737af7b8f42e41b49222e2b6b38f9b40

Sharing

Copy URL Twitter E-mail

General

Target

737af7b8f42e41b49222e2b6b38f9b40
Size

1.7MB
MD5

737af7b8f42e41b49222e2b6b38f9b40
SHA1

fb18d172157ff94dcbb03bb5001fe5d74631b08d
SHA256

e839250e5dd04306e34a37c28ec2611bd1c96a709ec0076b540bd214ba04b1e5
SHA512

0d729f7fe8c264bd4d8fac2364a2d7946088f2f856e1fb67907724dcec20e7e1af0864719458fa487a92b3f3d9091846d6f826d0d4d66bd7b821ba2619fdcd88
SSDEEP

49152:iWOiEamtjzS+KQdrZ2PEoPTDJaG4XhOz2KUcr1jztH1:iWvmtjW+KQdZVo7DJEs6UjzP

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$APPDATA/ViberPC/icons/TV.dll
unpack002/64/install.exe
unpack002/86/install.exe
unpack002/86/teamviewervpn.sys

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

737af7b8f42e41b49222e2b6b38f9b40
.exe windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:c9:02:d0:26:e3:12:44:c1:25:99:67:71:c9:dc:01
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/01/2008, 00:00

Not After

22/02/2011, 23:59

Subject

CN=TeamViewer GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer GmbH,ST=Baden Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

94:f5:4f:4d:6d:a4:cb:a8:89:45:7c:4d:01:74:22:a3:6f:7e:fa:26
Signer

Actual PE Digest

94:f5:4f:4d:6d:a4:cb:a8:89:45:7c:4d:01:74:22:a3:6f:7e:fa:26

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 128KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/ViberPC/icons/TV.dll
.dll windows:5 windows x86 arch:x86

ea9aea49490c39380b4bca41addf5dc7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_XcptFilter
free
_initterm
_amsg_exit
malloc

ntdll

NtResumeThread
NtTerminateThread
NtTerminateProcess
NtOpenProcess
NtClose
NtFlushInstructionCache
NtQueryVirtualMemory
NtWriteVirtualMemory
NtUnmapViewOfSection
NtGetContextThread
NtCreateSection
NtQuerySystemInformation
RtlTimeToSecondsSince1970
RtlDecompressBuffer
RtlCompareMemory
RtlMoveMemory
NtProtectVirtualMemory
NtFreeVirtualMemory
NtAllocateVirtualMemory
RtlRandom
NtSetContextThread
RtlGetVersion
RtlZeroMemory
RtlGetNtVersionNumbers
RtlComputeCrc32
NtOpenThread
NtSuspendThread
RtlUnwind
NtMapViewOfSection

kernel32

LockResource
DisableThreadLibraryCalls
LocalFree
VirtualAlloc
VirtualFree
HeapReAlloc
GetCurrentProcessId
ExitProcess
GetExitCodeProcess
CreateThread
GetCurrentThreadId
GetLastError
SetLastError
SetEvent
WaitForSingleObject
ReadFile
Sleep
LoadResource
SizeofResource
GetFileSize
FindClose
GetSystemTimeAsFileTime
FormatMessageW
CreatePipe
lstrcmpiA
lstrcmpiW
lstrcatA
lstrlenA
lstrlenW
CreateEventA
OpenEventA
LoadLibraryExA
GetModuleFileNameA
FreeResource
CreateProcessA
GetCommandLineA
ExpandEnvironmentStringsA
FindResourceW
GetPrivateProfileIntA
GetPrivateProfileStringA
GetPrivateProfileStringW
WritePrivateProfileStringA
WritePrivateProfileStringW
GetSystemDirectoryA
SetCurrentDirectoryA
GetFileAttributesA
DeleteFileA
FindFirstFileA
FindNextFileA
MoveFileExA
GetVolumeInformationW
GetComputerNameExW
WTSGetActiveConsoleSessionId
MultiByteToWideChar
WideCharToMultiByte
GetLocaleInfoW
LocalAlloc
InterlockedExchange
InterlockedCompareExchange
HeapCreate
HeapDestroy
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
LoadLibraryA
lstrcmpA
GetProcAddress
FreeLibrary
MoveFileExW
GetFileAttributesW
CreateFileW
CreateFileA
lstrcpyA
GetTickCount
CloseHandle
GetModuleHandleA
SetFilePointer
WriteFile
GetProcessHeap
HeapFree
HeapAlloc
WaitForMultipleObjects

