37d6fd03cca2048f5496b761e63b157d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

37d6fd03cca2048f5496b761e63b157d_JaffaCakes118
Size

3.2MB
MD5

37d6fd03cca2048f5496b761e63b157d
SHA1

787787e9e5e9365364549dc30b793b994f4488ab
SHA256

07452abf225b3c9e4ac0632015134051c98d0d246a3fcb80edb242c2018df6a7
SHA512

a5dc2a6ef576acc2564cc67554716e5adab25411b48c38518fa6fc3637087a31256e3458661997972f91a690134ab28f276e793494ac658fb4246a2f2df49b36
SSDEEP

49152:yrUJxgYj9SDIZypsaGvfF3U6IbDMSCh/fQ1Dg9TFB2NwE23MFFAu0jy3jP/xyj4+:yrGSUZyC5GbAZd+kFBmqFezny4a4i

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
37d6fd03cca2048f5496b761e63b157d_JaffaCakes118
unpack001/#/SafeNet/SensApi.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

37d6fd03cca2048f5496b761e63b157d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

57e98d9a5a72c8d7ad8fb7a6a58b3daf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetCurrentProcess
CopyFileA
Sleep
GetTickCount
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
ExitProcess
SetCurrentDirectoryA
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileAttributesA
GetFileAttributesA
GetShortPathNameA
MoveFileA
GetFullPathNameA
SetFileTime
SearchPathA
CloseHandle
lstrcmpiA
GlobalUnlock
GetDiskFreeSpaceA
lstrcmpA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
#/SafeNet/SensApi.dll
.dll windows:4 windows x86 arch:x86

dc0b534b8b146e28a0bd67b230063e62

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

modemui

drvCommConfigDialogA
CountryRunOnce
InvokeControlPanel

uxtheme

GetThemeRect
CloseThemeData
GetThemeTextMetrics
GetThemeColor
GetWindowTheme
GetThemeSysSize
OpenThemeData
SetWindowTheme
DrawThemeEdge
GetThemeInt
IsThemeActive
DrawThemeBackground
GetThemeBool
GetThemeFont

kernel32

OpenFileMappingA
CreateEventW
GetOEMCP
FindFirstFileW
FormatMessageA
GetCurrentProcess
GetSystemTime
GetCommandLineA
SearchPathW
DeleteFileA
FindAtomA
SystemTimeToFileTime
SetEndOfFile
HeapAlloc
OpenEventW
ReleaseMutex
GetModuleFileNameA
lstrcmpi
GetTimeFormatW
GetStartupInfoW
InterlockedDecrement
GetFileAttributesA
OpenSemaphoreA
SetEvent
GetProcAddress
CreateDirectoryA
GetVersionExA
CreateJobObjectW
FindClose
GetTickCount
GetACP
GetModuleHandleA
SleepEx
SetCurrentDirectoryW
GetLogicalDriveStringsA

wtsapi32

WTSTerminateProcess
WTSEnumerateProcessesW
WTSSetUserConfigW
WTSVirtualChannelRead
WTSSetSessionInformationA
WTSVirtualChannelWrite
WTSOpenServerW
WTSFreeMemory
WTSEnumerateSessionsA
WTSQuerySessionInformationW
WTSVirtualChannelQuery
WTSQueryUserConfigA
WTSVirtualChannelPurgeInput
WTSLogoffSession

user32

IsDialogMessageW
SetWindowTextW
CreateWindowExW
LoadBitmapW
DrawTextExW
CharToOemA
IsCharLowerA
LoadStringW
MessageBoxExA
InsertMenuA
DdeQueryStringA
GetIconInfo
GetRawInputDeviceInfoW
DefWindowProcW
DrawStateA
GetMenuStringW
wvsprintfW

crypt32

CertGetNameStringA
CertCreateCRLContext
CertNameToStrA
CertFindExtension
CertFindCRLInStore
CertDeleteCRLFromStore
CertAlgIdToOID
CertCloseStore
CertDuplicateCTLContext
CertControlStore
CryptFindOIDInfo
CertFreeCRLContext
CryptMemAlloc
CertFindChainInStore

Exports

Exports

IsDestinationReachableA
IsDestinationReachableW
IsNetworkAlive

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
#/SafeNet/TeamViewer.exe
.exe windows:4 windows x86 arch:x86

5b3af636b2fbc7a86216b55927500f53

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3d:27:af:be:a5:99:6f:13:e5:b5:62:44:21:f1:62:95
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/08/2011, 00:00

Not After

07/08/2014, 23:59

Subject

CN=TeamViewer,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer,L=Goeppingen,ST=Baden Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a5:f8:a3:e5:d9:98:23:9b:c7:af:bc:3e:d4:53:4d:dd:bb:b8:1a:3c
Signer

Actual PE Digest

a5:f8:a3:e5:d9:98:23:9b:c7:af:bc:3e:d4:53:4d:dd:bb:b8:1a:3c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\TeamViewer_6.0_Release\TeamViewer\release\TeamViewer.pdb

Imports

ws2_32

getpeername
ntohs
WSACreateEvent
ntohl
htonl
select
__WSAFDIsSet
WSARecv
gethostname
inet_ntoa
gethostbyname
recv
shutdown
WSACloseEvent
WSAAddressToStringA
getservbyport
bind
getservbyname
gethostbyaddr
socket
sendto
recvfrom
send
WSAEventSelect
WSAResetEvent
WSASetEvent
getsockopt
htons
WSARecvFrom
WSADuplicateSocketW
WSAWaitForMultipleEvents
closesocket
ioctlsocket
accept
connect
WSACleanup
WSAStartup
getsockname
inet_addr
WSASetLastError
WSAGetLastError
listen
WSASend
WSASocketW
setsockopt

iphlpapi

GetIpAddrTable
GetAdapterIndex
GetAdaptersInfo
GetIfEntry
DeleteIPAddress
GetBestInterface

comctl32

DestroyPropertySheetPage
CreatePropertySheetPageW
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_Destroy
ImageList_Create
ImageList_SetBkColor
PropertySheetW
ImageList_Remove

avicap32

capGetDriverDescriptionA
capCreateCaptureWindowA

msvfw32

DrawDibOpen
DrawDibDraw
DrawDibClose

winmm

mixerSetControlDetails
mixerOpen
waveOutOpen
waveInPrepareHeader
waveInAddBuffer
waveInUnprepareHeader
waveInClose
mixerClose
timeEndPeriod
timeBeginPeriod
waveInReset
waveInGetNumDevs
waveInOpen
waveOutPrepareHeader
waveOutPause
waveOutWrite
waveInStart
waveOutUnprepareHeader
waveOutClose
waveOutRestart
waveOutReset
waveOutGetNumDevs
mixerGetID

kernel32

SetPriorityClass
GetExitCodeThread
TryEnterCriticalSection
CreateThread
ResumeThread
ResetEvent
GetCurrentThread
DuplicateHandle
FindClose
CompareFileTime
CompareStringA
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
QueryPerformanceCounter
QueryPerformanceFrequency
GetThreadTimes
GetCurrentDirectoryA
GetFullPathNameA
FindFirstFileA
GetDriveTypeA
lstrcpyA
FlushInstructionCache
SetLastError
DeleteCriticalSection
HeapAlloc
InitializeCriticalSection
GetSystemTimeAsFileTime
ReleaseSemaphore
WaitForMultipleObjects
CreateSemaphoreA
MulDiv
GlobalLock
SleepEx
ExpandEnvironmentStringsA
LocalAlloc
SetEnvironmentVariableA
SetStdHandle
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetOEMCP
GetStdHandle
HeapCreate
ExitThread
GetStringTypeA
LCMapStringA
GetDateFormatA
GetTimeFormatA
ExitProcess
GetStartupInfoA
GetCommandLineA
RtlUnwind
IsDebuggerPresent
UnhandledExceptionFilter
CreateWaitableTimerA
SetWaitableTimer
CreateFileMappingA
MapViewOfFileEx
CreateFileA
UnmapViewOfFile
GetSystemInfo
AreFileApisANSI
GetFileTime
SetEndOfFile
FormatMessageA
GetThreadLocale
GetACP
GetVersionExA
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
lstrlenA
SystemTimeToFileTime
SetFileTime
LocalFileTimeToFileTime
SetUnhandledExceptionFilter
FileTimeToLocalFileTime
QueueUserAPC
GetOverlappedResult
DeviceIoControl
GetExitCodeProcess
OpenEventA
TlsGetValue
TlsSetValue
TerminateProcess
OpenProcess
SetFilePointer
SetThreadAffinityMask
GetLocaleInfoA
GetUserDefaultLCID
GetSystemDefaultLCID
LocalFree
FileTimeToSystemTime
MoveFileExW
SystemTimeToTzSpecificLocalTime
WriteFile
GlobalUnlock
GlobalFree
GlobalAlloc
GetFileSize
ReadFile
InitializeCriticalSectionAndSpinCount
GlobalHandle
LoadResource
LockResource
InterlockedDecrement
InterlockedIncrement
FreeLibrary
GetCommandLineW
SetErrorMode
CreateMutexA
ReleaseMutex
GetLastError
TlsAlloc
TlsFree
SetEvent
GetCurrentThreadId
GetProcessHeap
WaitForSingleObject
HeapFree
GetTickCount
CreateEventA
Sleep
CloseHandle
RaiseException
LeaveCriticalSection
EnterCriticalSection
GetPriorityClass
SetThreadPriority
VirtualFree
VirtualAlloc
GetLocalTime
GetCurrentProcessId
InterlockedExchangeAdd
SizeofResource
InterlockedExchange
SetProcessShutdownParameters
GetCurrentProcess

user32

GetWindowRect
MapWindowPoints
SetWindowPos
IsWindow
ShowWindow
InvalidateRect
GetWindow
MoveWindow
SetScrollInfo
InflateRect
ExitWindowsEx
GetKeyState
GetWindowRgn
MsgWaitForMultipleObjects
CreateIconIndirect
SetCapture
BeginPaint
GetClientRect
SetCursorPos
GetParent
EndPaint
KillTimer
SetRect
UnregisterClassA
EnumWindows
GetCursorInfo
GetGUIThreadInfo
BlockInput
GetThreadDesktop
SetDlgItemTextA
GetWindowPlacement
SetForegroundWindow
CreateWindowExA
SendDlgItemMessageA
GetDlgItemTextA
DrawIconEx
FrameRect
GetCapture
GetIconInfo
DrawFocusRect
ScrollWindowEx
MsgWaitForMultipleObjectsEx
IsMenu
SetScrollPos
GetScrollInfo
SetParent
CreateMenu
FlashWindow
SetWindowPlacement
DrawEdge
GetNextDlgTabItem
GetMessagePos
GetSystemMenu
GetUserObjectInformationW
EnumDesktopWindows
AttachThreadInput
GetUpdateRgn
EnumChildWindows
UnhookWindowsHookEx
CallNextHookEx
SendInput
ToAscii
ToUnicode
GetKeyboardState
CloseDesktop
OpenInputDesktop
OpenDesktopW
ActivateKeyboardLayout
GetKeyboardLayout
SetThreadDesktop
InvalidateRgn
SetWindowRgn
DestroyWindow
TrackMouseEvent
ReleaseCapture
CheckMenuItem
PtInRect
EnableMenuItem
SetTimer
GetCursorPos
ScreenToClient
ClientToScreen
TrackPopupMenuEx
SetFocus
GetMenuState
GetSubMenu
CheckMenuRadioItem
DestroyMenu
OffsetRect
CreatePopupMenu
IsWindowVisible
GetDC
GetDesktopWindow
BringWindowToTop
GetDlgCtrlID
GetDlgItem
CopyRect
ShowScrollBar
IsIconic
IntersectRect
UpdateWindow
AdjustWindowRect
GetSystemMetrics
FillRect
RedrawWindow
MessageBeep
EndDialog
GetForegroundWindow
SetActiveWindow
GetActiveWindow
GetSysColorBrush
GetWindowThreadProcessId
WindowFromPoint
GetShellWindow
IsRectEmpty
SetRectEmpty
GetAsyncKeyState
DestroyIcon
GetDialogBaseUnits
GetMenuItemCount
RemoveMenu
GetMenuItemID
DeleteMenu
GetDoubleClickTime
PostQuitMessage
IsWindowEnabled
TranslateMessage
MessageBoxA
MapDialogRect
GetSysColor
IsChild
DestroyAcceleratorTable
GetFocus
SetWindowContextHelpId
ChangeClipboardChain
SetClipboardViewer
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardViewer
ReleaseDC
GetWindowDC
GetCursor
EqualRect
UnionRect
DestroyCursor
SetCursor

gdi32

PtInRegion
GetDCOrgEx
GetSystemPaletteEntries
GetRegionData
GetRgnBox
PatBlt
GetObjectType
CreateRoundRectRgn
CreatePalette
CreateRectRgnIndirect
RealizePalette
SelectPalette
RoundRect
CreatePatternBrush
SetPixel
DPtoLP
DescribePixelFormat
GetPixelFormat
GetCurrentObject
SetStretchBltMode
CreateBitmap
SetWindowOrgEx
SetViewportOrgEx
GetPixel
SetBrushOrgEx
GetClipBox
CreateCompatibleBitmap
SelectClipRgn
CreateDIBSection
GetDIBits
LineTo
MoveToEx
SetTextColor
SetDIBColorTable
Polygon
Ellipse
GetDeviceCaps
StrokeAndFillPath
EndPath
BeginPath
OffsetRgn
SetRectRgn
CreateSolidBrush
CreatePen
Rectangle
RectInRegion
CombineRgn
GetStockObject
BitBlt
SetBkMode
SelectObject
SetBkColor
StretchBlt
CreateCompatibleDC
CreatePolygonRgn
CreateRectRgn
DeleteObject
DeleteDC

advapi32

GetSidIdentifierAuthority
RegFlushKey
ImpersonateLoggedOnUser
RevertToSelf
RegSetValueExA
AllocateAndInitializeSid
SetSecurityInfo
GetSecurityInfo
LookupAccountSidW
LookupAccountNameW
EqualSid
FreeSid
CreateProcessAsUserW
CloseServiceHandle
StartServiceW
DeleteAce
SetSecurityDescriptorDacl
RegCloseKey
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
RegisterEventSourceW
ReportEventW
DeregisterEventSource
InitializeSecurityDescriptor
GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW
GetAce

shell32

DragAcceptFiles
ord680
SHAppBarMessage
DragFinish
SHGetMalloc
ord155
SHGetSpecialFolderLocation

ole32

CLSIDFromString
CoTaskMemAlloc
CoCreateInstance
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
CoInitializeSecurity
CoTaskMemRealloc
OleLockRunning
CoGetClassObject
CoUninitialize
CoInitializeEx
CoCreateGuid
CLSIDFromProgID
OleUninitialize
CoTaskMemFree

oleaut32

SysAllocStringLen
VarUI4FromStr
OleCreatePropertyFrame
VariantInit
OleCreateFontIndirect
SysStringByteLen
SysStringLen
LoadTypeLi
VariantClear
SysAllocString
LoadRegTypeLi
VariantCopy
SafeArrayGetDim
SafeArrayGetElement
VariantChangeType
SysFreeString

shlwapi

PathCompactPathW

mpr

WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDevRegKey
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW

crypt32

CertGetNameStringA
CertGetNameStringW
CryptVerifyMessageSignature
CertFreeCertificateContext

imagehlp

ImageGetCertificateHeader
ImageGetCertificateData
ImageEnumerateCertificates

wininet

InternetGoOnlineA
InternetQueryOptionW
HttpSendRequestA
InternetQueryDataAvailable
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
HttpAddRequestHeadersA
HttpOpenRequestA
HttpQueryInfoW
InternetCloseHandle
HttpSendRequestW
InternetConnectW
HttpOpenRequestW
InternetReadFile
InternetErrorDlg
InternetSetOptionW
InternetOpenW
DetectAutoProxyUrl

sensapi

IsNetworkAlive

urlmon

URLDownloadToFileA

Sections

.text
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 189KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
#/SafeNet/TeamViewer_Desktop.exe
.exe windows:4 windows x86 arch:x86

c454f67a170a59da78b9495652a476de

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3d:27:af:be:a5:99:6f:13:e5:b5:62:44:21:f1:62:95
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/08/2011, 00:00

Not After

07/08/2014, 23:59

Subject

CN=TeamViewer,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer,L=Goeppingen,ST=Baden Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b2:4e:c3:0c:d6:fe:a0:86:f2:e1:d4:d6:90:ea:cc:2b:fb:73:fe:22
Signer

Actual PE Digest

b2:4e:c3:0c:d6:fe:a0:86:f2:e1:d4:d6:90:ea:cc:2b:fb:73:fe:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\TeamViewer_6.0_Release\TeamViewer\release\TeamViewer_Desktop.pdb

Imports

ws2_32

setsockopt
connect
accept
ioctlsocket
closesocket
WSASetLastError
WSASend
bind
getsockname
gethostbyname
inet_addr
WSAGetLastError
gethostname
inet_ntoa
WSASocketW
listen
WSARecv
WSAStartup
WSAAddressToStringA
getsockopt
ntohl
ntohs
getservbyname
htons
__WSAFDIsSet
select
htonl
shutdown
getservbyport
gethostbyaddr
WSACleanup

comctl32

InitCommonControlsEx

kernel32

LoadLibraryA
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
CompareStringA
InterlockedExchangeAdd
InterlockedExchange
GetCurrentThreadId
LeaveCriticalSection
GetLastError
CloseHandle
SetProcessShutdownParameters
GetProcessShutdownParameters
GetCurrentProcessId
HeapFree
GetProcessHeap
SetLastError
CreateEventA
InitializeCriticalSection
HeapAlloc
InterlockedDecrement
FlushInstructionCache
DeleteCriticalSection
GetCommandLineW
FileTimeToSystemTime
FindClose
FileTimeToLocalFileTime
InterlockedIncrement
GetTickCount
SetEvent
SetThreadAffinityMask
GetCurrentThread
QueryPerformanceCounter
QueryPerformanceFrequency
LocalFree
WaitForSingleObject
GetSystemDefaultLCID
GetUserDefaultLCID
GetLocaleInfoA
GetLocalTime
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
SetFilePointer
WriteFile
ReleaseMutex
GetFileSize
OpenProcess
ReleaseSemaphore
ReadFile
TerminateProcess
DuplicateHandle
CreateSemaphoreA
TlsSetValue
TlsGetValue
Sleep
ResetEvent
WaitForMultipleObjects
LockResource
DeviceIoControl
GetExitCodeThread
QueueUserAPC
CreateMutexA
GlobalFree
lstrcpyA
ResumeThread
CreateThread
LocalAlloc
GetVersionExA
GetACP
GetThreadLocale
InterlockedCompareExchange
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapDestroy
HeapReAlloc
HeapSize
FormatMessageA
SetEndOfFile
AreFileApisANSI
GetSystemInfo
OpenEventA
SystemTimeToFileTime
SetWaitableTimer
CreateWaitableTimerA
UnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
GetTimeFormatA
GetDateFormatA
RtlUnwind
GetStringTypeA
LCMapStringA
ExitProcess
ExitThread
GetStdHandle
HeapCreate
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
SetHandleCount
GetFileType
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
FlushFileBuffers
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
SetStdHandle
CreateFileA
SetEnvironmentVariableA
TlsFree
GetCurrentProcess
TlsAlloc
EnterCriticalSection
LoadResource
FreeLibrary
SizeofResource
RaiseException
SetUnhandledExceptionFilter

user32

ScreenToClient
MapWindowPoints
IsWindowVisible
PostQuitMessage
GetWindowDC
IsRectEmpty
InflateRect
IntersectRect
GetCursorPos
GetGUIThreadInfo
GetUserObjectInformationW
CloseDesktop
GetThreadDesktop
BlockInput
MsgWaitForMultipleObjectsEx
SendInput
OpenDesktopW
EnumDesktopWindows
UnionRect
WindowFromPoint
UnhookWindowsHookEx
CallNextHookEx
GetDesktopWindow
GetWindowRgn
EnumWindows
IsWindowEnabled
GetWindowRect
GetIconInfo
ToUnicode
GetKeyState
ActivateKeyboardLayout
GetKeyboardLayout
GetKeyboardState
SetThreadDesktop
OpenInputDesktop
ExitWindowsEx
UnregisterClassA
GetAsyncKeyState
ReleaseDC
CopyRect
GetDC
GetForegroundWindow
GetWindowThreadProcessId
DestroyWindow
MessageBoxA
FillRect
IsWindow
TranslateMessage
GetParent
GetDlgItem
GetClientRect
GetSystemMetrics
SetWindowPos
GetWindow
RedrawWindow
OffsetRect
EqualRect
GetCursorInfo

advapi32

StartServiceW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
GetSecurityInfo
SetSecurityInfo
AllocateAndInitializeSid
RegSetValueExA
EqualSid
LookupAccountNameW
LookupAccountSidW
ImpersonateLoggedOnUser
RegFlushKey
GetSidIdentifierAuthority
RegCloseKey
CloseServiceHandle
RevertToSelf

ole32

CoTaskMemFree
CoInitializeEx
CoUninitialize
CoInitializeSecurity
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

oleaut32

VarUI4FromStr
VariantChangeType
VariantCopy
VariantClear
VariantInit
SafeArrayGetDim
SafeArrayGetElement
SysAllocString
SysFreeString

crypt32

CertGetNameStringA
CertGetNameStringW
CryptVerifyMessageSignature
CertFreeCertificateContext

imagehlp

ImageGetCertificateData
ImageGetCertificateHeader
ImageEnumerateCertificates

wininet

DetectAutoProxyUrl
InternetQueryOptionW

urlmon

URLDownloadToFileA

gdi32

SetBkMode
GetDIBits
PtInRegion
OffsetRgn
BitBlt
SetRectRgn
GetRgnBox
StretchBlt
CreateRectRgnIndirect
DeleteDC
SetPixel
CreateSolidBrush
SelectObject
CreateCompatibleDC
CombineRgn
GetStockObject
GetDeviceCaps
CreateCompatibleBitmap
DeleteObject
CreateRectRgn
GetRegionData
SelectClipRgn
GetDCOrgEx
CreateDIBSection
GetSystemPaletteEntries
RectInRegion

shell32

SHGetMalloc
SHGetSpecialFolderLocation

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 425KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
#/SafeNet/TeamViewer_Resource_en.dll
.dll windows:4 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3d:27:af:be:a5:99:6f:13:e5:b5:62:44:21:f1:62:95
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/08/2011, 00:00

Not After

07/08/2014, 23:59

Subject

CN=TeamViewer,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer,L=Goeppingen,ST=Baden Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

92:48:32:5c:a7:ed:6c:7d:d0:7e:79:7c:78:92:36:53:9c:05:2a:ce
Signer

Actual PE Digest

92:48:32:5c:a7:ed:6c:7d:d0:7e:79:7c:78:92:36:53:9c:05:2a:ce

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
#/SafeNet/tv_w32.dll
.dll windows:4 windows x86 arch:x86

798ed578c45b3498ce7896558c5e55e0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3d:27:af:be:a5:99:6f:13:e5:b5:62:44:21:f1:62:95
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/08/2011, 00:00

Not After

07/08/2014, 23:59

Subject

CN=TeamViewer,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer,L=Goeppingen,ST=Baden Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

eb:e1:4f:ff:3e:12:7a:fe:d7:9a:fb:1d:bb:6f:94:58:3a:dc:0d:79
Signer

Actual PE Digest

eb:e1:4f:ff:3e:12:7a:fe:d7:9a:fb:1d:bb:6f:94:58:3a:dc:0d:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\TeamViewer_6.0_Release\TeamViewer\TVHooks64\release\tv_w32dll.pdb

Imports

crtdll

_snprintf
_strlwr
strncpy
strrchr
memset
memcpy
memmove
_vsnprintf
wcsstr
_wcslwr
_global_unwind2
_local_unwind2
_initterm
malloc
strncmp
strncat

comctl32

InitCommonControlsEx

kernel32

CreateEventW
GetVersionExW
UnmapViewOfFile
InterlockedDecrement
InterlockedIncrement
ReleaseMutex
SetEvent
WaitForSingleObject
GetTickCount
GetLastError
IsBadWritePtr
IsBadReadPtr
MapViewOfFile
CreateFileMappingW
FreeLibraryAndExitThread
Sleep
LoadLibraryW
GetModuleFileNameW
LocalAlloc
ResumeThread
CreateThread
SetLastError
GlobalFree
GlobalAlloc
GetVersion
GetCurrentThreadId
GetLocalTime
CreateMutexW
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
InitializeCriticalSection
DisableThreadLibraryCalls
CloseHandle
OpenMutexW
LeaveCriticalSection
GetModuleFileNameA
EnterCriticalSection
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
FreeLibrary
LocalFree
GetCurrentProcessId

user32

GetSysColor
LoadBitmapW
GetWindow
SystemParametersInfoW
GetClientRect
CreateWindowExW
IsZoomed
GetWindowInfo
GetClassNameA
IsRectEmpty
DefWindowProcW
RedrawWindow
CallWindowProcW
MoveWindow
DestroyWindow
IsIconic
PostMessageW
TrackMouseEvent
InvalidateRect
EndPaint
BeginPaint
GetActiveWindow
SetWindowLongW
GetWindowLongW
FindWindowExW
FindWindowW
MapWindowPoints
GetDesktopWindow
ClientToScreen
GetDC
GetUpdateRect
ShowWindow
GetClassInfoExW
UnregisterClassW
LoadCursorW
RegisterClassExW
SendMessageW
SendMessageTimeoutW
CallNextHookEx
GetWindowDC
GetWindowRect
ReleaseDC
UnhookWindowsHookEx
SendNotifyMessageW
IsWindow
SetWindowsHookExW
SetWindowPos
RegisterWindowMessageW
GetSystemMetrics
IsWindowVisible

gdi32

RectVisible
BitBlt
GetPixel
SetPixel
CreateCompatibleDC
GetObjectW
CreateCompatibleBitmap
CreateSolidBrush
MoveToEx
LineTo
ExtCreatePen
Polyline
DeleteDC
CreatePen
SelectObject
GetStockObject
Rectangle
DeleteObject

Exports

Exports

GetLoaderInterface
GetTeamViewerInterface

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
#/SafeNet/tv_w32.exe
.exe windows:4 windows x86 arch:x86

68da36c705041bcb516a1b6caabad0aa

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3d:27:af:be:a5:99:6f:13:e5:b5:62:44:21:f1:62:95
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/08/2011, 00:00

Not After

07/08/2014, 23:59

Subject

CN=TeamViewer,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer,L=Goeppingen,ST=Baden Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:97:9b:69:65:2f:3b:75:1b:aa:ae:bb:c0:b3:20:24:06:af:19:6a
Signer

Actual PE Digest

3d:97:9b:69:65:2f:3b:75:1b:aa:ae:bb:c0:b3:20:24:06:af:19:6a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\TeamViewer_6.0_Release\TeamViewer\TVHooks64\release\tv_w32exe.pdb

Imports

kernel32

GetLastError
SetEvent
GetVersionExW
CreateEventW
CloseHandle
GetProcAddress
LoadLibraryA
GetModuleFileNameA
FreeLibrary
GetSystemDirectoryW
LoadLibraryW
GetTickCount
OpenMutexA
GetCurrentProcessId
CreateMutexW
SetFilePointer
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
WriteFile
CreateFileW
GetLocalTime
GetCurrentThreadId
ReleaseMutex
GetCurrentProcess
GetCommandLineW
FlushFileBuffers
CreateFileA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WideCharToMultiByte
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
RaiseException
RtlUnwind
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
LCMapStringA
LCMapStringW
Sleep
HeapSize
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
VirtualQuery

user32

PeekMessageW
MsgWaitForMultipleObjectsEx
DispatchMessageW
TranslateMessage

shell32

ShellExecuteExW

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
#/SafeNet/tv_x64.dll
.dll windows:4 windows x64 arch:x64

09c5b20b66e0f7caa44c28dfae2d9a8d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3d:27:af:be:a5:99:6f:13:e5:b5:62:44:21:f1:62:95
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/08/2011, 00:00

Not After

07/08/2014, 23:59

Subject

CN=TeamViewer,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer,L=Goeppingen,ST=Baden Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

92:45:ea:ad:3d:0f:5d:4e:5b:5f:c1:5a:d9:eb:aa:0c:b2:88:68:c9
Signer

Actual PE Digest

92:45:ea:ad:3d:0f:5d:4e:5b:5f:c1:5a:d9:eb:aa:0c:b2:88:68:c9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\TeamViewer_6.0_Release\TeamViewer\TVHooks64\release\tv_x64dll.pdb

Imports

msvcrt

malloc
free
_initterm
_wcslwr
wcsstr
strncmp
memmove
memcpy
__C_specific_handler
memset
strrchr
strncpy
_strlwr
_snprintf
_vsnprintf
strncat

comctl32

InitCommonControlsEx

kernel32

SetLastError
CreateThread
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
CloseHandle
OpenMutexW
LeaveCriticalSection
GetModuleFileNameA
EnterCriticalSection
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
FreeLibrary
LocalFree
CreateMutexW
CreateEventW
GetVersionExW
UnmapViewOfFile
ReleaseMutex
SetEvent
WaitForSingleObject
GetTickCount
GetLastError
IsBadWritePtr
IsBadReadPtr
MapViewOfFile
CreateFileMappingW
FreeLibraryAndExitThread
Sleep
LoadLibraryW
GetModuleFileNameW
LocalAlloc
ResumeThread

user32

GetUpdateRect
RegisterWindowMessageW
SetWindowPos
IsWindowVisible
SetWindowsHookExW
IsWindow
SendNotifyMessageW
UnhookWindowsHookEx
ReleaseDC
GetWindowRect
GetWindowDC
CallNextHookEx
SendMessageTimeoutW
SendMessageW
RegisterClassExW
LoadCursorW
UnregisterClassW
GetClassInfoExW
ShowWindow
GetWindow
GetSysColor
LoadBitmapW
GetSystemMetrics
SystemParametersInfoW
GetClientRect
CreateWindowExW
IsZoomed
GetWindowInfo
GetClassNameA
IsRectEmpty
DefWindowProcW
CallWindowProcW
RedrawWindow
MoveWindow
DestroyWindow
IsIconic
PostMessageW
TrackMouseEvent
InvalidateRect
GetActiveWindow
SetWindowLongPtrW
EndPaint
BeginPaint
GetWindowLongPtrW
FindWindowExW
FindWindowW
MapWindowPoints
GetDesktopWindow
ClientToScreen
GetDC

gdi32

BitBlt
GetPixel
SetPixel
CreateCompatibleDC
GetObjectW
CreateCompatibleBitmap
CreateSolidBrush
MoveToEx
RectVisible
ExtCreatePen
Polyline
DeleteDC
CreatePen
SelectObject
GetStockObject
Rectangle
DeleteObject
LineTo

Exports

Exports

GetLoaderInterface

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.shared
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 218B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
#/SafeNet/tv_x64.exe
.exe windows:4 windows x64 arch:x64

fe0ec5a2a04130d9900b2dd133a00d2b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3d:27:af:be:a5:99:6f:13:e5:b5:62:44:21:f1:62:95
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/08/2011, 00:00

Not After

07/08/2014, 23:59

Subject

CN=TeamViewer,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer,L=Goeppingen,ST=Baden Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:de:dd:6b:15:88:d2:55:8e:a7:ea:5b:76:f8:e9:71:31:c4:04:93
Signer

Actual PE Digest

03:de:dd:6b:15:88:d2:55:8e:a7:ea:5b:76:f8:e9:71:31:c4:04:93

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\TeamViewer_6.0_Release\TeamViewer\TVHooks64\release\tv_x64exe.pdb

Imports

kernel32

CreateEventW
CloseHandle
GetLastError
SetEvent
GetVersionExW
GetProcAddress
LoadLibraryA
GetModuleFileNameA
FreeLibrary
GetSystemDirectoryW
LoadLibraryW
OpenMutexA
GetTickCount
CreateMutexW
SetFilePointer
WaitForSingleObject
WriteFile
CreateFileW
GetLocalTime
GetCurrentThreadId
ReleaseMutex
GetCurrentProcessId
GetCurrentProcess
GetCommandLineW
FlushFileBuffers
CreateFileA
WriteConsoleW
WideCharToMultiByte
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
FlsGetValue
FlsSetValue
TlsFree
FlsFree
SetLastError
FlsAlloc
MultiByteToWideChar
LCMapStringA
LCMapStringW
Sleep
HeapSize
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapReAlloc
InitializeCriticalSection
SetStdHandle
WriteConsoleA
GetConsoleOutputCP

user32

MsgWaitForMultipleObjectsEx
DispatchMessageW
TranslateMessage
PeekMessageW

shell32

ShellExecuteExW

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57e98d9a5a72c8d7ad8fb7a6a58b3daf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 106KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 3KB - Virtual size: 2KB

dc0b534b8b146e28a0bd67b230063e62

Headers

DLL Characteristics

File Characteristics

Imports

modemui

uxtheme

kernel32

wtsapi32

user32

crypt32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 4KB

.rsrc Size: 148KB - Virtual size: 144KB

.reloc Size: 4KB - Virtual size: 1KB

5b3af636b2fbc7a86216b55927500f53

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

3d:27:af:be:a5:99:6f:13:e5:b5:62:44:21:f1:62:95Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

a5:f8:a3:e5:d9:98:23:9b:c7:af:bc:3e:d4:53:4d:dd:bb:b8:1a:3cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

iphlpapi

comctl32

avicap32

msvfw32

winmm

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

mpr

setupapi

crypt32

imagehlp

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 106KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 3KB - Virtual size: 2KB

.text
Size: 8KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 148KB - Virtual size: 144KB

.reloc
Size: 4KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

3d:27:af:be:a5:99:6f:13:e5:b5:62:44:21:f1:62:95
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

a5:f8:a3:e5:d9:98:23:9b:c7:af:bc:3e:d4:53:4d:dd:bb:b8:1a:3c
Signer

.text
Size: 6.0MB - Virtual size: 6.0MB

.orpc
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 189KB - Virtual size: 1.5MB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 24KB - Virtual size: 24KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

3d:27:af:be:a5:99:6f:13:e5:b5:62:44:21:f1:62:95
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

b2:4e:c3:0c:d6:fe:a0:86:f2:e1:d4:d6:90:ea:cc:2b:fb:73:fe:22
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.orpc
Size: 2KB - Virtual size: 1KB

.rdata
Size: 425KB - Virtual size: 424KB

.data
Size: 46KB - Virtual size: 253KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 24KB - Virtual size: 24KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

3d:27:af:be:a5:99:6f:13:e5:b5:62:44:21:f1:62:95
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

92:48:32:5c:a7:ed:6c:7d:d0:7e:79:7c:78:92:36:53:9c:05:2a:ce
Signer

.rsrc
Size: 1.3MB - Virtual size: 1.3MB