× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d5da21d949f518943f96cd13cfe508e743e0597ba18d2caf22ce1df2feb93078
File name: liwx.jpg
Detection ratio: 4 / 68
Analysis date: 2019-01-22 08:12:17 UTC ( 4 months ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20181023
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181128
Trapmine malicious.moderate.ml.score 20190103
Acronis 20190119
Ad-Aware 20190122
AegisLab 20190122
AhnLab-V3 20190121
Alibaba 20180921
ALYac 20190122
Antiy-AVL 20190122
Arcabit 20190122
Avast 20190122
Avast-Mobile 20190122
AVG 20190122
Avira (no cloud) 20190122
Babable 20180918
Baidu 20190122
BitDefender 20190122
Bkav 20190121
CAT-QuickHeal 20190121
ClamAV 20190122
CMC 20190121
Comodo 20190122
Cybereason 20190109
Cyren 20190122
DrWeb 20190122
eGambit 20190122
Emsisoft 20190122
ESET-NOD32 20190122
F-Prot 20190122
F-Secure 20190122
Fortinet 20190122
GData 20190122
Ikarus 20190121
Jiangmin 20190122
K7AntiVirus 20190122
K7GW 20190122
Kaspersky 20190122
Kingsoft 20190122
Malwarebytes 20190122
MAX 20190122
McAfee 20190122
McAfee-GW-Edition 20190122
Microsoft 20190122
eScan 20190122
NANO-Antivirus 20190122
Palo Alto Networks (Known Signatures) 20190122
Panda 20190121
Qihoo-360 20190122
Rising 20190122
SentinelOne (Static ML) 20190118
Sophos AV 20190122
SUPERAntiSpyware 20190116
Symantec 20190121
TACHYON 20190122
Tencent 20190122
TheHacker 20190118
TrendMicro 20190123
TrendMicro-HouseCall 20190123
Trustlook 20190122
VBA32 20190121
ViRobot 20190122
Webroot 20190122
Yandex 20190122
Zillya 20190122
ZoneAlarm by Check Point 20190122
Zoner 20190122
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
TeamViewer GmbH

