ceeea8e8eb9041416fa3d4ca2451c920_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ceeea8e8eb9041416fa3d4ca2451c920_NeikiAnalytics.exe
Size

3.8MB
MD5

ceeea8e8eb9041416fa3d4ca2451c920
SHA1

2ecd9209844d7b2ad8b7d58546d48a53c3348abd
SHA256

24488bf057d15f7fbd50822b3871918a28776f1ec30785616eb9ad3a82df617f
SHA512

e73eb53e3ad62bf9f7ddb3a9c14611ac9dfda50b47cc936e85e5aaeb30bef804d77810ba5246825e8a77340a72aad2d17cf7a7993e2fe641ae65dd564eb4604a
SSDEEP

49152:tOuIQVpxvvP9uAWAuPHTV/1eowos3ggarCkFsIo+8NRq/QDexTg4DvcpRIoxhyOI:tnx/EdAmh0fovg8CMo5q/+exMWcbkOdG

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$PLUGINSDIR/ReadCustomerData.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/TvGetVersion.dll
unpack001/$PLUGINSDIR/nsis7z.dll

Files

ceeea8e8eb9041416fa3d4ca2451c920_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3d:27:af:be:a5:99:6f:13:e5:b5:62:44:21:f1:62:95
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/08/2011, 00:00

Not After

07/08/2014, 23:59

Subject

CN=TeamViewer,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer,L=Goeppingen,ST=Baden Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

81:1c:48:3b:15:ec:81:4e:13:29:d3:af:24:eb:9a:32:46:ff:37:1c
Signer

Actual PE Digest

81:1c:48:3b:15:ec:81:4e:13:29:d3:af:24:eb:9a:32:46:ff:37:1c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 708KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:5 windows x86 arch:x86

cd90e33ffbc335413a25300c682c83df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiW
GetModuleHandleW
GlobalLock
GlobalUnlock
GetCurrentDirectoryW
SetCurrentDirectoryW
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrcatW
WritePrivateProfileStringW
lstrcpynW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc

user32

OpenClipboard
DestroyIcon
LoadCursorW
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
SetWindowLongW
GetClientRect
SetWindowRgn
LoadIconW
LoadImageW
CreateWindowExW
MapDialogRect
GetClipboardData
GetWindowRect
CreateDialogParamW
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
SetCursor
DrawTextW
GetWindowLongW
DrawFocusRect
CallWindowProcW
PostMessageW
wsprintfW
CharNextW
MessageBoxW
CloseClipboard
GetDlgCtrlID
MapWindowPoints
SetWindowPos
PtInRect
GetWindowTextW
SetWindowTextW
SendMessageW
DestroyWindow

gdi32

SelectObject
CreateRectRgn
GetObjectW
CombineRgn
DeleteObject
CreateCompatibleDC
GetDIBits
SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetDesktopFolder

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:5 windows x86 arch:x86

6b9d096578bad49648d82fb5a245a197

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
lstrlenA
lstrcpynA
lstrcatA
GlobalAlloc
GlobalFree
MulDiv
GetTickCount
lstrcpyA
Sleep
WriteFile
CreateFileA
lstrcpyW
lstrcpynW
WideCharToMultiByte
MultiByteToWideChar
CreateThread
WaitForSingleObject
DeleteFileA
CloseHandle
IsProcessorFeaturePresent

user32

GetWindowLongW
CreateWindowExW
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
SendMessageW
GetDlgItem
FindWindowExW
SetWindowTextA
SetDlgItemTextA
CharPrevA
SetWindowLongW
RegisterWindowMessageW
EnableWindow
DestroyWindow
CallWindowProcW
wsprintfA
GetFocus

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

ws2_32

inet_addr
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
closesocket
shutdown
ioctlsocket
htons
socket
WSACleanup
WSAStartup
gethostbyname

Exports

Exports

download
download_quiet

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 890B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ReadCustomerData.dll
.dll windows:4 windows x86 arch:x86

45f703a3822763792c446416f1e214eb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
MultiByteToWideChar
GetLastError
ReadFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
CloseHandle
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
RtlUnwind
RaiseException
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetStdHandle
FlushFileBuffers
VirtualAlloc
HeapReAlloc
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileW
InitializeCriticalSection
HeapSize
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CreateFileA
SetEndOfFile
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GlobalFree
lstrcpyW

