ScreenShot
| Created | 2022.12.12 11:23 | Machine | s1_win7_x6401 |
| Filename | TeamViewerSetupx64.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 21 detected (malicious, moderate confidence, Unsafe, HackTool, Knotweed, GenKryptik, GDKI, score, FileRepMalware, Zfow, AMADEY, YXCLJZ, Artemis, skrmp, Wacatac, Phonzy, Detected, Kryptik, CLOUD, Krypt, Behavior) | ||
| md5 | 852011cf885e76c0441dd52fdd280db7 | ||
| sha256 | fc63bd7f4da2050fcad7913c2dc9ca8bd9c263a47f65dad973891c4a000a444e | ||
| ssdeep | 12288:Rp6xvNQQteTpwobuR00rCSE8czRRD2KXSW5tYMM87hGR9/3TG6LnjDqa2+rr3Aro:RpMaIeuKuR0ICSE8y7DV5lM8CuEkm | ||
| imphash | 2f2396f66357714ff16f3f90599a1b03 | ||
| impfuzzy | 24:nDLHAzGUzXo0qtpcKg3Jnc+pl39/YoEOovbOJKURZHu93vFZRXudTxGMBJMud2VZ:3sG8XYtpcKgxc+ppuc3SFZ1un5mZ | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 21 AntiVirus engines on VirusTotal as malicious |
| watch | Creates known TeamViewer mutexes and/or registry changes. |
| watch | Creates or sets a registry key to a long series of bytes |
| watch | Stores an executable in the registry |
| info | Collects information to fingerprint the system (MachineGuid |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1400d0028 GetWindowsDirectoryW
0x1400d0030 GetProcAddress
0x1400d0038 CloseHandle
0x1400d0040 GetCurrentProcessId
0x1400d0048 GetModuleHandleW
0x1400d0050 WriteConsoleW
0x1400d0058 GetLastError
0x1400d0060 Sleep
0x1400d0068 OpenProcess
0x1400d0070 ReadProcessMemory
0x1400d0078 GetModuleFileNameW
0x1400d0080 CreateFileW
0x1400d0088 ReadConsoleW
0x1400d0090 ReadFile
0x1400d0098 SetFilePointerEx
0x1400d00a0 QueryPerformanceCounter
0x1400d00a8 GetCurrentThreadId
0x1400d00b0 GetSystemTimeAsFileTime
0x1400d00b8 InitializeSListHead
0x1400d00c0 RtlCaptureContext
0x1400d00c8 RtlLookupFunctionEntry
0x1400d00d0 RtlVirtualUnwind
0x1400d00d8 IsDebuggerPresent
0x1400d00e0 UnhandledExceptionFilter
0x1400d00e8 SetUnhandledExceptionFilter
0x1400d00f0 GetStartupInfoW
0x1400d00f8 IsProcessorFeaturePresent
0x1400d0100 GetCurrentProcess
0x1400d0108 TerminateProcess
0x1400d0110 RtlUnwindEx
0x1400d0118 InterlockedPushEntrySList
0x1400d0120 InterlockedFlushSList
0x1400d0128 RtlPcToFileHeader
0x1400d0130 RaiseException
0x1400d0138 SetLastError
0x1400d0140 EnterCriticalSection
0x1400d0148 LeaveCriticalSection
0x1400d0150 DeleteCriticalSection
0x1400d0158 InitializeCriticalSectionAndSpinCount
0x1400d0160 TlsAlloc
0x1400d0168 TlsGetValue
0x1400d0170 TlsSetValue
0x1400d0178 TlsFree
0x1400d0180 FreeLibrary
0x1400d0188 LoadLibraryExW
0x1400d0190 EncodePointer
0x1400d0198 GetStdHandle
0x1400d01a0 WriteFile
0x1400d01a8 ExitProcess
0x1400d01b0 GetModuleHandleExW
0x1400d01b8 GetCommandLineA
0x1400d01c0 GetCommandLineW
0x1400d01c8 GetCurrentThread
0x1400d01d0 HeapAlloc
0x1400d01d8 OutputDebugStringW
0x1400d01e0 HeapFree
0x1400d01e8 FindClose
0x1400d01f0 FindFirstFileExW
0x1400d01f8 FindNextFileW
0x1400d0200 IsValidCodePage
0x1400d0208 GetACP
0x1400d0210 GetOEMCP
0x1400d0218 GetCPInfo
0x1400d0220 MultiByteToWideChar
0x1400d0228 WideCharToMultiByte
0x1400d0230 GetEnvironmentStringsW
0x1400d0238 FreeEnvironmentStringsW
0x1400d0240 SetEnvironmentVariableW
0x1400d0248 SetStdHandle
0x1400d0250 GetFileType
0x1400d0258 GetStringTypeW
0x1400d0260 GetLocaleInfoW
0x1400d0268 IsValidLocale
0x1400d0270 GetUserDefaultLCID
0x1400d0278 EnumSystemLocalesW
0x1400d0280 FlsAlloc
0x1400d0288 FlsGetValue
0x1400d0290 FlsSetValue
0x1400d0298 FlsFree