Product TeamViewer
Original name TeamViewer_Note.exe
Internal name TeamViewer
File version 13.2.26558.0
Description TeamViewer 13
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-06 11:25:16
Entry Point 0x0001501C
Number of sections 5
PE sections
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueA
RegSetValueExA
RegEnumKeyA
RegDeleteValueA
GetFileSecurityA
RegCreateKeyExA
SetFileSecurityA
RegOpenKeyExA
RegCreateKeyA
GetBkMode
GetWindowExtEx
SetMapMode
GetWindowOrgEx
PatBlt
GetClipBox
CreatePen
GetCurrentPositionEx
SaveDC
TextOutA
CreateFontIndirectA
GetTextMetricsA
CreateRectRgnIndirect
LPtoDP
PtVisible
SetStretchBltMode
GetROP2
CombineRgn
GetViewportOrgEx
Rectangle
GetDeviceCaps
CreateDCA
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
GetTextExtentPoint32A
CreateBitmap
EndDoc
CreateSolidBrush
StartPage
DeleteObject
IntersectClipRect
BitBlt
GetCharWidthA
GetStretchBltMode
StretchDIBits
SetTextColor
CreatePatternBrush
GetObjectA
SelectObject
MoveToEx
SetAbortProc
ExcludeClipRect
GetNearestColor
CreateFontA
GetStockObject
CreateDIBitmap
SetViewportOrgEx
ScaleWindowExtEx
SetBkColor
ExtTextOutA
LineTo
GetTextExtentPointA
SetTextAlign
ScaleViewportExtEx
SelectClipRgn
GetPolyFillMode
GetTextAlign
GetTextFaceA
GetBkColor
SetROP2
EndPage
CreateRectRgn
SetViewportExtEx
StartDocA
SetPolyFillMode
GetMapMode
CreateCompatibleBitmap
SetWindowExtEx
GetTextColor
SetWindowOrgEx
DPtoLP
Escape
GetViewportExtEx
AbortDoc
SetRectRgn
CreateCompatibleDC
RectVisible
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
HeapDestroy
IsBadCodePtr
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
WriteFile
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
MoveFileA
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
FormatMessageA
GetStringTypeExA
SetLastError
GlobalFindAtomA
HeapAlloc
GetModuleFileNameA
GetVolumeInformationA
GetPrivateProfileStringA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
UnlockFile
GetFileSize
GlobalDeleteAtom
GetPrivateProfileIntA
DeleteFileA
GetCPInfo
GetProcAddress
CompareStringW
GlobalReAlloc
lstrcmpA
FindFirstFileA
GetDiskFreeSpaceA
GetProfileStringA
CompareStringA
GetTempFileNameA
DuplicateHandle
GlobalLock
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
SystemTimeToFileTime
LCMapStringW
lstrlenA
GlobalFree
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
GetShortPathNameA
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
LockResource
SetFileTime
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
lstrcpynA
GetACP
GetVersion
SizeofResource
HeapCreate
lstrcpyA
VirtualFree
Sleep
IsBadReadPtr
GetProcessVersion
FindResourceA
VirtualAlloc
VariantChangeType
VariantTimeToSystemTime
SysStringLen
SysAllocStringLen
VariantClear
SysAllocString
VariantCopy
SysFreeString
SysAllocStringByteLen
Ord(253)
SHGetFileInfoA
ExtractIconA
DragFinish
DragQueryFileA
SetFocus
RegisterClipboardFormatA
GetMessagePos
SetMenuItemBitmaps
SetRectEmpty
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
SetScrollPos
IsWindow
SetTimer
DispatchMessageA
EndPaint
GetWindowLongA
GrayStringA
WindowFromPoint
GetMessageTime
SetActiveWindow
GetDC
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
SetWindowContextHelpId
GetNextDlgTabItem
CallNextHookEx
LoadAcceleratorsA
GetWindowTextLengthA
CopyAcceleratorTableA
ClientToScreen
GetTopWindow
ExcludeUpdateRgn
ScrollWindow
GetWindowTextA
DestroyWindow
GetMessageA
GetParent
MapDialogRect
UpdateWindow
SetPropA
EqualRect
EnumWindows
ShowWindow
GetPropA
GetNextDlgGroupItem
GetDesktopWindow
GetTabbedTextExtentA
EnableWindow
LockWindowUpdate
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
LoadStringA
SetParent
IsZoomed
GetWindowPlacement
IsIconic
RegisterClassA
TabbedTextOutA
GetSubMenu
CreateWindowExA
GetActiveWindow
ShowOwnedPopups
FillRect
CopyRect
DeferWindowPos
IsWindowUnicode
PtInRect
IsChild
IsDialogMessageA
MapWindowPoints
SetCapture
BeginPaint
OffsetRect
GetScrollPos
KillTimer
RegisterWindowMessageA
DefWindowProcA
SendDlgItemMessageA
GetSystemMetrics
EnableMenuItem
SetScrollRange
GetWindowRect
InflateRect
InvertRect
PostMessageA
ReleaseCapture
IntersectRect
SetWindowLongA
EndDialog
RemovePropA
SetWindowTextA
CheckMenuItem
DrawFocusRect
GetLastActivePopup
GetDCEx
GetDlgItem
GetMenuCheckMarkDimensions
BringWindowToTop
ScreenToClient
GetClassLongA
InsertMenuA
CreateDialogIndirectParamA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
GetMenuState
GetSystemMenu
ReuseDDElParam
GetMenuItemID
SetForegroundWindow
PostThreadMessageA
DrawTextA
GetScrollRange
GetScrollInfo
LoadMenuA
HideCaret
CharNextA
GetCapture
FindWindowA
MessageBeep
ShowCaret
GetSysColorBrush
BeginDeferWindowPos
AppendMenuA
UnhookWindowsHookEx
SetDlgItemTextA
MoveWindow
GetMenuStringA
CallWindowProcA
MessageBoxA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
GetSysColor
SetScrollInfo
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
DestroyIcon
ShowScrollBar
UnpackDDElParam
WinHelpA
SetRect
DeleteMenu
InvalidateRect
wsprintfA
TranslateAcceleratorA
DefDlgProcA
ValidateRect
IsRectEmpty
GetClassNameA
GetFocus
IsWindowVisible
ModifyMenuA
SetMenu
SetCursor
OpenPrinterA
DocumentPropertiesA
ClosePrinter
GetFileTitleA
GetOpenFileNameA
PrintDlgA
GetSaveFileNameA
CommDlgExtendedError
OleUninitialize
CLSIDFromString
OleInitialize
StgCreateDocfileOnILockBytes
OleFlushClipboard
CoGetClassObject
CLSIDFromProgID
CoRevokeClassObject
CoFreeUnusedLibraries
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
CoTaskMemFree
CreateILockBytesOnHGlobal
CoTaskMemAlloc
Number of PE resources by type
RT_ICON 10
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 11
GERMAN 1
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
TeamViewer

SubsystemVersion
4.0

InitializedDataSize
421888

ImageVersion
0.0

ProductName
TeamViewer

FileVersionNumber
13.2.26558.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
TeamViewer_Note.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
13.2.26558.0

TimeStamp
2016:12:06 12:25:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TeamViewer

ProductVersion
13.2.26558.0

FileDescription
TeamViewer 13

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
TeamViewer GmbH

MachineType
Intel 386 or later, and compatibles

CompanyName
TeamViewer GmbH

CodeSize
286720

FileSubtype
0

ProductVersionNumber
13.2.0.0

EntryPoint
0x1501c

ObjectFileType
Executable application

Execution parents
File identification
MD5 ec894b988d3e8cf720f40db52e735754
SHA1 3bc08cc097a6e4e072e680c10eaeef14edc73fb4
SHA256 d5da21d949f518943f96cd13cfe508e743e0597ba18d2caf22ce1df2feb93078
ssdeep
12288:u3VAETQVzYNkt//xMoc6gzUhtn2K3j+FAJZimlRE2cG:u3qDYNkJl3nFztTlRn7

authentihash d1f8e1711ec9eeeb025d991b057f837a914dd5215fe574c81398495c1e60e185
imphash cc3f335ee22eed941d9f33d2bd837993
File size 696.0 KB ( 712704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-22 08:12:17 UTC ( 4 months ago )
Last submission 2019-01-23 02:59:35 UTC ( 4 months ago )
File names ssgcrwau.exe
grhwissv.exe
gjrrstrw.exe
hatedsrs.exe
jvgubcfa.exe
wuttshhg.exe
liwx.jpg
ibjasiwv.exe
output.114800224.txt
ugtvitej.exe
TeamViewer_Note.exe
TeamViewer
surhedhd.exe
fuwsisfa.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Code injections in the following processes
Runtime DLLs