Exports

Exports

ReadCustomerData

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/TvGetVersion.dll
.dll windows:4 windows x86 arch:x86

900a86e785ca72a5b07f29f42e07df34

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

StrRChrW
StrChrW

kernel32

WaitForSingleObject
GetWindowsDirectoryW
GetTempPathW
LocalFree
FreeLibrary
LoadLibraryW
InterlockedDecrement
WideCharToMultiByte
RtlUnwind
MultiByteToWideChar
CreateDirectoryW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileW
MoveFileW
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
InterlockedIncrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetFullPathNameW
GetCurrentDirectoryA
ExitProcess
SetHandleCount
lstrcpynW
GetFileType
GetStartupInfoA
DeleteCriticalSection
DeleteFileW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
HeapSize
lstrcpyW
VirtualAlloc
HeapReAlloc
WriteFile
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
InitializeCriticalSection
SetFilePointer
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetTimeZoneInformation
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetDriveTypeA
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
lstrlenA
lstrcpynA
lstrcmpiA
lstrcpyA
lstrlenW
GetVersionExW
GetModuleFileNameA
Sleep
lstrcatW
GetDriveTypeW
CreateFileW
GetFileSize
GlobalAlloc
ReadFile
CloseHandle
GlobalFree
GetLastError
GetCurrentProcessId
GetModuleHandleW
GetProcAddress
lstrcmpiW
GetStdHandle

user32

SendMessageW
PostMessageW
GetSystemMetrics
wsprintfW

gdi32

AddFontResourceExW
RemoveFontResourceExW

winspool.drv

EnumPrinterDriversW
EnumPrintProcessorsW

advapi32

RegQueryValueExA
RegDeleteValueW
RegFlushKey
GetUserNameW
LookupAccountNameW
ConvertSidToStringSidW
DeleteService
ControlService
StartServiceW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
RegOpenKeyExA
RegEnumKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegEnumValueW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW

shell32

SHFileOperationW
ShellExecuteExW
ShellExecuteW

ole32

CoUninitialize
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleRun
CoInitialize

oleaut32

SysFreeString
GetErrorInfo
SysAllocString

Exports

Exports

ActivateRootAutoUpdate
AddAuthorizedApplication
CheckChecksumCustomIniFile
CopyRegKeyWithRollback
CopyRegValueWithRollback
CreateDirWithRollback
DeleteRegKeyWithRollback
DeleteRegValueWithRollback
GetCurrentSessionId
GetServiceStatus
GetUserSID
IsNetPath
IsPrintProcessorInstalled
IsPrinterDriverInstalled
IsServiceInstalled
IsTvPasswordSet
LoadFile
RegCopyKey
RegCopyValue
RemoveAuthorizedApplication
RemoveService
RemoveServiceWait
RollbackFileChanges
RollbackRegChanges
RunService
RunServiceWait
StopService
StopServiceWait
TvAddFontResource
TvIsHomeServer
TvIsServer
TvRemoveFontResource
WindowsName
WindowsPlatformArchitecture
WindowsPlatformId
WindowsServerName
WindowsVersion
WindowsVersionMajor
WindowsVersionMinor
WriteRegValueWithRollback

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsis7z.dll
.dll windows:4 windows x86 arch:x86

9c8bb65ecbb91da1f2ebb6ae7a714ed0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
SetFileAttributesW
RemoveDirectoryW
MoveFileW
CreateDirectoryW
GetLastError
DeleteFileW
GetFullPathNameW
GetCurrentThreadId
GetCurrentProcessId
SetLastError
CreateFileW
SetFileTime
FindClose
FindFirstFileW
GetFileSize
SetFilePointer
ReadFile
WriteFile
SetEndOfFile
GetCurrentProcess
GetSystemInfo
GetProcAddress
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
DeleteCriticalSection
AreFileApisANSI
VirtualFree
VirtualAlloc
GetVersionExW
WaitForSingleObject
SetEvent
InitializeCriticalSection
ResetEvent
CreateEventW
SetFileApisToOEM
SetFileApisToANSI
GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc
RaiseException
VirtualQuery
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
WideCharToMultiByte
MultiByteToWideChar
GetTickCount
HeapFree
HeapAlloc
HeapReAlloc
ExitThread
CreateThread
GetCommandLineA
GetVersionExA
GetProcessHeap
HeapDestroy
HeapCreate
GetModuleHandleA
ExitProcess
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
SetHandleCount
GetFileType
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
HeapSize
RtlUnwind
GetConsoleCP
GetConsoleMode
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetStdHandle
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoA

user32

CharUpperW
GetDlgItem
FindWindowExW
SetWindowTextW
wsprintfW
SendMessageW

oleaut32

VariantCopy
VariantClear
SysAllocString

Exports

Exports

Extract
ExtractWithCallback
ExtractWithDetails

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/wincheck.ini
$_3_/tvqjfiles.7z
.7z
TeamViewer.exe
.exe windows:5 windows x86 arch:x86

a60aad85fcc566e5189544c7659af6e8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3d:27:af:be:a5:99:6f:13:e5:b5:62:44:21:f1:62:95
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/08/2011, 00:00

Not After

07/08/2014, 23:59

Subject

CN=TeamViewer,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer,L=Goeppingen,ST=Baden Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e6:44:4a:24:9b:70:30:a7:7c:2e:18:42:08:d7:9b:d7:2d:f4:48:07
Signer

Actual PE Digest

e6:44:4a:24:9b:70:30:a7:7c:2e:18:42:08:d7:9b:d7:2d:f4:48:07

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\TeamViewer_8.0_Release\BuildTarget\QJ_Release2008\TeamViewer.pdb

Imports

kernel32

GetSystemTimeAsFileTime
CloseHandle
HeapFree
GetProcessHeap
HeapAlloc
CreateEventA
WaitForSingleObject
SetEvent
EnterCriticalSection
LeaveCriticalSection
SleepEx
InterlockedIncrement
ReleaseSemaphore
TlsGetValue
TlsFree
SetWaitableTimer
PostQueuedCompletionStatus
InterlockedExchange
InterlockedExchangeAdd
GetLastError
TlsAlloc
CreateEventW
CreateSemaphoreA
DuplicateHandle
GetCurrentProcess
CreateWaitableTimerW
GetCurrentThreadId
Sleep
GetTickCount
RaiseException
FlushInstructionCache
SetLastError
lstrlenW
InitializeCriticalSection
DeleteCriticalSection
GlobalFree
GlobalUnlock
WriteFile
CreateFileW
GlobalLock
GlobalAlloc
GetProcAddress
WideCharToMultiByte
FreeLibrary
LoadLibraryW
GetPrivateProfileStringW
ReadFile
GetFileSize
WritePrivateProfileStringW
GetVersionExW
InterlockedDecrement
FindResourceW
MulDiv
lstrcmpW
GetModuleFileNameW
GlobalHandle
LockResource
LoadResource
MultiByteToWideChar
lstrlenA
SetProcessShutdownParameters
SetErrorMode
CreateDirectoryW
WaitForMultipleObjects
SetThreadPriority
GetExitCodeThread
ResumeThread
CreateThread
SizeofResource
FindResourceExW
LoadLibraryExW
GetModuleHandleW
GetSystemDirectoryW
ReleaseMutex
CreateMutexW
lstrcmpiW
GetCommandLineW
CopyFileW
GetCurrentProcessId
DeleteFileW
GetTimeFormatW
GetLocalTime
GetLocaleInfoW
VirtualFree
VirtualAlloc
ResetEvent
GetCurrentThread
FindNextFileW
FindClose
GetFullPathNameW
FindFirstFileW
GetDriveTypeW
GetVolumeInformationW
CompareStringW
CompareFileTime
SetPriorityClass
GetPriorityClass
ExpandEnvironmentStringsA
LoadLibraryA
GetSystemDirectoryA
FormatMessageA
QueryPerformanceCounter
QueryPerformanceFrequency
GetThreadTimes
CreateSemaphoreW
SetEnvironmentVariableA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
LocalAlloc
LocalFree
FileTimeToSystemTime
FileTimeToLocalFileTime
SetUnhandledExceptionFilter
SetFilePointer
MoveFileW
GetTimeZoneInformation
SetThreadAffinityMask
ExpandEnvironmentStringsW
GetSystemInfo
InitializeCriticalSectionAndSpinCount
TlsSetValue
OpenEventA
CreateIoCompletionPort
QueueUserAPC
TerminateThread
GetQueuedCompletionStatus
InterlockedCompareExchange
OpenProcess
GetModuleHandleA
GetWindowsDirectoryW
WaitNamedPipeW
TerminateProcess
ProcessIdToSessionId
CreateProcessW
GetPrivateProfileIntW
GetFileAttributesW
GetTempPathW
MoveFileExW
FormatMessageW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetDateFormatW
DeviceIoControl
GetLogicalDriveStringsW
WaitForSingleObjectEx
LocalFileTimeToFileTime
GetCurrentDirectoryW
SetFileTime
GetFileInformationByHandle
UnmapViewOfFile
GetSystemTime
GlobalSize
GetFileAttributesExW
CancelIo
GetOverlappedResult
ReadFileEx
WaitForMultipleObjectsEx
SetEndOfFile
SetFileAttributesW
GetComputerNameW
IsProcessorFeaturePresent
HeapDestroy
HeapReAlloc
HeapSize
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeExA
LCMapStringA
LCMapStringW
RemoveDirectoryW
GetFileTime
AreFileApisANSI
CreateFileA
MapViewOfFileEx
CreateFileMappingA
CreateWaitableTimerA
RtlUnwind
UnhandledExceptionFilter
IsDebuggerPresent
ExitThread
GetCPInfo
ExitProcess
GetCommandLineA
GetStartupInfoA
GetDriveTypeA
FindFirstFileA
GetTimeFormatA
GetDateFormatA
GetStringTypeW
CompareStringA
GetStdHandle
GetModuleFileNameA
HeapCreate
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeA
SetHandleCount
GetFileType
GetConsoleCP
GetConsoleMode
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFullPathNameA
PeekNamedPipe
GetCurrentDirectoryA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
lstrcpyW

msi

ord70
ord141
ord16
ord45

Sections

.text
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 365KB - Virtual size: 484KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 707KB - Virtual size: 707KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TeamViewer_Desktop.exe
.exe windows:5 windows x86 arch:x86

aae008fedf9d6bda78c9594d154f6362

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3d:27:af:be:a5:99:6f:13:e5:b5:62:44:21:f1:62:95
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/08/2011, 00:00

Not After

07/08/2014, 23:59

Subject

CN=TeamViewer,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer,L=Goeppingen,ST=Baden Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ba:24:5f:10:ea:2a:05:c6:bf:67:77:2d:e0:65:8f:74:62:14:88:07
Signer

Actual PE Digest

ba:24:5f:10:ea:2a:05:c6:bf:67:77:2d:e0:65:8f:74:62:14:88:07

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\TeamViewer_8.0_Release\BuildTarget\QJ_Release2008\TeamViewer_Desktop.pdb

Imports

kernel32

CloseHandle
GetTickCount
CreateEventA
WaitForSingleObject
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseSemaphore
CreateSemaphoreA
DuplicateHandle
GetCurrentProcess
GetProcAddress
LoadLibraryExW
LoadLibraryW
GetModuleHandleW
GetVersionExW
GetSystemDirectoryW
InterlockedExchange
RaiseException
FlushInstructionCache
GetCurrentThreadId
lstrlenW
GetLastError
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
SetLastError
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
GetModuleFileNameW
SetProcessShutdownParameters
GetProcessShutdownParameters
GetCurrentProcessId
GetCommandLineW
Sleep
GetSystemTimeAsFileTime
HeapFree
GetProcessHeap
HeapAlloc
SleepEx
TlsGetValue
TlsFree
GetExitCodeThread
SetWaitableTimer
PostQueuedCompletionStatus
InterlockedExchangeAdd
TlsAlloc
CreateEventW
CreateWaitableTimerW
DeviceIoControl
CreateFileW
QueueUserAPC
LockResource
FindResourceExW
GetCurrentThread
LocalAlloc
LocalFree
LoadLibraryA
FileTimeToSystemTime
FileTimeToLocalFileTime
SetUnhandledExceptionFilter
DeleteFileW
FindClose
FindNextFileW
FindFirstFileW
QueryPerformanceFrequency
QueryPerformanceCounter
SetThreadAffinityMask
WideCharToMultiByte
GetLocalTime
GetSystemInfo
GetFileSize
WriteFile
SetFilePointer
ReleaseMutex
CreateMutexW
CreateDirectoryW
GetModuleHandleA
GetTimeZoneInformation
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
InitializeCriticalSectionAndSpinCount
TlsSetValue
OpenEventA
ResetEvent
CreateIoCompletionPort
TerminateThread
WaitForMultipleObjects
GetQueuedCompletionStatus
InterlockedCompareExchange
OpenProcess
TerminateProcess
ProcessIdToSessionId
ReadFile
GetFileAttributesW
FormatMessageW
GetLocaleInfoW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
SystemTimeToFileTime
GlobalUnlock
GlobalLock
SetFileAttributesW
ResumeThread
CreateThread
GetSystemTime
CancelIo
GetOverlappedResult
ReadFileEx
WaitForMultipleObjectsEx
SetEndOfFile
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapDestroy
HeapReAlloc
HeapSize
GetLocaleInfoA
FormatMessageA
GetUserDefaultLCID
LCMapStringA
LCMapStringW
CreateWaitableTimerA
UnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
ExitProcess
ExitThread
GetCommandLineA
GetStartupInfoA
GetCPInfo
GetTimeFormatA
GetDateFormatA
GetStringTypeW
CompareStringA
CompareStringW
GetStdHandle
GetModuleFileNameA
HeapCreate
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStringTypeA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
SetEnvironmentVariableA
GetFileInformationByHandle
AreFileApisANSI
CreateSemaphoreW
GetThreadTimes
lstrcpyW
GetDriveTypeA
FindFirstFileA
GetFullPathNameA
PeekNamedPipe
GetCurrentDirectoryA

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 772KB - Virtual size: 772KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 126KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 308KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TeamViewer_Resource_de.dll
.dll windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3d:27:af:be:a5:99:6f:13:e5:b5:62:44:21:f1:62:95
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/08/2011, 00:00

Not After

07/08/2014, 23:59

Subject

CN=TeamViewer,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer,L=Goeppingen,ST=Baden Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ea:08:df:c3:a2:bf:e6:01:84:69:2c:38:1d:d2:5a:70:0b:27:90:0c
Signer

Actual PE Digest

ea:08:df:c3:a2:bf:e6:01:84:69:2c:38:1d:d2:5a:70:0b:27:90:0c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 293KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TeamViewer_StaticRes.dll
.dll windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3d:27:af:be:a5:99:6f:13:e5:b5:62:44:21:f1:62:95
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/08/2011, 00:00

Not After

07/08/2014, 23:59

Subject

CN=TeamViewer,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer,L=Goeppingen,ST=Baden Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:6a:31:6b:77:2c:41:60:e0:80:37:50:31:86:70:ff:a3:54:a0:f4
Signer

Actual PE Digest

11:6a:31:6b:77:2c:41:60:e0:80:37:50:31:86:70:ff:a3:54:a0:f4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tv_w32.dll
.dll windows:5 windows x86 arch:x86

f027d9689591ab736abce43f1c3131bb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3d:27:af:be:a5:99:6f:13:e5:b5:62:44:21:f1:62:95
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/08/2011, 00:00

Not After

07/08/2014, 23:59

Subject

CN=TeamViewer,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer,L=Goeppingen,ST=Baden Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:b6:3d:bb:67:d1:11:b9:11:2a:04:91:7e:ce:22:9c:e3:63:a5:02
Signer

Actual PE Digest

10:b6:3d:bb:67:d1:11:b9:11:2a:04:91:7e:ce:22:9c:e3:63:a5:02

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\TeamViewer_8.0_Release\BuildTarget\Release2008\tv_w32dll.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

crtdll

__dllonexit
memcpy
memset
strncmp
strncat
strncpy
_vsnprintf
_snprintf
_strlwr
strrchr
wcsncpy
memmove
wcsstr
_wcslwr
_global_unwind2
_local_unwind2
_initterm
malloc

comctl32

InitCommonControlsEx

kernel32

GetProcessHeap
GetModuleHandleW
FileTimeToSystemTime
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetVersionExW
GlobalUnlock
GetFileAttributesExW
GlobalLock
DeleteCriticalSection
LoadLibraryA
FreeLibrary
GetSystemDirectoryA
HeapAlloc
GetLocalTime
InterlockedCompareExchange
InterlockedExchange
DisableThreadLibraryCalls
OpenMutexW
GetExitCodeProcess
GetModuleFileNameA
Thread32Next
SuspendThread
OpenThread
Thread32First
ResumeThread
FreeLibraryAndExitThread
Sleep
LoadLibraryW
GetModuleFileNameW
CreateThread
LocalFree
CreateMutexW
CreateEventW
UnmapViewOfFile
ReleaseMutex
WaitForSingleObject
InterlockedDecrement
InterlockedIncrement
SetEvent
GetTickCount
IsBadWritePtr
IsBadReadPtr
OpenFileMappingW
VirtualQuery
MapViewOfFile
HeapFree
GetCurrentProcess
LocalAlloc
SetLastError
GlobalFree
GlobalAlloc
GetVersion
GetModuleHandleA
OpenProcess
CreateRemoteThread
CreateToolhelp32Snapshot
Module32First
Module32Next
CloseHandle
GetCurrentProcessId
GetLastError
VirtualProtect
VirtualAlloc
VirtualFree
QueryPerformanceCounter
QueryPerformanceFrequency
GetProcAddress
GetCurrentThreadId
CreateFileMappingW

user32

IsWindow
ReleaseDC
GetWindowRect
GetWindowDC
GetClassNameA
ShowWindow
GetWindow
GetWindowLongW
GetSysColor
LoadBitmapW
SystemParametersInfoW
SendMessageW
GetClientRect
GetSystemMetrics
IsZoomed
GetWindowInfo
IsRectEmpty
RedrawWindow
MoveWindow
CallWindowProcW
IsIconic
PostMessageW
TrackMouseEvent
InvalidateRect
EndPaint
IsWindowVisible
GetActiveWindow
SetWindowLongW
FindWindowExW
FindWindowW
MapWindowPoints
ClientToScreen
GetDC
GetUpdateRect
GetClassInfoExW
LoadCursorW
RegisterClassExW
CallNextHookEx
DefWindowProcW
KillTimer
SetTimer
RegisterClipboardFormatW
UnregisterClassW
SendMessageTimeoutW
UnhookWindowsHookEx
SendNotifyMessageW
SetWindowsHookExW
RegisterWindowMessageW
CreateWindowExW
DestroyWindow
GetDesktopWindow
BeginPaint
SetWindowPos

gdi32

RectVisible
DeleteDC
GetPixel
GdiFlush
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
Rectangle
GetStockObject
CreatePen
Polyline
ExtCreatePen
LineTo
MoveToEx
CreateSolidBrush
CreateCompatibleBitmap
GetObjectW
SetPixel
DeleteObject

shell32

DragQueryFileW

ole32

CoInitialize
CoCreateInstance
ReleaseStgMedium
CoUninitialize

Exports

Exports

GetLoaderInterface
GetTeamViewerInterface

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tv_w32.exe
.exe windows:5 windows x86 arch:x86

e79cba6493675f78dbbc57ef2a01d2c0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3d:27:af:be:a5:99:6f:13:e5:b5:62:44:21:f1:62:95
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/08/2011, 00:00

Not After

07/08/2014, 23:59

Subject

CN=TeamViewer,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer,L=Goeppingen,ST=Baden Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b1:bb:21:3d:5f:17:8b:25:a9:b8:76:76:52:27:2c:f3:10:84:17:e7
Signer

Actual PE Digest

b1:bb:21:3d:5f:17:8b:25:a9:b8:76:76:52:27:2c:f3:10:84:17:e7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\TeamViewer_8.0_Release\BuildTarget\Release2008\tv_w32exe.pdb

Imports

kernel32

MoveFileExW
SetEvent
CopyFileW
GetVersionExW
GetLastError
SetLastError
CreateEventW
CloseHandle
DeleteFileW
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
Sleep
GetSystemDirectoryW
LoadLibraryW
GetTickCount
OpenMutexA
CreateMutexW
SetFilePointer
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
WriteFile
CreateFileW
GetLocalTime
GetCurrentThreadId
ReleaseMutex
GetCurrentProcessId
GetCommandLineW
LoadLibraryExW
GetCurrentProcess
GetModuleHandleW
GetCommandLineA
LocalAlloc
InterlockedExchange
RaiseException
WideCharToMultiByte
InterlockedCompareExchange
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
ExitProcess
GetStartupInfoA
RtlUnwind
GetCPInfo
LCMapStringW
LCMapStringA
GetStringTypeW
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
HeapAlloc
GetStdHandle
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetStringTypeA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetModuleHandleA
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
VirtualQuery

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tv_x64.dll
.dll windows:5 windows x64 arch:x64

359463417812f10db007e16b7178b4bf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3d:27:af:be:a5:99:6f:13:e5:b5:62:44:21:f1:62:95
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/08/2011, 00:00

Not After

07/08/2014, 23:59

Subject

CN=TeamViewer,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer,L=Goeppingen,ST=Baden Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

df:f6:de:19:ea:d9:4f:c5:7f:48:12:89:53:b9:96:ea:4f:94:d8:ed
Signer

Actual PE Digest

df:f6:de:19:ea:d9:4f:c5:7f:48:12:89:53:b9:96:ea:4f:94:d8:ed

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\TeamViewer_8.0_Release\BuildTarget\Release2008\tv_x64dll.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

msvcrt

_onexit
__dllonexit
realloc
calloc
malloc
free
_initterm
_wcslwr
wcsstr
memmove
wcsncpy
__C_specific_handler
strrchr
_strlwr
_snprintf
_vsnprintf
strncpy
strncat
memcmp
strncmp
memcpy
memset

comctl32

InitCommonControlsEx

kernel32

CreateFileMappingW
LocalAlloc
SetLastError
MapViewOfFile
VirtualQuery
GetProcAddress
QueryPerformanceFrequency
QueryPerformanceCounter
VirtualFree
VirtualAlloc
VirtualProtect
GetLastError
GetCurrentProcessId
CloseHandle
Module32Next
Module32First
CreateToolhelp32Snapshot
CreateRemoteThread
OpenProcess
GetModuleHandleA
HeapFree
HeapAlloc
GetProcessHeap
GetModuleHandleW
FileTimeToSystemTime
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetVersionExW
GlobalUnlock
GetFileAttributesExW
GlobalLock
DeleteCriticalSection
LoadLibraryA
FreeLibrary
GetSystemDirectoryA
GetCurrentThreadId
GetLocalTime
DisableThreadLibraryCalls
OpenMutexW
GetModuleFileNameA
Thread32Next
SuspendThread
OpenThread
Thread32First
ResumeThread
FreeLibraryAndExitThread
Sleep
LoadLibraryW
GetModuleFileNameW
CreateThread
LocalFree
CreateMutexW
CreateEventW
UnmapViewOfFile
ReleaseMutex
WaitForSingleObject
SetEvent
GetTickCount
IsBadWritePtr
IsBadReadPtr
OpenFileMappingW

user32

GetUpdateRect
GetDC
ClientToScreen
MapWindowPoints
GetDesktopWindow
DestroyWindow
CreateWindowExW
RegisterWindowMessageW
SetWindowsHookExW
SendNotifyMessageW
UnhookWindowsHookEx
SendMessageTimeoutW
UnregisterClassW
RegisterClipboardFormatW
SetTimer
KillTimer
DefWindowProcW
CallNextHookEx
RegisterClassExW
LoadCursorW
GetClassInfoExW
SetWindowPos
IsWindowVisible
IsWindow
ReleaseDC
GetWindowRect
GetWindowDC
GetClassNameA
ShowWindow
GetWindow
GetWindowLongPtrW
GetSysColor
LoadBitmapW
SystemParametersInfoW
SendMessageW
GetClientRect
GetSystemMetrics
IsZoomed
GetWindowInfo
IsRectEmpty
CallWindowProcW
RedrawWindow
MoveWindow
IsIconic
PostMessageW
TrackMouseEvent
InvalidateRect
GetActiveWindow
SetWindowLongPtrW
EndPaint
BeginPaint
FindWindowExW
FindWindowW

