Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc
Overview
overview
7Static
static
3a900dd64b9...18.exe
windows7-x64
7a900dd64b9...18.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$TEMP/Team...er.exe
windows7-x64
7$TEMP/Team...er.exe
windows10-2004-x64
7$TEMP/Team...op.exe
windows7-x64
3$TEMP/Team...op.exe
windows10-2004-x64
3$TEMP/Team...es.dll
windows7-x64
1$TEMP/Team...es.dll
windows10-2004-x64
1$TEMP/Team...CN.dll
windows7-x64
1$TEMP/Team...CN.dll
windows10-2004-x64
1$TEMP/Team...es.dll
windows7-x64
1$TEMP/Team...es.dll
windows10-2004-x64
1$TEMP/Team...32.dll
windows7-x64
1$TEMP/Team...32.dll
windows10-2004-x64
1$TEMP/Team...32.exe
windows7-x64
1$TEMP/Team...32.exe
windows10-2004-x64
1$TEMP/Team...64.dll
windows7-x64
1$TEMP/Team...64.dll
windows10-2004-x64
1$TEMP/Team...64.exe
windows7-x64
1$TEMP/Team...64.exe
windows10-2004-x64
1Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
a900dd64b9be551600f4ca851bd25f88_JaffaCakes118.exe
Resource
win7-20240221-en
windows7-x64
13 signatures
150 seconds
Behavioral task
behavioral2
Sample
a900dd64b9be551600f4ca851bd25f88_JaffaCakes118.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
13 signatures
150 seconds
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240611-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral5
Sample
$TEMP/TeamViewer~/TeamViewer.exe
Resource
win7-20231129-en
windows7-x64
21 signatures
150 seconds
Behavioral task
behavioral6
Sample
$TEMP/TeamViewer~/TeamViewer.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
21 signatures
150 seconds
Behavioral task
behavioral7
Sample
$TEMP/TeamViewer~/TeamViewer_Desktop.exe
Resource
win7-20240611-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral8
Sample
$TEMP/TeamViewer~/TeamViewer_Desktop.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral9
Sample
$TEMP/TeamViewer~/TeamViewer_Resource_es.dll
Resource
win7-20240611-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral10
Sample
$TEMP/TeamViewer~/TeamViewer_Resource_es.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral11
Sample
$TEMP/TeamViewer~/TeamViewer_Resource_zhCN.dll
Resource
win7-20231129-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral12
Sample
$TEMP/TeamViewer~/TeamViewer_Resource_zhCN.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral13
Sample
$TEMP/TeamViewer~/TeamViewer_StaticRes.dll
Resource
win7-20240611-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral14
Sample
$TEMP/TeamViewer~/TeamViewer_StaticRes.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral15
Sample
$TEMP/TeamViewer~/tv_w32.dll
Resource
win7-20240508-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral16
Sample
$TEMP/TeamViewer~/tv_w32.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral17
Sample
$TEMP/TeamViewer~/tv_w32.exe
Resource
win7-20240508-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral18
Sample
$TEMP/TeamViewer~/tv_w32.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral19
Sample
$TEMP/TeamViewer~/tv_x64.dll
Resource
win7-20240611-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral20
Sample
$TEMP/TeamViewer~/tv_x64.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral21
Sample
$TEMP/TeamViewer~/tv_x64.exe
Resource
win7-20240611-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral22
Sample
$TEMP/TeamViewer~/tv_x64.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
a900dd64b9be551600f4ca851bd25f88_JaffaCakes118
-
Size
15.0MB
-
MD5
a900dd64b9be551600f4ca851bd25f88
-
SHA1
7a50afd5c4cb96665668a869e4f955b676fdf1ff
-
SHA256
a477c252d5a123c1aafc26f9ab241a1fa0a3eb8c826325a2d308ba4d5b28620d
-
SHA512
ff72a79be19a1e137ffde4ee5f48e1126e6353de50e904cdfa32c6efdb74b5c2f7c70a8fdfb8e032b5c1f3b1054e14ec7506f807132ef5365e653c2c22b6efc2
-
SSDEEP
393216:cdSQ81U9tVx6Y78UlYYDPUfCE8m4A5KBlupw:cdx81Cjxd7PxDScAmuy
Score
3/10
Malware Config
Signatures
-
Unsigned PE 4 IoCs
Checks for missing Authenticode signature.
resource a900dd64b9be551600f4ca851bd25f88_JaffaCakes118 unpack001/$PLUGINSDIR/System.dll unpack001/$TEMP/TeamViewer~/TeamViewer.exe unpack001/$TEMP/TeamViewer~/TeamViewer_Desktop.exe -
NSIS installer 2 IoCs
resource yara_rule sample nsis_installer_1 sample nsis_installer_2
Files
-
a900dd64b9be551600f4ca851bd25f88_JaffaCakes118.exe windows:4 windows x86 arch:x86
59a4a44a250c4cf4f2d9de2b3fe5d95f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetTickCount
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
SearchPathA
GetShortPathNameA
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
Sleep
CloseHandle
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrlenA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrcpyA
lstrcatA
GetSystemDirectoryA
GetVersion
GetProcAddress
GlobalAlloc
CompareFileTime
SetFileTime
ExpandEnvironmentStringsA
lstrcmpiA
lstrcmpA
WaitForSingleObject
GlobalFree
GetExitCodeProcess
GetModuleHandleA
GetTempPathA
GetWindowsDirectoryA
LoadLibraryExA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
WriteFile
FindClose
WritePrivateProfileStringA
MultiByteToWideChar
MulDiv
GetPrivateProfileStringA
FreeLibrary
user32
CreateWindowExA
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
GetDC
SystemParametersInfoA
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
DestroyWindow
CreateDialogParamA
SetTimer
GetDlgItem
wsprintfA
SetForegroundWindow
ShowWindow
IsWindow
LoadImageA
SetWindowLongA
SetClipboardData
EmptyClipboard
OpenClipboard
EndPaint
PostQuitMessage
FindWindowExA
SendMessageTimeoutA
SetWindowTextA
gdi32
SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor
shell32
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
advapi32
RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA
comctl32
ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17
ole32
CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Sections
.text Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 105KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 36KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 285KB - Virtual size: 284KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/System.dll.dll windows:4 windows x86 arch:x86
8c8a576201f68de1a3f26fc723b9f30f
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError
user32
wsprintfA
ole32
StringFromGUID2
CLSIDFromString
Exports
Exports
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 851B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 104B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 610B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$TEMP/TeamViewer~/TeamViewer.exe.exe windows:5 windows x86 arch:x86
9896547dd7809c790784b4990b0b58f5
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
E:\TeamViewer_Workspace\TeamViewer_13.0_Release\BuildTarget\Release2017\TeamViewer.pdb
Imports
kernel32
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
InterlockedExchange
EnterCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
PostQueuedCompletionStatus
GetLastError
SetEvent
TlsAlloc
InterlockedExchangeAdd
CloseHandle
RaiseException
DecodePointer
DeleteCriticalSection
InterlockedIncrement
TlsFree
CreateEventA
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameA
GetSystemDirectoryA
SetLastError
InitializeCriticalSection
WaitForSingleObjectEx
DuplicateHandle
GetCurrentProcess
CreateSemaphoreA
ReleaseSemaphore
GetSystemTimeAsFileTime
TlsGetValue
SetWaitableTimer
WaitForSingleObject
SleepEx
CreateEventW
CreateWaitableTimerW
ResetEvent
OpenEventA
UnregisterWaitEx
RegisterWaitForSingleObject
GetTickCount
GetProcAddress
MulDiv
TlsSetValue
WideCharToMultiByte
CreateIoCompletionPort
FindResourceW
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
Sleep
FreeLibrary
GetPrivateProfileStringW
WritePrivateProfileStringW
GlobalAlloc
GlobalFree
GlobalSize
GlobalLock
GlobalUnlock
DeleteFileW
FindFirstFileW
GetFileAttributesW
FindClose
GetVersionExW
LocalFree
LocalAlloc
FormatMessageW
GetCommandLineW
lstrlenW
GetModuleHandleW
GetModuleFileNameW
MultiByteToWideChar
CreateJobObjectW
SetInformationJobObject
AssignProcessToJobObject
ReadFile
WriteFile
CreatePipe
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FileTimeToSystemTime
OutputDebugStringW
CreateDirectoryW
SetThreadPriority
GetCurrentThread
WaitForMultipleObjects
SizeofResource
LockResource
LoadResource
FindResourceExW
CopyFileW
GetLocalTime
GetTimeFormatW
VirtualAlloc
VirtualFree
UnregisterWait
CreateFileW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetSystemDirectoryW
SetUnhandledExceptionFilter
FindNextFileW
LoadLibraryW
SetFilePointer
GetLogicalDriveStringsW
GetDriveTypeW
GetDiskFreeSpaceExW
SetFileAttributesW
GetFileSize
CreateThread
ResumeThread
GetExitCodeThread
QueueUserAPC
MoveFileExW
GetTempPathW
ExpandEnvironmentStringsW
GetUserGeoID
GetGeoInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
GetSystemInfo
GlobalMemoryStatusEx
GetComputerNameW
MoveFileW
SystemTimeToFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
SetFileTime
GetFileInformationByHandle
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SetThreadAffinityMask
QueryPerformanceFrequency
SwitchToThread
FormatMessageA
GetQueuedCompletionStatus
VerifyVersionInfoW
VerSetConditionMask
TerminateThread
LoadLibraryExW
GetWindowsDirectoryW
SetDllDirectoryW
HeapSetInformation
GetVolumeInformationW
GetNativeSystemInfo
OpenEventW
CreateFileMappingA
OpenFileMappingA
MapViewOfFileEx
OpenProcess
WaitNamedPipeW
CreateProcessW
TerminateProcess
GetProcessId
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
SetFilePointerEx
ReleaseMutex
CreateMutexW
OpenMutexW
GetPrivateProfileIntW
GetPrivateProfileSectionW
GetDateFormatW
lstrcmpiW
SetThreadExecutionState
GetComputerNameExW
SetEndOfFile
GetFileAttributesExW
SetErrorMode
DeviceIoControl
CompareFileTime
GetFullPathNameW
GetSystemPowerStatus
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
GetFullPathNameA
UnlockFileEx
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
CreateFileA
LoadLibraryA
GetVersionExA
DeleteFileA
HeapCompact
UnlockFile
LockFileEx
GetSystemTime
FlushFileBuffers
GetOverlappedResult
GetTempFileNameW
GetExitCodeProcess
GetPriorityClass
SetPriorityClass
lstrcmpW
GlobalHandle
OpenThread
GetComputerNameExA
CreateSemaphoreW
ExpandEnvironmentStringsA
GetThreadTimes
GetCommandLineA
VirtualProtect
VirtualQuery
CompareStringW
SetProcessShutdownParameters
GetStringTypeW
EncodePointer
GetCPInfo
LCMapStringW
IsDebuggerPresent
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
GetStringTypeExW
LCMapStringA
GetUserDefaultLCID
GetStringTypeExA
GetEnvironmentVariableW
GetFileTime
RemoveDirectoryW
CreateDirectoryExW
WaitForMultipleObjectsEx
CreateWaitableTimerA
UnhandledExceptionFilter
GetStartupInfoW
RtlUnwind
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetFileType
PeekNamedPipe
ExitProcess
GetStdHandle
GetACP
GetConsoleMode
ReadConsoleW
GetConsoleCP
IsValidLocale
EnumSystemLocalesW
SetStdHandle
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
FindFirstFileExA
FindNextFileA
WriteConsoleW
Sections
.DFX Size: 31.2MB - Virtual size: 31.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.DFX Size: 5.6MB - Virtual size: 5.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.DFX Size: 1.4MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.DFX Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.DFX Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.DFX Size: 298KB - Virtual size: 297KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.DFX Size: 1.7MB - Virtual size: 1.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$TEMP/TeamViewer~/TeamViewer_Desktop.exe.exe windows:5 windows x86 arch:x86
55430ed75fa1c810b690919b97a1f375
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
E:\TeamViewer_Workspace\TeamViewer_13.0_Release\BuildTarget\Release2017\TeamViewer_Desktop.pdb
Imports
kernel32
CloseHandle
InterlockedExchange
InterlockedCompareExchange
WaitForSingleObjectEx
CreateEventA
SetEvent
InterlockedExchangeAdd
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
PostQueuedCompletionStatus
TlsFree
GetLastError
TlsAlloc
TlsGetValue
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsSetValue
GetCurrentProcessId
OpenEventA
ResetEvent
GetSystemTimeAsFileTime
SetWaitableTimer
WaitForSingleObject
SleepEx
CreateEventW
CreateWaitableTimerW
GetTickCount
InterlockedDecrement
InitializeCriticalSection
GetProcessHeap
HeapFree
HeapAlloc
Sleep
GetCurrentThreadId
QueryPerformanceCounter
CreateFileW
DeviceIoControl
WTSGetActiveConsoleSessionId
GetSystemTimes
GetProcessTimes
GetCurrentProcess
RaiseException
SetLastError
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameA
GetSystemDirectoryA
GetCommandLineW
GetModuleFileNameW
GetProcessShutdownParameters
SetProcessShutdownParameters
DecodePointer
ReleaseSemaphore
DuplicateHandle
CreateSemaphoreA
GetProcAddress
LocalAlloc
LocalFree
GetCurrentThread
LoadLibraryW
SetFilePointer
GetSystemInfo
VirtualProtect
VirtualQuery
FreeLibrary
GetModuleHandleW
GetSystemDirectoryW
SetUnhandledExceptionFilter
FindFirstFileW
FindNextFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FindClose
DeleteFileW
WriteFile
HeapSize
HeapReAlloc
WideCharToMultiByte
GetFileAttributesW
QueryPerformanceFrequency
MultiByteToWideChar
GetVersionExW
GetUserGeoID
GetGeoInfoW
GetComputerNameW
VerSetConditionMask
VerifyVersionInfoW
OpenProcess
WaitNamedPipeW
ReadFile
ResumeThread
CreateProcessW
TerminateProcess
WaitForMultipleObjects
ProcessIdToSessionId
UnregisterWaitEx
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateDirectoryW
SetDllDirectoryW
HeapSetInformation
LoadLibraryExW
GetQueuedCompletionStatus
CreateIoCompletionPort
QueueUserAPC
TerminateThread
SetFilePointerEx
ReleaseMutex
CreateMutexW
OpenMutexW
GetFileSize
GetTimeZoneInformation
GetLocalTime
GetTimeFormatW
GetDateFormatW
SystemTimeToFileTime
GetPrivateProfileStringW
GetTempPathW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
GlobalMemoryStatusEx
SetFileAttributesW
lstrcmpiW
SizeofResource
LoadResource
FindResourceW
SetThreadExecutionState
GetStringTypeW
EncodePointer
GetCPInfo
CompareStringW
LCMapStringW
IsDebuggerPresent
OutputDebugStringW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
FormatMessageA
GetCurrentDirectoryW
GetFileInformationByHandle
GetFullPathNameW
RemoveDirectoryW
SetEndOfFile
SetFileTime
CopyFileW
AreFileApisANSI
WaitForMultipleObjectsEx
CreateWaitableTimerA
LoadLibraryA
LCMapStringA
GetUserDefaultLCID
GetStringTypeExA
UnhandledExceptionFilter
GetStartupInfoW
RtlUnwind
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
GetACP
GetFileType
IsValidLocale
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
FindFirstFileExA
FindNextFileA
GetCommandLineA
SetStdHandle
WriteConsoleW
ReadConsoleW
CreateSemaphoreW
GetThreadTimes
GetPrivateProfileIntW
GetPrivateProfileSectionW
WritePrivateProfileStringW
SwitchToThread
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
MapViewOfFileEx
OpenEventW
GetExitCodeThread
GetTempFileNameW
GetDriveTypeW
PeekNamedPipe
LocalFileTimeToFileTime
Sections
.DFX Size: 6.6MB - Virtual size: 6.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.DFX Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.DFX Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.DFX Size: 137KB - Virtual size: 155KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.DFX Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.DFX Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.DFX Size: 282KB - Virtual size: 281KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.DFX Size: 286KB - Virtual size: 285KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$TEMP/TeamViewer~/TeamViewer_Resource_es.dll.dll windows:5 windows x86 arch:x86
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
7e:c0:da:c3:9a:e3:64:6b:14:93:27:7f:76:1a:0e:c3Certificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before28/11/2016, 00:00Not After03/03/2018, 23:59SubjectCN=TeamViewer GmbH,O=TeamViewer GmbH,L=Goeppingen,ST=Baden-Wuerttemberg,C=DEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
c3:f4:f0:f9:0a:b4:5e:a5:68:46:fd:f0:50:98:04:d7:48:c3:93:f2Signer
Actual PE Digestc3:f4:f0:f9:0a:b4:5e:a5:68:46:fd:f0:50:98:04:d7:48:c3:93:f2Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 112B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 779KB - Virtual size: 778KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$TEMP/TeamViewer~/TeamViewer_Resource_zhCN.dll.dll windows:5 windows x86 arch:x86
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
7e:c0:da:c3:9a:e3:64:6b:14:93:27:7f:76:1a:0e:c3Certificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before28/11/2016, 00:00Not After03/03/2018, 23:59SubjectCN=TeamViewer GmbH,O=TeamViewer GmbH,L=Goeppingen,ST=Baden-Wuerttemberg,C=DEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
a0:47:af:28:e2:63:17:12:4f:a8:d9:35:10:20:8b:9d:1e:ea:b9:b0Signer
Actual PE Digesta0:47:af:28:e2:63:17:12:4f:a8:d9:35:10:20:8b:9d:1e:ea:b9:b0Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 112B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 550KB - Virtual size: 549KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$TEMP/TeamViewer~/TeamViewer_StaticRes.dll.dll windows:5 windows x86 arch:x86
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
7e:c0:da:c3:9a:e3:64:6b:14:93:27:7f:76:1a:0e:c3Certificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before28/11/2016, 00:00Not After03/03/2018, 23:59SubjectCN=TeamViewer GmbH,O=TeamViewer GmbH,L=Goeppingen,ST=Baden-Wuerttemberg,C=DEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
83:2c:5f:38:ad:1e:8c:82:98:b0:5f:3b:31:4b:d5:49:b0:d1:67:b3Signer
Actual PE Digest83:2c:5f:38:ad:1e:8c:82:98:b0:5f:3b:31:4b:d5:49:b0:d1:67:b3Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 112B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 4.5MB - Virtual size: 4.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$TEMP/TeamViewer~/tv_w32.dll.dll windows:5 windows x86 arch:x86
2ed8d6eb5aeefd437d2b3ae82c8fa7a1
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
7e:c0:da:c3:9a:e3:64:6b:14:93:27:7f:76:1a:0e:c3Certificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before28/11/2016, 00:00Not After03/03/2018, 23:59SubjectCN=TeamViewer GmbH,O=TeamViewer GmbH,L=Goeppingen,ST=Baden-Wuerttemberg,C=DEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
5e:f6:4a:8d:bf:cc:fb:91:1a:6c:b8:d0:82:0b:ed:70:a4:69:c3:c5Signer
Actual PE Digest5e:f6:4a:8d:bf:cc:fb:91:1a:6c:b8:d0:82:0b:ed:70:a4:69:c3:c5Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
E:\TeamViewer_Workspace\TeamViewer_13.0_Release\BuildTarget\Release2017\tv_w32dll.pdb
Imports
version
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
comctl32
InitCommonControlsEx
kernel32
CreateRemoteThread
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetVersionExW
GetFileAttributesExW
FileTimeToSystemTime
GlobalLock
DeleteCriticalSection
GlobalUnlock
GetSystemDirectoryA
LoadLibraryA
FreeLibrary
GetCurrentThreadId
GetLocalTime
GetModuleFileNameA
InterlockedExchange
InterlockedCompareExchange
Thread32Next
Thread32First
SuspendThread
ResumeThread
DisableThreadLibraryCalls
OpenMutexW
OpenThread
GetExitCodeProcess
GetModuleFileNameW
FreeLibraryAndExitThread
Sleep
LoadLibraryW
CreateThread
IsBadWritePtr
GetCurrentProcess
InterlockedDecrement
CreateMutexW
WaitForSingleObject
ReleaseMutex
OpenFileMappingW
UnmapViewOfFile
CreateEventW
SetEvent
LocalFree
VerSetConditionMask
VerifyVersionInfoW
InterlockedIncrement
IsBadReadPtr
CreateFileMappingW
MapViewOfFile
GetTickCount
VirtualQuery
SetLastError
LocalAlloc
GetModuleHandleW
Module32NextW
GetConsoleCP
WriteFile
HeapReAlloc
HeapSize
SetStdHandle
GetStringTypeW
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleMode
GetFileType
GetStdHandle
GetACP
GetCurrentThread
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
InterlockedFlushSList
InterlockedPushEntrySList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
TerminateProcess
OutputDebugStringA
GetProcessHeap
GetCurrentProcessId
HeapAlloc
CloseHandle
QueryPerformanceFrequency
GetLastError
CreateToolhelp32Snapshot
OpenProcess
GetModuleHandleA
Module32First
Module32Next
VirtualAlloc
VirtualFree
HeapFree
VirtualProtect
GetProcAddress
OutputDebugStringW
WaitForSingleObjectEx
RaiseException
Module32FirstW
CreateFileW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WriteConsoleW
DecodePointer
EncodePointer
FlushFileBuffers
SetFilePointerEx
user32
GetDC
ClientToScreen
MapWindowPoints
GetUpdateRect
FindWindowW
GetDesktopWindow
GetWindowLongW
CallWindowProcW
PostMessageW
GetWindow
SendMessageW
GetSystemMetrics
GetActiveWindow
ShowWindow
RedrawWindow
GetWindowInfo
TrackMouseEvent
GetSysColor
LoadBitmapW
IsRectEmpty
SetWindowLongW
GetClientRect
SystemParametersInfoW
InvalidateRect
FindWindowExW
BeginPaint
EndPaint
GetWindowRect
IsWindowVisible
SetWindowPos
GetWindowDC
ReleaseDC
RegisterClassExW
LoadCursorW
GetClassInfoExW
RegisterClipboardFormatW
DefWindowProcW
SendMessageTimeoutW
CallNextHookEx
UnregisterClassW
IsWindow
SetTimer
UnhookWindowsHookEx
SendNotifyMessageW
GetClassNameW
SetWindowsHookExW
KillTimer
RegisterWindowMessageW
DestroyWindow
CreateWindowExW
IsIconic
IsZoomed
gdi32
Polyline
SetPixel
CreateCompatibleBitmap
RectVisible
GetPixel
LineTo
ExtCreatePen
GetObjectW
MoveToEx
CreateSolidBrush
GetStockObject
CreatePen
Rectangle
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
GdiFlush
DeleteDC
DeleteObject
shell32
DragQueryFileW
ole32
CoUninitialize
ReleaseStgMedium
CoCreateInstance
CoInitialize
Exports
Exports
GetLoaderInterface
GetTeamViewerInterface
Sections
.text Size: 298KB - Virtual size: 298KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 58KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.shared Size: 512B - Virtual size: 36B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$TEMP/TeamViewer~/tv_w32.exe.exe windows:5 windows x86 arch:x86
993918e2ad2dafe579c3823992d50ab9
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
7e:c0:da:c3:9a:e3:64:6b:14:93:27:7f:76:1a:0e:c3Certificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before28/11/2016, 00:00Not After03/03/2018, 23:59SubjectCN=TeamViewer GmbH,O=TeamViewer GmbH,L=Goeppingen,ST=Baden-Wuerttemberg,C=DEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
e6:e1:27:4e:0f:43:5f:83:e3:3f:48:22:a0:7a:e2:37:10:27:0b:fcSigner
Actual PE Digeste6:e1:27:4e:0f:43:5f:83:e3:3f:48:22:a0:7a:e2:37:10:27:0b:fcDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
E:\TeamViewer_Workspace\TeamViewer_13.0_Release\BuildTarget\Release2017\tv_w32exe.pdb
Imports
setupapi
SetupDiEnumDeviceInfo
SetupUninstallOEMInfW
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsW
SetupDiGetDeviceRegistryPropertyW
CM_Get_Device_ID_ExW
SetupDiGetDeviceInfoListDetailW
SetupDiGetClassDevsExW
kernel32
SetLastError
CreateFileW
ReadFile
GetTickCount
Sleep
FreeLibrary
GetModuleFileNameA
LoadLibraryA
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
OpenMutexW
CreateWaitableTimerW
SetWaitableTimer
SetEvent
SetFilePointer
WriteFile
ReleaseMutex
CreateMutexW
InterlockedIncrement
InterlockedDecrement
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
LoadLibraryExA
GetModuleHandleA
GetSystemDirectoryA
GetCommandLineW
GetCurrentProcess
CloseHandle
CreateEventW
VerifyVersionInfoW
VerSetConditionMask
GetWindowsDirectoryW
GetModuleFileNameW
GetLastError
LocalFree
SetStdHandle
HeapSize
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
DecodePointer
WaitForSingleObject
GetModuleHandleW
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
WriteConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
GetStdHandle
GetACP
HeapFree
HeapAlloc
GetStringTypeW
GetFileType
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
advapi32
RegCloseKey
RegSetValueExW
RegOpenKeyExW
DeleteService
ControlService
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
RegQueryValueExW
RegOpenKeyW
CloseServiceHandle
Sections
.text Size: 121KB - Virtual size: 120KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 42KB - Virtual size: 41KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 808B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$TEMP/TeamViewer~/tv_x64.dll.dll windows:5 windows x64 arch:x64
29077f5a5ff63d9bab097ee1c0c61d3d
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
7e:c0:da:c3:9a:e3:64:6b:14:93:27:7f:76:1a:0e:c3Certificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before28/11/2016, 00:00Not After03/03/2018, 23:59SubjectCN=TeamViewer GmbH,O=TeamViewer GmbH,L=Goeppingen,ST=Baden-Wuerttemberg,C=DEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
b5:09:ad:6d:70:db:a4:0d:52:83:a3:b5:55:6b:c4:6d:f5:ac:39:37Signer
Actual PE Digestb5:09:ad:6d:70:db:a4:0d:52:83:a3:b5:55:6b:c4:6d:f5:ac:39:37Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
E:\TeamViewer_Workspace\TeamViewer_13.0_Release\BuildTarget\Release2017\tv_x64dll.pdb
Imports
version
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
comctl32
InitCommonControlsEx
kernel32
CreateRemoteThread
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetVersionExW
GetFileAttributesExW
FileTimeToSystemTime
GlobalLock
DeleteCriticalSection
GlobalUnlock
GetSystemDirectoryA
LoadLibraryA
FreeLibrary
GetCurrentThreadId
GetLocalTime
GetModuleFileNameA
Thread32Next
Thread32First
SuspendThread
ResumeThread
DisableThreadLibraryCalls
OpenMutexW
OpenThread
GetModuleFileNameW
FreeLibraryAndExitThread
Sleep
LoadLibraryW
CreateThread
IsBadWritePtr
CreateMutexW
WaitForSingleObject
ReleaseMutex
OpenFileMappingW
UnmapViewOfFile
CreateEventW
SetEvent
LocalFree
VerSetConditionMask
VerifyVersionInfoW
IsBadReadPtr
CreateFileMappingW
MapViewOfFile
GetTickCount
VirtualQuery
SetLastError
LocalAlloc
HeapReAlloc
HeapSize
GetModuleHandleW
GetStringTypeW
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileType
GetStdHandle
GetACP
GetCurrentThread
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
WriteFile
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
OutputDebugStringA
GetProcessHeap
GetCurrentProcessId
HeapAlloc
CloseHandle
QueryPerformanceFrequency
GetLastError
CreateToolhelp32Snapshot
OpenProcess
GetModuleHandleA
Module32First
Module32Next
VirtualAlloc
VirtualFree
HeapFree
VirtualProtect
GetProcAddress
OutputDebugStringW
WaitForSingleObjectEx
RaiseException
SetStdHandle
CreateFileW
UnhandledExceptionFilter
RtlVirtualUnwind