0x1400d02a0 GetDateFormatW
0x1400d02a8 GetTimeFormatW
0x1400d02b0 CompareStringW
0x1400d02b8 LCMapStringW
0x1400d02c0 GetProcessHeap
0x1400d02c8 SetConsoleCtrlHandler
0x1400d02d0 HeapSize
0x1400d02d8 HeapReAlloc
0x1400d02e0 FlushFileBuffers
0x1400d02e8 GetConsoleOutputCP
0x1400d02f0 GetConsoleMode
0x1400d02f8 GetFileSizeEx
0x1400d0300 RtlUnwind
ADVAPI32.dll
0x1400d0000 RegCloseKey
0x1400d0008 RegSetValueExA
0x1400d0010 RegOpenKeyExA
0x1400d0018 RegCreateKeyA
ole32.dll
0x1400d0310 CoUninitialize
0x1400d0318 CoInitializeEx
0x1400d0320 CoGetObject
EAT(Export Address Table) is none
KERNEL32.dll
0x1400d0028 GetWindowsDirectoryW
0x1400d0030 GetProcAddress
0x1400d0038 CloseHandle
0x1400d0040 GetCurrentProcessId
0x1400d0048 GetModuleHandleW
0x1400d0050 WriteConsoleW
0x1400d0058 GetLastError
0x1400d0060 Sleep
0x1400d0068 OpenProcess
0x1400d0070 ReadProcessMemory
0x1400d0078 GetModuleFileNameW
0x1400d0080 CreateFileW
0x1400d0088 ReadConsoleW
0x1400d0090 ReadFile
0x1400d0098 SetFilePointerEx
0x1400d00a0 QueryPerformanceCounter
0x1400d00a8 GetCurrentThreadId
0x1400d00b0 GetSystemTimeAsFileTime
0x1400d00b8 InitializeSListHead
0x1400d00c0 RtlCaptureContext
0x1400d00c8 RtlLookupFunctionEntry
0x1400d00d0 RtlVirtualUnwind
0x1400d00d8 IsDebuggerPresent
0x1400d00e0 UnhandledExceptionFilter
0x1400d00e8 SetUnhandledExceptionFilter
0x1400d00f0 GetStartupInfoW
0x1400d00f8 IsProcessorFeaturePresent
0x1400d0100 GetCurrentProcess
0x1400d0108 TerminateProcess
0x1400d0110 RtlUnwindEx
0x1400d0118 InterlockedPushEntrySList
0x1400d0120 InterlockedFlushSList
0x1400d0128 RtlPcToFileHeader
0x1400d0130 RaiseException
0x1400d0138 SetLastError
0x1400d0140 EnterCriticalSection
0x1400d0148 LeaveCriticalSection
0x1400d0150 DeleteCriticalSection
0x1400d0158 InitializeCriticalSectionAndSpinCount
0x1400d0160 TlsAlloc
0x1400d0168 TlsGetValue
0x1400d0170 TlsSetValue
0x1400d0178 TlsFree
0x1400d0180 FreeLibrary
0x1400d0188 LoadLibraryExW
0x1400d0190 EncodePointer
0x1400d0198 GetStdHandle
0x1400d01a0 WriteFile
0x1400d01a8 ExitProcess
0x1400d01b0 GetModuleHandleExW
0x1400d01b8 GetCommandLineA
0x1400d01c0 GetCommandLineW
0x1400d01c8 GetCurrentThread
0x1400d01d0 HeapAlloc
0x1400d01d8 OutputDebugStringW
0x1400d01e0 HeapFree
0x1400d01e8 FindClose
0x1400d01f0 FindFirstFileExW
0x1400d01f8 FindNextFileW
0x1400d0200 IsValidCodePage
0x1400d0208 GetACP
0x1400d0210 GetOEMCP
0x1400d0218 GetCPInfo
0x1400d0220 MultiByteToWideChar
0x1400d0228 WideCharToMultiByte
0x1400d0230 GetEnvironmentStringsW
0x1400d0238 FreeEnvironmentStringsW
0x1400d0240 SetEnvironmentVariableW
0x1400d0248 SetStdHandle
0x1400d0250 GetFileType
0x1400d0258 GetStringTypeW
0x1400d0260 GetLocaleInfoW
0x1400d0268 IsValidLocale
0x1400d0270 GetUserDefaultLCID
0x1400d0278 EnumSystemLocalesW
0x1400d0280 FlsAlloc
0x1400d0288 FlsGetValue
0x1400d0290 FlsSetValue
0x1400d0298 FlsFree
0x1400d02a0 GetDateFormatW
0x1400d02a8 GetTimeFormatW
0x1400d02b0 CompareStringW
0x1400d02b8 LCMapStringW
0x1400d02c0 GetProcessHeap
0x1400d02c8 SetConsoleCtrlHandler
0x1400d02d0 HeapSize
0x1400d02d8 HeapReAlloc
0x1400d02e0 FlushFileBuffers
0x1400d02e8 GetConsoleOutputCP
0x1400d02f0 GetConsoleMode
0x1400d02f8 GetFileSizeEx
0x1400d0300 RtlUnwind
ADVAPI32.dll
0x1400d0000 RegCloseKey
0x1400d0008 RegSetValueExA
0x1400d0010 RegOpenKeyExA
0x1400d0018 RegCreateKeyA
ole32.dll
0x1400d0310 CoUninitialize
0x1400d0318 CoInitializeEx
0x1400d0320 CoGetObject
EAT(Export Address Table) is none