vanillarat | TeamViewer_Setup[.]exe | Triage

Sharing

General

Target

TeamViewer_Setup.exe
Size

167KB
MD5

e9b22671e6d12b6e916ba894ac226db6
SHA1

81b6798f8f3168d65a114906dc0613bbedb0a51f
SHA256

3ba0993bd95aa81f72ad13fa9cfb2304f715bebe4a486b688d6b1252e8f67d44
SHA512

7d29251d77cbe813d0d414377e8d09438e3d457b12ed9d03898f7fa5c1a3538ff4407bb962ff033a665244b182c828126c62f5f1917155ce81001f9835208b42
SSDEEP

3072:vJZKnPE2YyJzELtyTFyYeY8lNgoiJ+sX8HFvytbCNIR6kqOJTMMz+:vJZKBI0FyYeY4eoiJ+sCFvRSHbz+

Score

10^/10

rat vanillarat

Malware Config

Signatures

Vanilla Rat payload 1 IoCs

resource	yara_rule
sample	vanillarat

Vanillarat family
vanillarat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TeamViewer_Setup.exe

Files

TeamViewer_Setup.exe
.exe windows x86

Password: 2

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 181B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