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
RtlCaptureContext
RtlLookupFunctionEntry
user32
GetDC
ClientToScreen
MapWindowPoints
GetUpdateRect
FindWindowW
GetDesktopWindow
CallWindowProcW
PostMessageW
GetWindow
SetWindowLongPtrW
SendMessageW
GetSystemMetrics
GetWindowLongPtrW
GetActiveWindow
ShowWindow
RedrawWindow
GetWindowInfo
GetSysColor
LoadBitmapW
IsRectEmpty
GetClientRect
IsZoomed
SystemParametersInfoW
InvalidateRect
FindWindowExW
BeginPaint
EndPaint
GetWindowRect
IsWindowVisible
SetWindowPos
GetWindowDC
ReleaseDC
RegisterClassExW
LoadCursorW
GetClassInfoExW
RegisterClipboardFormatW
DefWindowProcW
SendMessageTimeoutW
CallNextHookEx
UnregisterClassW
IsWindow
SetTimer
UnhookWindowsHookEx
SendNotifyMessageW
GetClassNameW
SetWindowsHookExW
KillTimer
RegisterWindowMessageW
DestroyWindow
CreateWindowExW
IsIconic
TrackMouseEvent
gdi32
Polyline
SetPixel
CreateCompatibleBitmap
RectVisible
GetPixel
LineTo
ExtCreatePen
GetObjectW
MoveToEx
CreateSolidBrush
GetStockObject
CreatePen
Rectangle
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
GdiFlush
DeleteDC
DeleteObject
shell32
DragQueryFileW
ole32
CoUninitialize
ReleaseStgMedium
CoCreateInstance
CoInitialize
Exports
Exports
GetLoaderInterface
Sections
.text Size: 341KB - Virtual size: 341KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 95KB - Virtual size: 95KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.shared Size: 512B - Virtual size: 72B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$TEMP/TeamViewer~/tv_x64.exe.exe windows:5 windows x64 arch:x64
2fe79b6f8fa50d580fbfcafca25eebf1
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
7e:c0:da:c3:9a:e3:64:6b:14:93:27:7f:76:1a:0e:c3Certificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before28/11/2016, 00:00Not After03/03/2018, 23:59SubjectCN=TeamViewer GmbH,O=TeamViewer GmbH,L=Goeppingen,ST=Baden-Wuerttemberg,C=DEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
35:fe:25:7f:92:1b:ec:4d:ce:30:0b:ef:51:97:58:27:cf:5e:e7:b4Signer
Actual PE Digest35:fe:25:7f:92:1b:ec:4d:ce:30:0b:ef:51:97:58:27:cf:5e:e7:b4Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
E:\TeamViewer_Workspace\TeamViewer_13.0_Release\BuildTarget\Release2017\tv_x64exe.pdb
Imports
setupapi
SetupDiEnumDeviceInfo
SetupUninstallOEMInfW
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsW
SetupDiGetDeviceRegistryPropertyW
CM_Get_Device_ID_ExW
SetupDiGetDeviceInfoListDetailW
SetupDiGetClassDevsExW
kernel32
SetLastError
CreateFileW
ReadFile
GetTickCount
Sleep
FreeLibrary
GetModuleFileNameA
LoadLibraryA
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
OpenMutexW
CreateWaitableTimerW
SetEvent
WaitForSingleObject
SetFilePointer
WriteFile
ReleaseMutex
CreateMutexW
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
LoadLibraryExA
GetModuleHandleA
GetSystemDirectoryA
GetCommandLineW
GetCurrentProcess
CloseHandle
CreateEventW
VerifyVersionInfoW
VerSetConditionMask
GetWindowsDirectoryW
GetModuleFileNameW
GetLastError
LocalFree
SetStdHandle
HeapSize
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
SetWaitableTimer
RtlLookupFunctionEntry
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
GetModuleHandleW
RtlCaptureContext
WriteConsoleW
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
GetStdHandle
GetACP
HeapFree
HeapAlloc
GetStringTypeW
GetFileType
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
advapi32
RegCloseKey
RegSetValueExW
RegOpenKeyExW
DeleteService
ControlService
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
RegQueryValueExW
RegOpenKeyW
CloseServiceHandle
Sections
.text Size: 127KB - Virtual size: 126KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 61KB - Virtual size: 60KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