NZXT-CAM-Setup[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NZXT-CAM-Setup.exe
Size

1.4MB
MD5

7bc1ab23ae2769aafb891308034c41ba
SHA1

8795024b6bf5f9b9e3a2cfbee9787ec47d38f4a9
SHA256

47c83ac3471b06f61aa938f66d26a578fe6996910bb2ecfb825823a8d92cadb7
SHA512

d74a5a290e1e2bcadf1f6e12e54c9aac4a41f5fae25f7fe1e18a293612e6122a6abf576745578dd3a588a583edf13044a3c5a9e4e4eacabe0d67d96f3cbd65a7
SSDEEP

24576:uPXwpnr94DaqvIs98OheVUJNPJBA30GgD7zqK7WXVHZTbntczFXonZQ3F:uenr94DZgs98qeVUJNzA3OWK7W9ZTbti

Score

1^/10

Malware Config

Signatures

Files

NZXT-CAM-Setup.exe
.exe windows:6 windows x64 arch:x64

99267360909b0113b7eefce698966dee

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:4a:53:cb:72:31:03:36:21:e4:e0:45:b5:8b:c5:c9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

06-02-2024 00:00

Not After

05-02-2025 23:59

Subject

SERIALNUMBER=5707170,CN=NZXT\, Inc.,O=NZXT\, Inc.,L=City of Industry,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a7:c8:9c:d3:45:fd:b1:7a:85:73:cd:ed:46:86:a5:72:a7:3d:71:10:dc:db:da:af:fa:dd:58:90:bc:d5:bc:05
Signer

Actual PE Digest

a7:c8:9c:d3:45:fd:b1:7a:85:73:cd:ed:46:86:a5:72:a7:3d:71:10:dc:db:da:af:fa:dd:58:90:bc:d5:bc:05

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\norbe\Desktop\one-click-installer\x64\Release\one-click-install.pdb

Imports

gdiplus

GdipCreatePen1
GdipGetPropertyItemSize
GdipDrawImageI
GdipLoadImageFromStream
GdipDeletePen
GdipCreateFromHDC
GdipDeleteGraphics
GdiplusStartup
GdiplusShutdown
GdipDeleteFontFamily
GdipGetImageHeight
GdipDrawRectangleI
GdipCreateFontFamilyFromName
GdipImageGetFrameDimensionsCount
GdipCloneImage
GdipDeleteBrush
GdipGetPropertyItem
GdipAlloc
GdipDisposeImage
GdipCreateFont
GdipCreateSolidFill
GdipGetGenericFontFamilySansSerif
GdipFree
GdipDrawString
GdipImageSelectActiveFrame
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipMeasureString
GdipFillRectangleI
GdipDeleteFont
GdipGetImageWidth

shlwapi

ord12
UrlEscapeA

wininet

InternetGetConnectedState

advapi32

CryptAcquireContextW
RegOpenKeyExW
RegCloseKey
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptEncrypt
CryptImportKey
CryptDestroyKey
RegQueryValueExW
CryptDestroyHash

ws2_32

ntohl
htonl
WSACleanup
WSAStartup
gethostname
ioctlsocket
sendto
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSAGetLastError
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
socket
WSASetLastError
select
__WSAFDIsSet
recv

crypt32

CertFreeCertificateContext

wldap32

ord211
ord46
ord60
ord50
ord41
ord22
ord26
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord143

normaliz

IdnToAscii

kernel32

WriteFile
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
ExitThread
WriteConsoleW
GetModuleHandleExW
GetCurrentDirectoryW
RaiseException
RtlPcToFileHeader
GetConsoleMode
ReadConsoleW
GetConsoleCP
RtlUnwindEx
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
FlushFileBuffers
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
SetStdHandle
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
AreFileApisANSI
GetWindowsDirectoryW
DeviceIoControl
SetFilePointerEx
GetTimeZoneInformation
SetEndOfFile
RemoveDirectoryW
GetEnvironmentVariableW
InitializeSListHead
GetFullPathNameW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetFileInformationByHandle
GetFileAttributesW
GetCurrentProcessId
SizeofResource
HeapFree
GetModuleFileNameW
CreateMutexW
WaitForSingleObject
Sleep
GetLastError
OutputDebugStringW
LockResource
CloseHandle
LoadResource
FindResourceW
HeapAlloc
LocalFree
GetProcessHeap
CreateProcessW
GetModuleHandleW
WideCharToMultiByte
GetExitCodeProcess
GetCurrentThreadId
FreeLibrary
GetProcAddress
GetTickCount64
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
VerSetConditionMask
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
VerifyVersionInfoA
FormatMessageA
WaitForSingleObjectEx
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
MultiByteToWideChar
GetStartupInfoW
IsDebuggerPresent
ResetEvent
SetEvent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
DecodePointer
EncodePointer
GetTickCount
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
HeapSize
InitializeCriticalSectionAndSpinCount
GetExitCodeThread
GetCurrentThread
FindNextFileW
FindClose
DeleteFileW
RtlUnwind
QueryPerformanceCounter
QueryPerformanceFrequency
GetStringTypeW
TryEnterCriticalSection
DuplicateHandle
GetCurrentProcess
SwitchToThread
CreateFileW

user32

ShowWindow
LoadIconW
LoadCursorW
BeginPaint
CreateWindowExW
GetMessageW
PostMessageW
MessageBoxW
GetWindowLongPtrW
SetTimer
TranslateMessage
PostThreadMessageW
PostQuitMessage
InvalidateRect
SetWindowRgn
SetWindowLongPtrW
DestroyWindow
DefWindowProcW
RegisterClassExW
DispatchMessageW
GetSystemMetrics
EndPaint

gdi32

CreateRoundRectRgn
CreateCompatibleDC
SelectObject
DeleteDC
DeleteObject
CreateCompatibleBitmap
BitBlt

shell32

ShellExecuteW
CommandLineToArgvW
SHGetKnownFolderPath

ole32

CoTaskMemFree
CoInitializeEx
CoUninitialize

Sections

.text
Size: 1001KB - Virtual size: 1000KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 329KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99267360909b0113b7eefce698966dee

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

07:4a:53:cb:72:31:03:36:21:e4:e0:45:b5:8b:c5:c9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

a7:c8:9c:d3:45:fd:b1:7a:85:73:cd:ed:46:86:a5:72:a7:3d:71:10:dc:db:da:af:fa:dd:58:90:bc:d5:bc:05Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

shlwapi

wininet

advapi32

ws2_32

crypt32

wldap32

normaliz

kernel32

user32

gdi32

shell32

ole32

Sections

.text Size: 1001KB - Virtual size: 1000KB

.rdata Size: 329KB - Virtual size: 328KB

.data Size: 25KB - Virtual size: 35KB

.pdata Size: 51KB - Virtual size: 50KB

.rsrc Size: 36KB - Virtual size: 35KB

.reloc Size: 8KB - Virtual size: 7KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

07:4a:53:cb:72:31:03:36:21:e4:e0:45:b5:8b:c5:c9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

a7:c8:9c:d3:45:fd:b1:7a:85:73:cd:ed:46:86:a5:72:a7:3d:71:10:dc:db:da:af:fa:dd:58:90:bc:d5:bc:05
Signer

.text
Size: 1001KB - Virtual size: 1000KB

.rdata
Size: 329KB - Virtual size: 328KB

.data
Size: 25KB - Virtual size: 35KB

.pdata
Size: 51KB - Virtual size: 50KB

.rsrc
Size: 36KB - Virtual size: 35KB

.reloc
Size: 8KB - Virtual size: 7KB