IsNetPath
IsTvPasswordSet
LoadFile
RemoveService
WindowsName
WindowsPlatformArchitecture
WindowsPlatformId
WindowsServerName
WindowsServicePack
WindowsServicePackBuild
WindowsType
WindowsVersion
WindowsVersionMajor
WindowsVersionMinor
Overview
overview
7Static
static
7a971fb6c18...18.exe
windows7-x64
3a971fb6c18...18.exe
windows10-2004-x64
3$PLUGINSDI...on.dll
windows7-x64
3$PLUGINSDI...on.dll
windows10-2004-x64
3$_0_/TeamViewer_.exe
windows7-x64
7$_0_/TeamViewer_.exe
windows10-2004-x64
7$EXEDIR/TV.dll
windows7-x64
1$EXEDIR/TV.dll
windows10-2004-x64
3$EXEDIR/Te...er.exe
windows7-x64
7$EXEDIR/Te...er.exe
windows10-2004-x64
7$EXEDIR/Te...op.exe
windows7-x64
3$EXEDIR/Te...op.exe
windows10-2004-x64
3$EXEDIR/Te...en.dll
windows7-x64
1$EXEDIR/Te...en.dll
windows10-2004-x64
1$EXEDIR/Te...ce.exe
windows7-x64
1$EXEDIR/Te...ce.exe
windows10-2004-x64
1$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Behavioral task
behavioral1
Sample
a971fb6c188905a4c8172e9c9ba4c726_JaffaCakes118.exe
Resource
win7-20231129-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
a971fb6c188905a4c8172e9c9ba4c726_JaffaCakes118.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral3
Sample
$PLUGINSDIR/TvGetVersion.dll
Resource
win7-20240611-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral4
Sample
$PLUGINSDIR/TvGetVersion.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral5
Sample
$_0_/TeamViewer_.exe
Resource
win7-20231129-en
windows7-x64
10 signatures
150 seconds
Behavioral task
behavioral6
Sample
$_0_/TeamViewer_.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
10 signatures
150 seconds
Behavioral task
behavioral7
Sample
$EXEDIR/TV.dll
Resource
win7-20240508-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral8
Sample
$EXEDIR/TV.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral9
Sample
$EXEDIR/TeamViewer.exe
Resource
win7-20240611-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral10
Sample
$EXEDIR/TeamViewer.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
6 signatures
150 seconds
Behavioral task
behavioral11
Sample
$EXEDIR/TeamViewer_Desktop.exe
Resource
win7-20240611-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral12
Sample
$EXEDIR/TeamViewer_Desktop.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral13
Sample
$EXEDIR/TeamViewer_Resource_en.dll
Resource
win7-20240508-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral14
Sample
$EXEDIR/TeamViewer_Resource_en.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral15
Sample
$EXEDIR/TeamViewer_Service.exe
Resource
win7-20240611-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral16
Sample
$EXEDIR/TeamViewer_Service.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral17
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240508-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral18
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral19
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240220-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral20
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
a971fb6c188905a4c8172e9c9ba4c726_JaffaCakes118
-
Size
2.7MB
-
MD5
a971fb6c188905a4c8172e9c9ba4c726
-
SHA1
bf4fab1359c6de29286049e8f1a9ebeb10b073bf
-
SHA256
ae115c27a117878f2ff1c55b5f1d062f0f53932d14355f4b7ab9ad79e8ffc987
-
SHA512
4e5a4c7d5dd684e3a593e8b27f752a5cda462e5a3a6cb0bb76e768dd6ef321ddc8a94e6e8a6a03b1b6288949b76fb58fe51f3ff9c966398e4069be811c6b15df
-
SSDEEP
49152:rHGP7EL45wFHQKqopD2EiUSsrJcPIqiEyHLJHnC2tTT/Us9fDcEC5:rOCLwKqolyrcKPwLtnCsT/UsVy5
Score
7/10
Malware Config
Signatures
-
resource yara_rule static1/unpack001/$_0_/TeamViewer_.exe upx -
Unsigned PE 5 IoCs
Checks for missing Authenticode signature.
resource a971fb6c188905a4c8172e9c9ba4c726_JaffaCakes118 unpack001/$PLUGINSDIR/TvGetVersion.dll unpack002/$PLUGINSDIR/NSISdl.dll unpack002/$PLUGINSDIR/System.dll unpack002/out.upx -
NSIS installer 3 IoCs
resource yara_rule sample nsis_installer_1 sample nsis_installer_2 static1/unpack002/out.upx nsis_installer_2
Files
-
a971fb6c188905a4c8172e9c9ba4c726_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 107KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 40KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/TvGetVersion.dll.dll windows:4 windows x86 arch:x86
a147e98bc4c8de2e7a562af6dc54045c
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetLastError
GlobalFree
CloseHandle
ReadFile
GlobalAlloc
GetFileSize
CreateFileA
GetDriveTypeA
GetCurrentThreadId
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
lstrlenA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteFile
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
lstrcpynA
lstrcpyA
lstrcmpiA
GetSystemInfo
GetModuleHandleA
GetProcAddress
lstrcatA
HeapDestroy
GetVersionExA
user32
wsprintfA
GetSystemMetrics
SendMessageA
advapi32
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CloseServiceHandle
OpenServiceA
OpenSCManagerA
DeleteService
ControlService
Exports
Exports
Sections
.text Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 176B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$_0_/TeamViewer_.exe.exe windows:4 windows x86 arch:x86
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before16/07/2004, 00:00Not After15/07/2014, 23:59SubjectCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
25:c9:02:d0:26:e3:12:44:c1:25:99:67:71:c9:dc:01Certificate
IssuerCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USNot Before16/01/2008, 00:00Not After22/02/2011, 23:59SubjectCN=TeamViewer GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer GmbH,ST=Baden Wuerttemberg,C=DEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
f7:9c:28:ae:0e:e7:3e:36:12:31:a2:53:c8:2d:f0:53:b6:c0:bb:f6Signer
Actual PE Digestf7:9c:28:ae:0e:e7:3e:36:12:31:a2:53:c8:2d:f0:53:b6:c0:bb:f6Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 188KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 17KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
$EXEDIR/TV.dll.dll windows:4 windows x86 arch:x86
05692b5533cab7ba99d5ebc863276c4d
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before16/07/2004, 00:00Not After15/07/2014, 23:59SubjectCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
25:c9:02:d0:26:e3:12:44:c1:25:99:67:71:c9:dc:01Certificate
IssuerCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USNot Before16/01/2008, 00:00Not After22/02/2011, 23:59SubjectCN=TeamViewer GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer GmbH,ST=Baden Wuerttemberg,C=DEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
da:50:b8:e9:3a:5d:79:33:8e:30:aa:0d:3d:38:fa:6f:d0:7c:2c:72Signer
Actual PE Digestda:50:b8:e9:3a:5d:79:33:8e:30:aa:0d:3d:38:fa:6f:d0:7c:2c:72Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
c:\TeamViewer_Split_Release\TeamViewer\qs_release\TV.pdb
Imports
comctl32
InitCommonControlsEx
kernel32
LocalFree
InitializeCriticalSection
HeapSize
WriteFile
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
Sleep
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LCMapStringW
WideCharToMultiByte
LCMapStringA
MultiByteToWideChar
SetLastError
GetModuleFileNameA
GetProcAddress
FreeLibrary
GetTickCount
GetLastError
GetCurrentProcessId
LocalAlloc
InterlockedExchange
CloseHandle
OpenMutexA
GetSystemDirectoryA
LocalLock
CreateMutexA
GetVersionExA
ReleaseMutex
LoadLibraryA
LocalUnlock
GetCurrentThreadId
VirtualQuery
WaitForSingleObject
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
RaiseException
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
user32
SetRect
DestroyWindow
IsRectEmpty
SendMessageA
GetDC
GetWindowLongA
DefWindowProcA
ShowWindow
RegisterWindowMessageA
SetWindowLongA
LoadBitmapA
SetActiveWindow
TrackMouseEvent
SendNotifyMessageA
SetWindowsHookExA
RedrawWindow
InflateRect
UnionRect
FindWindowExA
BeginPaint
MapWindowPoints
InvalidateRect
IsZoomed
GetActiveWindow
CreateWindowExA
GetDesktopWindow
UnhookWindowsHookEx
FindWindowA
GetSysColor
ReleaseDC
GetClassNameA
SetWindowPos
SystemParametersInfoA
GetWindowThreadProcessId
GetClassInfoA
CallNextHookEx
IsWindow
RegisterClassA
LoadCursorA
GetWindowDC
PostMessageA
GetClientRect
GetSystemMetrics
EndPaint
IsWindowVisible
MoveWindow
UnregisterClassA
GetWindowInfo
GetWindowRect
gdi32
CreatePen
MoveToEx
GetStockObject
LineTo
SetPixel
DeleteDC
CombineRgn
GetDeviceCaps
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap
Rectangle
DeleteObject
CreateSolidBrush
Polyline
ExtCreatePen
SelectObject
GetPixel
CreateRectRgn
GetObjectA
advapi32
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
Exports
Exports
AddProcessExclusion
GetChangeRegion
GetChangedWindowList
IsTitleBarButtonPressed
RemoveProcessExclusion
SetButtonXOffset
SetSingleWindow
ShowTitleBarButton
StartHooks
StopHooks
Sections
.text Size: 52KB - Virtual size: 50KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.sharedv Size: 20KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$EXEDIR/TeamViewer.exe.exe windows:4 windows x86 arch:x86
449ff547d02d2d27ec6adde572c3c581
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before16/07/2004, 00:00Not After15/07/2014, 23:59SubjectCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
25:c9:02:d0:26:e3:12:44:c1:25:99:67:71:c9:dc:01Certificate
IssuerCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USNot Before16/01/2008, 00:00Not After22/02/2011, 23:59SubjectCN=TeamViewer GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer GmbH,ST=Baden Wuerttemberg,C=DEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
1b:4f:45:b6:02:32:83:a4:96:eb:5e:4d:d4:2f:1a:20:94:ea:11:34Signer
Actual PE Digest1b:4f:45:b6:02:32:83:a4:96:eb:5e:4d:d4:2f:1a:20:94:ea:11:34Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\TeamViewer_Split_Release\TeamViewer\qs_release\TeamViewer_qs.pdb
Imports
ws2_32
recvfrom
sendto
getsockopt
htonl
send
inet_ntoa
gethostbyname
shutdown
inet_addr
WSARecv
bind
getservbyname
gethostbyaddr
getservbyport
recv
WSAEventSelect
WSAWaitForMultipleEvents
connect
WSASetEvent
htons
WSACreateEvent
ntohs
getpeername
WSACloseEvent
socket
__WSAFDIsSet
ioctlsocket
WSASetLastError
select
WSAGetLastError
closesocket
gethostname
accept
WSAResetEvent
WSACleanup
WSAStartup
WSASend
getsockname
listen
WSASocketW
setsockopt
comctl32
InitCommonControlsEx
ImageList_Create
ImageList_SetBkColor
ImageList_Remove
ImageList_ReplaceIcon
avicap32
capCreateCaptureWindowA
capGetDriverDescriptionA
msvfw32
DrawDibDraw
DrawDibOpen
DrawDibClose
winmm
mixerOpen
waveOutPrepareHeader
waveOutOpen
waveInPrepareHeader
waveInAddBuffer
waveInUnprepareHeader
waveInClose
waveOutPause
waveOutWrite
waveOutUnprepareHeader
waveOutClose
waveOutRestart
waveOutReset
waveOutGetNumDevs
mixerGetID
mixerClose
timeEndPeriod
timeBeginPeriod
waveInOpen
waveInGetNumDevs
waveInReset
waveInStart
mixerSetControlDetails
kernel32
GetLocalTime
VirtualFree
VirtualAlloc
TryEnterCriticalSection
CreateThread
ResumeThread
SetThreadPriority
GetPriorityClass
SetPriorityClass
GetExitCodeThread
ResetEvent
GetCurrentThread
GetExitCodeProcess
TerminateProcess
FindClose
CompareFileTime
CompareStringA
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
QueryPerformanceCounter
QueryPerformanceFrequency
GetFileSize
ReadFile
QueueUserAPC
LocalAlloc
SetEnvironmentVariableA
SetStdHandle
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
GetTimeZoneInformation
GetOEMCP
HeapCreate
GetStdHandle
LCMapStringA
GetStringTypeA
GetDateFormatA
GetTimeFormatA
ExitProcess
GetStartupInfoA
GetCommandLineA
RtlUnwind
ExitThread
IsDebuggerPresent
UnhandledExceptionFilter
CreateWaitableTimerA
SetWaitableTimer
CreateFileMappingA
MapViewOfFileEx
SetEndOfFile
UnmapViewOfFile
GetSystemInfo
GetFileTime
CreateFileA
FormatMessageA
GetThreadLocale
GetACP
GetVersionExA
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
LocalUnlock
LocalSize
LocalLock
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetOverlappedResult
DeviceIoControl
FileTimeToLocalFileTime
SetUnhandledExceptionFilter
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
TlsSetValue
TlsGetValue
OpenProcess
MoveFileExW
GetLocaleInfoA
GetUserDefaultLCID
GetSystemDefaultLCID
LocalFree
SetFilePointer
TerminateThread
InterlockedExchangeAdd
InterlockedDecrement
InterlockedIncrement
GetLastError
ReleaseSemaphore
GetCurrentThreadId
CreateEventA
WaitForSingleObject
CloseHandle
SetEvent
DuplicateHandle
GetCurrentProcess
GetSystemTimeAsFileTime
GetProcessHeap
Sleep
HeapFree
CreateSemaphoreA
GetTickCount
GlobalAlloc
GlobalLock
GlobalUnlock
SetLastError
EnterCriticalSection
LeaveCriticalSection
RaiseException
FlushInstructionCache
HeapAlloc
WaitForMultipleObjects
DeleteCriticalSection
InitializeCriticalSection
MulDiv
GlobalFree
GetCurrentProcessId
TlsAlloc
TlsFree
InterlockedExchange
SetProcessShutdownParameters
SetErrorMode
GetCommandLineW
FreeLibrary
SizeofResource
ReleaseMutex
CreateMutexA
LockResource
LoadResource
GlobalHandle
WriteFile
user32
UnregisterClassA
GetUserObjectInformationW
GetCursorInfo
GetThreadDesktop
EnumWindows
GetGUIThreadInfo
BlockInput
UnhookWindowsHookEx
DrawFocusRect
FrameRect
GetIconInfo
GetCapture
MessageBeep
DrawIconEx
CopyImage
ExitWindowsEx
CallNextHookEx
SendInput
ToUnicode
GetDlgItemTextA
SetDlgItemTextA
CreateWindowExA
SendDlgItemMessageA
GetKeyState
GetWindowRgn
GetKeyboardState
MsgWaitForMultipleObjects
CreateIconIndirect
ToAscii
MsgWaitForMultipleObjectsEx
SetCursorPos
SetClipboardViewer
ChangeClipboardChain
GetClipboardViewer
IsMenu
CreateMenu
FlashWindow
GetNextDlgTabItem
SetWindowPlacement
GetWindowPlacement
DrawEdge
GetMessagePos
GetSystemMenu
InflateRect
GetWindow
ScrollWindowEx
SetScrollPos
GetScrollInfo
SetScrollInfo
MoveWindow
SetForegroundWindow
OpenInputDesktop
CloseDesktop
SetThreadDesktop
OpenDesktopW
OpenClipboard
EmptyClipboard
IsWindow
SetClipboardData
GetWindowRect
MapWindowPoints
CloseClipboard
SetWindowPos
InvalidateRect
DestroyWindow
GetParent
GetCursorPos
ScreenToClient
KillTimer
GetClientRect
BeginPaint
TrackMouseEvent
PtInRect
EndPaint
SetTimer
ShowWindow
DestroyMenu
OffsetRect
SetWindowRgn
SetRect
GetSubMenu
CheckMenuRadioItem
ClientToScreen
EnableMenuItem
TrackPopupMenuEx
SetFocus
IsWindowVisible
CheckMenuItem
GetMenuState
CreatePopupMenu
RemoveMenu
GetDlgItem
GetDesktopWindow
BringWindowToTop
IsIconic
FillRect
IntersectRect
AdjustWindowRect
AttachThreadInput
DestroyCursor
SetParent
GetSysColorBrush
GetWindowThreadProcessId
WindowFromPoint
IsRectEmpty
SetRectEmpty
GetMenuItemCount
GetAsyncKeyState
DestroyIcon
GetDlgCtrlID
IsWindowEnabled
DeleteMenu
PostQuitMessage
TranslateMessage
MessageBoxA
InvalidateRgn
SetWindowContextHelpId
GetSysColor
IsChild
DestroyAcceleratorTable
GetFocus
RedrawWindow
MapDialogRect
ReleaseDC
GetWindowDC
SetCursor
UnionRect
EqualRect
GetCursor
SetCapture
ReleaseCapture
GetActiveWindow
SetActiveWindow
GetForegroundWindow
EndDialog
GetDC
GetSystemMetrics
CopyRect
UpdateWindow
ShowScrollBar
gdi32
GetRgnBox
PtInRegion
GetRegionData
GetDCOrgEx
GetSystemPaletteEntries
GetPixel
PatBlt
SetBrushOrgEx
GetObjectType
SetPixel
CreateRoundRectRgn
CreatePalette
RealizePalette
SelectPalette
CreateRectRgnIndirect
RoundRect
MaskBlt
CreatePatternBrush
SetStretchBltMode
CreateBitmap
SetViewportOrgEx
SetWindowOrgEx
StretchBlt
DPtoLP
SetBkColor
CreateCompatibleBitmap
GetDIBits
SelectClipRgn
CreateDIBSection
Ellipse
SetTextColor
GetDeviceCaps
LineTo
MoveToEx
SetDIBColorTable
Polygon
SetBkMode
BitBlt
CreateCompatibleDC
OffsetRgn
SetRectRgn
CreatePen
Rectangle
SelectObject
CreateSolidBrush
RectInRegion
CombineRgn
CreateRectRgn
CreatePolygonRgn
DeleteDC
GetStockObject
DeleteObject
advapi32
GetSidIdentifierAuthority
RegFlushKey
ImpersonateLoggedOnUser
RevertToSelf
RegSetValueExA
AllocateAndInitializeSid
SetSecurityInfo
GetSecurityInfo
EqualSid
FreeSid
LookupAccountSidW
LookupAccountNameW
CreateProcessAsUserW
StartServiceW
CloseServiceHandle
SetSecurityDescriptorDacl
RegCloseKey
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
RegisterEventSourceW
InitializeSecurityDescriptor
ReportEventW
SetNamedSecurityInfoW
SetEntriesInAclW
GetNamedSecurityInfoW
DeregisterEventSource
shell32
ord680
SHGetMalloc
ord155
SHGetSpecialFolderLocation
DragFinish
SHAppBarMessage
DragAcceptFiles
ole32
CoUninitialize
CoInitializeEx
CoCreateGuid
CoTaskMemRealloc
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
CoCreateInstance
OleInitialize
StringFromGUID2
CreateStreamOnHGlobal
OleUninitialize
CoTaskMemAlloc
CoTaskMemFree
oleaut32
SysAllocStringLen
OleCreatePropertyFrame
VarUI4FromStr
SysStringLen
VariantInit
VariantClear
SysAllocString
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysStringByteLen
SysFreeString
VariantChangeType
VariantCopy
SafeArrayGetDim
SafeArrayGetElement
shlwapi
PathCompactPathW
mpr
WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum
iphlpapi
DeleteIPAddress
GetAdapterIndex
GetAdaptersInfo
crypt32
CertGetNameStringA
CertFreeCertificateContext
CryptVerifyMessageSignature
CertGetNameStringW
imagehlp
ImageGetCertificateData
ImageGetCertificateHeader
ImageEnumerateCertificates
wininet
InternetQueryDataAvailable
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
HttpAddRequestHeadersA
InternetGoOnlineA
InternetQueryOptionW
HttpSendRequestA
InternetReadFile
InternetErrorDlg
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetCloseHandle
InternetSetOptionW
InternetOpenW
HttpOpenRequestA
sensapi
IsNetworkAlive
Sections
.text Size: 4.0MB - Virtual size: 4.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.orpc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 134KB - Virtual size: 859KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 2B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$EXEDIR/TeamViewer.ini
-
$EXEDIR/TeamViewer_Desktop.exe.exe windows:4 windows x86 arch:x86
2935c02a6adb2bc9a6bde64355fcdee8
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before16/07/2004, 00:00Not After15/07/2014, 23:59SubjectCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
25:c9:02:d0:26:e3:12:44:c1:25:99:67:71:c9:dc:01Certificate
IssuerCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USNot Before16/01/2008, 00:00Not After22/02/2011, 23:59SubjectCN=TeamViewer GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer GmbH,ST=Baden Wuerttemberg,C=DEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
cb:9e:a2:5d:c4:7b:56:f9:e4:8d:45:e1:06:3c:b7:95:fe:29:56:6fSigner
Actual PE Digestcb:9e:a2:5d:c4:7b:56:f9:e4:8d:45:e1:06:3c:b7:95:fe:29:56:6fDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\TeamViewer_Split_Release\TeamViewer\qs_release\TeamViewer_Desktop.pdb
Imports
ws2_32
gethostbyname
closesocket
accept
WSASend
connect
setsockopt
WSASocketW
listen
inet_ntoa
ntohs
gethostbyaddr
getsockname
WSARecv
bind
__WSAFDIsSet
getservbyname
htonl
WSASetLastError
ioctlsocket
select
WSACleanup
WSAStartup
WSAGetLastError
inet_addr
htons
shutdown
getservbyport
getsockopt
comctl32
InitCommonControlsEx
kernel32
GlobalFree
LoadLibraryA
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
CompareStringA
TlsFree
TlsAlloc
SizeofResource
HeapAlloc
CloseHandle
RaiseException
SetLastError
SetProcessShutdownParameters
WaitForSingleObject
CreateSemaphoreA
WaitForMultipleObjects
ReleaseSemaphore
GetSystemTimeAsFileTime
SetEvent
GetTickCount
SetFilePointer
WriteFile
GetFileSize
GetSystemDefaultLCID
GetUserDefaultLCID
GetLocaleInfoA
GetLocalTime
LocalFree
QueryPerformanceCounter
QueryPerformanceFrequency
OpenProcess
GetProcessShutdownParameters
ReadFile
TerminateProcess
DuplicateHandle
FileTimeToSystemTime
SetUnhandledExceptionFilter
FileTimeToLocalFileTime
QueueUserAPC
TerminateThread
InterlockedExchangeAdd
TlsGetValue
Sleep
LocalLock
LocalSize
LocalUnlock
CreateMutexA
GetVersionExA
GetACP
GetThreadLocale
InterlockedCompareExchange
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapDestroy
HeapReAlloc
HeapSize
FormatMessageA
CreateFileA
ReleaseMutex
GetSystemInfo
ResetEvent
TlsSetValue
ResumeThread
SystemTimeToFileTime
SetWaitableTimer
CreateWaitableTimerA
UnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
ExitThread
CreateThread
RtlUnwind
LCMapStringA
GetStringTypeA
ExitProcess
GetStdHandle
GetCurrentThread
HeapCreate
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
SetHandleCount
GetFileType
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetTimeZoneInformation
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
SetStdHandle
SetEndOfFile
SetEnvironmentVariableA
LocalAlloc
LeaveCriticalSection
GetCurrentProcessId
GetCurrentProcess
FlushInstructionCache
InitializeCriticalSection
GetCommandLineW
InterlockedDecrement
DeleteCriticalSection
InterlockedIncrement
GetCurrentThreadId
CreateEventA
InterlockedExchange
EnterCriticalSection
HeapFree
GetLastError
GetProcessHeap
LoadResource
FreeLibrary
FindClose
user32
GetCursorPos
EnumWindows
GetWindowDC
RedrawWindow
UnhookWindowsHookEx
CallNextHookEx
GetDesktopWindow
GetWindowRgn
IsWindowEnabled
UnionRect
GetCursorInfo
GetIconInfo
GetUserObjectInformationW
GetThreadDesktop
WindowFromPoint
SendInput
ToAscii
GetKeyState
UnregisterClassA
IntersectRect
GetParent
EqualRect
GetAsyncKeyState
GetSystemMetrics
GetWindowRect
FillRect
IsWindowVisible
OpenInputDesktop
CloseDesktop
SetThreadDesktop
OpenDesktopW
GetWindowThreadProcessId
InflateRect
OffsetRect
IsRectEmpty
PostQuitMessage
BlockInput
DestroyWindow
GetForegroundWindow
GetGUIThreadInfo
SetWindowPos
CopyRect
IsWindow
ExitWindowsEx
TranslateMessage
MessageBoxA
MapWindowPoints
ReleaseDC
GetDC
advapi32
StartServiceW
ReportEventW
DeregisterEventSource
GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
GetSecurityInfo
SetSecurityInfo
AllocateAndInitializeSid
RegSetValueExA
EqualSid
LookupAccountNameW
LookupAccountSidW
RevertToSelf
ImpersonateLoggedOnUser
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCloseKey
GetSidIdentifierAuthority
CloseServiceHandle
RegisterEventSourceW
ole32
CoTaskMemRealloc
CoInitializeEx
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitializeSecurity
oleaut32
SysFreeString
VarUI4FromStr
SysAllocString
VariantChangeType
VariantCopy
VariantClear
VariantInit
SafeArrayGetDim
SafeArrayGetElement
crypt32
CertGetNameStringA
CryptVerifyMessageSignature
CertFreeCertificateContext
CertGetNameStringW
imagehlp
ImageEnumerateCertificates
ImageGetCertificateData
ImageGetCertificateHeader
wininet
InternetQueryOptionW
gdi32
CreateDIBSection
PtInRegion
GetRgnBox
OffsetRgn
GetSystemPaletteEntries
CombineRgn
SetRectRgn
CreateRectRgn
SelectClipRgn
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetStockObject
CreateSolidBrush
GetDeviceCaps
DeleteObject
SetBkMode
StretchBlt
DeleteDC
SetPixel
GetDCOrgEx
GetRegionData
SelectObject
RectInRegion
GetDIBits
shell32
SHGetSpecialFolderLocation
SHGetMalloc
Sections
.text Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.orpc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 435KB - Virtual size: 435KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 39KB - Virtual size: 187KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 2B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$EXEDIR/TeamViewer_Resource_en.dll.dll windows:4 windows x86 arch:x86
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before16/07/2004, 00:00Not After15/07/2014, 23:59SubjectCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
25:c9:02:d0:26:e3:12:44:c1:25:99:67:71:c9:dc:01Certificate
IssuerCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USNot Before16/01/2008, 00:00Not After22/02/2011, 23:59SubjectCN=TeamViewer GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer GmbH,ST=Baden Wuerttemberg,C=DEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
dd:b0:33:5c:58:28:09:58:e0:2d:a1:06:8c:b8:fe:0f:a1:6b:05:55Signer
Actual PE Digestdd:b0:33:5c:58:28:09:58:e0:2d:a1:06:8c:b8:fe:0f:a1:6b:05:55Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 584KB - Virtual size: 581KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$EXEDIR/TeamViewer_Service.exe.exe windows:4 windows x86 arch:x86
6e4e2a50f109b5e7ee11d52c20db5335
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before16/07/2004, 00:00Not After15/07/2014, 23:59SubjectCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
25:c9:02:d0:26:e3:12:44:c1:25:99:67:71:c9:dc:01Certificate
IssuerCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USNot Before16/01/2008, 00:00Not After22/02/2011, 23:59SubjectCN=TeamViewer GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer GmbH,ST=Baden Wuerttemberg,C=DEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
9c:fc:f4:8f:ff:93:4e:46:00:f0:8c:aa:a9:8b:4c:92:81:53:be:b9Signer
Actual PE Digest9c:fc:f4:8f:ff:93:4e:46:00:f0:8c:aa:a9:8b:4c:92:81:53:be:b9Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\TeamViewer_Split_Release\TeamViewer\qs_release\TeamViewer_Service.pdb
Imports
ws2_32
WSACreateEvent
WSASetEvent
htons
WSAResetEvent
WSAWaitForMultipleEvents
WSAEventSelect
shutdown
send
recvfrom
ntohs
getpeername
WSACloseEvent
socket
inet_ntoa
gethostname
gethostbyaddr
getservbyport
getservbyname
WSACleanup
sendto
WSAStartup
gethostbyname
recv
htonl
__WSAFDIsSet
inet_addr
bind
WSARecv
getsockname
listen
WSASocketW
setsockopt
connect
accept
closesocket
WSAGetLastError
WSASend
select
ioctlsocket
WSASetLastError
getsockopt
kernel32
InterlockedExchange
LoadLibraryA
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
CompareStringA
FreeLibrary
TlsFree
TlsAlloc
SetEnvironmentVariableA
SetEndOfFile
SetStdHandle
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetOEMCP
GetTimeZoneInformation
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStrings
FreeEnvironmentStringsA
VirtualAlloc
SetConsoleCtrlHandler
GetLastError
SetLastError
GetCurrentThreadId
DuplicateHandle
VirtualFree
HeapCreate
HeapDestroy
GetStdHandle
HeapSize
ExitProcess
GetStringTypeA
LCMapStringA
RtlUnwind
GetDateFormatA
GetTimeFormatA
ExitThread
HeapReAlloc
IsDebuggerPresent
UnhandledExceptionFilter
CreateWaitableTimerA
SetWaitableTimer
SystemTimeToFileTime
CreateMutexA
GetCurrentProcess
FileTimeToSystemTime
SetUnhandledExceptionFilter
CloseHandle
FindClose
FileTimeToLocalFileTime
GetCurrentProcessId
