ts3server[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ts3server.exe
Size

10.8MB
MD5

9ddf0fe29bbf46c55fcd0c2f0d4afef1
SHA1

e1b2588c3a9cb8e7b5f73d7f350775c523d63dfa
SHA256

f240821b9d266830139f56d47715ac2ce3bc6eb544dc0d33179366c39dc925e7
SHA512

0d30aa1e59243f616b5c4701d8913f6da73aa502af58bf93afbef17d9ea8b5de4e1a3abe2b18083ad1c758eb75a0a13fa1256c57714aec49218908a1390d8dda
SSDEEP

196608:J/vKGchEaJ2ZrOcZWiupL7xQ5AmQOOmUB/65briLoLyHpTyzrhicblieLqUEuKHi:J/vKGchEaJ2ZrOcZWiupL7xQ5AmQOOmf

Score

1^/10

Malware Config

Signatures

Files

ts3server.exe
.exe windows:5 windows x64 arch:x64

c8e9a25b0ef1f8e0416fbd1dd4d1cb13

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:01:2e:b9:8c:70:3a:a9:b0:6d:26:43:55:e9:fe:39
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04-11-2020 00:00

Not After

08-11-2023 23:59

Subject

CN=TeamSpeak Systems GmbH,O=TeamSpeak Systems GmbH,L=Krün,ST=Bayern,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:0c:df:c2:31:a1:55:20:3a:8a:08:f9:6c:9a:33:90:51:b6:54:76
Signer

Actual PE Digest

c1:0c:df:c2:31:a1:55:20:3a:8a:08:f9:6c:9a:33:90:51:b6:54:76

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\GitLab-Runner-PS\builds\17GNmMQr\0\teamspeak\teamspeak_server\build\64\out\Release_x64\ts3server.exe.pdb

Imports

ts3_ssh

ssh_disconnect
ssh_message_channel_request_reply_success
ssh_message_reply_default
ssh_disconnect_with_message
ssh_message_get
ssh_set_message_callback
ssh_message_subtype
ssh_channel_free
ssh_message_auth_user
ssh_get_status
ssh_channel_window_size
ssh_set_blocking
ssh_handle_key_exchange
ssh_message_auth_reply_success
ssh_message_channel_request_open_reply_accept
ssh_free
ssh_message_channel_request_pty_height
ssh_message_auth_set_methods
ssh_channel_close
ssh_channel_read_timeout
ssh_message_auth_password
ssh_message_channel_request_pty_width
ssh_silent_disconnect
ssh_channel_write
ssh_message_free
ssh_blocking_flush
ssh_message_channel_request_pty_term
ssh_channel_set_blocking
ssh_message_type
ssh_channel_send_eof
ssh_options_set
ssh_new
create_host_rsa_key
ssh_bind_options_set
ssh_bind_accept_fd
ssh_init
ssh_bind_new
ssh_bind_free

dbghelp

MiniDumpWriteDump

gdi32

CreateFontIndirectA
DeleteObject
GetObjectA
SetTextColor

user32

PostQuitMessage
TrackPopupMenuEx
RegisterClassExA
SetForegroundWindow
LoadIconA
SendMessageA
TranslateMessage
CreateWindowExA
DestroyMenu
DefWindowProcA
MessageBoxA
GetCursorInfo
GetSubMenu
GetSystemMetrics
DestroyWindow
DispatchMessageA
GetMessageA
LoadMenuA
CreateDialogParamA
SetDlgItemTextA
SendDlgItemMessageA
SetDlgItemTextW
IsDialogMessageA
ShowWindow
PtInRect
GetSysColorBrush
GetDlgItem
SetCursor
ClientToScreen
LoadCursorA
GetWindowRect
LoadImageA
SetClipboardData
LoadBitmapA
EmptyClipboard
CloseClipboard
GetDlgItemTextA
OpenClipboard

advapi32

RegCloseKey
CryptEncrypt
CryptDecrypt
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
CryptDestroyKey
RegQueryValueExA
RegOpenKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptSetKeyParam
CryptImportKey

crypt32

CryptStringToBinaryA
CryptBinaryToStringA

bcrypt

BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptOpenAlgorithmProvider

ws2_32

send
recv
WSAStartup
WSACleanup
WSAEnumProtocolsW
WSAGetLastError
htons
htonl
WSAAddressToStringW
ntohs
WSASetLastError
ntohl
setsockopt
ioctlsocket
getsockopt
WSARecv
getsockname
getpeername
WSASocketW
WSAStringToAddressW
listen
shutdown
WSASend
closesocket
bind
WSARecvFrom
WSASendTo
select
WSAIoctl
connect
accept
__WSAFDIsSet
freeaddrinfo
getaddrinfo
socket

shell32

Shell_NotifyIconA
SHGetFolderPathA
ShellExecuteA

mswsock

GetAcceptExSockaddrs
AcceptEx

secur32

InitSecurityInterfaceW

kernel32

GetConsoleCP
ReadConsoleW
SetEnvironmentVariableW
ReadFile
ExitThread
GetFileType
GetModuleHandleExW
ExitProcess
RtlUnwindEx
GetStdHandle
FlushFileBuffers
GetDateFormatW
GetConsoleMode
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
SetStdHandle
HeapReAlloc
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
InitializeSListHead
GetLocaleInfoW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
WriteConsoleW
OpenEventA
RtlUnwind
WaitForMultipleObjectsEx
GetProcessHeap
LCMapStringW
CompareStringW
GetCPInfo
GetStringTypeW
GetNativeSystemInfo
GetExitCodeThread
TryEnterCriticalSection
RaiseException
DecodePointer
EncodePointer
RtlPcToFileHeader
GetSystemTime
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
ResetEvent
VirtualQueryEx
CreateSemaphoreW
CreateThread
LoadLibraryW
ResumeThread
GetProcessId
RtlCaptureContext
GetCurrentThread
SetThreadPriority
InitializeCriticalSection
FormatMessageW
QueryPerformanceCounter
QueryPerformanceFrequency
AreFileApisANSI
CreateDirectoryExW
GetFileTime
CopyFileW
GetModuleHandleW
MoveFileExW
GetWindowsDirectoryW
GetCurrentDirectoryW
DeleteFileW
GetFileAttributesW
GetModuleFileNameW
GetLastError
GetCurrentProcess
lstrlenA
GetCurrentThreadId
CreateFileA
CloseHandle
FreeConsole
lstrcpynA
GetCurrentProcessId
AllocConsole
SetUnhandledExceptionFilter
GetModuleHandleA
OutputDebugStringA
GlobalAlloc
GlobalLock
GlobalUnlock
GetSystemTimeAsFileTime
LocalFree
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
PostQueuedCompletionStatus
TlsAlloc
TlsFree
GetFileAttributesExW
SetEvent
WaitForSingleObjectEx
WideCharToMultiByte
CreateEventA
HeapFree
HeapAlloc
VirtualQuery
SetWaitableTimer
TlsSetValue
VerifyVersionInfoA
SetLastError
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
WaitForSingleObject
MultiByteToWideChar
TerminateThread
QueueUserAPC
DeleteCriticalSection
VerSetConditionMask
VerifyVersionInfoW
TlsGetValue
CreateIoCompletionPort
GetSystemInfo
CreateEventW
CreateWaitableTimerA
SleepEx
LoadLibraryA
GetProcAddress
FreeLibrary
GetFileSizeEx
FindFirstFileA
ReleaseSemaphore
WriteFile
FindNextFileA
SetEndOfFile
FindClose
CreateMutexA
UnmapViewOfFile
DuplicateHandle
SwitchToThread
SetFilePointerEx
CreateFileMappingA
RemoveDirectoryA
CreateDirectoryA
CreateSemaphoreA
GetTickCount
MapViewOfFileEx
GetProcessTimes
ReleaseMutex
Sleep
CreateDirectoryW
FindFirstFileW
FindNextFileW
DeviceIoControl
RemoveDirectoryW
GetEnvironmentVariableW
CreateFileW

Sections

.text
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.4MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8e9a25b0ef1f8e0416fbd1dd4d1cb13

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0b:01:2e:b9:8c:70:3a:a9:b0:6d:26:43:55:e9:fe:39Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

c1:0c:df:c2:31:a1:55:20:3a:8a:08:f9:6c:9a:33:90:51:b6:54:76Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ts3_ssh

dbghelp

gdi32

user32

advapi32

crypt32

bcrypt

ws2_32

shell32

mswsock

secur32

kernel32

Sections

.text Size: 5.6MB - Virtual size: 5.6MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 3.4MB - Virtual size: 3.5MB

.pdata Size: 204KB - Virtual size: 204KB

.rsrc Size: 70KB - Virtual size: 69KB

.reloc Size: 27KB - Virtual size: 27KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0b:01:2e:b9:8c:70:3a:a9:b0:6d:26:43:55:e9:fe:39
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

c1:0c:df:c2:31:a1:55:20:3a:8a:08:f9:6c:9a:33:90:51:b6:54:76
Signer

.text
Size: 5.6MB - Virtual size: 5.6MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 3.4MB - Virtual size: 3.5MB

.pdata
Size: 204KB - Virtual size: 204KB

.rsrc
Size: 70KB - Virtual size: 69KB

.reloc
Size: 27KB - Virtual size: 27KB