user32

GetWindowThreadProcessId
GetClassNameW
GetDesktopWindow
SetWindowLongW
SetWindowLongA
DrawIconEx
GetWindowLongA
MessageBoxW
GetWindowRect
GetWindowTextW
SetWindowTextA
ReleaseDC
GetDC
SetForegroundWindow
GetForegroundWindow
KillTimer
SetTimer
CharLowerW
CharLowerA
GetDlgItemTextA
GetDlgItem
BringWindowToTop
SetWindowPos
DestroyWindow
IsWindow
CallWindowProcW
PostQuitMessage
SwitchDesktop
SetThreadDesktop
CloseDesktop
GetThreadDesktop
GetMessageA
DispatchMessageA
ExitWindowsEx
SendMessageA
PostMessageA
PostThreadMessageA
GetIconInfo
LoadStringW
GetCursorInfo
CreateDesktopA
wsprintfA
wsprintfW
GetWindowLongW
CreateDialogIndirectParamW

shlwapi

ord12
PathQuoteSpacesW
PathIsRelativeW
PathIsRelativeA
StrToIntA
StrRChrA
StrDupA
StrCmpNIW
StrCmpNIA
StrChrA
PathRemoveFileSpecW
PathRemoveFileSpecA
PathFindFileNameA
PathAddBackslashW
PathAddBackslashA
StrChrW
PathGetDriveNumberA
PathFindFileNameW
PathBuildRootW
StrTrimA

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSQuerySessionInformationA
WTSEnumerateSessionsA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

advapi32

DuplicateToken
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
CreateWellKnownSid
EqualSid
AllocateAndInitializeSid
FreeSid
LookupPrivilegeValueW
GetUserNameW
LogonUserW
CreateProcessAsUserW
DuplicateTokenEx
CheckTokenMembership
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA
ChangeServiceConfigA
ChangeServiceConfig2A
CloseServiceHandle
ControlService
CreateServiceA
DeleteService
OpenSCManagerA
OpenServiceA
QueryServiceConfigA
QueryServiceStatus
QueryServiceStatusEx
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceA
SetEntriesInAclA
GetNamedSecurityInfoA
SetNamedSecurityInfoA
SetSecurityInfo
ConvertSidToStringSidA
GetSecurityInfo

wininet

HttpAddRequestHeadersA
HttpOpenRequestA
InternetSetOptionA
InternetWriteFile
InternetReadFile
InternetOpenUrlA
InternetConnectA
InternetCloseHandle
InternetOpenA
HttpSendRequestExA
HttpEndRequestA
HttpQueryInfoA

shell32

SHFileOperationA
SHCreateDirectoryExW
SHCreateDirectoryExA
ShellExecuteExA
SHGetSpecialFolderPathA

psapi

GetModuleFileNameExW

gdi32

DeleteObject
DeleteDC
CreateCompatibleDC
GetObjectA
SelectObject
BitBlt
CreateCompatibleBitmap

cabinet

ord22
ord21
ord20
ord23

oleaut32

SysAllocString
VariantInit
SysAllocStringLen
SysFreeString

ole32

CoSetProxyBlanket
CoCreateInstance
CoTaskMemFree
CoInitializeEx
CoUninitialize

Exports

Exports

SetSvc

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/ViberPC/icons/TeamViewer.ini
$APPDATA/ViberPC/icons/Teamviewer_Resource_ja.dll
.dll windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:c9:02:d0:26:e3:12:44:c1:25:99:67:71:c9:dc:01
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/01/2008, 00:00

Not After

22/02/2011, 23:59

Subject

CN=TeamViewer GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer GmbH,ST=Baden Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0e:15:90:a1:7e:28:d6:ef:b7:4d:b2:e4:ef:e0:8c:b9:01:20:86
Signer

Actual PE Digest

6a:0e:15:90:a1:7e:28:d6:ef:b7:4d:b2:e4:ef:e0:8c:b9:01:20:86

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 580KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/ViberPC/icons/UniPrint.exe
.exe windows:4 windows x86 arch:x86

7b63cbf00a58fd4d2af09a48911f4a66

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:c9:02:d0:26:e3:12:44:c1:25:99:67:71:c9:dc:01
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/01/2008, 00:00

Not After

22/02/2011, 23:59

Subject

CN=TeamViewer GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer GmbH,ST=Baden Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1a:b3:62:64:ef:fa:39:f0:0e:91:28:5b:a1:73:28:5b:82:66:13:53
Signer

Actual PE Digest

1a:b3:62:64:ef:fa:39:f0:0e:91:28:5b:a1:73:28:5b:82:66:13:53

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveInUnprepareHeader
waveInClose
waveInStart
mixerSetControlDetails
waveInAddBuffer
waveInReset
waveOutGetNumDevs
mixerClose
mixerOpen
waveOutOpen
waveOutClose
waveInOpen
waveInPrepareHeader
mixerGetID
waveOutWrite
waveOutRestart
waveOutReset
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutPause
waveInGetNumDevs

comctl32

ImageList_SetBkColor
ImageList_Create
ImageList_Remove
ImageList_ReplaceIcon
InitCommonControlsEx

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

msvfw32

DrawDibDraw
DrawDibOpen
DrawDibClose

sensapi

IsNetworkAlive

iphlpapi

GetAdapterIndex
GetAdaptersInfo
DeleteIPAddress

mpr

WNetEnumResourceW
WNetOpenEnumW
WNetCloseEnum

kernel32

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
HeapAlloc
CompareFileTime
SetThreadPriority
VirtualFree
VirtualAlloc
GetCurrentThread
ResetEvent
GetExitCodeThread
CreateThread
LocalLock
LocalSize
LocalUnlock
SetProcessShutdownParameters
GlobalHandle
GlobalFree
CompareStringA
GetModuleHandleA
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
QueryPerformanceFrequency
QueryPerformanceCounter
GetLocaleInfoA
GetUserDefaultLCID
MoveFileW
WritePrivateProfileStringW
LocalAlloc
lstrcpyW
DeviceIoControl
ResumeThread
GetOverlappedResult
FindNextFileA
FindFirstFileA
DeleteFileA
CreateFileA
FileTimeToLocalFileTime
FindClose
SetUnhandledExceptionFilter
SetErrorMode
HeapDestroy
HeapReAlloc
HeapSize
InterlockedCompareExchange
IsProcessorFeaturePresent
GetVersionExA
GetACP
GetThreadLocale
GetFileTime
FormatMessageA
UnmapViewOfFile
SetEndOfFile
MapViewOfFileEx
SetEnvironmentVariableA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
SetHandleCount
GetTimeZoneInformation
GetOEMCP
HeapCreate
ExitThread
CreateFileMappingA
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
SetWaitableTimer
CreateWaitableTimerA
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetTimeFormatA
GetDateFormatA
RtlUnwind
GetCommandLineA
GetStartupInfoA
ExitProcess
GetFileType
SystemTimeToFileTime
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
GetLocalTime
LockResource
InitializeCriticalSection
ReadFile
InterlockedDecrement
MoveFileExW
GetFileSize
InterlockedIncrement
InterlockedExchange
FreeLibrary
LoadResource
FlushFileBuffers
WriteFile
GetModuleFileNameA
GetStringTypeA
DeleteCriticalSection
LocalFree
ReleaseMutex
GetCommandLineW
SizeofResource
CreateMutexA
GetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
OpenProcess
Sleep
WaitForMultipleObjects
GetCurrentProcessId
EnterCriticalSection
SetLastError
RaiseException
FlushInstructionCache
LeaveCriticalSection
WaitForSingleObject
HeapFree
CreateEventA
GetProcessHeap
GetTickCount
CreateSemaphoreA
SetEvent
GetSystemTimeAsFileTime
GetCurrentProcess
DuplicateHandle
ReleaseSemaphore
GetCurrentThreadId
CloseHandle
LCMapStringA
GetStdHandle

user32

DrawFocusRect
GetMenuState
SetDlgItemTextA
SendDlgItemMessageA
CreateMenu
IsMenu
CloseDesktop
GetUserObjectInformationW
GetThreadDesktop
GetIconInfo
GetCursorInfo
GetWindowRgn
SetThreadDesktop
OpenInputDesktop
SetCursorPos
CreateIconIndirect
InvalidateRgn
CreatePopupMenu
MsgWaitForMultipleObjects
GetSystemMenu
GetCapture
GetNextDlgTabItem
GetMessagePos
GetSysColor
EndDeferWindowPos
BeginDeferWindowPos
DrawEdge
GetWindowPlacement
SetWindowPlacement
DestroyAcceleratorTable
FlashWindow
GetDialogBaseUnits
MapDialogRect
DeferWindowPos
DrawIconEx
CreateWindowExA
GetDlgItemTextA
SetScrollPos
GetScrollInfo
ScrollWindowEx
SetScrollInfo
SetParent
GetSysColorBrush
MessageBeep
GetDesktopWindow
GetWindowDC
WindowFromPoint
SetRectEmpty
GetMenuItemCount
DestroyIcon
BlockInput
GetDlgCtrlID
DeleteMenu
IsWindowEnabled
ReleaseDC
PostQuitMessage
RedrawWindow
SetActiveWindow
BringWindowToTop
MessageBoxA
CallNextHookEx
GetAsyncKeyState
GetFocus
SendInput
GetKeyState
DestroyCursor
GetKeyboardState
ToAscii
UnhookWindowsHookEx
ChangeClipboardChain
SetClipboardViewer
CloseClipboard
SetClipboardData
FrameRect
SetWindowContextHelpId
IsChild
CharUpperW
CharLowerW
EmptyClipboard
OpenClipboard
SetCursor
SetCapture
GetCursor
ReleaseCapture
IsWindowVisible
EnumWindows
GetGUIThreadInfo
GetWindowThreadProcessId
GetForegroundWindow
EqualRect
GetActiveWindow
GetDlgItem
EndDialog
GetDC
IsRectEmpty
UnionRect
UpdateWindow
SetForegroundWindow
ShowScrollBar
IntersectRect
AdjustWindowRect
IsIconic
FillRect
GetSystemMetrics
CopyRect
CheckMenuItem
RemoveMenu
SetFocus
CheckMenuRadioItem
GetSubMenu
ShowWindow
TrackPopupMenuEx
OpenDesktopW
ClientToScreen
SetRect
SetWindowRgn
OffsetRect
DestroyMenu
EnableMenuItem
ScreenToClient
GetCursorPos
PtInRect
GetParent
GetClientRect
DestroyWindow
TrackMouseEvent
BeginPaint
EndPaint
KillTimer
InflateRect
SetWindowPos
SetTimer
InvalidateRect
MapWindowPoints
GetWindowRect
TranslateMessage
GetWindow
MoveWindow
IsWindow
ToUnicode
UnregisterClassA

gdi32

CreateBitmap
PatBlt
RoundRect
CreatePatternBrush
CreateCompatibleBitmap
MaskBlt
SetBrushOrgEx
SetPixel
SelectPalette
RealizePalette
SetStretchBltMode
GetObjectType
CreatePalette
GetSystemPaletteEntries
GetDIBits
GetDCOrgEx
CreateRoundRectRgn
FrameRgn
SetDIBitsToDevice
GetPixel
SetViewportOrgEx
SetWindowOrgEx
DPtoLP
StretchBlt
SetBkColor
GetDeviceCaps
LineTo
MoveToEx
SetDIBColorTable
Rectangle
Polygon
Ellipse
SetBkMode
SelectObject
SetTextColor
CreateSolidBrush
CreatePen
CreateCompatibleDC
OffsetRgn
SetRectRgn
BitBlt
PtInRegion
CreateRectRgnIndirect
SelectClipRgn
RectInRegion
CombineRgn
CreateRectRgn
CreatePolygonRgn
GetStockObject
DeleteObject
CreateDIBSection
DeleteDC

advapi32

LookupAccountNameW
RegSetValueExA
GetTokenInformation
RegEnumValueW
RegEnumKeyExA
RegEnumValueA
GetSidIdentifierAuthority
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserW
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
FreeSid
RevertToSelf
ImpersonateLoggedOnUser
RegisterEventSourceW
ReportEventW
RegCloseKey
InitializeSecurityDescriptor
EqualSid
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
DeregisterEventSource
SetSecurityDescriptorDacl

shell32

ord155
ord680
CommandLineToArgvW
SHGetSpecialFolderLocation
DragAcceptFiles
SHAppBarMessage

