teamviewer.exe

q93gxUGuucPe215H4 software

Sivensys SRL

The executable teamviewer.exe, “br5xm9Pik8NA7l7PY” has been detected as malware by 1 anti-virus scanner. The file has been seen being downloaded from www.instdl535.info.
Publisher:
NJkgoXAiIC.Inc  (signed by Sivensys SRL)

Product:
q93gxUGuucPe215H4 software

Description:
br5xm9Pik8NA7l7PY

Version:
2.28.67.2664

MD5:
5095ad12e26e07a73ca99078b2838bfa

SHA-1:
d0fb826d7a298f8abb3c0bce018f872bc46f984c

SHA-256:
c731ea29bdaafeb754528c89b5ec61a1464be91ea327aba37e6706824ada7f22

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/23/2024 6:26:12 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.3.15.19

File size:
1.2 MB (1,234,904 bytes)

Product version:
9.15.27.108

Copyright:
9S7FSKC1UvTd (c) 2016

Trademarks:
u04m5hDb0Yo registered trademark

Original file name:
tigHWB.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\teamviewer.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
7/7/2016 11:51:32 AM

Valid to:
7/8/2017 11:51:32 AM

Subject:
CN=Sivensys SRL, O=Sivensys SRL, L=Iasi, C=RO

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
63C72E9CF30DB668557B6C0E

File PE Metadata
Compilation timestamp:
9/1/2016 8:57:47 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x1AE9A

Entry point:
E8, EF, 45, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, 08, AF, 41, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, 04, D5, 00, 00, 8B, 45, 0C, 8B, 40, 04, 83, E0, FD, 8B, 4D, 0C, 89, 41, 04, 64, 8B, 3D...
 
[+]

Entropy:
6.1212

Code size:
178 KB (182,272 bytes)

The file teamviewer.exe has been seen being distributed by the following URL.

http://www.instdl535.info/.../?key=bmFtZT1UZWFtVmlld2VyJmFwcF9uYW1lPVRlYW1WaWV3ZXImdmVyc2lvbj0xMS4wLjY1NDUyJmRhdGFfdXBkPTI5K0F1ZysyMDE2JmZpbGVfbmFtZT1UZWFtVmlld2VyLmV4ZSZkb3dubG9hZF91cmw9aHR0cHMlM0ElMkYlMkZzMy5hbWF6b25hd3MuY29tJTJGZmluZG15c29mdC5kb3dubG9hZCUyRjIwMTYlMkYwOCUyRjI5JTJGVGVhbVZpZXdlcl8xMS4wLjY1NDUyLmV4ZSZpY29uX3VybD1odHRwJTNBJTJGJTJGZmlsZXMud2luLWZpbGUuY29tJTJGaWNvbiUyRjY1ODMwLmdpZiZzdG9yZWRfc2l6ZT0xMC41K01CJmZsb3c9NjgmdHlwPWh0dHAlM0ElMkYlMkZsaW5rLmp1c3RjbG91ZC5jb20lMkY1NmI5Zjk1ODBiNzA5JTJGY2xpY2smZGVidWc9ZmFsc2Umc2tfaWQ9MiZlbmNyeXB0PWh0bWwuZW5jb2RlZCZkb3dubG9hZF90ZXN0PXRlc3RfbGlua19nZSZ1dG1fY2FtcGFpZ249MTQxOTk0NjM5JnV0bV9zb3VyY2U9YmluZ2FkcyZ1dG1fbWVkaXVtPWNwYyZ1dG1fY29udGVudD01MjkwMzc3NDE3JnV0bV90ZXJtPTI5Nzg1MzU4MTQwJmlkX3Nlc3Npb249aWRqcDdtNHNocXM4bGs0aTJqbW9nZTQ1NjMmaWRfc2l0ZT0yJmlkX2Ztcz02NTgzMA==

Remove teamviewer.exe - Powered by Reason Core Security