vncpassview[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

vncpassview.zip
Size

34KB
MD5

e588d5d25b471df294540f370fbe81d0
SHA1

bd21c8f525a3dfb672416d91d178a46feaaed495
SHA256

a598f49d5b6c06097550952aef7260f226227cf64a982c8fedb605f8f30039b4
SHA512

4651b103a337670eb3e5bbc36930d21f8eccf51b62cce37b320cc7cd9bfcb5e5135aa2375326677c475f580e2edf00489749e6e87c9bcaa3b80f8edc7a71d48c
SSDEEP

768:dNFf0VVIh3OjwmvKoDWGgBrb4emGcZaAQEaDpCMem0YQ:HCKh+jwmvXPgBv4NGcZaAt/MemBQ

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
static1/unpack001/VNCPassView.exe	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/VNCPassView.exe

Files

vncpassview.zip
.zip
VNCPassView.chm
.chm
VNCPassView.exe
.exe windows x86

14ccc05e3f89d437c608fcb108c4d108

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
__p__fmode
_onexit
__dllonexit
_purecall
_mbslwr
strtoul
_mbschr
_memicmp
_mbscmp
__set_app_type
_controlfp
_c_exit
_except_handler3
malloc
_mbsicmp
memset
free
modf
_mbsrchr
memcmp
??3@YAXPAX@Z
??2@YAPAXI@Z
strlen
memcpy
_itoa
strcpy
strcat
_mbsnbcat
_snprintf

comctl32

ImageList_Create
ImageList_SetImageCount
CreateToolbarEx
ord6
ImageList_AddMasked
ord17
ImageList_ReplaceIcon

kernel32

GetCurrentProcess
ExitProcess
ReadProcessMemory
GetCurrentProcessId
DeleteFileA
SetErrorMode
EnumResourceNamesA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
OpenProcess
EnumResourceTypesA
GetStartupInfoA
GetWindowsDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
WriteFile
GetTempFileNameA
ReadFile
GlobalAlloc
GetVersionExA
CreateFileA
GlobalLock
GetFileSize
CloseHandle
LockResource
FindResourceA
GetTempPathA
SizeofResource
GlobalUnlock
LocalFree
GetModuleFileNameA
GetFileAttributesA
GetLastError
GetModuleHandleA
LoadLibraryExA
FormatMessageA
LoadResource

user32

PostQuitMessage
TrackPopupMenu
EndDeferWindowPos
RegisterWindowMessageA
GetSysColorBrush
LoadCursorA
ShowWindow
ChildWindowFromPoint
SetCursor
SetDlgItemTextA
SendDlgItemMessageA
GetDlgItemInt
SetWindowTextA
SetDlgItemInt
EndDialog
GetDlgItem
CreateWindowExA
DefWindowProcA
RegisterClassA
TranslateAcceleratorA
GetWindowRect
MessageBoxA
UpdateWindow
GetWindowPlacement
GetSystemMetrics
PostMessageA
SendMessageA
SetMenu
LoadAcceleratorsA
SetWindowPos
LoadImageA
LoadIconA
GetWindowLongA
SetWindowLongA
SetFocus
InvalidateRect
GetSysColor
OpenClipboard
MoveWindow
GetMenu
EmptyClipboard
GetClassNameA
EnableMenuItem
CloseClipboard
CheckMenuItem
ReleaseDC
GetDC
GetMenuItemCount
GetSubMenu
SetClipboardData
GetMenuStringA
EnableWindow
MapWindowPoints
GetCursorPos
GetClientRect
EnumChildWindows
GetMenuItemInfoA
LoadMenuA
GetParent
LoadStringA
ModifyMenuA
CreateDialogParamA
DialogBoxParamA
GetDlgCtrlID
GetWindowTextA
DestroyMenu
DestroyWindow
BeginDeferWindowPos
TranslateMessage
GetMessageA
IsDialogMessageA
DeferWindowPos
DispatchMessageA
DrawTextExA

gdi32

GetStockObject
GetTextExtentPoint32A
SetBkColor
SelectObject
GetDeviceCaps
SetBkMode
DeleteObject
SetTextColor
CreateFontIndirectA

comdlg32

GetSaveFileNameA

advapi32

RegDeleteKeyA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
readme.txt

Sharing

General

Malware Config

Signatures

Files

14ccc05e3f89d437c608fcb108c4d108

Headers

File Characteristics

Imports

msvcrt

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 9KB - Virtual size: 9KB