ole32

CoUninitialize
CoInitializeEx
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
OleInitialize
CLSIDFromProgID
CLSIDFromString
StringFromGUID2
OleUninitialize
CreateStreamOnHGlobal
CoGetClassObject
OleLockRunning
CoCreateGuid
CoInitializeSecurity

oleaut32

VariantInit
SafeArrayGetDim
SafeArrayGetElement
VarUI4FromStr
SysFreeString
VariantChangeType
VariantCopy
VariantClear
OleCreatePropertyFrame
SysStringLen
SysStringByteLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysAllocStringLen
SysAllocString

shlwapi

PathCompactPathW
PathRemoveFileSpecW

wsock32

ntohs
htonl
send
WSACleanup
ioctlsocket
setsockopt
shutdown
closesocket
gethostname
inet_addr
gethostbyname
socket
sendto
htons
inet_ntoa
recv
WSAGetLastError
select
listen
accept
bind
recvfrom
WSAStartup
getsockopt
connect
getsockname
getpeername
__WSAFDIsSet

wininet

InternetQueryOptionW
InternetSetOptionW
InternetOpenW
InternetReadFile
InternetErrorDlg
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetQueryDataAvailable
HttpQueryInfoA
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetGoOnlineA
HttpSendRequestA
InternetCloseHandle

ws2_32

WSAEventSelect
WSAWaitForMultipleEvents
WSAResetEvent
WSACloseEvent
WSASetEvent
WSACreateEvent

crypt32

CertGetNameStringW
CertGetNameStringA
CertFreeCertificateContext
CryptVerifyMessageSignature

imagehlp

ImageEnumerateCertificates
ImageGetCertificateHeader
ImageGetCertificateData

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 836KB - Virtual size: 836KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 136KB - Virtual size: 684KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/ViberPC/icons/vpn.cab
.cab
64/TeamViewerVPN.inf
64/install.exe
.exe windows:6 windows x64 arch:x64

76bbb3bb57493f8af4afd8c7c700309a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

OpenProcessToken
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
InitiateSystemShutdownExW
RegCloseKey
CloseServiceHandle
OpenSCManagerW
OpenServiceW
RegDeleteValueW
RegSetValueExW

kernel32

GetCurrentProcess
FormatMessageW
lstrlenW
GetLastError
CloseHandle
LocalFree
GetDateFormatW
FreeLibrary
FileTimeToSystemTime
GetFullPathNameW
FindFirstFileW
LoadLibraryW
GetFileAttributesW
GetProcAddress
FindClose
FindNextFileW
GetWindowsDirectoryW
Sleep
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
UnhandledExceptionFilter

msvcrt

wcschr
_wcsicmp
towlower
_wcsnicmp
fputs
__iob_func
wcsrchr
fputws
?terminate@@YAXXZ
memset
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
wprintf
??2@YAPEAX_K@Z
towupper
??3@YAXPEAX@Z
iswalpha

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

ole32

CLSIDFromString

setupapi

SetupScanFileQueueW
SetupDiGetClassDevsExW
SetupDiGetDeviceRegistryPropertyW
SetupDiSetClassInstallParamsW
SetupDiClassNameFromGuidExW
CM_Reenumerate_DevNode_Ex
SetupCopyOEMInfW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetINFClassW
CM_Disconnect_Machine
SetupDiBuildClassInfoListExW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
CM_Connect_MachineW
CM_Locate_DevNode_ExW
CM_Get_DevNode_Status_Ex
SetupDiBuildDriverInfoList
SetupDiGetDeviceInstallParamsW
SetupDiOpenDevRegKey
SetupDiSetSelectedDriverW
SetupGetStringFieldW
CM_Get_Res_Des_Data_Size_Ex
SetupDiEnumDriverInfoW
CM_Free_Log_Conf_Handle
CM_Get_Device_ID_ExW
CM_Get_Next_Res_Des_Ex
SetupCloseFileQueue
SetupDiGetDriverInstallParamsW
CM_Get_Res_Des_Data_Ex
SetupDiOpenClassRegKeyExW
SetupCloseInfFile
SetupOpenFileQueue
SetupDiCallClassInstaller
SetupDiDestroyDriverInfoList
SetupOpenInfFileW
CM_Free_Res_Des_Handle
CM_Get_First_Log_Conf_Ex
SetupDiSetDeviceInstallParamsW
SetupFindFirstLineW
SetupDiGetDriverInfoDetailW
SetupDiGetClassDescriptionExW
SetupDiClassGuidsFromNameExW
SetupDiOpenDeviceInfoW
SetupDiGetDeviceInfoListDetailW
SetupDiCreateDeviceInfoListExW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

