tvnserver[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

tvnserver.exe
Size

1.7MB
MD5

5d478f94283cd69f4393d8da703bd442
SHA1

b4f4a6d6310c9b236dc96cc216425b76d2a93772
SHA256

9b1f877060d1f8399462d443d87cd1a7fed777b6ca25fed712d76d3980adf5ac
SHA512

7840ba7b5242d7bc950f7e422e1865ab5721273a15151aea7d7bb90fae98c2a0dd9f3c625dfc3b43a0167e35fef411758075cdf267787cf92c6e141aae8a72aa
SSDEEP

24576:MG5ob3JvfFH+HoPr90CMqgKCdGHMhpDw9TIrUPopzFv73OZNt72DgPyK1:V523JFHUoP++xuDaTIrUPUhvk7qQyK1

Score

N/A

Malware Config

Signatures

Files

tvnserver.exe
.exe windows x64

0207ec0d838485fbfbdb3d6a7470afd6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ff:f7:ca:8b:5e:ea:fd:32:e4:de:3b:6c:44:f5:11:93
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

10/07/2020, 00:00

Not After

10/07/2023, 23:59

Subject

CN=GLAVSOFT\, OOO,O=GLAVSOFT\, OOO,POSTALCODE=634021,STREET=d. 132 kv. 82\, ul. Altaiskaya,L=Tomsk,ST=Tomskaya oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4a:a7:fa:9b:bb:18:ea:a3:cb:6b:b9:09:67:b9:2b:34:41:7c:59:3e
Signer

Actual PE Digest

4a:a7:fa:9b:bb:18:ea:a3:cb:6b:b9:09:67:b9:2b:34:41:7c:59:3e

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=GLAVSOFT\, OOO,O=GLAVSOFT\, OOO,POSTALCODE=634021,STREET=d. 132 kv. 82\, ul. Altaiskaya,L=Tomsk,ST=Tomskaya oblast,C=RU

17/12/2020, 05:34
Valid: true

Chain 1

CN=GLAVSOFT\, OOO,O=GLAVSOFT\, OOO,POSTALCODE=634021,STREET=d. 132 kv. 82\, ul. Altaiskaya,L=Tomsk,ST=Tomskaya oblast,C=RU

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

winmm

timeEndPeriod
timeBeginPeriod

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

kernel32

QueryPerformanceCounter
FindClose
MoveFileW
SetFileTime
CreateDirectoryW
GetLogicalDriveStringsW
SetErrorMode
FindFirstFileW
GetFileSizeEx
GetProcessTimes
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
HeapReAlloc
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapAlloc
GetTickCount
HeapCreate
HeapSetInformation
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
GlobalUnlock
HeapSize
FlsAlloc
SetLastError
FlsFree
FlsSetValue
FlsGetValue
DecodePointer
EncodePointer
HeapFree
GetSystemTimeAsFileTime
RtlUnwindEx
RtlPcToFileHeader
RaiseException
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
FindNextFileW
GlobalAlloc
GlobalLock
DisconnectNamedPipe
LocalAlloc
ReadFile
WriteFile
ConnectNamedPipe
GetOverlappedResult
CreateNamedPipeW
CreateFileMappingW
MapViewOfFile
GetExitCodeProcess
WaitForMultipleObjects
TerminateProcess
GetProcAddress
LoadLibraryW
FreeLibrary
GetModuleFileNameW
GetVersionExW
GetComputerNameW
SetEvent
CreateEventW
FormatMessageW
LocalFree
CreateThread
SwitchToThread
ResumeThread
DeleteFileW
CreateMutexW
GetLastError
ReleaseMutex
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetModuleHandleW
ProcessIdToSessionId
Sleep
GetCurrentProcessId
CloseHandle
GetCurrentThreadId
CreateFileW
GetCurrentProcess
SetUnhandledExceptionFilter
FindResourceW
LoadResource
LockResource
FreeResource
SetHandleInformation
CreatePipe
SetNamedPipeHandleState
UnmapViewOfFile
OpenThread
DuplicateHandle
OpenProcess
ExitProcess
CreateProcessW
RemoveDirectoryW

