teamviewer_setup_en-ckh.exe

TeamViewer

TeamViewer

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is installed with the program TeamViewer 8. The file has been seen being downloaded from download.oldapps.com and multiple other hosts.
Publisher:
TeamViewer GmbH  (signed by TeamViewer)

Product:
TeamViewer

Version:
8.0.22298.0

MD5:
8d3b6297e439b19854bde2f18c6d333b

SHA-1:
ad082a89ed82cc8632d6df385a576442c353dded

SHA-256:
098e13b4a48ffaee100de7fa819b82521820fdfdd260ab9cd6f7bbfb2a3b8253

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/23/2024 10:15:43 AM UTC  (today)

Scan engine
Detection
Engine version

Rising Antivirus
PE:Trojan.Dropper!6.3CE
23.00.65.131205

File size:
5.5 MB (5,795,152 bytes)

Product version:
8.0.22298.0

Copyright:
TeamViewer GmbH

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\teamviewer_setup_en-ckh.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
8/8/2011 10:00:00 AM

Valid to:
8/8/2014 9:59:59 AM

Subject:
CN=TeamViewer, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=TeamViewer, L=Goeppingen, S=Baden Wuerttemberg, C=DE

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3D27AFBEA5996F13E5B5624421F16295

File PE Metadata
Compilation timestamp:
2/25/2012 6:19:54 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:kJUTkCbDgz0BFIlVJvAKUfTE3RXggkOxAL2BWwME4gtMoI:kJUYCbT/SAKUrcw3aK2lIgtMoI

Entry address:
0x3883

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, 92, 40, 00, FF, 15, 84, 81, 40, 00, 68, 4C, 92, 40, 00, 68, C0, AD, 46, 00, E8, 18, 27, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 06, 27, 00, 00...
 
[+]

Entropy:
7.9927

Packer / compiler:
Nullsoft install system v2.x

Code size:
27.5 KB (28,160 bytes)

The file teamviewer_setup_en-ckh.exe has been discovered within the following program.

TeamViewer 8  by TeamViewer GmbH
TeamViewer 8 is a proprietary computer software package for remote control, desktop sharing, online meetings, web conferencing and file transfer between computers. It is possible to access a machine running TeamViewer with a web browser.
www.teamviewer.com/en/download/windows.aspx
10% remove it
 
Powered by Should I Remove It?

The file teamviewer_setup_en-ckh.exe has been seen being distributed by the following 32 URLs.

http://download.oldapps.com/.../TeamViewer_Setup_8.0.22298.exe

http://downloadus1.teamviewer.com/.../TeamViewer_Setup_en-ckq.exe

http://download.teamviewer.com/.../TeamViewer_Setup_en-djp.exe

Latest 30 of 32 download URLs