TeamViewer_Host_Setup[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

TeamViewer_Host_Setup.exe
Size

2.9MB
MD5

450131d44ad3f97901d1dd076d3af6d5
SHA1

deb1246046d20e5501a00f87949efbd9817914bf
SHA256

e29c7a1b4ed02ee954cc1924217bec1a2b4702783e51596b259b21efd4666fee
SHA512

4f465283460b2e0a0501816028a9630e6a5466f4d3249b93e6d9f2b1d64bcf0b845930ee6dc0e5d0ca68cca9c3ea5da90b19d34df81a625bb646e7c45ec48b88
SSDEEP

49152:iBU8i4aTJFEmnvjAMg3fD1R8skkAQWZfm+za1o++rWu20WHz33Wf0bzZHwNqMz/:i2RtamsMwfD/Wdfm++1oAl2RzzA

Score

1^/10

Malware Config

Signatures

Files

TeamViewer_Host_Setup.exe
.exe windows x86

f6d47fd30ffc961e5c9ff8556f423436

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
CloseHandle
WriteFile
CreateFileA
GetEnvironmentVariableA
GetModuleFileNameA
WaitForSingleObject
CreateProcessW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
GetTempFileNameW
lstrcpyW
lstrlenW
GetModuleFileNameW
GetModuleHandleW
GetTempPathW
GetFileSize
lstrcmpA
DeleteFileW
MoveFileW
CopyFileW
GetCommandLineW
Sleep

shell32

CommandLineToArgvW

Sections

.data
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE