8074680fa6f91abb3773cafb8ca2d304

Sharing

Copy URL

Twitter E-mail

General

Target

8074680fa6f91abb3773cafb8ca2d304
Size

786KB
MD5

8074680fa6f91abb3773cafb8ca2d304
SHA1

a6cd9b94103fb87804a63f76043798cdcd49d725
SHA256

b60750c9d690c4f3fc1dd00229689aa009c2aee949a044fa8085a78363e7c825
SHA512

4762a860c64bac0b7d71c393b98e7b76ee99cb2fa3a61a76c35fe965fd9a90b39e401e4560e4299ee8e34f5ca43274401a43cf63bf44456b5355c4878d9dee61
SSDEEP

12288:anJ9eF7bXTgwOmYn7BYAgm3YX9U2Xsu9UcOc1Ty3jlgRqVDHEdmRr:aj+nTgw5YrHCJOuCW0D9F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8074680fa6f91abb3773cafb8ca2d304

Files

8074680fa6f91abb3773cafb8ca2d304
.dll windows:5 windows x86 arch:x86

ede09d68d710e8926cd85134130cb21c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\TeamViewer5_Release\TeamViewer\qs_release\TV.pdb

Imports

ntdll

NtClose
NtFreeVirtualMemory
NtAllocateVirtualMemory
NtProtectVirtualMemory
RtlMoveMemory
NtResumeThread
NtTerminateThread
NtSetContextThread
NtSuspendThread
NtOpenThread
RtlZeroMemory
NtCreateSection
NtOpenProcess
NtGetContextThread
NtQueryVirtualMemory
RtlGetNtVersionNumbers
RtlCompareMemory
RtlComputeCrc32
RtlDecompressBuffer
NtFlushInstructionCache
RtlRandom
NtUnmapViewOfSection
RtlGetVersion
NtWriteVirtualMemory
NtQuerySystemInformation
NtTerminateProcess
NtMapViewOfSection
RtlTimeToSecondsSince1970

kernel32

GetPrivateProfileIntA
WideCharToMultiByte
GetLocaleInfoW
Sleep
SizeofResource
CreateEventA
FormatMessageW
GetFileAttributesA
GetExitCodeProcess
CreateProcessA
FindResourceW
lstrcatA
MultiByteToWideChar
lstrlenW
WritePrivateProfileStringW
SetCurrentDirectoryA
FindFirstFileA
GetLastError
SetLastError
lstrcmpiA
VirtualAlloc
GetComputerNameExW
DisableThreadLibraryCalls
FindClose
GetPrivateProfileStringA
WritePrivateProfileStringA
LockResource
GetCommandLineA
WaitForMultipleObjects
CreatePipe
GetModuleFileNameA
FindNextFileA
WTSGetActiveConsoleSessionId
lstrcmpiW
GetModuleHandleA
LoadLibraryExA
GetCurrentThreadId
GetCurrentProcessId
LocalFree
DeleteFileA
GetVolumeInformationW
CreateThread
LocalAlloc
InterlockedCompareExchange
HeapDestroy
HeapCreate
InterlockedExchange
MoveFileExA
lstrlenA
FreeResource
GetFileSize
HeapReAlloc
ExitProcess
LoadLibraryA
GetPrivateProfileStringW
ExpandEnvironmentStringsA
GetSystemTimeAsFileTime
VirtualFree
SetEvent
WaitForSingleObject
OpenEventA
LoadResource
GetProcAddress
FreeLibrary
lstrcmpA
lstrcpyA
CloseHandle
CreateFileW
ReadFile
GetFileAttributesW
WriteFile
GetProcessHeap
GetTickCount
HeapFree
MoveFileExW
HeapAlloc
SetFilePointer
CreateFileA
GetSystemDirectoryA

user32

DestroyWindow
GetMessageA
SetTimer
GetWindowRect
PostThreadMessageA
PostQuitMessage
GetThreadDesktop
KillTimer
DrawIconEx
SetForegroundWindow
CreateDesktopA
wsprintfA
ExitWindowsEx
CloseDesktop
SendMessageA
CharLowerW
GetIconInfo
GetDC
GetForegroundWindow
GetCursorInfo
CreateDialogIndirectParamW
SetWindowLongA
BringWindowToTop
GetWindowLongW
CharLowerA
GetWindowLongA
GetWindowTextW
GetClassNameW
ReleaseDC
SetWindowLongW
GetDesktopWindow
SetWindowPos
LoadStringW
SwitchDesktop
SetThreadDesktop
IsWindow
PostMessageA
DispatchMessageA
MessageBoxW
SetWindowTextA
GetDlgItemTextA
CallWindowProcW
GetWindowThreadProcessId
wsprintfW
GetDlgItem

shlwapi

StrCmpNIA
PathQuoteSpacesW
StrChrA
PathIsRelativeA
StrCmpNIW
StrToIntA
PathFindFileNameW
PathIsRelativeW
ord12
PathBuildRootW
StrDupA
StrRChrA
StrTrimA
PathGetDriveNumberA
PathAddBackslashA
PathFindFileNameA
PathRemoveFileSpecA
StrChrW
PathAddBackslashW
PathRemoveFileSpecW

wtsapi32

WTSEnumerateSessionsA
WTSFreeMemory
WTSQueryUserToken
WTSQuerySessionInformationA

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

advapi32

SetServiceStatus
GetSecurityInfo
DuplicateTokenEx
OpenServiceA
CloseServiceHandle
OpenProcessToken
LsaQueryInformationPolicy
DeleteService
ConvertSidToStringSidA
SetEntriesInAclA
LogonUserW
SetNamedSecurityInfoA
GetUserNameW
LsaOpenPolicy
ChangeServiceConfig2A
RegisterServiceCtrlHandlerExW
GetTokenInformation
RegSetValueExA
EqualSid
RegQueryValueExA
CreateServiceA
CreateProcessAsUserW
DuplicateToken
RegDeleteKeyA
RegEnumKeyExA
StartServiceA
ChangeServiceConfigA
RegCreateKeyExA
LookupPrivilegeValueW
QueryServiceStatusEx
OpenSCManagerA
SetSecurityInfo
FreeSid
QueryServiceConfigA
CheckTokenMembership
ControlService
AdjustTokenPrivileges
RegCloseKey
LsaFreeMemory
GetNamedSecurityInfoA
CreateWellKnownSid
QueryServiceStatus
RegQueryInfoKeyA
AllocateAndInitializeSid
RegDeleteValueA
LsaClose
RegOpenKeyExA

wininet

HttpAddRequestHeadersA
HttpEndRequestA
HttpOpenRequestA
InternetWriteFile
InternetSetOptionA
InternetOpenA
InternetConnectA
InternetOpenUrlA
HttpQueryInfoA
HttpSendRequestExA
InternetCloseHandle
InternetReadFile

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathA
SHFileOperationA
ShellExecuteExA
SHCreateDirectoryExA

psapi

GetModuleFileNameExW

gdi32

DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
BitBlt

cabinet

ord22
ord23
ord21
ord20

oleaut32

SysAllocString
VariantInit
SysAllocStringLen
SysFreeString

ole32

CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoTaskMemFree
CoInitializeEx

Exports

Exports

SetSvc

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata0
Size: 729KB - Virtual size: 729KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ede09d68d710e8926cd85134130cb21c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

user32

shlwapi

wtsapi32

userenv

advapi32

wininet

shell32

psapi

gdi32

cabinet

oleaut32

ole32

Exports

Exports

Sections

.text Size: 39KB - Virtual size: 38KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 1024B - Virtual size: 1KB

.adata0 Size: 729KB - Virtual size: 729KB

.reloc Size: 3KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 39KB - Virtual size: 38KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 1024B - Virtual size: 1KB

.adata0
Size: 729KB - Virtual size: 729KB

.reloc
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB