× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 88bf39e8232359bcf65bbf2d756ff139b682af74ff0a8946eebebc540f798242
File name: 88bf39e8232359bcf65bbf2d756ff139b682af74ff0a8946eebebc540f798242.vir
Detection ratio: 42 / 55
Analysis date: 2016-01-13 03:36:12 UTC ( 1 year, 3 months ago )
Antivirus Result Update
Ad-Aware Gen:Heur.Kelios.1 20160112
AhnLab-V3 Spyware/Win32.Zbot 20160112
Antiy-AVL Trojan/Win32.Yakes 20160112
Arcabit Trojan.Kelios.1 20160112
Avast Win32:Malware-gen 20160113
AVG Win32/Heri 20160113
Avira (no cloud) TR/Crypt.XPACK.Gen 20160113
AVware Packer.Win32.Mystic.a (v) 20160111
Baidu-International Trojan.Win32.Zbot.YW 20160112
BitDefender Gen:Heur.Kelios.1 20160113
Bkav HW32.Packed.7FC2 20160112
Comodo UnclassifiedMalware 20160113
Cyren W32/A-8b6d1d99!Eldorado 20160113
DrWeb Trojan.Siggen4.8189 20160113
Emsisoft Gen:Heur.Kelios.1 (B) 20160113
ESET-NOD32 Win32/Spy.Zbot.YW 20160113
F-Prot W32/A-8b6d1d99!Eldorado 20160111
F-Secure Gen:Heur.Kelios.1 20160113
Fortinet W32/Yakes.AIXH!tr 20160113
GData Gen:Heur.Kelios.1 20160113
Ikarus Virus.Win32.Heri 20160113
Jiangmin Trojan/Pakes.twj 20160112
K7AntiVirus Riskware ( 0015e4f11 ) 20160112
K7GW Riskware ( 0015e4f11 ) 20160113
Kaspersky HEUR:Trojan.Win32.Generic 20160112
Malwarebytes Trojan.SpyEyes 20160113
McAfee PWS-Zbot.gen.apu 20160113
McAfee-GW-Edition BehavesLike.Win32.ZBot.cc 20160113
Microsoft PWS:Win32/Zbot 20160113
eScan Gen:Heur.Kelios.1 20160113
NANO-Antivirus Trojan.Win32.Yakes.bcgwvj 20160113
nProtect Trojan/W32.Packer.196953 20160112
Panda Trj/Genetic.gen 20160112
Qihoo-360 HEUR/Malware.QVM19.Gen 20160113
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20160112
Sophos Mal/Zbot-IP 20160113
Symantec Trojan.Gen 20160112
TheHacker Trojan/Spy.Zbot.yw 20160107
VBA32 Trojan.ExpProc.014 20160112
VIPRE Packer.Win32.Mystic.a (v) 20160113
ViRobot Trojan.Win32.A.Pakes.196953[h] 20160112
Zillya Trojan.Pakes.Win32.17841 20160112
AegisLab 20160112
Yandex 20160111
Alibaba 20160112
ALYac 20160113
ByteHero 20160113
CAT-QuickHeal 20160112
ClamAV 20160113
CMC 20160111
SUPERAntiSpyware 20160113
TotalDefense 20160112
TrendMicro 20160113
TrendMicro-HouseCall 20160113
Zoner 20160113
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-06-10 09:59:43
Entry Point 0x00032060
Number of sections 5
PE sections
Overlays
MD5 768b00cb7cc8841c496818afee65d5c1
File type data
Offset 196135
Size 818
Entropy 6.12
PE imports
BackupRead
LoadLibraryA
Number of PE resources by type
RT_STRING 4
RT_VERSION 1
Number of PE resources by language
GERMAN 1
SWEDISH 1
ENGLISH AUS 1
NEUTRAL 1
ENGLISH EIRE 1
PE resources
ExifTool file metadata
LegalTrademarks
TeamViewer

SubsystemVersion
5.1

LinkerVersion
9.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
6.0.9895.0

LanguageCode
English (British)

FileFlagsMask
0x003f

FileDescription
TeamViewer Remote Control Application

CharacterSet
Unicode

InitializedDataSize
98304

PrivateBuild
TeamViewer Remote Control Application

EntryPoint
0x32060

OriginalFileName
TeamViewer.exe

MIMEType
application/octet-stream

LegalCopyright
TeamViewer GmbH

FileVersion
6.0.9895.0

TimeStamp
2008:06:10 09:59:43+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
TeamViewer

ProductVersion
6.0

UninitializedDataSize
0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
TeamViewer GmbH

CodeSize
93696

ProductName
TeamViewer

ProductVersionNumber
6.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 2172c364b58ac2839db20c62ef0eca87
SHA1 83e0da187e84040ecaada977d74aa9ceb568e43f
SHA256 88bf39e8232359bcf65bbf2d756ff139b682af74ff0a8946eebebc540f798242
ssdeep
3072:y43MRX+lHQx1ee3FxITgkBE8J8JM4Wtv9aotFMWBY68BJ2ZNiGbuvDJaF:Y+QxdxI3BEpto0wY9BatuvD4

authentihash 8c56cbd651912f496edba12e24798ad0de3e21ff6c4087a83d7579b183329dee
imphash 2db00a2c7584c0c85a05071cbf89cf77
File size 192.3 KB ( 196953 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-06-28 04:00:58 UTC ( 4 years, 10 months ago )
Last submission 2016-01-13 03:36:12 UTC ( 1 year, 3 months ago )
File names 88bf39e8232359bcf65bbf2d756ff139b682af74ff0a8946eebebc540f798242
1738300
output.1738300.txt
5.exe
2172c364b58ac2839db20c62ef0
88bf39e8232359bcf65bbf2d756ff139b682af74ff0a8946eebebc540f798242.vir
5.exe
83e0da187e84040ecaada977d74aa9ceb568e43f_5.ex
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!