ScreenShot
| Created | 2024.01.13 19:29 | Machine | s1_win7_x6403 |
| Filename | teamviewer.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | fab9a49f34ba2e67cdbb4fe8e00fbd57 | ||
| sha256 | e47d112f2d69f2f2d49a34a4857604e11bb89ba9c8f24f46fe6ae8bbe9c31b83 | ||
| ssdeep | 49152:Er2uMazs/4X+qarTsgLe5N66PVK0XdkLT1TSJXx8CuY0f7ryaUcZ9Y/Kf2Rjva:92w/4XirAyw5VdjuTUcZK/KfkS | ||
| imphash | e59ba20e52010294e2c6cec0f9607820 | ||
| impfuzzy | 24:WUoEDDoiDS1jt9hlJnc+pl2/CYohOovbO3URZHu93vB3GME:/33S1jt95c+pjYb3vBa | ||
Network IP location
Signature (0cnts)
| Level | Description |
|---|
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x76f124 CreateWindowExA
0x76f128 GetMessageA
KERNEL32.dll
0x76f000 GetModuleFileNameW
0x76f004 WriteConsoleW
0x76f008 CloseHandle
0x76f00c GetTempPathA
0x76f010 TlsAlloc
0x76f014 TlsSetValue
0x76f018 FreeLibrary
0x76f01c GetModuleHandleA
0x76f020 GetProcAddress
0x76f024 LoadLibraryA
0x76f028 CreateActCtxA
0x76f02c ActivateActCtx
0x76f030 FreeConsole
0x76f034 QueryPerformanceCounter
0x76f038 GetCurrentProcessId
0x76f03c GetCurrentThreadId
0x76f040 GetSystemTimeAsFileTime
0x76f044 InitializeSListHead
0x76f048 IsDebuggerPresent
0x76f04c UnhandledExceptionFilter
0x76f050 SetUnhandledExceptionFilter
0x76f054 GetStartupInfoW
0x76f058 IsProcessorFeaturePresent
0x76f05c GetModuleHandleW
0x76f060 GetCurrentProcess
0x76f064 TerminateProcess
0x76f068 CreateFileW
0x76f06c RtlUnwind
0x76f070 GetLastError
0x76f074 SetLastError
0x76f078 EnterCriticalSection
0x76f07c LeaveCriticalSection
0x76f080 DeleteCriticalSection
0x76f084 InitializeCriticalSectionAndSpinCount
0x76f088 TlsGetValue
0x76f08c TlsFree
0x76f090 LoadLibraryExW
0x76f094 EncodePointer
0x76f098 RaiseException
0x76f09c ExitProcess
0x76f0a0 GetModuleHandleExW
0x76f0a4 GetStdHandle
0x76f0a8 WriteFile
0x76f0ac DecodePointer
0x76f0b0 GetCommandLineA
0x76f0b4 GetCommandLineW
0x76f0b8 HeapAlloc
0x76f0bc HeapFree
0x76f0c0 FindClose
0x76f0c4 FindFirstFileExW
0x76f0c8 FindNextFileW
0x76f0cc IsValidCodePage
0x76f0d0 GetACP
0x76f0d4 GetOEMCP
0x76f0d8 GetCPInfo
0x76f0dc MultiByteToWideChar
0x76f0e0 WideCharToMultiByte
0x76f0e4 GetEnvironmentStringsW
0x76f0e8 FreeEnvironmentStringsW
0x76f0ec SetEnvironmentVariableW
0x76f0f0 SetStdHandle
0x76f0f4 GetFileType
0x76f0f8 GetStringTypeW
0x76f0fc CompareStringW
0x76f100 LCMapStringW
0x76f104 GetProcessHeap
0x76f108 HeapSize
0x76f10c HeapReAlloc
0x76f110 FlushFileBuffers
0x76f114 GetConsoleOutputCP
0x76f118 GetConsoleMode
0x76f11c SetFilePointerEx
EAT(Export Address Table) is none
USER32.dll
0x76f124 CreateWindowExA
0x76f128 GetMessageA
KERNEL32.dll
0x76f000 GetModuleFileNameW
0x76f004 WriteConsoleW
0x76f008 CloseHandle
0x76f00c GetTempPathA
0x76f010 TlsAlloc
0x76f014 TlsSetValue
0x76f018 FreeLibrary
0x76f01c GetModuleHandleA
0x76f020 GetProcAddress
0x76f024 LoadLibraryA
0x76f028 CreateActCtxA
0x76f02c ActivateActCtx
0x76f030 FreeConsole
0x76f034 QueryPerformanceCounter
0x76f038 GetCurrentProcessId
0x76f03c GetCurrentThreadId
0x76f040 GetSystemTimeAsFileTime
0x76f044 InitializeSListHead
0x76f048 IsDebuggerPresent
0x76f04c UnhandledExceptionFilter
0x76f050 SetUnhandledExceptionFilter
0x76f054 GetStartupInfoW
0x76f058 IsProcessorFeaturePresent
0x76f05c GetModuleHandleW
0x76f060 GetCurrentProcess
0x76f064 TerminateProcess
0x76f068 CreateFileW
0x76f06c RtlUnwind
0x76f070 GetLastError
0x76f074 SetLastError
0x76f078 EnterCriticalSection
0x76f07c LeaveCriticalSection
0x76f080 DeleteCriticalSection
0x76f084 InitializeCriticalSectionAndSpinCount
0x76f088 TlsGetValue
0x76f08c TlsFree
0x76f090 LoadLibraryExW
0x76f094 EncodePointer
0x76f098 RaiseException
0x76f09c ExitProcess
0x76f0a0 GetModuleHandleExW
0x76f0a4 GetStdHandle
0x76f0a8 WriteFile
0x76f0ac DecodePointer
0x76f0b0 GetCommandLineA
0x76f0b4 GetCommandLineW
0x76f0b8 HeapAlloc
0x76f0bc HeapFree
0x76f0c0 FindClose
0x76f0c4 FindFirstFileExW
0x76f0c8 FindNextFileW
0x76f0cc IsValidCodePage
0x76f0d0 GetACP
0x76f0d4 GetOEMCP
0x76f0d8 GetCPInfo
0x76f0dc MultiByteToWideChar
0x76f0e0 WideCharToMultiByte
0x76f0e4 GetEnvironmentStringsW
0x76f0e8 FreeEnvironmentStringsW
0x76f0ec SetEnvironmentVariableW
0x76f0f0 SetStdHandle
0x76f0f4 GetFileType
0x76f0f8 GetStringTypeW
0x76f0fc CompareStringW
0x76f100 LCMapStringW
0x76f104 GetProcessHeap
0x76f108 HeapSize
0x76f10c HeapReAlloc
0x76f110 FlushFileBuffers
0x76f114 GetConsoleOutputCP
0x76f118 GetConsoleMode
0x76f11c SetFilePointerEx
EAT(Export Address Table) is none