vanillarat | TeamViewer_Setup[.]exe | Triage

Sharing

General

Target

TeamViewer_Setup.exe
Size

470KB
MD5

b3c7ffb0c5ba452d0c68da59f90b39af
SHA1

ee538ad689a49911cc4befae22269b8c3a261caa
SHA256

7411a95cf987a085c9bb3990cab95b8479e752b1c4370c9c256c07dd64f6b7b9
SHA512

d0a89e233aa03983f5b8d7067a923469b48eaac6d24f2a73ce22afdeefa2eb1c2976a69b511c25ff2845b49f43dfd2e68d7083506a162bb3b6669c5ee644b36e
SSDEEP

6144:eqly+sJZKBI09yYeY4eoiJ+sCFv1peInLz+:RRyYrZos+xFvHL6

Score

10^/10

rat vanillarat

Malware Config

Signatures

Vanilla Rat payload 1 IoCs

resource	yara_rule
sample	vanillarat

Vanillarat family
vanillarat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TeamViewer_Setup.exe

Files

TeamViewer_Setup.exe
.exe windows x86

Password: 444

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 181B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