MaxTSDM[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

MaxTSDM.exe
Size

684KB
MD5

761e915b0d0a3ac3e379764136a492f7
SHA1

2df9d61566bd34709418f826c5b87ec81d271ff3
SHA256

d172c231ae99656dd37672a6ca56f22cf0d29f6115540ef4182bcd81051ddd05
SHA512

c14200976b4a11e27464345ffc72a03d13b2c3ae2c8e44c577fa20e3659338c1f5742b131f55808bc33d00ca6fb50a7b4c2f32435919d4fe7b8200920084e50e
SSDEEP

6144:ZPfgkLTsOTQe5Vo5vzKI7dQo9b7d+7RYRarlMdLvioazfjP/JDDLNFkQFV4cz8CM:CkL58lKIHyyaBMdDioazfj/JP2cego

Score

1^/10

Malware Config

Signatures

Files

MaxTSDM.exe
.exe windows:5 windows x86 arch:x86

fd485a8f41afc9f38fc6371c774c49e5

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:37:40:2d:0d:24:fb:4d:6a:e0:62:8a
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

22/10/2020, 07:32

Not After

23/10/2022, 07:32

Subject

SERIALNUMBER=U72200PN2003PTC017560,CN=MAX SECURE SOFTWARE INDIA PRIVATE LIMITED,O=MAX SECURE SOFTWARE INDIA PRIVATE LIMITED,STREET=10 Windsor Terrace Clovervillage Wanawadi,L=Pune,ST=Maharashtra,C=IN,1.2.840.113549.1.9.1=#0c1474656368406d617870637365637572652e636f6d,1.3.6.1.4.1.311.60.2.1.2=#130b4d61686172617368747261,1.3.6.1.4.1.311.60.2.1.3=#1302494e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:37:40:2d:0d:24:fb:4d:6a:e0:62:8a
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

22/10/2020, 07:32

Not After

23/10/2022, 07:32

Subject

SERIALNUMBER=U72200PN2003PTC017560,CN=MAX SECURE SOFTWARE INDIA PRIVATE LIMITED,O=MAX SECURE SOFTWARE INDIA PRIVATE LIMITED,STREET=10 Windsor Terrace Clovervillage Wanawadi,L=Pune,ST=Maharashtra,C=IN,1.2.840.113549.1.9.1=#0c1474656368406d617870637365637572652e636f6d,1.3.6.1.4.1.311.60.2.1.2=#130b4d61686172617368747261,1.3.6.1.4.1.311.60.2.1.3=#1302494e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8f:a3:59:33:6c:32:7d:2f:03:a7:8a:e1:2f:d0:d5:43:90:8e:7f:70:0c:57:d1:6b:47:e4:bb:1b:d9:a2:e7:69
Signer

Actual PE Digest

8f:a3:59:33:6c:32:7d:2f:03:a7:8a:e1:2f:d0:d5:43:90:8e:7f:70:0c:57:d1:6b:47:e4:bb:1b:d9:a2:e7:69

Digest Algorithm

sha256

PE Digest Matches

true

38:7f:8f:89:bb:e2:d3:eb:f3:e5:13:e7:4c:20:74:01:41:ef:ca:7c
Signer

Actual PE Digest

38:7f:8f:89:bb:e2:d3:eb:f3:e5:13:e7:4c:20:74:01:41:ef:ca:7c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Development-2016\MaxSecureTools\Output\Win32\Release\PDB\MaxTSDM.pdb

Imports

winhttp

WinHttpCrackUrl
WinHttpOpen
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpAddRequestHeaders
WinHttpConnect
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpCloseHandle

kernel32

GetFileTime
GetStartupInfoW
ExitThread
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapReAlloc
RtlUnwind
RaiseException
ExitProcess
HeapSize
VirtualProtect
VirtualAlloc
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
VirtualFree
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
LCMapStringA
GetStringTypeA
GetStringTypeW
GetCurrentDirectoryA
GetDriveTypeA
CreateFileA
SetEnvironmentVariableA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalFlags
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
lstrlenA
GetFullPathNameW
FindFirstFileW
FindClose
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
GetThreadLocale
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
GetModuleHandleA
GlobalAddAtomW
GlobalDeleteAtom
GetFileSizeEx
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
CompareStringA
lstrcmpW
WideCharToMultiByte
SetFilePointer
SuspendThread
WriteFile
ReadFile
GetTickCount
WritePrivateProfileStringW
FlushFileBuffers
GetFileSize
HeapFree
GetProcessHeap
HeapAlloc
GetFileAttributesW
SetLastError
TerminateProcess
ReleaseMutex
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetFileAttributesW
GetPrivateProfileStringW
DeleteFileW
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
SetUnhandledExceptionFilter
SetErrorMode
FreeLibrary
LoadLibraryW
CreateFileW
LocalFree
FormatMessageW
LocalAlloc
InterlockedDecrement
GetCurrentProcess
GetLocaleInfoW
GetVolumeInformationW
GetSystemInfo
GetProcAddress
GetModuleHandleW
GetVersionExW
GetPrivateProfileIntW
FreeResource
GlobalAlloc
ResumeThread
GlobalFree
MulDiv
GlobalUnlock
GlobalLock
MultiByteToWideChar
ResetEvent
WaitForMultipleObjects
InterlockedExchange
CreateDirectoryW
GetTempPathW
Sleep
InterlockedIncrement
CreateThread
lstrlenW
OutputDebugStringW
TerminateThread
WaitForSingleObject
SetEvent
CreateEventW
CloseHandle
GetLastError
CreateMutexW
GetModuleFileNameW
FindResourceW
LoadResource
LockResource
SizeofResource
GetCurrentThread
HeapCreate

