dialog
initDialog
show
Overview
overview
7Static
static
3893677e390...18.exe
windows7-x64
3893677e390...18.exe
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...ta.dll
windows7-x64
3$PLUGINSDI...ta.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...on.dll
windows7-x64
3$PLUGINSDI...on.dll
windows10-2004-x64
3$PLUGINSDI...7z.dll
windows7-x64
3$PLUGINSDI...7z.dll
windows10-2004-x64
3TeamViewer.exe
windows7-x64
7TeamViewer.exe
windows10-2004-x64
7TeamViewer...op.exe
windows7-x64
3TeamViewer...op.exe
windows10-2004-x64
3TeamViewer...de.dll
windows7-x64
1TeamViewer...de.dll
windows10-2004-x64
1TeamViewer...ce.exe
windows7-x64
1TeamViewer...ce.exe
windows10-2004-x64
1tv_w32.dll
windows7-x64
1tv_w32.dll
windows10-2004-x64
1tv_w32.exe
windows7-x64
1tv_w32.exe
windows10-2004-x64
1tv_x64.dll
windows7-x64
1tv_x64.dll
windows10-2004-x64
1tv_x64.exe
windows7-x64
1tv_x64.exe
windows10-2004-x64
1x64/TVMonitor.sys
windows7-x64
1x64/TVMonitor.sys
windows10-2004-x64
1x86/TVMonitor.sys
windows7-x64
1x86/TVMonitor.sys
windows10-2004-x64
1Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
893677e39019f01de42c2363fe2c0509_JaffaCakes118.exe
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
893677e39019f01de42c2363fe2c0509_JaffaCakes118.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240508-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral5
Sample
$PLUGINSDIR/ReadCustomerData.dll
Resource
win7-20240419-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral6
Sample
$PLUGINSDIR/ReadCustomerData.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240508-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral9
Sample
$PLUGINSDIR/TvGetVersion.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral10
Sample
$PLUGINSDIR/TvGetVersion.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral13
Sample
TeamViewer.exe
Resource
win7-20240220-en
windows7-x64
7 signatures
150 seconds
Behavioral task
behavioral14
Sample
TeamViewer.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
6 signatures
150 seconds
Behavioral task
behavioral15
Sample
TeamViewer_Desktop.exe
Resource
win7-20240508-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral16
Sample
TeamViewer_Desktop.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral17
Sample
TeamViewer_Resource_de.dll
Resource
win7-20240419-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral18
Sample
TeamViewer_Resource_de.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral19
Sample
TeamViewer_Service.exe
Resource
win7-20240508-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral20
Sample
TeamViewer_Service.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral21
Sample
tv_w32.dll
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral22
Sample
tv_w32.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral23
Sample
tv_w32.exe
Resource
win7-20240221-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral24
Sample
tv_w32.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral25
Sample
tv_x64.dll
Resource
win7-20231129-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral26
Sample
tv_x64.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral27
Sample
tv_x64.exe
Resource
win7-20240221-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral28
Sample
tv_x64.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral29
Sample
x64/TVMonitor.sys
Resource
win7-20240508-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral30
Sample
x64/TVMonitor.sys
Resource
win10v2004-20240426-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral31
Sample
x86/TVMonitor.sys
Resource
win7-20240215-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral32
Sample
x86/TVMonitor.sys
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
893677e39019f01de42c2363fe2c0509_JaffaCakes118
-
Size
3.3MB
-
MD5
893677e39019f01de42c2363fe2c0509
-
SHA1
a5d9ac502f976f5f4e61ba3cf70a9dc5e31967dc
-
SHA256
da1c85b695e4de5c2cce7fc927cf322f7ad542bb6d947cf13de1f32105324e41
-
SHA512
a5a364759af24e2035c5b6785ed6141979749a1342c7871f0ab048f52c4d093140e6d1be2e838e0728a3f075778d774d23fcbc50afbd7d4dcec7710b980bfdae
-
SSDEEP
98304:yCmMmB0pA3Rfg9UYNzqo9zGNRBXRxm8hl:FmVWM1gVNzqOzGzxm8hl
Score
3/10
Malware Config
Signatures
-
Unsigned PE 6 IoCs
Checks for missing Authenticode signature.
resource 893677e39019f01de42c2363fe2c0509_JaffaCakes118 unpack001/$PLUGINSDIR/InstallOptions.dll unpack001/$PLUGINSDIR/ReadCustomerData.dll unpack001/$PLUGINSDIR/System.dll unpack001/$PLUGINSDIR/TvGetVersion.dll unpack001/$PLUGINSDIR/nsis7z.dll -
NSIS installer 2 IoCs
resource yara_rule sample nsis_installer_1 sample nsis_installer_2
Files
-
893677e39019f01de42c2363fe2c0509_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 107KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 44KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/InstallOptions.dll.dll windows:4 windows x86 arch:x86
b1cd0d78f652ce5fc63f0879371af012
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc
user32
MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect
gdi32
SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject
shell32
SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA
comdlg32
GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError
ole32
CoTaskMemFree
Exports
Exports
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/ReadCustomerData.dll.dll windows:4 windows x86 arch:x86
d29e408dd9048e10d5936c6f2bfca832
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
MultiByteToWideChar
GetLastError
ReadFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
CloseHandle
