× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ff6b3d5537cb69d68f73bf1f13632f2d31bf3b8fbc03adbf3d16a3853a5743ce
File name: CVH.EXE
Detection ratio: 0 / 70
Analysis date: 2019-03-03 02:33:29 UTC ( 3 weeks ago )
Antivirus Result Update
Acronis 20190222
Ad-Aware 20190303
AegisLab 20190303
AhnLab-V3 20190302
Alibaba 20180921
ALYac 20190302
Antiy-AVL 20190303
Arcabit 20190303
Avast 20190303
Avast-Mobile 20190302
AVG 20190303
Avira (no cloud) 20190302
Babable 20180918
Baidu 20190215
BitDefender 20190302
CAT-QuickHeal 20190228
ClamAV 20190302
CMC 20190302
Comodo 20190302
CrowdStrike Falcon (ML) 20190212
Cybereason 20190109
Cylance 20190303
Cyren 20190303
DrWeb 20190303
eGambit 20190303
Emsisoft 20190303
Endgame 20190215
ESET-NOD32 20190302
F-Prot 20190303
F-Secure 20190302
Fortinet 20190303
GData 20190303
Ikarus 20190302
Sophos ML 20181128
Jiangmin 20190303
K7AntiVirus 20190302
K7GW 20190302
Kaspersky 20190303
Kingsoft 20190303
Malwarebytes 20190303
MAX 20190303
McAfee 20190303
McAfee-GW-Edition 20190302
Microsoft 20190303
eScan 20190303
NANO-Antivirus 20190303
Palo Alto Networks (Known Signatures) 20190303
Panda 20190302
Qihoo-360 20190303
Rising 20190303
SentinelOne (Static ML) 20190203
Sophos AV 20190303
SUPERAntiSpyware 20190227
Symantec 20190302
Symantec Mobile Insight 20190220
TACHYON 20190302
Tencent 20190303
TheHacker 20190225
TotalDefense 20190303
Trapmine 20190301
TrendMicro 20190303
TrendMicro-HouseCall 20190303
Trustlook 20190303
VBA32 20190301
VIPRE 20190302
ViRobot 20190302
Webroot 20190303
Yandex 20190301
Zillya 20190302
ZoneAlarm by Check Point 20190303
Zoner 20190303
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© 2010 Microsoft Corporation. All rights reserved.

