teamspeak[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

teamspeak.exe
Size

5.7MB
MD5

4d1b70687216929259380c7bb165d5f4
SHA1

ddcac1d24edef5cf889c8ab9c488ea5bdc39b0ab
SHA256

b5e605aa6181406562cc616916eccde54bbaa524b62305fb3b2110aff0066112
SHA512

e6010b66dd019714383bb7bda68ca1f4cff2749f93c642355c18d4fb68a38c703ae596d7948cc01b280daf43ee355af3d46995df9a4419c3894ee991ed67d7f4
SSDEEP

98304:RKggi47kmH1EKcd1nVirniaFZciHUtpQhpnQzoHDZ9l/i+vSjI9FklL9W4IUwYUW:RKggge6KW1VirniCciThBWp+K44L9W78

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
teamspeak.exe

Files

teamspeak.exe
.exe windows x64

c198912aaf2145e12561f4f9c581f275

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetStdHandle
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetKeyState
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

msvcp140

?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

vcruntime140

memset

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

__p___argv

api-ms-win-crt-heap-l1-1-0

_callnewh

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

wtsapi32

WTSSendMessageW

Exports

Exports

�D�"a�i ̛�ǉ�[]s]կ��\C�B� !��f�e�g��kP��}�q�$�?��n�>v~��*2��Y��A��W�< ��e��ͪU>F�|r�l>��JlGK�'cP�0��qMR:��^'/��Pd��;]z ��{��3R)<� 3�~7<㛄��<��Y �� >�=6PxN��{L͂��c׽��yDS��Rp�ӷ��:{;�3?&��b�c��h�;��+��g��_�$$%��ZL�Z�)��5��"VA�/��v�i2�W�6V(��+X��It��.�j��~� y�̛�V��3Y�bV�� /h��2�a��v�J-)�i�_!��2�%[�z��$Z�ޞ��e2��{]J�/f��lSb��A{xUϐ!j�1}��4��l�7��6�- YB �d��{��ά��3~��<i�R�K%p��/��{ţ1kTI�Ĵ��0w:��y(��ުC�ݖ j�! 3�gv �+L�2(#��p��%�k�J�o��_�� o�B;�(�[��H��l�Pʩ��4H�ٴzzE�#��s��F�Xm[��M�h0=��#��y�� X��dI ��L�v�k��S޹�"�"��S�7�4ޯ��J�S��]d�Gzx�ǘ��@fp��F> ��C��2ֽ��X�gr� �z>F�U��⊕�W��K�?j��4'W��P��Y�L��}��¨~��O��~��M��'��g}8��5�v��_,j��We�x�e�\aݮ�o:��p��gu]�m3��؅&5D\�`̜U�78��MR9��sS��9\Bxɨ��5��W�r�>2�T�s��#�s�r��`D��Њ��-,1�A��e�� W|0r �A#�Θ��*�m�O�w�x%^�� C�z,��]��eJr��#�G�%^4N��A��p��!�~�s띃��Eg ��&�z�^p��o��G��0��nm�}ΞCQb�Y��,�y��^pB�cV��LE��y�1Wo��6��_��3�gF��$ �Cͭ%{w",��՟(��(��DT�l6C�W�z�a%�k�U� �f�M�{� ��*��2�-�#}>h�nǪ9%Կ��s<x ��(f��v��ǣ�^D>�Ild+@��Rm14[OK/�7X�N�U�n��&Ƙ]2L>��XG��G�&\��#)o�U�� ݕ�ZRM x;� -�B�~��"��I��tS�5x� $t�E�Jj%��3��Z�`}��.�W��m|�"��V��*q`< ��g��~�aП�E�#u��%k�i'e^I�ϲ��;��W� U>��B�H�k|�ٰ��ˏT� ��Ϥ�W90��*%�e��-�l��G��6��fC��݊m�G�ߚ��~��7w?4��#��ؖg��q�R�62�'5"m�k�vT�� hHU ��!'2>��K�(�`��=�\7�PF˻{��kH9��S<��a�ϊ�/��n��Jpi��ܑ4��kC2.��+�X�|Ix�{�%�Kg��ǽ��5��9�0��R�6��.&��(hę�jwDQZ_v��^�^��zjǖz�f:"�iG��Q��x��>f�g�Ү�9Y]�Q�q�� `�p_��{�\C�*� K��w�v�< '!^d��Z��E��3'��.0�%��K�i�y*u�!$��.��tQ��ЕcYjG �3d�z��˟+�˽�\�v8{Rl��ɕ��98�A��He��k��<F}�v��4��T=K�y�?,��m��}:1aD��r̡�s�A:�Vw�O�'�M��s��N�9"n��N�En��[VmЩ��#��c��03JyM��I�zf9�*ڜ�Yq��=Q!��A��Tj61�0ZQ�kU��B-I`X�('�[��+×��X*��r�q��0�*B��lM_E��At&@��@H�t��&��+�� i��ki�k�!8��.�,m�?ŧY\��8�r'n�,�r��pf!u> ]��q�H��F��t��$`%��f�O�\�$��h��$&�"�2�J�_$��JiR��@d3��h��=�:p�A�ä9#�-�F�Q�ܵ��N�1�9�E�Kщ/K�M��X�l��^�IظqW��T�ߚ�F%lھ�-�,��1O� �Ym��ul]�~>P=�zZ�%�h��k6��#`�{��*ʁd`�NH�Q�UE��Vg,��ٯ��;��W�7!�#��VG��P��O9ٴ3��0S�͙@�?��2q��lfL�J�uɇe`��h� �}��20'��-��"�̿h}y��j~�Tu��ϾZ��+�/eVܭn9�zd��=�?ǉ7��.ƉM��˹�1��}A�#o(�i�m��ݵ�,Z��xyp�(X�Qj�c��U�� XI��ڔM:��_�!Dw��M��c��N��R�n�Q��X�ׯs�P��yAT �U,�i��g|��C��E�;Ľ��,��8�]]��H��2��;��qb;x�.�m�'�^^��y��ab-Ɯ@Tˠ�G#(�� w 9�$;Oi�;�P��6��4!�L��f�H} �zUm�-��Yk��6ҋ)�y�^��¡G��!�oZ �_�W��.#�:芣�-�2e��+d�p�'�vܳ�Dպ��rs�"��eK�c�˻��P �ﻋv�^�Z�)jB1-��W�8��E[T&�5>��@��+'M�}��@�f:�8�=��W}ׅ|`�/��.��2�ױYc��m��{@l]S��ɰ{�^kƂ+��s��T��f��rr�D��G��tf�%��>�*��

Sections

.text
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fdwf0
Size: - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.fdwf1
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c198912aaf2145e12561f4f9c581f275

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 35KB

.rdata Size: - Virtual size: 12KB

.data Size: - Virtual size: 1KB

.pdata Size: - Virtual size: 4KB

.fdwf0 Size: - Virtual size: 3.8MB

.fdwf1 Size: 5.7MB - Virtual size: 5.7MB

.reloc Size: 512B - Virtual size: 208B

.rsrc Size: 512B - Virtual size: 469B

.text
Size: - Virtual size: 35KB

.rdata
Size: - Virtual size: 12KB

.data
Size: - Virtual size: 1KB

.pdata
Size: - Virtual size: 4KB

.fdwf0
Size: - Virtual size: 3.8MB

.fdwf1
Size: 5.7MB - Virtual size: 5.7MB

.reloc
Size: 512B - Virtual size: 208B

.rsrc
Size: 512B - Virtual size: 469B