M14VA07[.]EXE | Triage

Sharing

Copy URL Twitter E-mail

General

Target

M14VA07.EXE
Size

6.0MB
MD5

d0546d72b52d52d63fc7b3489c226c1a
SHA1

132e9ae189c0327b9c8555134fc1f25985871f35
SHA256

2f960e2b6c0621612fe35c1e4d70a6acdb9ccf6f6531846ae3b1bd396ce9e68a
SHA512

a9c53dc3af95eddcecdf80023f877b97efe7ad4edd9313f040fad763b72feec177471a9c2f90eb15d7d4a1f5bf61752fbbf25368df6814734a3b1b40e3c69b29
SSDEEP

98304:7iIFiXNAMzv6FUT60FGJQUrZ3PbfuzGbVSAixTFPEOF1Os0axg6WBTuPtr6R8VT3:73FiXN7v6FUuHx1yzkS7FPEm12aG6Sy7

Score

N/A

Malware Config

Signatures

Files

M14VA07.EXE
.exe windows x86

c1f1acd34898b79550295839cee7a0fc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:95:48:62:00:01:00:00:05:f5
Certificate

Issuer

CN=Dell Inc. Enterprise Issuing CA2,O=Dell Inc.

Not Before

11/05/2012, 22:26

Not After

11/05/2014, 22:36

Subject

CN=Dell Inc.,OU=IS,O=Dell Inc.,L=Round Rock,ST=TX,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

10:4f:47:1b:00:00:00:00:00:1c
Certificate

Issuer

CN=Dell Inc. Enterprise CA,O=Dell Inc.

Not Before

19/01/2012, 20:03

Not After

19/01/2017, 20:13

Subject

CN=Dell Inc. Enterprise Issuing CA2,O=Dell Inc.

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:00:03:ae
Certificate

Issuer

CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

Not Before

17/11/2004, 15:25

Not After

13/08/2018, 23:59

Subject

CN=Dell Inc. Enterprise CA,O=Dell Inc.

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
SetCurrentDirectoryA
GetCommandLineA
GetStartupInfoA
ExitThread
HeapReAlloc
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
GetStdHandle
FatalAppExitA
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
SetHandleCount
RtlUnwind
HeapCreate
HeapDestroy
VirtualFree
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetLocaleInfoW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
PeekConsoleInputA
SetConsoleMode
ReadConsoleInputA
GetFileTime
GetFileSizeEx
GetFileAttributesA
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
GetFileAttributesExA
FileTimeToLocalFileTime
SetErrorMode
SystemTimeToFileTime
FileTimeToSystemTime
GetModuleHandleW
FindResourceExA
GetAtomNameA
GetOEMCP
GetCPInfo
GetShortPathNameA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
lstrcmpiA
GetThreadLocale
GetStringTypeExA
MoveFileA
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
CopyFileA
GlobalSize
FormatMessageA
lstrlenW
VirtualProtect
MulDiv
InterlockedDecrement
GetModuleFileNameW
GlobalGetAtomNameA
GlobalFindAtomA
MultiByteToWideChar
lstrcmpW
lstrlenA
GlobalUnlock
GlobalFree
FreeResource
GetCurrentProcessId
SetLastError
GlobalAddAtomA
CreateEventA
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpA
GlobalAlloc
CreateThread
LocalFree
GetSystemDirectoryA
GetWindowsDirectoryA
SetThreadExecutionState
GetCurrentDirectoryA
DeviceIoControl
CloseHandle
GetModuleFileNameA
DeleteFileA
CreateFileA
Sleep
WaitForSingleObject
GetFirmwareEnvironmentVariableA
WideCharToMultiByte
GetNumberOfConsoleInputEvents
LoadResource
LockResource
SizeofResource
FindResourceA
ReleaseMutex
CreateMutexA
GetLastError
ExitProcess
GetModuleHandleA
GetVersionExA
LoadLibraryA
GetProcAddress
GetCurrentProcess
GetFileType
FreeLibrary

