fd:3d:ff:12:11:33:9f:f0:7c:4b:21:57:c7
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

30/08/2022, 00:00

Not After

29/08/2023, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ac:1f:f3:85:d4:5f:6c:e9:7f:48:8b:cd:15:0d:86:ce:38:9b:07:b4:40:a1:ac:f8:67:04:ea:4f:68:99:d4:bd
Signer

Actual PE Digest

ac:1f:f3:85:d4:5f:6c:e9:7f:48:8b:cd:15:0d:86:ce:38:9b:07:b4:40:a1:ac:f8:67:04:ea:4f:68:99:d4:bd

Digest Algorithm

sha256

PE Digest Matches

true

f8:12:f1:32:e1:55:a6:ac:4f:01:34:12:84:e4:c5:4b:cb:14:ae:b9
Signer

Actual PE Digest

f8:12:f1:32:e1:55:a6:ac:4f:01:34:12:84:e4:c5:4b:cb:14:ae:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

Imports

ws2_32

WSASetLastError
sendto
recvfrom
ntohl
inet_ntoa
getsockname
recv
getsockopt
shutdown
WSASend
select
getpeername
htons
ioctlsocket
closesocket
bind
accept
__WSAFDIsSet
WSACloseEvent
WSAGetLastError
WSASendTo
WSASocketW
WSAStringToAddressW
setsockopt
send
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAAddressToStringW
WSARecv
listen
connect
WSAWaitForMultipleEvents
ntohs
WSAIoctl
socket
inet_pton
WSACleanup
WSAStartup
getnameinfo
freeaddrinfo
getaddrinfo
htonl
gethostname

secur32

GetUserNameExW

kernel32

TlsSetValue
TlsFree
VerifyVersionInfoA
GetDriveTypeW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
OutputDebugStringA
WTSGetActiveConsoleSessionId
GetEnvironmentVariableW
HeapAlloc
HeapFree
GetProcessHeap
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
GetModuleHandleW
LoadLibraryExA
DeviceIoControl
GetSystemTimeAsFileTime
GetFileInformationByHandle
DuplicateHandle
SetErrorMode
GetFileSizeEx
GetDiskFreeSpaceW
GetFileAttributesW
GetFileSize
GetVolumeInformationW
GetLogicalDriveStringsW
QueryDosDeviceW
GetLogicalDriveStringsA
SetFilePointerEx
FindFirstFileA
TlsGetValue
OpenSemaphoreA
CreateSemaphoreA
FlushFileBuffers
VerifyVersionInfoW
FormatMessageA
GlobalFree
WaitForMultipleObjects
GetTickCount
GetCurrentProcess
SetLastError
VerSetConditionMask
GetTimeZoneInformation
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTime
MoveFileA
CopyFileA
SetFileTime
SetFileAttributesA
DeleteFileA
CreateFileA
CreateDirectoryA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetModuleHandleA
SetWaitableTimer
GetExitCodeThread
TerminateThread
TlsAlloc
VirtualAlloc
QueueUserAPC
ExitThread
GetCurrentThreadId
GetCurrentThread
Sleep
GetFullPathNameA
GetFileAttributesA
ReleaseSemaphore
GetCurrentDirectoryA
SetCurrentDirectoryA
ExpandEnvironmentStringsA
WritePrivateProfileSectionA
GetPrivateProfileSectionA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
PulseEvent
OpenEventA
CreateWaitableTimerA
GetComputerNameA
InitializeCriticalSectionAndSpinCount
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
ExitProcess
lstrcmpiA
SetFileAttributesW
DeleteFileW
CreateFileW
LocalFree
LocalAlloc
SetEvent
GetDriveTypeA
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
IsWow64Process
GetFileTime
GetEnvironmentVariableA
GetConsoleScreenBufferInfo
FlushConsoleInputBuffer
SetConsoleCtrlHandler
ReadConsoleInputA
GetNumberOfConsoleInputEvents
SetConsoleMode
GetConsoleMode
GetStdHandle
GetProcAddress
FreeLibrary
OpenProcess
GetSystemDirectoryA
CreateProcessA
GetExitCodeProcess
TerminateProcess
GetCurrentProcessId
WaitForSingleObject
GetLastError
CloseHandle
WideCharToMultiByte
MultiByteToWideChar
GetUserDefaultUILanguage
LoadLibraryA
GetModuleFileNameA
AreFileApisANSI
VirtualFree
VirtualLock
VirtualUnlock
MoveFileExA
FindFirstFileW
GetFileAttributesExW
RemoveDirectoryW
CreateDirectoryW
GetStringTypeW
WaitForSingleObjectEx
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
QueryPerformanceCounter
QueryPerformanceFrequency
InitOnceBeginInitialize
InitOnceComplete
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
IsProcessorFeaturePresent
EncodePointer
DecodePointer
LCMapStringEx
GetLocaleInfoEx
CompareStringEx
GetCPInfo
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
InterlockedPushEntrySList
LoadLibraryExW
CreateThread
FreeLibraryAndExitThread
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetModuleFileNameW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
ReadConsoleW
HeapReAlloc
HeapSize
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
GetComputerNameExA
CopyFileW
ReplaceFileA
GetWindowsDirectoryA
FileTimeToLocalFileTime
IsBadReadPtr
CancelIo
CreateEventA
FormatMessageW
GetStartupInfoA
SleepEx
FindNextFileA