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
RtlUnwind
RaiseException
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetStdHandle
FlushFileBuffers
VirtualAlloc
HeapReAlloc
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
InitializeCriticalSection
HeapSize
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetEndOfFile
LCMapStringA
LCMapStringW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GlobalFree
lstrcpyA
Exports
Exports
ReadCustomerData
Sections
.text Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 176B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/System.dll.dll windows:4 windows x86 arch:x86
2017f2acbdaa42ab3e4adeb8b4c37e7b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect
user32
wsprintfA
ole32
StringFromGUID2
CLSIDFromString
Exports
Exports
Alloc
Call
Copy
Free
Get
Int64Op
Store
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 784B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 100B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 520B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/TvGetVersion.dll.dll windows:4 windows x86 arch:x86
7f27fb2f8604769e3f1416e79e2b660f
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
Sleep
GetVersionExA
GetCurrentThreadId
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
lstrcpynA
GetTickCount
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteFile
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
lstrcmpiA
lstrcpyA
lstrlenA
lstrcatA
GetDriveTypeA
CreateFileA
GetFileSize
GlobalAlloc
ReadFile
CloseHandle
GlobalFree
GetLastError
GetCurrentProcessId
GetModuleHandleA
QueryPerformanceCounter
GetProcAddress
user32
GetSystemMetrics
SendMessageA
wsprintfA
advapi32
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
DeleteService
ControlService
StartServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
RegDeleteValueA
RegCreateKeyExA
RegEnumKeyExA
RegEnumValueA
RegSetValueExA
Exports
Exports
GetCurrentSessionId
GetServiceStatus
IsNetPath
IsServiceInstalled
IsTvPasswordSet
LoadFile
RegCopyKey
RegCopyValue
RemoveService
RemoveServiceWait
RunService
RunServiceWait
StopService
StopServiceWait
WindowsName
WindowsPlatformArchitecture
WindowsPlatformId
WindowsServerName
WindowsVersion
WindowsVersionMajor
WindowsVersionMinor
Sections
.text Size: 32KB - Virtual size: 32KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 176B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/nsis7z.dll.dll windows:4 windows x86 arch:x86
b22ed27c346f001ed1b4410c1073cfa9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetTickCount
LoadLibraryA
GetModuleFileNameA
RemoveDirectoryW
MoveFileA
MoveFileW
CreateDirectoryA
CreateDirectoryW
DeleteFileA
DeleteFileW
GetFullPathNameA
GetFullPathNameW
GetCurrentThreadId
GetCurrentProcessId
SetLastError
CreateFileW
SetFileTime
CloseHandle
SetFileAttributesA
SetFileAttributesW
RemoveDirectoryA
FindClose
FindFirstFileA
FindFirstFileW
CreateFileA
GetFileSize
SetFilePointer
ReadFile
WriteFile
SetEndOfFile
GetProcAddress
GetCurrentProcess
GetSystemInfo
GetModuleHandleA
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
DeleteCriticalSection
AreFileApisANSI
VirtualFree
VirtualAlloc
GetVersionExA
ResetEvent
WaitForSingleObject
SetEvent
InitializeCriticalSection
CreateEventA
SetFileApisToOEM
SetFileApisToANSI
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
RaiseException
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapAlloc
HeapFree
HeapReAlloc
ExitThread
CreateThread
GetCommandLineA
GetProcessHeap
HeapDestroy
HeapCreate
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
SetHandleCount
GetFileType
GetStartupInfoA
Sleep
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetConsoleCP
GetConsoleMode
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetStdHandle
VirtualQuery
user32
CharUpperW
CharUpperA
GetDlgItem
FindWindowExA
SetWindowTextA
wsprintfA
SendMessageA
oleaut32
VariantCopy
VariantClear
SysAllocString
Exports
Exports
Extract
ExtractWithCallback
ExtractWithDetails
Sections
.text Size: 129KB - Virtual size: 129KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 840B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/wincheck.ini
-
$_2_/tvqsfiles.7z.7z
-
TeamViewer.exe.exe windows:4 windows x86 arch:x86
d15e131bc035602952b13ffac776a96e
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
3d:27:af:be:a5:99:6f:13:e5:b5:62:44:21:f1:62:95Certificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before08/08/2011, 00:00Not After07/08/2014, 23:59SubjectCN=TeamViewer,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer,L=Goeppingen,ST=Baden Wuerttemberg,C=DEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
74:db:8a:df:ed:41:4d:7f:f6:6b:70:0f:00:6b:ca:4b:39:55:0d:a2Signer
Actual PE Digest74:db:8a:df:ed:41:4d:7f:f6:6b:70:0f:00:6b:ca:4b:39:55:0d:a2Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\TeamViewer_7.0_Release\TeamViewer\qs_release\TeamViewer.pdb
Imports
ws2_32
shutdown
recvfrom
sendto
__WSAFDIsSet
select
connect
ioctlsocket
gethostbyname
setsockopt
getsockopt
inet_ntoa
bind
socket
WSACloseEvent
getpeername
WSASetEvent
ntohs
getsockname
WSAGetLastError
ntohl
htonl
recv
WSAEventSelect
WSAWaitForMultipleEvents
htons
WSAResetEvent
WSACreateEvent
accept
WSADuplicateSocketW
WSASocketW
listen
WSARecvFrom
WSASend
WSASetLastError
WSARecv
closesocket
gethostname
WSAAddressToStringA
inet_addr
WSACleanup
gethostbyaddr
getservbyname
getservbyport
send
WSAStartup
iphlpapi
GetAdapterIndex
GetAdaptersInfo
DeleteIPAddress
comctl32
ImageList_DragLeave
ImageList_DragEnter
ImageList_DragMove
ImageList_EndDrag
ImageList_BeginDrag
ImageList_ReplaceIcon
ImageList_Remove
ImageList_Destroy
ImageList_Create
ImageList_GetIconSize
ImageList_Draw
ImageList_GetIcon
InitCommonControlsEx
ImageList_SetBkColor
avicap32
capCreateCaptureWindowA
capGetDriverDescriptionA
msvfw32
DrawDibOpen
DrawDibClose
DrawDibDraw
winmm
waveOutClose
waveOutUnprepareHeader
waveOutWrite
waveOutPause
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
waveInStart
waveInReset
waveInClose
waveInUnprepareHeader
waveInAddBuffer
waveInPrepareHeader
waveInOpen
waveInGetNumDevs
timeEndPeriod
timeBeginPeriod
mixerSetControlDetails
mixerClose
mixerGetID
mixerOpen
waveOutRestart
waveOutReset
kernel32
GetCurrentThread
FindClose
CompareFileTime
CompareStringA
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
GetCurrentDirectoryA
GetFullPathNameA
FindFirstFileA
GetDriveTypeA
LocalAlloc
lstrcpyA
RaiseException
GetThreadTimes
SetEnvironmentVariableA
SetStdHandle
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
GetOEMCP
GetTimeZoneInformation
HeapCreate
GetStdHandle
GetStringTypeA
LCMapStringA
GetDateFormatA
GetTimeFormatA
ExitProcess
GetStartupInfoA
GetCommandLineA
ExitThread
IsDebuggerPresent
UnhandledExceptionFilter
RtlUnwind
CreateWaitableTimerA
CreateFileMappingA
MapViewOfFileEx
CreateFileA
UnmapViewOfFile
AreFileApisANSI
GetFileTime
FormatMessageA
GetThreadLocale
GetACP
HeapSize
HeapReAlloc
HeapDestroy
IsProcessorFeaturePresent
GetVersionExA
lstrlenA
SetEndOfFile
CancelIo
ReadFileEx
GlobalSize
WaitForMultipleObjectsEx
SetFileTime
LocalFileTimeToFileTime
GetSystemTime
FileTimeToLocalFileTime
SetUnhandledExceptionFilter
WaitForSingleObjectEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
MoveFileExW
TerminateProcess
OpenProcess
GetLocaleInfoA
GetUserDefaultLCID
GetSystemDefaultLCID
LocalFree
QueryPerformanceFrequency
QueryPerformanceCounter
SetThreadAffinityMask
SetFilePointer
TlsGetValue
TlsSetValue
CreateIoCompletionPort
InterlockedCompareExchange
GetOverlappedResult
OpenEventA
DeviceIoControl
GetExitCodeProcess
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
CloseHandle
InterlockedIncrement
PostQueuedCompletionStatus
InterlockedExchange
InterlockedExchangeAdd
HeapFree
GetProcessHeap
TlsFree
GetCurrentThreadId
GetTickCount
SetLastError
CreateEventA
HeapAlloc
WaitForSingleObject
SetEvent
GetLastError
TlsAlloc
InitializeCriticalSection
DeleteCriticalSection
Sleep
GetSystemTimeAsFileTime
ReleaseSemaphore
CreateSemaphoreA
WaitForMultipleObjects
SizeofResource
LockResource
LoadResource
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
ReadFile
GetFileSize
ResetEvent
CreateThread
ResumeThread
SetThreadPriority
GetPriorityClass
SetPriorityClass
GetExitCodeThread
TryEnterCriticalSection
VirtualAlloc
VirtualFree
DuplicateHandle
GetLocalTime
GetCurrentProcessId
WriteFile
GetCommandLineW
SetErrorMode
SetProcessShutdownParameters
FreeLibrary
ReleaseMutex
GlobalHandle
GlobalFree
InterlockedDecrement
GetQueuedCompletionStatus
TerminateThread
QueueUserAPC
SleepEx
SetWaitableTimer
InitializeCriticalSectionAndSpinCount
user32
ReleaseDC
DestroyWindow
IsWindow
SetFocus
ShowWindow
SetRectEmpty
GetWindowDC
GetDC
GetAsyncKeyState
BringWindowToTop
WindowFromPoint
GetWindowThreadProcessId
GetSysColorBrush
DrawFocusRect
FrameRect
GetCapture
DrawIconEx
SendDlgItemMessageA
GetDlgItemTextA
SetForegroundWindow
DrawIcon
ChildWindowFromPointEx
GetKeyState
CopyIcon
MsgWaitForMultipleObjects
MonitorFromPoint
SetRect
GetMenuItemCount
TrackPopupMenuEx
FlashWindow
GetWindowPlacement
SetWindowPlacement
GetNextDlgTabItem
DrawEdge
GetMessagePos
UnregisterClassA
BlockInput
AttachThreadInput
GetUpdateRgn
EnumChildWindows
UnhookWindowsHookEx
CallNextHookEx
SendInput
ToAscii
ToUnicode
GetKeyboardState
ExitWindowsEx
ActivateKeyboardLayout
GetKeyboardLayout
CloseDesktop
SetThreadDesktop
OpenDesktopW
GetActiveWindow
CreatePopupMenu
IsMenu
CreateMenu
DestroyMenu
GetWindowRect
InvalidateRect
IsWindowVisible
PtInRect
GetCursorPos
CheckMenuItem
EnableMenuItem
MoveWindow
GetClientRect
ScreenToClient
MapWindowPoints
BeginPaint
EndPaint
SetTimer
KillTimer
SetCapture
GetParent
SetWindowRgn
OffsetRect
PostQuitMessage
AdjustWindowRectEx
GetMenu
DeleteMenu
IsWindowEnabled
CopyRect
EqualRect
TrackMouseEvent
ReleaseCapture
RemoveMenu
CheckMenuRadioItem
GetSubMenu
GetDlgCtrlID
GetDlgItem
GetDesktopWindow
GetMenuState
IsIconic
SetWindowPos
ClientToScreen
UpdateWindow
ShowScrollBar
SetScrollInfo
IntersectRect
FillRect
GetSystemMetrics
AdjustWindowRect
MonitorFromRect
GetWindow
GetSystemMenu
MessageBoxA
MsgWaitForMultipleObjectsEx
TranslateMessage
SetWindowContextHelpId
MapDialogRect
GetFocus
DestroyAcceleratorTable
IsChild
GetSysColor
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
GetClipboardViewer
SetClipboardViewer
ChangeClipboardChain
GetCursor
UnionRect
DestroyCursor
SetActiveWindow
GetForegroundWindow
EndDialog
MessageBeep
RedrawWindow
CreateIconIndirect
SetCursor
SetCursorPos
GetScrollInfo
SetScrollPos
DestroyIcon
InflateRect
SetParent
ScrollWindowEx
InvalidateRgn
IsRectEmpty
gdi32
GetBitmapBits
GetBkMode
GetRgnBox
GetTextColor
PatBlt
CreatePatternBrush
GetPixel
CreateRoundRectRgn
RoundRect
CreateRectRgnIndirect
GetCurrentObject
CreateBitmap
SetWindowOrgEx
GetViewportOrgEx
GetClipBox
LineTo
MoveToEx
SetDIBColorTable
Polygon
Ellipse
StrokeAndFillPath
EndPath
BeginPath
OffsetRgn
SetRectRgn
CreatePen
CreateSolidBrush
Rectangle
GetObjectType
SetPixel
SetViewportOrgEx
SetBrushOrgEx
CreateCompatibleBitmap
CreateCompatibleDC
CreatePalette
SetStretchBltMode
CreateDIBSection
RealizePalette
SelectPalette
SetTextColor
SelectObject
StretchBlt
GetStockObject
SetBkMode
SelectClipRgn
CreatePolygonRgn
BitBlt
CombineRgn
CreateRectRgn
SetBkColor
DeleteDC
GetDeviceCaps
DeleteObject
comdlg32
CommDlgExtendedError
advapi32
GetSidIdentifierAuthority
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
ImpersonateLoggedOnUser
RevertToSelf
RegSetValueExA
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegFlushKey
GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW
GetAce
DeleteAce
EqualSid
LookupAccountNameW
LookupAccountSidW
FreeSid
CreateProcessAsUserW
CloseServiceHandle
SetSecurityInfo
GetSecurityInfo
StartServiceW
RegCloseKey
shell32
DragFinish
ord680
SHAppBarMessage
DragAcceptFiles
SHGetMalloc
SHGetSpecialFolderPathW
ord155
SHGetSpecialFolderLocation
ole32
RevokeDragDrop
RegisterDragDrop
CoCreateGuid
DoDragDrop
CoMarshalInterThreadInterfaceInStream
OleDuplicateData
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
ReleaseStgMedium
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoInitializeSecurity
CoGetInterfaceAndReleaseStream
OleLockRunning
StringFromGUID2
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
oleaut32
SysAllocStringLen
SysFreeString
SysStringLen
VariantInit
OleCreatePropertyFrame
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysStringByteLen
SysAllocString
VariantClear
shlwapi
PathCompactPathW
mswsock
GetAcceptExSockaddrs
AcceptEx
mpr
WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW
setupapi
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiOpenDevRegKey
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
crypt32
CryptVerifyMessageSignature
CertGetNameStringW
CertGetNameStringA
CertFreeCertificateContext
imagehlp
ImageEnumerateCertificates
ImageGetCertificateData
ImageGetCertificateHeader
wininet
HttpSendRequestW
HttpOpenRequestW
InternetOpenW
HttpQueryInfoW
InternetSetOptionW
InternetGoOnlineA
InternetQueryOptionW
InternetErrorDlg
HttpSendRequestA
InternetReadFile
InternetQueryDataAvailable
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetCloseHandle
InternetConnectW
DetectAutoProxyUrl
sensapi
IsNetworkAlive
urlmon
URLDownloadToFileA
Sections
.text Size: 6.8MB - Virtual size: 6.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2.1MB - Virtual size: 2.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 203KB - Virtual size: 1.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 2B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
TeamViewer_Desktop.exe.exe windows:4 windows x86 arch:x86
76ed15923acaff76447591f0f3e02881
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
3d:27:af:be:a5:99:6f:13:e5:b5:62:44:21:f1:62:95Certificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before08/08/2011, 00:00Not After07/08/2014, 23:59SubjectCN=TeamViewer,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer,L=Goeppingen,ST=Baden Wuerttemberg,C=DEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
3d:08:bc:47:72:67:b6:4e:7a:32:c0:43:65:a0:dd:09:42:91:0a:44Signer
Actual PE Digest3d:08:bc:47:72:67:b6:4e:7a:32:c0:43:65:a0:dd:09:42:91:0a:44Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\TeamViewer_7.0_Release\TeamViewer\qs_release\TeamViewer_Desktop.pdb
Imports
ws2_32
inet_ntoa
gethostname
WSAGetLastError
inet_addr
htonl
ioctlsocket
shutdown
setsockopt
closesocket
gethostbyname
WSASetLastError
gethostbyaddr
ntohs
getservbyport
getservbyname
WSARecv
ntohl
bind
WSAAddressToStringA
select
accept
WSASend
WSASocketW
getsockopt
htons
getsockname
WSACleanup
__WSAFDIsSet
listen
WSAStartup
connect
comctl32
InitCommonControlsEx
ImageList_Draw
kernel32
GetCurrentThread
LocalAlloc
LoadLibraryW
LocalFree
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
CompareStringA
DuplicateHandle
SetWaitableTimer
InterlockedExchangeAdd
QueueUserAPC
GetExitCodeThread
GetQueuedCompletionStatus
InitializeCriticalSectionAndSpinCount
SleepEx
TerminateThread
DeviceIoControl
GetThreadTimes
SetEnvironmentVariableA
CreateFileA
SetStdHandle
GetConsoleOutputCP
WriteConsoleA
PostQueuedCompletionStatus
Sleep
GetCommandLineW
InterlockedDecrement
GetCurrentProcess
InterlockedIncrement
LoadResource
FreeLibrary
SizeofResource
RaiseException
InterlockedExchange
SetProcessShutdownParameters
GetProcessShutdownParameters
FlushInstructionCache
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetLastError
CreateSemaphoreA
HeapAlloc
GetLastError
GetTickCount
SetEvent
CreateMutexA
GetCurrentThreadId
WaitForMultipleObjects
TlsFree
GetSystemTimeAsFileTime
TlsAlloc
CloseHandle
GetCurrentProcessId
ReleaseSemaphore
IsValidLocale
EnumSystemLocalesA
FlushFileBuffers
GetConsoleMode
GetThreadLocale
GetACP
GetVersionExA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
lstrcpyA
ResumeThread
CreateThread
GetConsoleCP
GetTimeZoneInformation
GetFileType
SetHandleCount
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
GetOEMCP
HeapCreate
ExitProcess
LCMapStringA
GetStringTypeA
RtlUnwind
GetDateFormatA
GetTimeFormatA
GetStartupInfoA
GetCommandLineA
ExitThread
WaitForSingleObject
CreateEventA
HeapFree
GetProcessHeap
IsDebuggerPresent
UnhandledExceptionFilter
CreateWaitableTimerA
GetSystemInfo
AreFileApisANSI
FormatMessageA
GlobalFree
HeapSize
HeapReAlloc
FileTimeToSystemTime
SetUnhandledExceptionFilter
FileTimeToLocalFileTime
FindClose
GetLocalTime
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemDefaultLCID
GetUserDefaultLCID
GetLocaleInfoA
SetFilePointer
WriteFile
ReleaseMutex
GetFileSize
OpenProcess
ReadFile
TerminateProcess
ResetEvent
CreateIoCompletionPort
InterlockedCompareExchange
TlsSetValue
TlsGetValue
OpenEventA
LockResource
SystemTimeToFileTime
GlobalLock
GlobalUnlock
WaitForMultipleObjectsEx
GetSystemTime
CancelIo
GetOverlappedResult
ReadFileEx
SetEndOfFile
HeapDestroy
user32
CallNextHookEx
UnionRect
GetDesktopWindow
WindowFromPoint
GetWindowRect
GetParent
GetUserObjectInformationW
GetCursorPos
CloseDesktop
GetForegroundWindow
GetThreadDesktop
GetWindowThreadProcessId
RedrawWindow
GetGUIThreadInfo
SetWindowPos
GetWindowRgn
CopyRect
IsWindowEnabled
IntersectRect
GetWindow
GetDC
EqualRect
GetCursorInfo
EnumWindows
GetIconInfo
GetSystemMetrics
MapWindowPoints
IsWindow
IsWindowVisible
ReleaseDC
SetLayeredWindowAttributes
GetClientRect
EnumDesktopWindows
OpenDesktopW
MsgWaitForMultipleObjectsEx
BlockInput
FillRect
ScreenToClient
GetDlgItem
GetAsyncKeyState
GetKeyboardLayout
GetKeyboardState
ToUnicode
TranslateMessage
GetKeyState
ActivateKeyboardLayout
SetThreadDesktop
OpenInputDesktop
ExitWindowsEx
UnregisterClassA
PostQuitMessage
DestroyWindow
MessageBoxA
SetRectEmpty
OffsetRect
PtInRect
InflateRect
SendInput
IsRectEmpty
UnhookWindowsHookEx
GetWindowDC
gdi32
CreateDIBSection
SetBkColor
CreatePen
Rectangle
CreateSolidBrush
GetStockObject
RoundRect
GetSystemPaletteEntries
GdiFlush
SelectObject
CreateRectRgn
CreateRectRgnIndirect
DeleteObject
SetRectRgn
SetBkMode
CombineRgn
GetDIBits
RectInRegion
GetDeviceCaps
GetRgnBox
GetRegionData
BitBlt
PtInRegion
CreateCompatibleDC
OffsetRgn
StretchBlt
DeleteDC
SelectClipRgn
GetDCOrgEx
SetPixel
CreateCompatibleBitmap
advapi32
StartServiceW
LookupAccountNameW
LookupAccountSidW
FreeSid
GetSecurityInfo
SetEntriesInAclW
SetSecurityInfo
AllocateAndInitializeSid
CloseServiceHandle
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetNamedSecurityInfoW
SetNamedSecurityInfoW
ImpersonateLoggedOnUser
RegSetValueExA
RegFlushKey
GetSidIdentifierAuthority
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RevertToSelf
EqualSid
ole32
OleInitialize
OleUninitialize
ReleaseStgMedium
CoGetInterfaceAndReleaseStream
CoTaskMemAlloc
CoUninitialize
CoInitializeEx
CoTaskMemRealloc
CoInitializeSecurity
CoTaskMemFree
CoCreateInstance
oleaut32
SysFreeString
SysAllocString
SafeArrayGetElement
SafeArrayGetDim
VariantInit
VariantClear
VariantCopy
VariantChangeType
VarUI4FromStr
crypt32
CertFreeCertificateContext
CertGetNameStringA
CertGetNameStringW
CryptVerifyMessageSignature
imagehlp
ImageEnumerateCertificates
ImageGetCertificateHeader
ImageGetCertificateData
wininet
InternetQueryOptionW
DetectAutoProxyUrl
urlmon
URLDownloadToFileA
shell32
SHGetMalloc
SHGetSpecialFolderLocation
Sections
.text Size: 2.0MB - Virtual size: 2.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.orpc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 529KB - Virtual size: 529KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 55KB - Virtual size: 351KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 2B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
TeamViewer_Resource_de.dll.dll windows:4 windows x86 arch:x86
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
3d:27:af:be:a5:99:6f:13:e5:b5:62:44:21:f1:62:95Certificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before08/08/2011, 00:00Not After07/08/2014, 23:59SubjectCN=TeamViewer,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer,L=Goeppingen,ST=Baden Wuerttemberg,C=DEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
a2:94:99:67:1e:b5:35:df:41:7e:43:88:5b:1f:da:01:7c:f7:78:62Signer
Actual PE Digesta2:94:99:67:1e:b5:35:df:41:7e:43:88:5b:1f:da:01:7c:f7:78:62Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 2.6MB - Virtual size: 2.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
TeamViewer_Service.exe.exe windows:4 windows x86 arch:x86
a9d8dd235da0b1e0fa502d24e4982561
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
3d:27:af:be:a5:99:6f:13:e5:b5:62:44:21:f1:62:95Certificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before08/08/2011, 00:00Not After07/08/2014, 23:59SubjectCN=TeamViewer,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer,L=Goeppingen,ST=Baden Wuerttemberg,C=DEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
7b:e2:ce:de:ff:20:18:6c:e7:49:fd:7e:2e:58:40:3f:50:14:8d:e2Signer
Actual PE Digest7b:e2:ce:de:ff:20:18:6c:e7:49:fd:7e:2e:58:40:3f:50:14:8d:e2Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\TeamViewer_7.0_Release\TeamViewer\qs_release\TeamViewer_Service.pdb
Imports
ws2_32
listen
accept
WSARecvFrom
WSASend
WSASetLastError
htons
WSAWaitForMultipleEvents
WSAEventSelect
htonl
recv
__WSAFDIsSet
getsockname
select
inet_addr
ntohl
gethostname
inet_ntoa
gethostbyname
WSADuplicateSocketW
WSARecv
WSASocketW
closesocket
WSACleanup
WSAStartup
shutdown
send
getservbyport
getservbyname
gethostbyaddr
recvfrom
sendto
setsockopt
getsockopt
connect
ioctlsocket
bind
WSAResetEvent
WSACreateEvent
ntohs
WSASetEvent
getpeername
WSACloseEvent
WSAGetLastError
socket
kernel32
GetDriveTypeA
FindFirstFileA
LoadLibraryA
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
CompareStringA
FreeLibrary
InterlockedExchange
InterlockedIncrement
InterlockedExchangeAdd
InterlockedDecrement
SetConsoleCtrlHandler
Sleep
SetLastError
TlsFree
TlsAlloc
GetThreadTimes
lstrlenA
SetEnvironmentVariableA
GetConsoleOutputCP
WriteConsoleA
CreateFileA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetOEMCP
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStrings
FreeEnvironmentStringsA
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
HeapSize
GetStdHandle
ExitProcess
GetStringTypeA
GetCurrentThreadId
GetLastError
GetFullPathNameA
GetCurrentDirectoryA
CreateSemaphoreA
LCMapStringA
RtlUnwind
HeapReAlloc
GetDateFormatA
GetTimeFormatA
ExitThread
IsDebuggerPresent
UnhandledExceptionFilter
CreateWaitableTimerA
AreFileApisANSI
SetEndOfFile
FormatMessageA
GetThreadLocale
GetACP
GetVersionExA
FileTimeToLocalFileTime
SetUnhandledExceptionFilter
FileTimeToSystemTime
InitializeCriticalSection
GetQueuedCompletionStatus
TerminateThread
DeleteCriticalSection
CloseHandle
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
GetCurrentProcess
SetFilePointer
GetSystemTimeAsFileTime
WriteFile
GetTickCount
SetWaitableTimer
ReleaseMutex
PostQueuedCompletionStatus
GetFileSize
LeaveCriticalSection
SleepEx
WaitForSingleObject
SetEvent
EnterCriticalSection
CreateEventA
QueueUserAPC
LocalFree
OpenProcess
GetLocalTime
GetCurrentThread
QueryPerformanceCounter
QueryPerformanceFrequency
FindClose
GetSystemDefaultLCID
GetUserDefaultLCID
GetLocaleInfoA
DuplicateHandle
ReleaseSemaphore
ReadFile
TerminateProcess
HeapFree
CreateIoCompletionPort
InterlockedCompareExchange
TlsSetValue
TlsGetValue
OpenEventA
ResetEvent
HeapAlloc
GetProcessHeap
SizeofResource
LoadResource
RaiseException
GetExitCodeProcess
CreateThread
ResumeThread
DeviceIoControl
SetThreadPriority
GetOverlappedResult
SystemTimeToFileTime
GetExitCodeThread
user32
TranslateMessage
MessageBoxA
UnregisterClassA
ExitWindowsEx
MsgWaitForMultipleObjectsEx
DestroyWindow
advapi32
CloseServiceHandle
LookupAccountSidW
RevertToSelf
ImpersonateLoggedOnUser
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW
GetAce
DeleteAce
ControlService
QueryServiceStatus
DeleteService
RegFlushKey
CreateProcessAsUserW
RegSetValueExA
RegCloseKey
GetSecurityInfo
SetSecurityInfo
AllocateAndInitializeSid
FreeSid
CryptGenRandom
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
CryptReleaseContext
CryptAcquireContextA
EqualSid
ole32
OleInitialize
OleUninitialize
CoCreateGuid
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CoInitializeSecurity
CoTaskMemAlloc
oleaut32
SysFreeString
SysAllocString
VarUI4FromStr
VariantClear
mpr
WNetOpenEnumW
WNetCloseEnum
WNetEnumResourceW
setupapi
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiOpenDevRegKey
iphlpapi
DeleteIPAddress
GetAdapterIndex
GetAdaptersInfo
crypt32
CertGetNameStringW
CertGetNameStringA
CertFreeCertificateContext
CryptVerifyMessageSignature
imagehlp
ImageEnumerateCertificates
ImageGetCertificateData
ImageGetCertificateHeader
wininet
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
InternetQueryDataAvailable
InternetReadFile
HttpSendRequestA
InternetErrorDlg
InternetQueryOptionW
InternetGoOnlineA
HttpOpenRequestA
InternetConnectW
HttpQueryInfoW
InternetCloseHandle
InternetSetOptionW
InternetOpenW
HttpAddRequestHeadersA
sensapi
IsNetworkAlive
shell32
SHGetMalloc
SHGetSpecialFolderLocation
mswsock
AcceptEx
GetAcceptExSockaddrs
Sections
.text Size: 2.1MB - Virtual size: 2.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 644KB - Virtual size: 643KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 55KB - Virtual size: 259KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 2B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tv_w32.dll.dll windows:4 windows x86 arch:x86
d4eb745f17bb7100accc7c9b1576debe
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
3d:27:af:be:a5:99:6f:13:e5:b5:62:44:21:f1:62:95Certificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before08/08/2011, 00:00Not After07/08/2014, 23:59SubjectCN=TeamViewer,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer,L=Goeppingen,ST=Baden Wuerttemberg,C=DEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
b0:72:9b:13:66:04:bc:d9:33:f5:6d:02:ab:56:6f:00:75:d4:9b:d9Signer
Actual PE Digestb0:72:9b:13:66:04:bc:d9:33:f5:6d:02:ab:56:6f:00:75:d4:9b:d9Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
c:\TeamViewer_7.0_Release\TeamViewer\TVHooks64\release\tv_w32dll.pdb
Imports
crtdll
strncat
strncpy
_vsnprintf
_snprintf
_strlwr
strrchr
memmove
memcpy
wcsstr
_wcslwr
_global_unwind2
_local_unwind2
_initterm
malloc
__dllonexit
strncmp
memset
comctl32
InitCommonControlsEx
kernel32
GetFileAttributesExW
HeapAlloc
GlobalLock
DeleteCriticalSection
GetProcAddress
LoadLibraryA
FreeLibrary
GetSystemDirectoryA
GetLocalTime
InterlockedCompareExchange
GlobalUnlock
DisableThreadLibraryCalls
OpenMutexW
GetModuleFileNameA
FreeLibraryAndExitThread
Sleep
LoadLibraryW
GetModuleFileNameW
CreateThread
LocalFree
CreateMutexW
CreateEventW
UnmapViewOfFile
ReleaseMutex
WaitForSingleObject
InterlockedDecrement
InterlockedIncrement
SetEvent
GetTickCount
IsBadWritePtr
IsBadReadPtr
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
LocalAlloc
SetLastError
GlobalFree
GlobalAlloc
GetVersion
QueryPerformanceCounter
GetVersionExW
VirtualProtect
ResumeThread
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateToolhelp32Snapshot
Thread32First
OpenThread
SuspendThread
Thread32Next
CloseHandle
GetProcessHeap
HeapFree
EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSection
FileTimeToSystemTime
InterlockedExchange
user32
ShowWindow
GetWindow
GetSysColor
LoadBitmapW
GetSystemMetrics
SystemParametersInfoW
GetClientRect
IsZoomed
GetWindowInfo
GetClassNameA
IsRectEmpty
RedrawWindow
CallWindowProcW
MoveWindow
IsIconic
PostMessageW
TrackMouseEvent
InvalidateRect
EndPaint
BeginPaint
GetActiveWindow
SetWindowLongW
GetWindowLongW
FindWindowExW
FindWindowW
SendMessageW
GetDesktopWindow
ClientToScreen
GetDC
GetUpdateRect
GetWindowRect
ReleaseDC
IsWindow
IsWindowVisible
SetWindowPos
GetClassInfoExW
LoadCursorW
RegisterClassExW
CallNextHookEx
DestroyWindow
DefWindowProcW
KillTimer
SetTimer
RegisterClipboardFormatW
CreateWindowExW
UnregisterClassW
SendMessageTimeoutW
