trust.zone VPN client analysis: SoftEther engine

trustzoneSoftEther.txt

I've been poking around recently in the Windows installers published for various heavily-publicized VPN services. In doing some automated analysis of the "trust.zone" installer, I noticed some interesting strings. Turns out, they're the configuration settings for SoftEther - because that's the actual technology the client uses to make connections.

The original installer, as well as hybrid analysis, is available here: 
https://www.hybrid-analysis.com/sample/c64b63cd60026e0fa46da4ee8e044a1d6d3600b931bec13c4ab36a38dd2310c7?environmentId=100

It is interesting that there are username/password combinations hard-coded into this config file. While I'm not intimately familiar with the details of SoftEther configuration (it's a wide area of study, turns out), a few other items in this config seemed curious to me. 

Anyhow, posting it here in the event it's useful for others - one never knows.

Cheers, 

~ pj

=====================================



# Software Configuration File
# ---------------------------
# 
# You may edit this file when the VPN Server / Client / Bridge program is not running.
# 
# In prior to edit this file manually by your text editor,
# shutdown the VPN Server / Client / Bridge background service.
# Otherwise, all changes will be lost.
#
declare root
	{
	bool DontSavePassword false
	byte EncryptedPassword +WzqGYrR3VYXrAhKPZLGEHcIwO8=
	bool PasswordRemoteOnly false
	string UserAgent Mozilla/5.0$20(Windows$20NT$206.3;$20WOW64;$20rv:29.0)$20Gecko/20100101$20Firefox/29.0
	uint UseSecureDevice Id 0
	declare AccountDatabase
		{
		declare Account0
			{
			bool CheckServerCert false
			uint64 Create DateTime 1411616710431
			uint64 LastConnect DateTime 1424657172144
			string ShortcutKey AA19B0D6754475C3E2ECB0BD197EC648D9674337
			bool StartupAccount true
			uint64 UpdateDateTime 1424657100376
			declare ClientAuth 
				{
				uint AuthType 1
				byte HashedPassword jgxTNVRzNDCwCYOcifWDgc7Rsl4=
				string Username cyGQi
				}
			declare ClientOption
				{
				string AccountName trustzone
				uint AdditionalConnectionInterval 1
				uint ConnectionDisconnectSpan 0
				string DeviceName VPN
				bool DisableQoS false
				bool HalfConnection false
				bool HideNicInfoWindow false
				bool HideStatusWindow false
				string Hostname vpn.trust.zone
				string HubName VPN
				uint MaxConnection 1
				bool NoRoutingTracking false
				bool NoTls1 false
				bool NoUdpAcceleration false
				uint NumRetry 4294967295
				uint Port 443
				uint PortUDP 0
				string ProxyName $
				byte ProxyPassword $
				uint ProxyPort 0
				uint ProxyType 0
				string ProxyUsername $
				bool RequireBridgeRoutingMode false
				bool RequireMonitorMode false
				uint RetryInterval 15
				bool UseCompress false
				bool UseEncrypt true
				}
			}
		}
	declare ClientManagerSetting
		{
		bool EasyMode false
		bool LockMode false
		}
	declare CommonProxySetting
		{
		string ProxyHostName $
		uint ProxyPort 0
		uint ProxyType 0
		string ProxyUsername $
		}
	declare Config
		{
		bool AllowRemoteConfig false
		uint64 AutoDeleteCheckDiskFreeSpaceMin 8589934592
		string KeepConnectHost de1.trust.zone
		uint KeepConnectInterval 50
		uint KeepConnectPort 80
		uint KeepConnectProtocol 1
		bool NoChangeWcmNetworkSettingOnWindows8 false
		bool UseKeepConnect false
		}
	declare DNS
		{
		declare Server0
			{
			string Hostname 109.236.91.200
			}
		declare Server1
			{
			string Hostname 212.83.51.81
			}
		declare Server2
			{
			string Hostname 109.236.91.200
			}
		}
	declare RootCA
		{
		}
	}

Thank you for the configuration, please advise, if I should change IP addresses? Silverhanna