user32

InvalidateRgn
CopyAcceleratorTableW
IsRectEmpty
CharNextW
UnregisterClassW
GetSysColorBrush
CharUpperW
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
IntersectRect
MessageBeep
IsIconic
GetWindowPlacement
EndPaint
BeginPaint
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxW
SetWindowsHookExW
CallNextHookEx
IsWindowVisible
GetKeyState
ValidateRect
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
UnhookWindowsHookEx
PostQuitMessage
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
wsprintfW
GetNextDlgGroupItem
ClientToScreen
SetWindowRgn
DrawFocusRect
OffsetRect
DrawEdge
WindowFromPoint
GetCursorPos
GetCapture
DestroyMenu
LoadBitmapW
GetSystemMetrics
PostThreadMessageW
SystemParametersInfoA
RegisterClipboardFormatW
GetDesktopWindow
GetWindowLongW
CopyRect
FillRect
SetRect
IsZoomed
CopyIcon
LoadCursorW
InflateRect
ReleaseDC
GetDC
GetParent
GetWindowRect
IsWindow
SetCursor
SetCapture
ReleaseCapture
PtInRect
GetSysColor
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
InvalidateRect
PostMessageW
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetClientRect
SendMessageW
LoadIconW
EnableWindow
GetWindowDC

gdi32

GetRgnBox
GetTextColor
GetViewportExtEx
GetBkColor
GetMapMode
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
DeleteObject
DeleteDC
SelectObject
GetDeviceCaps
EnumFontFamiliesExW
GetTextExtentPoint32W
CreateFontIndirectW
PtVisible
GetObjectW
CreateSolidBrush
GetStockObject
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateBitmap
CombineRgn
CreateRectRgn
GetPixel
SelectClipRgn
StretchBlt
CreateRectRgnIndirect
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetWindowExtEx

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegOpenKeyExW
RegSetValueExW
RegEnumKeyW
RegCloseKey
RegOpenKeyW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegQueryValueW
RegDeleteValueW

shell32

ShellExecuteW
Shell_NotifyIconW
ShellExecuteExW
SHGetFolderPathW

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathIsDirectoryW
PathFileExistsW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject

oleaut32

OleLoadPicture
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
SysAllocStringLen
SysStringLen
VariantClear
SysFreeString
SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect

Sections

.text
Size: 306KB - Virtual size: 306KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd485a8f41afc9f38fc6371c774c49e5

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

44:37:40:2d:0d:24:fb:4d:6a:e0:62:8aCertificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

44:37:40:2d:0d:24:fb:4d:6a:e0:62:8aCertificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

8f:a3:59:33:6c:32:7d:2f:03:a7:8a:e1:2f:d0:d5:43:90:8e:7f:70:0c:57:d1:6b:47:e4:bb:1b:d9:a2:e7:69Signer

38:7f:8f:89:bb:e2:d3:eb:f3:e5:13:e7:4c:20:74:01:41:ef:ca:7cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winhttp

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 306KB - Virtual size: 306KB

.rdata Size: 85KB - Virtual size: 85KB

.data Size: 12KB - Virtual size: 28KB

.rsrc Size: 217KB - Virtual size: 216KB

.reloc Size: 42KB - Virtual size: 42KB

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

44:37:40:2d:0d:24:fb:4d:6a:e0:62:8a
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

44:37:40:2d:0d:24:fb:4d:6a:e0:62:8a
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

8f:a3:59:33:6c:32:7d:2f:03:a7:8a:e1:2f:d0:d5:43:90:8e:7f:70:0c:57:d1:6b:47:e4:bb:1b:d9:a2:e7:69
Signer

38:7f:8f:89:bb:e2:d3:eb:f3:e5:13:e7:4c:20:74:01:41:ef:ca:7c
Signer

.text
Size: 306KB - Virtual size: 306KB

.rdata
Size: 85KB - Virtual size: 85KB

.data
Size: 12KB - Virtual size: 28KB

.rsrc
Size: 217KB - Virtual size: 216KB

.reloc
Size: 42KB - Virtual size: 42KB