teamviewer_setup.exe

TeamViewer

Innovative Systems LLC

The application teamviewer_setup.exe by Innovative Systems has been detected as adware by 17 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from teamviewer.joydownload.com and multiple other hosts.
Publisher:
Innovative Systems LLC  (signed and verified)

Product:
TeamViewer

Version:
1.0.0.0

MD5:
a7e30bc53a17ae5780e2e87110e57839

SHA-1:
e223de478eb50a4ddd9476bc37bea517bc0407b6

SHA-256:
cfb3a806e2a92f0325064990184e37e5dcac019f2c6c9dc129d5e3c1be79673b

Scanner detections:
17 / 68

Status:
Adware

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
12/25/2024 12:11:10 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.OpenCandy
2015.05.05

AVG
OpenCandy
2016.0.3103

Baidu Antivirus
Adware.Win32.OpenCandy
4.0.3.15520

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Trojan.Agent-803351
0.98/21511

Dr.Web
Adware.OpenCandy.55
9.0.1.0140

ESET NOD32
Win32/JoyDownloader.D potentially unwanted
9.11575

G Data
Win32.Adware.OpenCandy
15.5.25

K7 AntiVirus
Unwanted-Program
13.203.15799

McAfee
Artemis!A7E30BC53A17
5600.6759

NANO AntiVirus
Riskware.Win32.OpenCandy.dqfxyu
0.30.24.1357

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.InnovativeSystems
15.5.20.10

Trend Micro House Call
ADW_OPENCANDY
7.2.140

Trend Micro
ADW_OPENCANDY
10.465.20

VIPRE Antivirus
Trojan.Win32.Generic
39948

File size:
496.4 KB (508,304 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\arquivos\teamviewer_setup.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
9/18/2014 9:00:00 PM

Valid to:
9/19/2015 8:59:59 PM

Subject:
CN=Innovative Systems LLC, O=Innovative Systems LLC, L=Dnepropetrovsk, S=Dnepropetrovska, C=UA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
09A91C40EAE34E72CD975B0B218AE4BA

File PE Metadata
Compilation timestamp:
5/19/2013 8:52:48 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:aQN7yDK117IrqvUkziZ9fS4KC5htcDePB/ZaibzwJPxYv5myST:rN2DKj7yOUkzEFhx5hCuWi3wKv5/E

Entry address:
0x331F

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 30, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, BC, 70, 40, 00, 55, FF, 15, AC, 72, 40, 00, 6A, 08, A3, D8, 7A, 7A, 00, E8, A8, 2E, 00, 00, A3, 24, 7A, 7A, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, D0, EE, 79, 00, FF, 15, 7C, 71, 40, 00, 68, 7C, 93, 40, 00, 68, 20, 6A, 7A, 00, E8, 13, 2B, 00, 00, FF, 15, 34, 71, 40, 00, BB, 00, 20, 7B, 00, 50, 53, E8, 01, 2B, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
24 KB (24,576 bytes)

The file teamviewer_setup.exe has been seen being distributed by the following 7 URLs.

http://teamviewer.joydownload.com/get_azure_file/wUiS4WnYccXBwj zXP7oQkEsml0kPTy1E1v4YdzZp7dvriWi8yE3iYccJgTtabv2LTfpkQkeazbLTqu1E/Y9xbNykpnBU1nT7SS7BkX9qnm9iOfa7dPbm3EI MEiiAxIVX3kADx/hodt7CC5UGKTUr1Ow4TrMz0VPuBuegoEcKX1VnBtPJufe1172eaxUElmLcG3kfNgRjyouRnFn/V RMvpYsntZXNWzcO0D JnlR8f/9e n1O7ZK1/.../XZsCqYSpSDrjsJuC3HV0db0AT4I3K30hsequGAhqzRy23c8RW2y4RFjhqMPuxgskOHvCsW0d2NKe

http://teamviewer.pt.joydownload.com/get_azure_file/wUiS4WnYccXAwj uQbjxCggnkkU3LTPkEh74coqM6bdjr3f14WJxwckML0T1Y/j2PHmumQ0MIGjPEeutCrcz0bIjzsedDR7Fpmy4UBe /.../8ik2UrzLaB3nT6kCt1Wrc24SWuq6sWCkXUqZr0AT4A3Kyl67Le1FllrjBa6xZkRQnGnX1i09tiLhFphezLa7SJBz9Ke

http://teamviewer.joydownload.com/get_azure_file/wUiS4WnYccXBwj zXP7oQkEsml0kPTy1E1v4ZtbB4Kt2tCersGMrwdoKLELvbrP NnC3g15bOHHMQr21E/Y9wbNyxs PDE b/SXqUwXlszi1jP/D6YCGxTwM4oc7wF9BXmThU2pnn4Aj CHoWGGYSLVZ2syiPTQNevprewoEaqX2XTl1ec7ENE97z G4Q29gOtng2q4/D2mwoB6azaIqXcf6JYC8ZDJW3cuvWa02lF4f7ILvjErzLaBxnT7wWpMI/.../Vjx29KfnA08p2wS7lNdCGT63WVGn9tj2zEwvPXjWumgXz9Ke

http://teamviewer.joydownload.com/get_azure_file/wUiS4WnYccXBwj zXP7oQkEsml0kPTy1E1v4YtbB6qAk5ib0pWJgjIJQeRigK6n3fHm6ykYNeiPVWby1E w9wr1hw8OcDw2Q9iS7BkT9qj/7mf6SpNjSg2JZqtY6gF9QEi/.../8 TWO uEiZxaM5Fpn esCuZWMYipDgW7Bx2EhXgsuoyR24cP89wj6tQMVe5NX4Gi37uMiamydjbbVJV8RkbW0o8 ilFwhjhwS7lNdCGT63WVGn9tj2zEwvPXjWumgXz9Ke

Remove teamviewer_setup.exe - Powered by Reason Core Security