Product Microsoft Office 2010
Original name CVH.exe
Internal name CVH.exe
File version 14.0.6117.5000
Description Microsoft Office Client Virtualization Handler
Signature verification Signed file, verified signature
Signing date 4:54 AM 2/8/2012
Signers
[+] Microsoft Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid., The certificate or one of the certificates in the certificate chain does not have a valid signature., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer Microsoft Code Signing PCA
Valid from 10:39 PM 11/01/2011
Valid to 10:49 PM 02/01/2013
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 8849D1C0F147A3C8327B4038783AEC3E06C76F5B
Serial number 61 1A F5 EA 00 00 00 00 00 6A
[+] Microsoft Code Signing PCA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Root Certificate Authority
Valid from 11:22 PM 01/25/2006
Valid to 11:32 PM 01/25/2017
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint FDD1314ED3268A95E198603BA8316FA63CBCD82D
Serial number 61 15 08 27 00 00 00 00 00 0C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:19 PM 05/09/2001
Valid to 11:28 PM 05/09/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Time-Stamp PCA
Valid from 08:42 PM 07/25/2011
Valid to 08:42 PM 10/25/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 234C7AEA9C8C7E8C3FD2DB39318FA2AC99A72342
Serial number 61 05 19 96 00 00 00 00 00 1B
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:53 PM 04/03/2007
Valid to 01:03 PM 04/03/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:19 PM 05/09/2001
Valid to 11:28 PM 05/09/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-02-08 03:44:27
Entry Point 0x00120249
Number of sections 4
PE sections
Overlays
MD5 e53df55d9d65c1194110370871df0fcb
File type data
Offset 3201024
Size 7008
Entropy 7.41
PE imports
RegCreateKeyExW
RegCloseKey
RegDeleteValueA
AddAccessDeniedAce
CopySid
RegQueryValueExA
InitializeAcl
RegOpenKeyExW
InitializeSecurityDescriptor
ConvertSidToStringSidA
RegQueryValueExW
SetSecurityDescriptorDacl
IsTextUnicode
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateWellKnownSid
OpenProcessToken
DeregisterEventSource
AddAccessAllowedAce
RegEnumKeyW
RegOpenKeyExA
RegEnumValueA
GetTokenInformation
IsValidSid
RegQueryInfoKeyW
GetSecurityDescriptorDacl
RegDeleteValueW
OpenThreadToken
GetLengthSid
TraceEvent
RegQueryInfoKeyA
RegisterEventSourceW
RegEnumValueW
RegSetValueExW
FreeSid
ReportEventW
AllocateAndInitializeSid
CheckTokenMembership
EqualSid
ImageList_GetIconSize
SetDIBits
SetMetaRgn
GetCharABCWidthsW
GetTextMetricsW
SetMapMode
GetWindowOrgEx
GetNearestColor
ResizePalette
GetPaletteEntries
CombineRgn
GetROP2
SetICMProfileW
GetObjectType
GetCharABCWidthsI
GetTextExtentPointI
SetColorAdjustment
GetBoundsRect
SetLayout
SetPixel
SetWorldTransform
DeleteObject
SetPaletteEntries
GetFontLanguageInfo
GetRegionData
PlgBlt
CreateEllipticRgn
GetTextFaceW
CreatePalette
EqualRgn
CreateDIBitmap
GetPolyFillMode
CreateEllipticRgnIndirect
SetColorSpace
ExtCreateRegion
SetTextAlign
GetDCOrgEx
StretchBlt
StretchDIBits
GetKerningPairsW
Pie
GetGlyphIndicesW
GetSystemPaletteUse
SetBitmapDimensionEx
EnumICMProfilesW
ExtCreatePen
SetTextColor
GetFontData
ResetDCW
GetBkColor
SetRectRgn
GetTextCharsetInfo
GetDIBColorTable
DeleteEnhMetaFile
TextOutW
GetSystemPaletteEntries
OffsetRgn
SetDCBrushColor
CreateRectRgnIndirect
LPtoDP
PtVisible
UpdateColors
GetPixel
GetLayout
GetBrushOrgEx
ExcludeClipRect
TranslateCharsetInfo
CreateColorSpaceW
SetBkMode
GetCharacterPlacementW
RectInRegion
PtInRegion
OffsetClipRgn
BitBlt
GetICMProfileW
GetDeviceCaps
SelectObject
FillRgn
GetDCBrushColor
SetAbortProc
FrameRgn
CreateBrushIndirect
DrawEscape
SelectPalette
SetBkColor
GetAspectRatioFilterEx
GetOutlineTextMetricsW
GetLogColorSpaceW
ExtSelectClipRgn
SetBoundsRect
GetFontUnicodeRanges
SetROP2
EndPage
GetNearestPaletteIndex
GetCharWidth32W
SetDIBColorTable
CancelDC
GetTextColor
GetCharWidthFloatW
CreatePolyPolygonRgn
Escape
PolyPolygon
PolyTextOutW
ColorCorrectPalette
CreateCompatibleDC
CheckColorsInGamut
GetWindowExtEx
PatBlt
CreatePen
AnimatePalette
GetMetaRgn
GetClipBox
Rectangle
GetObjectA
PaintRgn
PlayEnhMetaFile
LineTo
DeleteDC
EndDoc
InvertRgn
GetMapMode
CreateFontIndirectW
GetCharWidthI
StartPage
GetObjectW
CreateDCW
GdiComment