user32

GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
ShowScrollBar
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
CopyRect
CallWindowProcA
PtInRect
GetMenu
OffsetRect
IntersectRect
GetWindowPlacement
GetSystemMetrics
GetWindowTextLengthA
GetWindowTextA
SetWindowPos
ScrollWindowEx
SetFocus
ShowWindow
MoveWindow
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
GetWindow
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetWindowLongA
IsWindowEnabled
ShowOwnedPopups
SetCursor
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
RegisterClassExA
DefWindowProcA
ExitWindowsEx
BlockInput
wsprintfA
MessageBoxA
LoadStringA
SetRectEmpty
SystemParametersInfoA
InflateRect
GetClientRect
IsRectEmpty
GetSysColor
PeekMessageA
PostQuitMessage
InvalidateRect
MessageBeep
ChildWindowFromPoint
ScreenToClient
UpdateWindow
PostMessageA
KillTimer
SendMessageA
SetTimer
GetWindowRect
LoadIconA
EnableWindow
SetForegroundWindow
GetLastActivePopup
FindWindowA
IsIconic
LockWindowUpdate
GetDCEx
SetRect
UnionRect
SetParent
GetSystemMenu
UnpackDDElParam
ReuseDDElParam
LoadMenuA
GetMenuBarInfo
LoadAcceleratorsA
CreatePopupMenu
InsertMenuItemA
BringWindowToTop
TranslateAcceleratorA
UnregisterClassA
DestroyMenu
GetMenuItemInfoA
GetDialogBaseUnits
CharUpperA
DestroyIcon
GetSysColorBrush
WaitMessage
ReleaseCapture
LoadCursorA
SetCapture
DeleteMenu
MapVirtualKeyA
GetKeyNameTextA
WindowFromPoint
GetMenuStringA
AppendMenuA
InsertMenuA
RemoveMenu
MapDialogRect
GetAsyncKeyState
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
RegisterWindowMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
DestroyWindow
RemovePropA
GetScrollPos

gdi32

MoveToEx
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
SetArcDirection
SetColorAdjustment
DeleteObject
SelectClipRgn
GetClipRgn
CreateRectRgn
SelectClipPath
GetViewportExtEx
GetWindowExtEx
GetPixel
StartDocA
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
LineTo
PolylineTo
PolyBezierTo
ExtSelectClipRgn
DeleteDC
CreateDIBPatternBrushPt
CreatePatternBrush
GetStockObject
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetDeviceCaps
ExtCreatePen
CreateHatchBrush
CopyMetaFileA
CreateDCA
CreateRectRgnIndirect
PatBlt
CreateFontIndirectA
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
GetTextExtentPoint32A
GetTextMetricsA
EnumFontFamiliesExA
GetCharWidthA
CreateFontA
StretchDIBits
GetBkColor
IntersectClipRect
OffsetClipRgn
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
CreateBitmap
CreatePen
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
PolyDraw
CreateSolidBrush
Rectangle

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegDeleteValueA
RegSetValueA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
OpenSCManagerA
DeleteService
ControlService
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA

shell32

ExtractIconA
SHGetFileInfoA
DragFinish
DragQueryFileA
ShellExecuteA

shlwapi

PathRemoveExtensionA
PathFindFileNameA
PathRemoveFileSpecW
PathStripToRootA
PathFindExtensionA
PathIsUNCA

ole32

CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleDuplicateData
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoDisconnectObject
StringFromGUID2
CLSIDFromString
OleRegGetUserType

oleaut32

SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocStringLen
VariantInit
VariantCopy
VariantClear
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysReAllocStringLen
VarDateFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarCyFromStr
VarBstrFromDate
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantChangeType
SafeArrayGetElement
SafeArrayCopy

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 601KB - Virtual size: 601KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1f1acd34898b79550295839cee7a0fc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1a:95:48:62:00:01:00:00:05:f5Certificate

Extended Key Usages

Key Usages

10:4f:47:1b:00:00:00:00:00:1cCertificate

Key Usages

04:00:03:aeCertificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

oleacc

Sections

.text Size: 601KB - Virtual size: 601KB

.rdata Size: 128KB - Virtual size: 128KB

.data Size: 72KB - Virtual size: 117KB

.rsrc Size: 20KB - Virtual size: 20KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1a:95:48:62:00:01:00:00:05:f5
Certificate

10:4f:47:1b:00:00:00:00:00:1c
Certificate

04:00:03:ae
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

.text
Size: 601KB - Virtual size: 601KB

.rdata
Size: 128KB - Virtual size: 128KB

.data
Size: 72KB - Virtual size: 117KB

.rsrc
Size: 20KB - Virtual size: 20KB