» TeamViewer.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Downloads (3)

TeamViewer.exe

TeamViewer

TeamViewer GmbH

This is installed with TeamViewer 4. The file has been seen being downloaded from www.tradebulls.in and multiple other hosts.

File name:

TeamViewer.exe

Publisher:

TeamViewer GmbH (signed and verified)

Product:

TeamViewer

Description:

TeamViewer Remote Control Application

Version:

4.0.5421.0

MD5:

fa1df37f126f406533097e555103a7c9

SHA-1:

54b8e72daac5c0fb811071399d09d2de5126e487

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

1/7/2025 5:02:46 PM UTC (today)

File size:

3.8 MB (3,945,768 bytes)

Product version:

4.0

?TeamViewer GmbH

Trademarks:

TeamViewer

Original file name:

TeamViewer.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\teamviewer\version4\teamviewer.exe

Digital Signature

Signed by:

TeamViewer GmbH

Authority:

VeriSign, Inc.

Valid from:

1/16/2008 3:00:00 AM

Valid to:

2/23/2011 2:59:59 AM

Subject:

CN=TeamViewer GmbH, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=TeamViewer GmbH, S=Baden Wuerttemberg, C=DE

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

25C902D026E31244C125996771C9DC01

File PE Metadata

Compilation timestamp:

12/15/2008 8:19:43 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

49152:YPfl2PCqoHplFmHsob2mCJ0tA+Sa7Povo9XvYiczxpi+EMcsa46M/obmQ:sflYCfDmCOA3acvevYHpi+EMb6MC

Entry address:

0x11F366

Entry point:

E8, 4B, 12, 01, 00, E9, 16, FE, FF, FF, 3B, 0D, 14, 93, 6F, 00, 75, 02, F3, C3, E9, CB, 12, 01, 00, 55, 8D, AC, 24, 58, FD, FF, FF, 81, EC, 28, 03, 00, 00, A1, 14, 93, 6F, 00, 33, C5, 89, 85, A4, 02, 00, 00, F6, 05, 1C, 93, 6F, 00, 01, 56, 74, 08, 6A, 0A, E8, CF, BD, 00, 00, 59, E8, EA, 13, 01, 00, 85, C0, 74, 08, 6A, 16, E8, EC, 13, 01, 00, 59, F6, 05, 1C, 93, 6F, 00, 02, 0F, 84, A0, 00, 00, 00, 89, 85, 88, 00, 00, 00, 89, 8D, 84, 00, 00, 00, 89, 95, 80, 00, 00, 00, 89, 5D, 7C, 89, 75, 78, 89, 7D, 74, 66... 
[+]

Entropy:

6.8249

Code size:

2.3 MB (2,448,896 bytes)

Windows Firewall Allowed Program

Name:

C:\Program Files\TeamViewer\Version4\TeamViewer.exe

The file TeamViewer.exe has been discovered within the following program.

TeamViewer 4 by TeamViewer GmbH

TeamViewer is a proprietary computer software package for remote control, desktop sharing, online meetings, web conferencing and file transfer between computers. It is possible to access a machine running TeamViewer with a web browser.

www.teamviewer.com

5% remove it

The file TeamViewer.exe has been seen being distributed by the following 3 URLs.

https://www.tradebulls.in/Admin/.../590_TeamViewer_4.exe

http://www.tradebulls.in/Admin/.../590_TeamViewer_4.exe

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_1_3712136_AFd3w0MAAALfVpGYEQ1WEMOwIgc&fid=Inbox&pid=2&clean=0&appid=YahooMailNeo&ymreqid=618c72a5-da19-58bb-019f-3c001b010000

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.