user32

CharNextW
CharPrevW
LoadStringW

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
64/teamviewervpn.cat
64/teamviewervpn.sys
.sys windows:6 windows x64 arch:x64

cd6e6e3dfb3a87a73c76cb5d3cdda140

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:93:02:9b:c5:50:fb:0a:04:cc:b4:bd:26:41:34:d5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/01/2007, 00:00

Not After

21/02/2008, 23:59

Subject

CN=TeamViewer GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer GmbH,ST=Baden Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

87:ca:97:9f:22:ae:32:a2:68:55:1c:a1:96:2c:d9:52:fd:e2:38:69
Signer

Actual PE Digest

87:ca:97:9f:22:ae:32:a2:68:55:1c:a1:96:2c:d9:52:fd:e2:38:69

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeBugCheckEx
RtlAnsiStringToUnicodeString
KeAcquireSpinLockRaiseToDpc
RtlCreateSecurityDescriptor
IoReleaseCancelSpinLock
ZwOpenFile
RtlFreeAnsiString
ZwSetSecurityObject
IofCompleteRequest
ZwClose
MmMapLockedPagesSpecifyCache
RtlFreeUnicodeString
KeReleaseSpinLock
RtlUnicodeStringToAnsiString
MmMapLockedPages
DbgPrint
RtlUnicodeToMultiByteN
__C_specific_handler

ndis.sys

NdisMIndicateStatusComplete
NdisAllocateMemoryWithTag
NdisReadConfiguration
NdisTerminateWrapper
NdisMDeregisterDevice
NdisMDeregisterAdapterShutdownHandler
NdisMSetAttributesEx
NdisInitializeWrapper
NdisFreeMemory
NdisMRegisterMiniport
NdisCloseConfiguration
NdisMRegisterDevice
NdisMRegisterUnloadHandler
NdisMIndicateStatus
NdisMSleep
NdisMRegisterAdapterShutdownHandler
NdisOpenConfiguration

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
86/TeamViewerVPN.inf
86/install.exe
.exe windows:5 windows x86 arch:x86

575a28d688d159a394f4aab4da2ed819

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryW
GetFileAttributesW
GetFullPathNameW
GetModuleHandleA
QueryPerformanceCounter
FreeLibrary
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
SetUnhandledExceptionFilter
lstrcpynW
FileTimeToSystemTime
GetDateFormatW
lstrcpyW
lstrlenW
GetLastError
GetCurrentProcess
CloseHandle
FormatMessageW
LocalFree
GetTickCount

msvcrt

fputws
fputs
_iob
??3@YAXPAX@Z
??2@YAPAXI@Z
wcschr
towlower
towupper
iswalpha
_wcsnicmp
_wcsicmp
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__winitenv
exit
_cexit
_XcptFilter
_exit
_c_exit
wcscmp
wprintf
wcsrchr

advapi32

LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegSetValueExW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
AdjustTokenPrivileges

setupapi

SetupDiClassGuidsFromNameExW
CM_Free_Log_Conf_Handle
CM_Get_Next_Res_Des_Ex
CM_Free_Res_Des_Handle
CM_Get_Res_Des_Data_Size_Ex
CM_Connect_MachineW
CM_Locate_DevNode_ExW
CM_Reenumerate_DevNode_Ex
CM_Disconnect_Machine
SetupDiGetINFClassW
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoW
SetupDiSetDeviceRegistryPropertyW
SetupDiSetClassInstallParamsW
SetupDiBuildClassInfoListExW
SetupDiClassNameFromGuidExW
SetupDiGetClassDescriptionExW
SetupDiOpenClassRegKeyExW
SetupDiGetDriverInstallParamsW
SetupDiSetSelectedDriverW
SetupOpenFileQueue
SetupDiCallClassInstaller
SetupScanFileQueueW
SetupCloseFileQueue
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoW
SetupDiOpenDevRegKey
SetupDiGetDriverInfoDetailW
SetupDiDestroyDriverInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
CM_Get_Device_ID_ExW
SetupDiGetDeviceInfoListDetailW
SetupDiOpenDeviceInfoW
SetupDiGetClassDevsExW
SetupDiCreateDeviceInfoListExW
CM_Get_Res_Des_Data_Ex
CM_Get_DevNode_Status_Ex
CM_Get_First_Log_Conf_Ex

user32

ExitWindowsEx
CharNextW
LoadStringW
CharPrevW

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
86/teamviewervpn.cat
86/teamviewervpn.sys
.sys windows:6 windows x86 arch:x86

952b9ef5a3d8fb9c2ae05f06bb0e783c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
RtlUnicodeStringToAnsiString
RtlAnsiStringToUnicodeString
MmMapLockedPagesSpecifyCache
MmMapLockedPages
RtlCreateSecurityDescriptor
ZwOpenFile
ZwSetSecurityObject
ZwClose
IoReleaseCancelSpinLock
IofCompleteRequest
RtlFreeUnicodeString
RtlFreeAnsiString
memcpy
memset
RtlUnwind
DbgPrint
RtlUnicodeToMultiByteN

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

ndis.sys

NdisMRegisterUnloadHandler
NdisMSetAttributesEx
NdisMRegisterAdapterShutdownHandler
NdisOpenConfiguration
NdisReadConfiguration
NdisCloseConfiguration
NdisTerminateWrapper
NdisMIndicateStatus
NdisMIndicateStatusComplete
NdisMDeregisterDevice
NdisMDeregisterAdapterShutdownHandler
NdisMSleep
NdisFreeMemory
NdisMRegisterMiniport
NdisInitializeWrapper
NdisAllocateMemoryWithTag
NdisMRegisterDevice

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 896B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

25:c9:02:d0:26:e3:12:44:c1:25:99:67:71:c9:dc:01Certificate

Extended Key Usages

Key Usages

94:f5:4f:4d:6d:a4:cb:a8:89:45:7c:4d:01:74:22:a3:6f:7e:fa:26Signer

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 128KB

.rsrc Size: 68KB - Virtual size: 68KB

ea9aea49490c39380b4bca41addf5dc7

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

kernel32

user32

shlwapi

wtsapi32

userenv

advapi32

wininet

shell32

psapi

gdi32

cabinet

oleaut32

ole32

Exports

Exports

Sections

.text Size: 50KB - Virtual size: 49KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 4KB

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

25:c9:02:d0:26:e3:12:44:c1:25:99:67:71:c9:dc:01Certificate

Extended Key Usages

Key Usages

6a:0e:15:90:a1:7e:28:d6:ef:b7:4d:b2:e4:ef:e0:8c:b9:01:20:86Signer

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 580KB - Virtual size: 580KB

.reloc Size: 4KB - Virtual size: 8B

7b63cbf00a58fd4d2af09a48911f4a66

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

25:c9:02:d0:26:e3:12:44:c1:25:99:67:71:c9:dc:01
Certificate

94:f5:4f:4d:6d:a4:cb:a8:89:45:7c:4d:01:74:22:a3:6f:7e:fa:26
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 128KB

.rsrc
Size: 68KB - Virtual size: 68KB

.text
Size: 50KB - Virtual size: 49KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

25:c9:02:d0:26:e3:12:44:c1:25:99:67:71:c9:dc:01
Certificate

6a:0e:15:90:a1:7e:28:d6:ef:b7:4d:b2:e4:ef:e0:8c:b9:01:20:86
Signer

.rsrc
Size: 580KB - Virtual size: 580KB

.reloc
Size: 4KB - Virtual size: 8B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

25:c9:02:d0:26:e3:12:44:c1:25:99:67:71:c9:dc:01
Certificate

1a:b3:62:64:ef:fa:39:f0:0e:91:28:5b:a1:73:28:5b:82:66:13:53
Signer

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 836KB - Virtual size: 836KB

.data
Size: 136KB - Virtual size: 684KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 24KB - Virtual size: 24KB

.text
Size: 30KB - Virtual size: 30KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 1024B - Virtual size: 852B

.rsrc
Size: 44KB - Virtual size: 43KB

.reloc
Size: 512B - Virtual size: 368B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate