popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

TeamViewerSetupx64.exe

Malicious Library Antivirus UPX Malicious Packer PE64 OS Processor Check PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Dec. 12, 2022, 11:21 a.m. Dec. 12, 2022, 11:23 a.m.
Size 1.2MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 852011cf885e76c0441dd52fdd280db7
SHA256 fc63bd7f4da2050fcad7913c2dc9ca8bd9c263a47f65dad973891c4a000a444e
CRC32 2BAC4D7D
ssdeep 12288:Rp6xvNQQteTpwobuR00rCSE8czRRD2KXSW5tYMM87hGR9/3TG6LnjDqa2+rr3Aro:RpMaIeuKuR0ICSE8y7DV5lM8CuEkm
PDB Path I:\Crypts\@L0wFrequ3ncy\Project01\TeamViewerSetupx64.pdb
Yara
  • OS_Processor_Check_Zero - OS Processor Check
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Malicious_Packer_Zero - Malicious Packer
  • UPX_Zero - UPX packed file
  • Antivirus - Contains references to security software

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
pdb_path I:\Crypts\@L0wFrequ3ncy\Project01\TeamViewerSetupx64.pdb
section _RDATA
Time & API Arguments Status Return Repeated

RegSetValueExA

 key_handle: 0x0000000000000074
regkey_r:
reg_type: 3 (REG_BINARY)
value: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PEd†°´5êð. 0Ä @  `…@@ „ H.text@à Ä `.rsrc„Æ@@HèÈB°Âú0Õ+(—e+A~ ( <jX( ( ( jXjX( ( &( jXjX ( ( j @ `jX 8pjX ( ( ( jXjX( ( ( jXjX( ( &( jXjX( ( ( jXjX( ( ( jX jX( ( ( jX$jX( (   8•( ( jX ZjX( ( jX( ( o 9U(  jX ZjX( ( X ( jX YZjX( (  (  jX( 8 X  ?bÿÿÿÝ&Ý*A ÀÍ 0A+(È*G/( ( o (+~%:&~þ s %€(+(+o  ( @O(%,o Ži 8š( œXŽi?ßÿÿÿ8J(%,o   Ži  8   š( œ X   Ži?ßÿÿÿ(( Ži( @( & Ži( ( &*0a+(„ vg(  ( @K(%,o Ži 8 š( œX Ži?áÿÿÿ8J(%,o Ži 8š( œXŽi?ßÿÿÿ( o (+~%:&~þ s %€(+(+o Ý &~ Ý~ ( 9G((Ži(  @ ( &Ži(    ( &*·Fý J+(x('I((*0t+(—36j PŽiYjnjXZ 8APPŽij]iPPŽij]i‘Žij]i‘aPjXPŽij]i‘Y X ]ҜjX >¸ÿÿÿPŽiY(+P*07+(ÅÖXL( (+( ( o (! ((" *^+(³rTV(Ÿs€*N+(gK[(Ÿ(# *z+(tÀ8(o$ (% ( *¶+(I[I`(& ((' o( o$ (% o *0Û+(ó+d~ ( <jX( ( ( jXjX( ( &( jXjX ( ( j @ `jX 8pjX ( ( ( jXjX( ( ( jXjX( ( &( jXjX( ( ( jXjX( ( ( jX jX( ( ( jX$jX( (   8•( ( jX ZjX( ( jX( ( o 9U(  jX ZjX( ( X ( jX YZjX( (  (  jX( 8 X  ?bÿÿÿÝ &(s) z*A ÀÍ 0»+(†(ZCT %Œ¢%MŒ¢%MŒ¢%Œ¢%KŒ¢ ( o (+~%:&~þs %€(+(+o (( Ð(* (+ o, ¥9*š¥T*N+(Xí~^(Ÿ(# *^+(€mRR(Ÿs€*N+(h¿Rj(Ÿ(# *z+(Ý=Jc(o$ (% ( *0#+(ÆÆfZ( ~o- ~¢*~+(ûkL~š%: &(*‚+(CíX~š%: & (*‚+(L¦2n~š%: & (*‚+(ó>V~š%: &&(*‚+(£J#?~š%: &=(*‚+(¦@"0~š%: &N(*‚+(ڃ2P~š%: &\(*‚+(5F[m~š%: &{(*Ž+(:L~š%:& ‘ (*–+(A==Z~ š%:& š (*0d+(&*m(Ÿ € ¦%Ð(. € 8~~‘a ªaҜX ~Žiþ:Öÿÿÿ*0j +(À‘Lb~  Xo/ o0  89š ~  o1 Xo2 t. (3 t o4 X Ži?¾ÿÿÿ*N+(ÓZ^Z(Ÿ(# *š+(ú5-4(ŸÐ (* o5 o6 € *0w€#Ð (* o5 € @%Ð:(. €/€.€!€2€ s# €"€ s# € €€€€~ €~ €$€*€€€%s7 €€+j€0€€(j€€1€)€,€~ €€s8 €'€€€€€€&~ € (9 %Ð;(. o( €-(: Ý&Ý*e p *0 W 
regkey: HKEY_CURRENT_USER\Software\TeamViewerSetupx64\(Default)
1 0 0
Time & API Arguments Status Return Repeated