UnhookWindowsHookEx
SendNotifyMessageW
SetWindowsHookExW
RegisterWindowMessageW
MapWindowPoints
GetWindowDC
gdi32
DeleteObject
GdiFlush
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
Rectangle
GetStockObject
CreatePen
Polyline
ExtCreatePen
LineTo
MoveToEx
CreateSolidBrush
CreateCompatibleBitmap
GetObjectW
SetPixel
GetPixel
RectVisible
DeleteDC
shell32
DragQueryFileW
ole32
ReleaseStgMedium
CoCreateInstance
Exports
Exports
GetLoaderInterface
GetTeamViewerInterface
Sections
.text Size: 36KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.shared Size: 4KB - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tv_w32.exe.exe windows:4 windows x86 arch:x86
f3ff9327b14182f5c72aef41a183a4c4
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
3d:27:af:be:a5:99:6f:13:e5:b5:62:44:21:f1:62:95Certificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before08/08/2011, 00:00Not After07/08/2014, 23:59SubjectCN=TeamViewer,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer,L=Goeppingen,ST=Baden Wuerttemberg,C=DEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
97:9a:df:5a:03:68:88:51:53:7d:14:9a:df:a4:3c:32:17:71:70:a5Signer
Actual PE Digest97:9a:df:5a:03:68:88:51:53:7d:14:9a:df:a4:3c:32:17:71:70:a5Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\TeamViewer_7.0_Release\TeamViewer\TVHooks64\release\tv_w32exe.pdb
Imports
kernel32
CreateEventW
CloseHandle
GetLastError
SetEvent
GetVersionExW
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
Sleep
GetSystemDirectoryW
LoadLibraryW
OpenMutexA
GetTickCount
CreateFileW
GetLocalTime
GetCurrentThreadId
ReleaseMutex
GetCurrentProcessId
CreateMutexW
SetFilePointer
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
WriteFile
GetCommandLineW
GetCurrentProcess
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WideCharToMultiByte
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
RaiseException
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
MultiByteToWideChar
LCMapStringA
LCMapStringW
HeapSize
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
WriteConsoleA
VirtualQuery
user32
MsgWaitForMultipleObjectsEx
TranslateMessage
SendInput
BlockInput
DispatchMessageW
PeekMessageW
shell32
ShellExecuteExW
Sections
.text Size: 72KB - Virtual size: 68KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 904B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tv_x64.dll.dll windows:4 windows x64 arch:x64
7ef72627fd1779fd9f2d40d5078f5989
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
3d:27:af:be:a5:99:6f:13:e5:b5:62:44:21:f1:62:95Certificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before08/08/2011, 00:00Not After07/08/2014, 23:59SubjectCN=TeamViewer,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer,L=Goeppingen,ST=Baden Wuerttemberg,C=DEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
e8:2e:47:6e:b5:e4:a1:f6:7a:f4:33:15:95:f6:9a:cf:bf:b4:e5:d2Signer
Actual PE Digeste8:2e:47:6e:b5:e4:a1:f6:7a:f4:33:15:95:f6:9a:cf:bf:b4:e5:d2Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
c:\TeamViewer_7.0_Release\TeamViewer\TVHooks64\release\tv_x64dll.pdb
Imports
msvcrt
_onexit
__dllonexit
realloc
calloc
malloc
free
_initterm
_wcslwr
wcsstr
strncmp
memmove
__C_specific_handler
strrchr
_strlwr
_snprintf
_vsnprintf
strncpy
strncat
memcpy
memset
comctl32
InitCommonControlsEx
kernel32
FileTimeToSystemTime
InitializeCriticalSection
GetLastError
LeaveCriticalSection
EnterCriticalSection
HeapFree
GetProcessHeap
CloseHandle
Thread32Next
SuspendThread
OpenThread
Thread32First
CreateToolhelp32Snapshot
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
ResumeThread
VirtualProtect
GetVersionExW
QueryPerformanceCounter
GetFileAttributesExW
HeapAlloc
GlobalUnlock
GlobalLock
DeleteCriticalSection
GetProcAddress
LoadLibraryA
FreeLibrary
GetSystemDirectoryA
GetLocalTime
DisableThreadLibraryCalls
OpenMutexW
GetModuleFileNameA
FreeLibraryAndExitThread
Sleep
LoadLibraryW
GetModuleFileNameW
CreateThread
LocalFree
CreateMutexW
CreateEventW
UnmapViewOfFile
ReleaseMutex
WaitForSingleObject
SetEvent
GetTickCount
IsBadWritePtr
IsBadReadPtr
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
LocalAlloc
SetLastError
user32
SendNotifyMessageW
UnhookWindowsHookEx
SendMessageTimeoutW
UnregisterClassW
CreateWindowExW
RegisterClipboardFormatW
SetTimer
KillTimer
DefWindowProcW
DestroyWindow
CallNextHookEx
RegisterClassExW
LoadCursorW
GetClassInfoExW
SetWindowPos
IsWindowVisible
IsWindow
ReleaseDC
GetWindowRect
GetWindowDC
SendMessageW
ShowWindow
GetWindow
GetSysColor
LoadBitmapW
GetSystemMetrics
SystemParametersInfoW
GetClientRect
IsZoomed
GetWindowInfo
GetClassNameA
IsRectEmpty
CallWindowProcW
RedrawWindow
MoveWindow
IsIconic
PostMessageW
TrackMouseEvent
InvalidateRect
GetActiveWindow
SetWindowLongPtrW
EndPaint
BeginPaint
GetWindowLongPtrW
FindWindowExW
FindWindowW
MapWindowPoints
GetDesktopWindow
ClientToScreen
GetDC
GetUpdateRect
RegisterWindowMessageW
SetWindowsHookExW
gdi32
RectVisible
GetPixel
SetPixel
GetObjectW
CreateCompatibleBitmap
CreateSolidBrush
MoveToEx
LineTo
DeleteObject
Polyline
CreatePen
GetStockObject
Rectangle
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
GdiFlush
ExtCreatePen
DeleteDC
shell32
DragQueryFileW
ole32
ReleaseStgMedium
CoCreateInstance
Exports
Exports
GetLoaderInterface
Sections
.text Size: 44KB - Virtual size: 43KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.shared Size: 512B - Virtual size: 64B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 316B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tv_x64.exe.exe windows:4 windows x64 arch:x64
e50c79d233ed25e164f8056b5c58179f
