VNCPassView[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

VNCPassView.exe
Size

53KB
MD5

d28f0cfae377553fcb85918c29f4889b
SHA1

32e24780735a0148c3cc4ce7dda30ed9365397a9
SHA256

816d7616238958dfe0bb811a063eb3102efd82eff14408f5cab4cb5258bfd019
SHA512

6bde61660b8f490afc7c759d1524ff11950311acb591e0327426bdeff753a3bff895e79e38e4203032629badaea9b338eca59ac4174749f5dae368d4febe8c49
SSDEEP

1536:NN7ZEyhh5vmK6ApMmmIzrhz9vfbw557J6:vpZv0rmmAt9nk557J6

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Files

VNCPassView.exe
.exe windows x86

14ccc05e3f89d437c608fcb108c4d108

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
__p__fmode
_onexit
__dllonexit
_purecall
_mbslwr
strtoul
_mbschr
_memicmp
_mbscmp
__set_app_type
_controlfp
_c_exit
_except_handler3
malloc
_mbsicmp
memset
free
modf
_mbsrchr
memcmp
??3@YAXPAX@Z
??2@YAPAXI@Z
strlen
memcpy
_itoa
strcpy
strcat
_mbsnbcat
_snprintf

comctl32

ImageList_Create
ImageList_SetImageCount
CreateToolbarEx
ord6
ImageList_AddMasked
ord17
ImageList_ReplaceIcon

kernel32

GetCurrentProcess
ExitProcess
ReadProcessMemory
GetCurrentProcessId
DeleteFileA
SetErrorMode
EnumResourceNamesA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
OpenProcess
EnumResourceTypesA
GetStartupInfoA
GetWindowsDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
WriteFile
GetTempFileNameA
ReadFile
GlobalAlloc
GetVersionExA
CreateFileA
GlobalLock
GetFileSize
CloseHandle
LockResource
FindResourceA
GetTempPathA
SizeofResource
GlobalUnlock
LocalFree
GetModuleFileNameA
GetFileAttributesA
GetLastError
GetModuleHandleA
LoadLibraryExA
FormatMessageA
LoadResource

user32

PostQuitMessage
TrackPopupMenu
EndDeferWindowPos
RegisterWindowMessageA
GetSysColorBrush
LoadCursorA
ShowWindow
ChildWindowFromPoint
SetCursor
SetDlgItemTextA
SendDlgItemMessageA
GetDlgItemInt
SetWindowTextA
SetDlgItemInt
EndDialog
GetDlgItem
CreateWindowExA
DefWindowProcA
RegisterClassA
TranslateAcceleratorA
GetWindowRect
MessageBoxA
UpdateWindow
GetWindowPlacement
GetSystemMetrics
PostMessageA
SendMessageA
SetMenu
LoadAcceleratorsA
SetWindowPos
LoadImageA
LoadIconA
GetWindowLongA
SetWindowLongA
SetFocus
InvalidateRect
GetSysColor
OpenClipboard
MoveWindow
GetMenu
EmptyClipboard
GetClassNameA
EnableMenuItem
CloseClipboard
CheckMenuItem
ReleaseDC
GetDC
GetMenuItemCount
GetSubMenu
SetClipboardData
GetMenuStringA
EnableWindow
MapWindowPoints
GetCursorPos
GetClientRect
EnumChildWindows
GetMenuItemInfoA
LoadMenuA
GetParent
LoadStringA
ModifyMenuA
CreateDialogParamA
DialogBoxParamA
GetDlgCtrlID
GetWindowTextA
DestroyMenu
DestroyWindow
BeginDeferWindowPos
TranslateMessage
GetMessageA
IsDialogMessageA
DeferWindowPos
DispatchMessageA
DrawTextExA

gdi32

GetStockObject
GetTextExtentPoint32A
SetBkColor
SelectObject
GetDeviceCaps
SetBkMode
DeleteObject
SetTextColor
CreateFontIndirectA

comdlg32

GetSaveFileNameA

advapi32

RegDeleteKeyA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14ccc05e3f89d437c608fcb108c4d108

Headers

File Characteristics

Imports

msvcrt

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 9KB - Virtual size: 9KB