RegSetValueExA

 key_handle: 0x0000000000000074
regkey_r:
reg_type: 3 (REG_BINARY)
value: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PEd†°´5êð. 0Ä @  `…@@ „ H.text@à Ä `.rsrc„Æ@@HèÈB°Âú0Õ+(—e+A~ ( <jX( ( ( jXjX( ( &( jXjX ( ( j @ `jX 8pjX ( ( ( jXjX( ( ( jXjX( ( &( jXjX( ( ( jXjX( ( ( jX jX( ( ( jX$jX( (   8•( ( jX ZjX( ( jX( ( o 9U(  jX ZjX( ( X ( jX YZjX( (  (  jX( 8 X  ?bÿÿÿÝ&Ý*A ÀÍ 0A+(È*G/( ( o (+~%:&~þ s %€(+(+o  ( @O(%,o Ži 8š( œXŽi?ßÿÿÿ8J(%,o   Ži  8   š( œ X   Ži?ßÿÿÿ(( Ži( @( & Ži( ( &*0a+(„ vg(  ( @K(%,o Ži 8 š( œX Ži?áÿÿÿ8J(%,o Ži 8š( œXŽi?ßÿÿÿ( o (+~%:&~þ s %€(+(+o Ý &~ Ý~ ( 9G((Ži(  @ ( &Ži(    ( &*·Fý J+(x('I((*0t+(—36j PŽiYjnjXZ 8APPŽij]iPPŽij]i‘Žij]i‘aPjXPŽij]i‘Y X ]ҜjX >¸ÿÿÿPŽiY(+P*07+(ÅÖXL( (+( ( o (! ((" *^+(³rTV(Ÿs€*N+(gK[(Ÿ(# *z+(tÀ8(o$ (% ( *¶+(I[I`(& ((' o( o$ (% o *0Û+(ó+d~ ( <jX( ( ( jXjX( ( &( jXjX ( ( j @ `jX 8pjX ( ( ( jXjX( ( ( jXjX( ( &( jXjX( ( ( jXjX( ( ( jX jX( ( ( jX$jX( (   8•( ( jX ZjX( ( jX( ( o 9U(  jX ZjX( ( X ( jX YZjX( (  (  jX( 8 X  ?bÿÿÿÝ &(s) z*A ÀÍ 0»+(†(ZCT %Œ¢%MŒ¢%MŒ¢%Œ¢%KŒ¢ ( o (+~%:&~þs %€(+(+o (( Ð(* (+ o, ¥9*š¥T*N+(Xí~^(Ÿ(# *^+(€mRR(Ÿs€*N+(h¿Rj(Ÿ(# *z+(Ý=Jc(o$ (% ( *0#+(ÆÆfZ( ~o- ~¢*~+(ûkL~š%: &(*‚+(CíX~š%: & (*‚+(L¦2n~š%: & (*‚+(ó>V~š%: &&(*‚+(£J#?~š%: &=(*‚+(¦@"0~š%: &N(*‚+(ڃ2P~š%: &\(*‚+(5F[m~š%: &{(*Ž+(:L~š%:& ‘ (*–+(A==Z~ š%:& š (*0d+(&*m(Ÿ € ¦%Ð(. € 8~~‘a ªaҜX ~Žiþ:Öÿÿÿ*0j +(À‘Lb~  Xo/ o0  89š ~  o1 Xo2 t. (3 t o4 X Ži?¾ÿÿÿ*N+(ÓZ^Z(Ÿ(# *š+(ú5-4(ŸÐ (* o5 o6 € *0w€#Ð (* o5 € @%Ð:(. €/€.€!€2€ s# €"€ s# € €€€€~ €~ €$€*€€€%s7 €€+j€0€€(j€€1€)€,€~ €€s8 €'€€€€€€&~ € (9 %Ð;(. o( €-(: Ý&Ý*e p *0 W 
regkey: HKEY_CURRENT_USER\Software\TeamViewerSetupx64\(Default)
1 0 0
regkey HKEY_CURRENT_USER\Software\TeamViewerSetupx64
Elastic malicious (moderate confidence)
Cylance Unsafe
Alibaba HackTool:Win64/Knotweed.a60e9521
ESET-NOD32 a variant of Win64/GenKryptik.GDKI
Cynet Malicious (score: 99)
Kaspersky HackTool.Win64.Knotweed.bh
Avast FileRepMalware
Tencent Win64.Hacktool.Knotweed.Zfow
TrendMicro Trojan.Win64.AMADEY.YXCLJZ
McAfee-GW-Edition Artemis!PUP
Avira TR/Crypt.Agent.skrmp
Gridinsoft Malware.Win64.Wacatac.cc
Microsoft Trojan:Script/Phonzy.C!ml
Google Detected
AhnLab-V3 Downloader/Win.Amadey.C5329946
McAfee Artemis!852011CF885E
TrendMicro-HouseCall Trojan.Win64.AMADEY.YXCLJZ
Rising Trojan.Kryptik!8.8 (CLOUD)
Ikarus Trojan.Win64.Krypt
Fortinet Malicious_Behavior.SB
AVG FileRepMalware