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
3d:27:af:be:a5:99:6f:13:e5:b5:62:44:21:f1:62:95Certificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before08/08/2011, 00:00Not After07/08/2014, 23:59SubjectCN=TeamViewer,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer,L=Goeppingen,ST=Baden Wuerttemberg,C=DEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
bc:20:86:08:81:72:b7:6c:c8:da:7a:0d:87:e3:34:d9:d3:ec:0a:ddSigner
Actual PE Digestbc:20:86:08:81:72:b7:6c:c8:da:7a:0d:87:e3:34:d9:d3:ec:0a:ddDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
c:\TeamViewer_7.0_Release\TeamViewer\TVHooks64\release\tv_x64exe.pdb
Imports
kernel32
GetLastError
CloseHandle
SetEvent
GetVersionExW
CreateEventW
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
Sleep
LoadLibraryW
GetSystemDirectoryW
GetTickCount
OpenMutexA
GetCurrentThreadId
ReleaseMutex
GetCurrentProcessId
CreateMutexW
SetFilePointer
WaitForSingleObject
WriteFile
CreateFileW
GetLocalTime
GetCommandLineW
GetCurrentProcess
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
WideCharToMultiByte
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
EnterCriticalSection
LeaveCriticalSection
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
FlsGetValue
FlsSetValue
TlsFree
FlsFree
SetLastError
FlsAlloc
MultiByteToWideChar
LCMapStringA
LCMapStringW
RtlVirtualUnwind
HeapSize
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapReAlloc
InitializeCriticalSection
user32
TranslateMessage
MsgWaitForMultipleObjectsEx
PeekMessageW
DispatchMessageW
shell32
ShellExecuteExW
Sections
.text Size: 97KB - Virtual size: 96KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
x64/TVMonitor.inf
-
x64/TVMonitor.sys.sys windows:6 windows x64 arch:x64
f24b69173de020aa0ac1739d7b40e04c
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before16/07/2004, 00:00Not After15/07/2014, 23:59SubjectCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
25:c9:02:d0:26:e3:12:44:c1:25:99:67:71:c9:dc:01Certificate
IssuerCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USNot Before16/01/2008, 00:00Not After22/02/2011, 23:59SubjectCN=TeamViewer GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer GmbH,ST=Baden Wuerttemberg,C=DEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:01Not After23/05/2016, 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
28:b9:c1:45:0c:8e:03:ed:63:23:c6:60:a2:8f:f1:31:e1:99:44:3bSigner
Actual PE Digest28:b9:c1:45:0c:8e:03:ed:63:23:c6:60:a2:8f:f1:31:e1:99:44:3bDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
j:\teamviewer6.0\monitordriver\objfre_wlh_amd64\amd64\TVMonitor.pdb
Imports
ntoskrnl.exe
IoAcquireRemoveLockEx
KeClearEvent
IoDeleteSymbolicLink
_snwprintf
RtlInitUnicodeString
IoDeleteDevice
KeSetEvent
KeInitializeEvent
IoReleaseRemoveLockEx
IoDetachDevice
PoRequestPowerIrp
KeSetTimerEx
PsCreateSystemThread
PsTerminateSystemThread
PoStartNextPowerIrp
ZwClose
IofCompleteRequest
IoReleaseRemoveLockAndWaitEx
ObReferenceObjectByHandle
KeWaitForSingleObject
IoGetAttachedDeviceReference
IoAttachDeviceToDeviceStack
PoCallDriver
IoCreateSymbolicLink
ObfDereferenceObject
IoInitializeRemoveLockEx
IoCreateDevice
KeInitializeTimerEx
KeCancelTimer
KeWaitForMultipleObjects
IofCallDriver
KeBugCheckEx
Sections
.text Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 564B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 288B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 204B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 960B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x64/tvmonitor.cat
-
x86/TVMonitor.inf
-
x86/TVMonitor.sys.sys windows:6 windows x86 arch:x86
bc06eb1dad5e8285411e580cdee99e10
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before16/07/2004, 00:00Not After15/07/2014, 23:59SubjectCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
25:c9:02:d0:26:e3:12:44:c1:25:99:67:71:c9:dc:01Certificate
IssuerCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USNot Before16/01/2008, 00:00Not After22/02/2011, 23:59SubjectCN=TeamViewer GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer GmbH,ST=Baden Wuerttemberg,C=DEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:01Not After23/05/2016, 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
a9:a5:16:65:95:db:d6:e5:d9:29:b0:53:6a:3f:4b:f8:81:cb:42:83Signer
Actual PE Digesta9:a5:16:65:95:db:d6:e5:d9:29:b0:53:6a:3f:4b:f8:81:cb:42:83Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
j:\teamviewer6.0\monitordriver\objfre_wxp_x86\i386\TVMonitor.pdb
Imports
ntoskrnl.exe
RtlInitUnicodeString
_snwprintf
IofCompleteRequest
IoReleaseRemoveLockEx
PoCallDriver
IoAcquireRemoveLockEx
PoStartNextPowerIrp
IofCallDriver
ObfDereferenceObject
IoGetAttachedDeviceReference
IoDeleteDevice
IoDetachDevice
KeWaitForSingleObject
KeSetEvent
PoRequestPowerIrp
IoAttachDeviceToDeviceStack
IoDeleteSymbolicLink
IoInitializeRemoveLockEx
IoCreateSymbolicLink
IoCreateDevice
InterlockedIncrement
IoReleaseRemoveLockAndWaitEx
PsTerminateSystemThread
KeCancelTimer
KeWaitForMultipleObjects
KeSetTimerEx
KeClearEvent
KeInitializeTimerEx
ZwClose
ObReferenceObjectByHandle
PsCreateSystemThread
KeTickCount
KeBugCheckEx
KeInitializeEvent
KeGetCurrentThread
hal
KeGetCurrentIrql
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 384B - Virtual size: 277B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 128B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 960B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 384B - Virtual size: 274B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x86/tvmonitor.cat