SetEvent
LeaveCriticalSection
WaitForSingleObject
RaiseException
SizeofResource
LoadResource
EnterCriticalSection
InterlockedIncrement
ReleaseMutex
GetSystemTimeAsFileTime
InterlockedDecrement
CreateEventA
DeleteCriticalSection
InitializeCriticalSection
QueueUserAPC
TerminateThread
Sleep
InterlockedExchangeAdd
GetExitCodeProcess
ReleaseSemaphore
HeapAlloc
GetProcessHeap
HeapFree
GetTickCount
DeviceIoControl
CreateThread
ResumeThread
CreateSemaphoreA
WaitForMultipleObjects
SetThreadPriority
GetCurrentThread
ReadFile
GetOverlappedResult
WriteFile
GetExitCodeThread
SetFilePointer
GetFileSize
LocalFree
OpenProcess
GetSystemDefaultLCID
GetUserDefaultLCID
GetLocaleInfoA
GetLocalTime
QueryPerformanceCounter
QueryPerformanceFrequency
TerminateProcess
TlsSetValue
TlsGetValue
ResetEvent
InterlockedCompareExchange
GetVersionExA
GetACP
GetThreadLocale
FormatMessageA
CreateFileA
user32
TranslateMessage
MessageBoxA
UnregisterClassA
MsgWaitForMultipleObjectsEx
DestroyWindow
advapi32
CreateProcessAsUserW
CryptAcquireContextA
CryptGenRandom
ImpersonateLoggedOnUser
RegSetValueExA
GetSecurityInfo
LookupAccountSidW
RevertToSelf
RegCloseKey
RegFlushKey
GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW
CloseServiceHandle
ControlService
QueryServiceStatus
CryptReleaseContext
AllocateAndInitializeSid
SetSecurityInfo
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
DeleteService
EqualSid
FreeSid
oleaut32
VarUI4FromStr
mpr
WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW
iphlpapi
DeleteIPAddress
GetAdaptersInfo
GetAdapterIndex
crypt32
CertGetNameStringW
CertGetNameStringA
CertFreeCertificateContext
CryptVerifyMessageSignature
imagehlp
ImageEnumerateCertificates
ImageGetCertificateData
ImageGetCertificateHeader
wininet
InternetWriteFile
InternetOpenW
HttpOpenRequestA
InternetGoOnlineA
InternetQueryOptionW
InternetConnectW
HttpQueryInfoW
InternetErrorDlg
HttpSendRequestA
InternetReadFile
InternetQueryDataAvailable
HttpEndRequestA
InternetSetOptionW
HttpSendRequestExA
HttpAddRequestHeadersA
InternetCloseHandle
sensapi
IsNetworkAlive
shell32
SHGetMalloc
SHGetSpecialFolderLocation
ole32
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CoCreateGuid
StringFromGUID2
CoInitializeEx
CoUninitialize
CoTaskMemRealloc
Sections
.text Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 479KB - Virtual size: 479KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 40KB - Virtual size: 176KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 2B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$EXEDIR/logo.bmp
-
$PLUGINSDIR/NSISdl.dll.dll windows:4 windows x86 arch:x86
9cce555dd3ff1b6c7dc92d64c794c51a
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread
user32
CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA
advapi32
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
ws2_32
gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup
Exports
Exports
download
download_quiet
Sections
.text Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 836B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/System.dll.dll windows:4 windows x86 arch:x86
2017f2acbdaa42ab3e4adeb8b4c37e7b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect
user32
wsprintfA
ole32
StringFromGUID2
CLSIDFromString
Exports
Exports
Alloc
Call
Copy
Free
Get
Int64Op
Store
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 784B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 100B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 520B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
out.upx.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 107KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 36KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