TeamViewer_Desktop[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

TeamViewer_Desktop.exe
Size

10.4MB
MD5

5c819f4e46e639abf93a48d859a55d47
SHA1

52a74e5a96efd97168bf02cd048f26aa33d48fe4
SHA256

f8d01ba5879c4080e72fe3c4b3ba71855fd115d0aae5cbc2d53efe66b48fa745
SHA512

28198e15d664569c439c98c6ca1fbcf29807aa9259c4b07494f4b9b15e81d25542966efc136a1572871d0664497822d97f5dd1ef05bfddd928acab9c919ae5f3
SSDEEP

196608:qxt3zCtzNHkZx8VJBP+KtNzxzKPnGRs0TCQKv5Si:qxt3zCtxkZCVJBP/tDzmnGFCQKvj

Score

1^/10

Malware Config

Signatures

Files

TeamViewer_Desktop.exe
.exe windows x86

1523edff02a5ca247cb4341f094f25e3

Code Sign

03:47:1e:2c:81:71:b1:67:9d:89:8a:c1:9b:da:37:bb
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2019, 00:00

Not After

31/12/2019, 12:00

Subject

CN=TeamViewer GmbH,O=TeamViewer GmbH,L=Göppingen,ST=Baden-Württemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a6:41:9e:87:f0:ad:9e:66:55:74:e9:3a:8d:c2:17:ce:5f:f1:f6:f7
Signer

Actual PE Digest

a6:41:9e:87:f0:ad:9e:66:55:74:e9:3a:8d:c2:17:ce:5f:f1:f6:f7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
WaitForSingleObjectEx
CreateEventA
GetCurrentProcessId
SetEvent
OpenEventA
ResetEvent
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameA
GetSystemDirectoryA
GetCommandLineW
GetModuleFileNameW
GetProcessShutdownParameters
SetProcessShutdownParameters
GetCurrentThreadId
DecodePointer
GetLastError
InitializeCriticalSectionEx
RaiseException
GetProcessHeap
HeapFree
WideCharToMultiByte
LocalFree
FormatMessageW
FormatMessageA
HeapAlloc
WaitForMultipleObjects
WaitForSingleObject
PostQueuedCompletionStatus
TerminateThread
TlsAlloc
QueueUserAPC
TlsFree
SetLastError
InitializeCriticalSectionAndSpinCount
TlsSetValue
TlsGetValue
GetSystemTimeAsFileTime
GetQueuedCompletionStatus
SetWaitableTimer
SleepEx
CreateEventW
CreateIoCompletionPort
VerifyVersionInfoW
VerSetConditionMask
CreateWaitableTimerW
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentProcess
Sleep
CreateFileW
DeviceIoControl
ReleaseSemaphore
DuplicateHandle
CreateSemaphoreA
MoveFileExW
GetTempPathW
CreateDirectoryW
GetUserGeoID
GetGeoInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
GetLogicalProcessorInformation
GetSystemInfo
GlobalMemoryStatusEx
GetComputerNameW
DeleteFileW
GetSystemDirectoryW
SetUnhandledExceptionFilter
FindFirstFileW
FindNextFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FindClose
LoadLibraryW
GetProcAddress
FreeLibrary
WriteFile
HeapSize
HeapReAlloc
GetTempFileNameW
SetSearchPathMode
SetDllDirectoryW
HeapSetInformation
SetProcessDEPPolicy
GetTickCount64
GetFileAttributesW
OpenProcess
K32GetModuleBaseNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
LoadLibraryExW
UnregisterWaitEx
WaitNamedPipeW
ReadFile
ResumeThread
CreateProcessW
TerminateProcess
QueryFullProcessImageNameW
K32GetModuleFileNameExW
K32EnumProcesses
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
RegisterWaitForSingleObject
SetThreadPriority
GetSystemTimes
GetProcessTimes
IsWow64Process
GetPrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileSectionW
WritePrivateProfileStringW
MultiByteToWideChar
SetFilePointerEx
ReleaseMutex
CreateMutexW
OpenMutexW
GetFileSize
GetTimeZoneInformation
GetLocalTime
GetTimeFormatW
GetDateFormatW
SystemTimeToFileTime
GetModuleHandleW
lstrcmpiW
SizeofResource
LoadResource
FindResourceW
SetThreadExecutionState
SetFileAttributesW
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
GetCurrentThread
LocalAlloc
SwitchToThread
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
MapViewOfFileEx
OpenEventW
ExpandEnvironmentStringsA
GetFileSizeEx
CreateSemaphoreW
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
TryEnterCriticalSection
GetNativeSystemInfo
GetCurrentDirectoryW
GetThreadTimes
LocalFileTimeToFileTime
VirtualProtect
VirtualQuery
IsDebuggerPresent
OutputDebugStringW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
GetStringTypeW
GetExitCodeThread
GetCPInfo
CompareStringW
LCMapStringW
LoadLibraryA
LCMapStringA
GetUserDefaultLCID
GetStringTypeExA
GetEnvironmentVariableW
GetFileAttributesExW
GetFileInformationByHandle
GetFileTime
GetFullPathNameW
RemoveDirectoryW
SetEndOfFile
SetFileTime
GetWindowsDirectoryW
CopyFileW
AreFileApisANSI
WaitForMultipleObjectsEx
CreateWaitableTimerA
UnhandledExceptionFilter
GetStartupInfoW
CreateTimerQueue
SignalObjectAndWait
CreateThread
GetThreadPriority
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
UnregisterWait
FreeLibraryAndExitThread
GetVersionExW
InterlockedFlushSList
QueryDepthSList
RtlUnwind
ExitThread
GetModuleHandleExW
GetDriveTypeW
GetFileType
PeekNamedPipe
ExitProcess
SetEnvironmentVariableW
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetStdHandle
IsValidLocale
EnumSystemLocalesW
FlushFileBuffers
SetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
FindFirstFileExW
GetCommandLineA
WriteConsoleW
SetFilePointer

Sections

.text
Size: 8.1MB - Virtual size: 8.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 171KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 334KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1523edff02a5ca247cb4341f094f25e3

Code Sign

03:47:1e:2c:81:71:b1:67:9d:89:8a:c1:9b:da:37:bbCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

a6:41:9e:87:f0:ad:9e:66:55:74:e9:3a:8d:c2:17:ce:5f:f1:f6:f7Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 8.1MB - Virtual size: 8.1MB

.orpc Size: 2KB - Virtual size: 1KB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 171KB - Virtual size: 204KB

.didat Size: 1KB - Virtual size: 1KB

.rodata Size: 3KB - Virtual size: 2KB

.rsrc Size: 282KB - Virtual size: 281KB

.reloc Size: 334KB - Virtual size: 333KB

03:47:1e:2c:81:71:b1:67:9d:89:8a:c1:9b:da:37:bb
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

a6:41:9e:87:f0:ad:9e:66:55:74:e9:3a:8d:c2:17:ce:5f:f1:f6:f7
Signer

.text
Size: 8.1MB - Virtual size: 8.1MB

.orpc
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 171KB - Virtual size: 204KB

.didat
Size: 1KB - Virtual size: 1KB

.rodata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 282KB - Virtual size: 281KB

.reloc
Size: 334KB - Virtual size: 333KB