RealizePalette
CreatePenIndirect
CreateDIBPatternBrushPt
ExtTextOutW
IntersectClipRect
CreateBitmap
RectVisible
DeleteColorSpace
GetStockObject
ColorMatchToTarget
GetRgnBox
ExtTextOutA
UnrealizeObject
GdiFlush
SelectClipRgn
RoundRect
GetTextAlign
ExtEscape
CreateBitmapIndirect
GetTextExtentPoint32A
GetEnhMetaFileHeader
SetWindowOrgEx
CreateHatchBrush
GetClipRgn
GetViewportExtEx
SetTextCharacterExtra
GetTextExtentPoint32W
MaskBlt
CreatePatternBrush
CreatePolygonRgn
GetCharABCWidthsFloatW
Polygon
CreateHalftonePalette
GetGlyphOutlineW
GetBkMode
SaveDC
CreateICW
SetDeviceGammaRamp
GetTextCharset
GetRandomRgn
GetDeviceGammaRamp
GetColorAdjustment
GetTextExtentExPointA
SetDCPenColor
SetMapperFlags
GetTextExtentExPointI
GetBitmapDimensionEx
GetTextExtentExPointW
CreateSolidBrush
SelectClipPath
CreateDIBSection
CreateCompatibleBitmap
SetDIBitsToDevice
ExtFloodFill
GetCurrentObject
EnumObjects
MoveToEx
EnumFontFamiliesExW
SetICMMode
GetDCPenColor
CreateRoundRectRgn
RestoreDC
SetStretchBltMode
Chord
SetBrushOrgEx
CreateRectRgn
StartDocW
SetPolyFillMode
Ellipse
SetTextJustification
GetStretchBltMode
DPtoLP
GetDIBits
AbortDoc
GetTextCharacterExtra
SetSystemPaletteUse
ImmAssociateContext
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
HeapDestroy
EnumUILanguagesW
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
EnumSystemLocalesW
SetErrorMode
InitializeSListHead
InterlockedPopEntrySList
GetLocaleInfoW
WideCharToMultiByte
lstrcmpiA
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
SetEvent
LocalFree
IsWow64Process
InterlockedPushEntrySList
InitializeCriticalSection
LoadResource
GetStringTypeExW
FindClose
TlsGetValue
SetFileAttributesW
OutputDebugStringA
SetLastError
GetUserDefaultUILanguage
GetSystemTime
CopyFileW
GetUserDefaultLangID
GetModuleFileNameW
TryEnterCriticalSection
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
SetProcessWorkingSetSize
GetCalendarInfoW
GetSystemDefaultLCID
LoadLibraryExW
MultiByteToWideChar
GetLocalTime
SetFilePointerEx
CreateMutexA
CreateEventW
GlobalMemoryStatus
GlobalAddAtomW
GetSystemDirectoryW
InterlockedFlushSList
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
FindAtomW
GetModuleHandleExW
GlobalAlloc
GetDiskFreeSpaceExW
GetVersion
GetProcAddress
GetNumberFormatW
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
GetFileSize
WriteProcessMemory
OpenProcess
GetDateFormatW
RtlCaptureStackBackTrace
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
AddAtomW
GetProcessHeap
QueryDepthSList
GetTimeFormatW
ExpandEnvironmentStringsW
CompareStringA
CreateFileMappingA
FindFirstFileW
IsValidLocale
DuplicateHandle
WaitForMultipleObjects
GetTimeZoneInformation
CreateFileW
CreateEventA
GetFileType
TlsSetValue
GetCurrentThreadId
GetCurrencyFormatW
LeaveCriticalSection
GetLastError
IsValidCodePage
SystemTimeToFileTime
GlobalDeleteAtom
UnmapViewOfFile
GetSystemInfo
lstrlenA
GlobalFree
FindResourceW
CompareStringW
GetProcessTimes
GlobalUnlock
IsDBCSLeadByte
lstrlenW
GetShortPathNameA
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetAtomNameW
InterlockedCompareExchange
GetCurrentThread
OpenMutexA
GetSystemDefaultLangID
RaiseException
UnhandledExceptionFilter
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
DeleteAtom
CloseHandle
GetACP
GlobalLock
GetModuleHandleW
CreateProcessA
CompareFileTime
HeapCreate
WriteFile
VirtualFree
Sleep
TerminateProcess
FindResourceA
VirtualAlloc
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W0@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W0@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
__p__fmode
strncpy_s
fclose
wcsncpy_s
_invoke_watson
wcstok_s
_CIfmod
_XcptFilter
_CxxThrowException
??3@YAXPAX@Z
ceil
memcpy_s
memcpy
strstr
memmove
??0exception@std@@QAE@ABQBD@Z
_vscwprintf
iswspace
_configthreadlocale
??0exception@std@@QAE@XZ
?what@exception@std@@UBEPBDXZ
memset
wcschr
_stricmp
_wdupenv_s
_vsnprintf_s
_invalid_parameter_noinfo
fgets
?_type_info_dtor_internal_method@type_info@@QAEXXZ
??2@YAPAXI@Z
exit
??_V@YAXPAX@Z
_resetstkoflw
fopen_s
_initterm_e
_crt_debugger_hook
free
wcscpy_s
__CxxFrameHandler3
_except_handler4_common
_vsnprintf
fputws
??1exception@std@@UAE@XZ
_CIpow
bsearch
_initterm
__dllonexit
printf
_cexit
_onexit
wcscat_s
__setusermatherr
??_U@YAPAXI@Z
__p__commode
_CIcos
??0exception@std@@QAE@ABV01@@Z
_vsnwprintf_s
swprintf_s
_wsplitpath_s
__wgetmainargs
malloc
_snwprintf_s
strtok_s
_controlfp_s
_amsg_exit
?terminate@@YAXXZ
floor
_lock
_encode_pointer
_wfopen_s
iswalpha
_decode_pointer
wcsrchr
_wcmdln
_wcsicmp
_unlock
_adjust_fdiv
_CIsin
_mbsstr
fwprintf
_exit
_CIlog10
_CIlog
wcsncat_s
__iob_func
_CIexp
wcsstr
__set_app_type
_wtoi
AccessibleObjectFromWindow
LresultFromObject
SysStringLen
VariantChangeType
SysAllocString
SafeArrayCreate
VariantCopy
SafeArrayCreateVector
VariantChangeTypeEx
VarDecSub
SafeArrayAccessData
VarDecMul
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayGetUBound
VariantInit
SysFreeString
OleCreateFontIndirect
SafeArrayGetElement
VarDecRound
VarDecAdd
SafeArrayGetLBound
VarDecCmp
VarDecDiv
VariantTimeToSystemTime
VarCmp
SysAllocStringLen
VariantClear
VarDecInt
SafeArrayGetDim
SafeArrayPutElement
VarDecFromI4
VarDecFromR8
UuidCreate
SHGetSpecialFolderPathW
SHCreateDirectoryExW
GetUserNameExW
RedrawWindow
GetMessagePos
SetWindowRgn
RegisterWindowMessageW
LoadBitmapW
MoveWindow
DestroyMenu
PostQuitMessage
DrawStateW
LoadBitmapA
SetWindowPos
IsWindow
GrayStringW
EndPaint
WindowFromPoint
GetMessageTime
GetDC
GetCursorPos
ReleaseDC
SendMessageW
UnregisterClassW
GetClientRect
DefWindowProcW
DrawTextW
LoadImageW
TrackPopupMenu
ClientToScreen
GetUpdateRgn
GetWindowTextW
ExcludeUpdateRgn
GetWindowTextLengthW
MsgWaitForMultipleObjects
InvalidateRgn
PtInRect
DrawEdge
GetClassInfoExW
UpdateWindow
GetPropW
EqualRect
ShowWindow
DrawFrameControl
SetPropW
ValidateRect
ValidateRgn
PeekMessageW
EnableWindow
CharUpperW
LoadIconW
GetAsyncKeyState
GetWindow
SetClipboardData
GetTabbedTextExtentW
GetIconInfo
PaintDesktop
SetParent
RegisterClassW
IsZoomed
GetWindowPlacement
DestroyWindow
GetWindowRgn
GetKeyboardLayoutList
InvertRect
TrackPopupMenuEx
DrawFocusRect
GetDCEx
LoadStringW
GetKeyboardLayout
FillRect
MonitorFromPoint
CopyRect
DeferWindowPos
IsWindowUnicode
CreateWindowExW
TabbedTextOutW
GetWindowLongW
OpenClipboard
IsChild
MapWindowPoints
VkKeyScanExW
GetMonitorInfoW
BeginPaint
OffsetRect
SetFocus
GetKeyboardLayoutNameW
KillTimer
TrackMouseEvent
GetParent
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
IntersectRect
PostMessageW
MonitorFromRect
DrawCaption
CreatePopupMenu
GetSubMenu
GetClassLongW
DrawIconEx
SetWindowTextW
SetTimer
RemovePropW
FindWindowW
ScreenToClient
GetKeyboardState
GetMenuState
LoadCursorW
GetSystemMenu
FindWindowExW
SetForegroundWindow
NotifyWinEvent
WindowFromDC
EmptyClipboard
IsWinEventHookInstalled
DrawTextExW
SetLayeredWindowAttributes
CreateIconIndirect
GetCapture
MessageBeep
LoadMenuW
GetWindowThreadProcessId
GetSysColorBrush
BeginDeferWindowPos
RegisterClassExW
SetRectEmpty
AppendMenuW
GetWindowDC
AdjustWindowRectEx
LoadCursorFromFileW
GetSysColor
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
UpdateLayeredWindow
GetDoubleClickTime
DestroyIcon
IsWindowVisible
GetDesktopWindow
SystemParametersInfoW
UnionRect
MonitorFromWindow
FrameRect
SetRect
InvalidateRect
CallWindowProcW
GetClassNameW
IsRectEmpty
IsMenu
GetFocus
CloseClipboard
GetAncestor
SetCursor
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
RunCVHLauncher
SendCmdLineToPrimaryInstance
SymCleanup
GdipDrawImageRectRect
GdipBitmapLockBits
GdipCreateBitmapFromFile
GdipImageRotateFlip
GdipGetImagePixelFormat
GdipSetImageAttributesColorKeys
GdipCreateBitmapFromScan0
GdiplusShutdown
GdipDisposeImage
GdipBitmapUnlockBits
GdipCreateBitmapFromStreamICM
GdipDeleteGraphics
GdipCreateBitmapFromStream
GdipCreateImageAttributes
GdipCreateFromHDC
GdipCloneBitmapAreaI
GdipGetImageWidth
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipCreateBitmapFromFileICM
GdipDrawImageRectRectI
GdipDeletePen
GdipDisposeImageAttributes
GdipFree
GdipBitmapGetPixel
GdipGetImageHeight
GdipCloneImage
GdipGetImageGraphicsContext
Ord(8)
CreateStreamOnHGlobal
OleUninitialize
OleDraw
CoInitialize
OleInitialize
CoLockObjectExternal
CoUninitialize
RegisterDragDrop
CoCreateInstance
RevokeDragDrop
CoDisconnectObject
CreateFileMoniker
CoInitializeEx
CLSIDFromString
PE exports
Number of PE resources by type
RT_ICON 10
RT_MANIFEST 1
RT_VERSION 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 14
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

ProductName
Microsoft Office 2010

FileVersionNumber
14.0.6117.5000

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
598016

FileTypeExtension
exe

OriginalFileName
CVH.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

LegalTrademarks2
Windows is a registered trademark of Microsoft Corporation.

FileVersion
14.0.6117.5000

LegalTrademarks1
Microsoft is a registered trademark of Microsoft Corporation.

TimeStamp
2012:02:08 04:44:27+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
CVH.exe

SubsystemVersion
5.1

ProductVersion
14.0.6117.5000

FileDescription
Microsoft Office Client Virtualization Handler

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
2010 Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
2634240

FileSubtype
0

ProductVersionNumber
14.0.6117.0

EntryPoint
0x120249

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 54195634aea6dfa15bd18fc6fe75528c
SHA1 4eeb9a16319ff7ef578525ad806fffb1b1637c4d
SHA256 ff6b3d5537cb69d68f73bf1f13632f2d31bf3b8fbc03adbf3d16a3853a5743ce
ssdeep
49152:akOTKBUvdZQr5YeEfHhAQHW1zzDR9Bw3L0H8XaLHkJEUAR:zYemF213vAkD

authentihash bff59a8724cabed598c01b56cce3d733fde81d45f99cbc8761c782d1b966e644
imphash 343c3ef0717f6bc79a0103529086e5be
File size 3.1 MB ( 3208032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (43.1%)
Win64 Executable (generic) (28.6%)
Microsoft Visual C++ compiled executable (generic) (17.1%)
Win32 Executable (generic) (4.6%)
OS/2 Executable (generic) (2.1%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2012-11-27 12:14:51 UTC ( 6 years, 3 months ago )
Last submission 2019-03-03 02:33:29 UTC ( 3 weeks ago )
File names CVH.EXE
CVH.EXE
cvh.exe
cvh.exe
vt-upload-U4EcO5
CVH.EXE
CVH.EXE
CVH.EXE
CVH.exe
file-7954177_EXE
CVH.EXE
CVH.EXE
CVH.EXE
CVH.EXE
CVH.EXE
cvh.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!