user32

ToUnicodeEx
GetKeyState
MapVirtualKeyW
VkKeyScanExW
ReleaseDC
GetClientRect
DestroyIcon
UnregisterClassW
EnumChildWindows
MapWindowPoints
MoveWindow
LoadIconW
GetKeyboardLayout
MessageBoxW
EnumDisplayMonitors
TrackPopupMenu
GetSubMenu
LoadMenuW
GetCursorPos
RemoveMenu
SetMenuDefaultItem
EnumDisplayDevicesW
ChangeDisplaySettingsExW
DrawIconEx
GetIconInfo
GetCursorInfo
EnumWindows
IsWindowVisible
GetWindowInfo
FindWindowExW
GetClassNameW
GetDC
CloseClipboard
IsClipboardFormatAvailable
GetClipboardData
EmptyClipboard
ChangeClipboardChain
OpenClipboard
SetClipboardData
SetClipboardViewer
CallNextHookEx
WaitMessage
PeekMessageW
PostThreadMessageW
SetWindowsHookExW
UnhookWindowsHookEx
GetWindowRect
SendInput
GetSystemMetrics
GetWindowThreadProcessId
GetWindow
SystemParametersInfoW
FindWindowW
ExitWindowsEx
LockWorkStation
OpenWindowStationW
SetProcessWindowStation
CloseWindowStation
GetMessageW
TranslateMessage
DispatchMessageW
IsDialogMessageW
RegisterClassW
DefWindowProcW
PostQuitMessage
PostMessageW
CreateWindowExW
GetThreadDesktop
GetUserObjectInformationW
SetThreadDesktop
CloseDesktop
OpenDesktopW
OpenInputDesktop
SetForegroundWindow
SetFocus
GetForegroundWindow
InvalidateRect
GetWindowLongW
GetWindowTextW
SetWindowLongW
ShowWindow
SetWindowTextW
DestroyWindow
DialogBoxParamW
GetWindowLongPtrW
SetClassLongPtrW
EndDialog
CreateDialogParamW
IsWindow
SetWindowLongPtrW
SendMessageW
SetTimer
KillTimer
GetDlgItem
RegisterWindowMessageW

gdi32

GetCurrentObject
ExtEscape
CreateDCW
GetBitmapBits
GetObjectW
BitBlt
DeleteDC
CreateDIBSection
SelectObject
CreateCompatibleDC
DeleteObject
GetDIBits

advapi32

CloseServiceHandle
DuplicateToken
ConvertStringSidToSidW
GetTokenInformation
CopySid
SetEntriesInAclW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ImpersonateNamedPipeClient
RevertToSelf
OpenThreadToken
OpenProcessToken
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserW
DeleteService
ControlService
OpenServiceW
StartServiceW
QueryServiceStatusEx
CreateServiceW
ChangeServiceConfig2W
OpenSCManagerW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyW
RegCreateKeyExW
RegCreateKeyW
RegCloseKey
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
SetSecurityInfo
ReportEventW
DeregisterEventSource
RegisterEventSourceW

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
CommandLineToArgvW
ord680
Shell_NotifyIconW
ShellExecuteW

ws2_32

setsockopt
recv
send
select
__WSAFDIsSet
accept
closesocket
getsockname
getpeername
listen
shutdown
connect
socket
htons
ntohl
ntohs
gethostname
gethostbyname
inet_ntoa
inet_addr
htonl
WSACleanup
WSAStartup
WSAGetLastError
bind
ioctlsocket

comctl32

InitCommonControlsEx

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 876KB - Virtual size: 876KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 723KB - Virtual size: 722KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0207ec0d838485fbfbdb3d6a7470afd6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

ff:f7:ca:8b:5e:ea:fd:32:e4:de:3b:6c:44:f5:11:93Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

4a:a7:fa:9b:bb:18:ea:a3:cb:6b:b9:09:67:b9:2b:34:41:7c:59:3eSigner

Signature Validations

Verification

17/12/2020, 05:34 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

winmm

psapi

kernel32

user32

gdi32

advapi32

shell32

ws2_32

comctl32

version

Sections

.text Size: 876KB - Virtual size: 876KB

.rdata Size: 723KB - Virtual size: 722KB

.data Size: 29KB - Virtual size: 38KB

.pdata Size: 71KB - Virtual size: 70KB

.rsrc Size: 43KB - Virtual size: 43KB

.reloc Size: 11KB - Virtual size: 10KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

ff:f7:ca:8b:5e:ea:fd:32:e4:de:3b:6c:44:f5:11:93
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

4a:a7:fa:9b:bb:18:ea:a3:cb:6b:b9:09:67:b9:2b:34:41:7c:59:3e
Signer

17/12/2020, 05:34
Valid: true

.text
Size: 876KB - Virtual size: 876KB

.rdata
Size: 723KB - Virtual size: 722KB

.data
Size: 29KB - Virtual size: 38KB

.pdata
Size: 71KB - Virtual size: 70KB

.rsrc
Size: 43KB - Virtual size: 43KB

.reloc
Size: 11KB - Virtual size: 10KB