gdi32

DeleteDC
DeleteObject
GdiFlush
BitBlt
RectVisible
GetPixel
SetPixel
GetObjectW
CreateCompatibleBitmap
CreateSolidBrush
MoveToEx
LineTo
ExtCreatePen
Polyline
CreatePen
GetStockObject
Rectangle
CreateCompatibleDC
CreateDIBSection
SelectObject

shell32

DragQueryFileW

ole32

CoInitialize
CoCreateInstance
ReleaseStgMedium
CoUninitialize

Exports

Exports

GetLoaderInterface

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.shared
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 402B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tv_x64.exe
.exe windows:5 windows x64 arch:x64

1aaa6812bbf8c1cba2276cc1a170d67b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3d:27:af:be:a5:99:6f:13:e5:b5:62:44:21:f1:62:95
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/08/2011, 00:00

Not After

07/08/2014, 23:59

Subject

CN=TeamViewer,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer,L=Goeppingen,ST=Baden Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a8:2b:21:ce:7c:e2:9d:37:cf:b1:58:93:a1:ee:40:68:05:07:9b:d4
Signer

Actual PE Digest

a8:2b:21:ce:7c:e2:9d:37:cf:b1:58:93:a1:ee:40:68:05:07:9b:d4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\TeamViewer_8.0_Release\BuildTarget\Release2008\tv_x64exe.pdb

Imports

kernel32

MoveFileExW
SetEvent
CopyFileW
GetVersionExW
GetLastError
SetLastError
CreateEventW
CloseHandle
DeleteFileW
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetSystemDirectoryW
LoadLibraryW
GetTickCount
OpenMutexA
CreateMutexW
SetFilePointer
WaitForSingleObject
WriteFile
CreateFileW
GetLocalTime
GetCurrentThreadId
ReleaseMutex
GetCurrentProcessId
GetCommandLineW
LoadLibraryExW
GetCurrentProcess
GetModuleHandleW
GetCommandLineA
LocalAlloc
RaiseException
WideCharToMultiByte
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapFree
ExitProcess
GetStartupInfoA
RtlPcToFileHeader
RtlUnwindEx
GetCPInfo
LCMapStringW
LCMapStringA
GetStringTypeW
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSize
HeapAlloc
GetStdHandle
HeapSetInformation
HeapCreate
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetStringTypeA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA

Sections

.text
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

3d:27:af:be:a5:99:6f:13:e5:b5:62:44:21:f1:62:95Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

81:1c:48:3b:15:ec:81:4e:13:29:d3:af:24:eb:9a:32:46:ff:37:1cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 415KB

.ndata Size: - Virtual size: 708KB

.rsrc Size: 26KB - Virtual size: 25KB

.reloc Size: 4KB - Virtual size: 3KB

cd90e33ffbc335413a25300c682c83df

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 17KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

6b9d096578bad49648d82fb5a245a197

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: - Virtual size: 24KB

.CRT Size: 512B - Virtual size: 4B

.reloc Size: 1024B - Virtual size: 890B

45f703a3822763792c446416f1e214eb

Headers

File Characteristics

Imports

kernel32

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

3d:27:af:be:a5:99:6f:13:e5:b5:62:44:21:f1:62:95
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

81:1c:48:3b:15:ec:81:4e:13:29:d3:af:24:eb:9a:32:46:ff:37:1c
Signer

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 415KB

.ndata
Size: - Virtual size: 708KB

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: - Virtual size: 24KB

.CRT
Size: 512B - Virtual size: 4B

.reloc
Size: 1024B - Virtual size: 890B

.text
Size: 43KB - Virtual size: 42KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 176B

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

.text
Size: 100KB - Virtual size: 100KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 5KB - Virtual size: 20KB

.rsrc
Size: 512B - Virtual size: 176B

.reloc
Size: 8KB - Virtual size: 8KB

.text
Size: 128KB - Virtual size: 127KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 6KB - Virtual size: 23KB

.rsrc
Size: 1024B - Virtual size: 840B

.reloc
Size: 12KB - Virtual size: 11KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

3d:27:af:be:a5:99:6f:13:e5:b5:62:44:21:f1:62:95
Certificate