shell32

SHGetPathFromIDListA
SHGetFolderLocation
SHGetFolderPathA
SHGetPathFromIDListW
SHGetSpecialFolderLocation

advapi32

CloseEventLog
OpenEventLogA
ReadEventLogA
ConvertSidToStringSidA
LsaFreeMemory
LsaClose
LsaOpenPolicy
LsaQueryInformationPolicy
GetSecurityDescriptorDacl
LookupPrivilegeNameA
ChangeServiceConfig2A
ControlService
CreateServiceA
DeleteService
EnumDependentServicesA
QueryServiceStatusEx
QueryServiceObjectSecurity
QueryServiceStatus
SetServiceObjectSecurity
StartServiceA
SetEntriesInAclA
RegisterServiceCtrlHandlerExA
SetServiceStatus
StartServiceCtrlDispatcherA
DeregisterEventSource
RegisterEventSourceA
ReportEventA
RegConnectRegistryA
RegFlushKey
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
OpenServiceA
OpenSCManagerA
CloseServiceHandle
QueryServiceConfigA
SystemFunction036
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
LookupPrivilegeValueA
ImpersonateSelf
AdjustTokenPrivileges
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegCreateKeyExA
RegCloseKey
FreeSid
AllocateAndInitializeSid
OpenThreadToken
LookupAccountSidA
EqualSid
GetTokenInformation
OpenProcessToken
CryptImportKey
CryptEncrypt
RegDeleteKeyA

iphlpapi

GetIpAddrTable
GetAdaptersAddresses

winhttp

WinHttpGetDefaultProxyConfiguration
WinHttpCloseHandle
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen

wtsapi32

WTSWaitSystemEvent

activeds

ord6
ord9
ord13
ord3

netapi32

DsGetDcNameW
NetUserGetLocalGroups
NetUserGetGroups
NetUserEnum
NetGroupEnum
NetApiBufferFree
DsEnumerateDomainTrustsA

crypt32

CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptUnprotectMemory
CryptProtectMemory
CertFreeCertificateChain

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
CM_Get_Child
SetupDiEnumDeviceInterfaces
CMP_WaitNoPendingInstallEvents
CM_Get_Device_IDA
CM_Get_Device_ID_Size
CM_Get_DevNode_Registry_PropertyA
CM_Get_Parent
CM_Get_Sibling
SetupDiOpenDeviceInfoA

psapi

GetModuleFileNameExA

Sections

.text
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 771KB - Virtual size: 771KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 234KB - Virtual size: 405KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 290KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20de211c4a5b7c9cac80ffcd683754cc

Code Sign

06:67:51:81:e7:b5:e1:03:0b:3d:40:92:6e:2a:47:d3Certificate

Extended Key Usages

Key Usages

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

0d:ed:33:20:27:90:7f:50:be:1b:7f:f4:2b:e5:9a:a5Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

03:cb:34:fd:3d:ff:12:11:33:9f:f0:7c:4b:21:57:c7Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

ac:1f:f3:85:d4:5f:6c:e9:7f:48:8b:cd:15:0d:86:ce:38:9b:07:b4:40:a1:ac:f8:67:04:ea:4f:68:99:d4:bdSigner

f8:12:f1:32:e1:55:a6:ac:4f:01:34:12:84:e4:c5:4b:cb:14:ae:b9Signer

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

secur32

kernel32

shell32

advapi32

iphlpapi

winhttp

wtsapi32

activeds

netapi32

crypt32

version

setupapi

psapi

Sections

.text Size: 5.1MB - Virtual size: 5.1MB

.rdata Size: 771KB - Virtual size: 771KB

.data Size: 234KB - Virtual size: 405KB

.rsrc Size: 116KB - Virtual size: 116KB

.reloc Size: 290KB - Virtual size: 289KB

06:67:51:81:e7:b5:e1:03:0b:3d:40:92:6e:2a:47:d3
Certificate

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

0d:ed:33:20:27:90:7f:50:be:1b:7f:f4:2b:e5:9a:a5
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

03:cb:34:fd:3d:ff:12:11:33:9f:f0:7c:4b:21:57:c7
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

ac:1f:f3:85:d4:5f:6c:e9:7f:48:8b:cd:15:0d:86:ce:38:9b:07:b4:40:a1:ac:f8:67:04:ea:4f:68:99:d4:bd
Signer

f8:12:f1:32:e1:55:a6:ac:4f:01:34:12:84:e4:c5:4b:cb:14:ae:b9
Signer

.text
Size: 5.1MB - Virtual size: 5.1MB

.rdata
Size: 771KB - Virtual size: 771KB

.data
Size: 234KB - Virtual size: 405KB

.rsrc
Size: 116KB - Virtual size: 116KB

.reloc
Size: 290KB - Virtual size: 289KB