FastVNC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

FastVNC.exe
Size

1.3MB
MD5

280404ffb851e178335367e715ae10c5
SHA1

57b21d03b461381da060227d54110a721ae54bfa
SHA256

12ce46eb62edcbc8547e8ce352826e22cf2dc5e5289c7160898fbb61c3dd25b0
SHA512

0e9e21477d0579bd1eac9020e652d24cbe0177957a3b755f3f1ac202a84795134a26130ca8174de46285e51a9af8adc13b4ac3121b60b6a18109bc7680f300d7
SSDEEP

24576:CkgpzCJyZpv0NAazNZoF1QqUqESfybpYRpDCU/rDU9BJ91Jko7uH:zgpWJyD9azNZoF1Qqfo6HCpBT1aSuH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FastVNC.exe

Files

FastVNC.exe
.exe windows x86

cdb7c9cd29553ae4efd750f6e7fb40e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
LoadResource
SizeofResource
WriteFile
CloseHandle
lstrcpyA
lstrcatA
lstrlenA
GetModuleFileNameA
GetModuleHandleA
FindResourceW
FindResourceExW
SetCurrentDirectoryA
CreateFileA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThreadId
ReleaseSemaphore
CreateSemaphoreA
GetNativeSystemInfo
CreateEventA
SetLastError
PostQueuedCompletionStatus
GetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
WaitForMultipleObjects
GetFileSize
UnmapViewOfFile
CreateFileMappingA
MapViewOfFileEx
SetEvent
ResetEvent
GlobalAlloc
GlobalLock
GlobalUnlock
FlushInstructionCache
GetCurrentProcess
ExitProcess
RaiseException
MulDiv
lstrcmpA
GetTickCount
GetTempPathA
DecodePointer
FreeLibrary
GlobalHandle
GlobalFree
lstrcmpiA
LoadLibraryExA
FindResourceA
FlushFileBuffers
WriteConsoleW
SetStdHandle
LCMapStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetModuleFileNameW
GetStdHandle
GetModuleHandleExW
GetCommandLineA
VirtualQuery
VirtualProtect
GetSystemInfo
LoadLibraryExW
ExitThread
CreateThread
EncodePointer
RtlUnwind
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
IsDebuggerPresent
TerminateProcess
GetCurrentProcessId
GetProcessHeap
HeapSize
HeapReAlloc
GetProcAddress
LockResource
Sleep
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateFileW
LeaveCriticalSection
EnterCriticalSection
SwitchToThread
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
InterlockedCompareExchange
InterlockedDecrement
IsDBCSLeadByte
InterlockedIncrement

user32

TranslateMessage
DispatchMessageA
PeekMessageA
PostMessageA
GetClassNameA
RegisterWindowMessageA
SendMessageA
DefWindowProcA
CallWindowProcA
UnregisterClassA
GetParent
wsprintfA
GetSystemMetrics
GetWindowRect
MapWindowPoints
LoadImageA
MonitorFromWindow
GetMonitorInfoA
GetMessageA
PostQuitMessage
ShowWindow
KillTimer
SetTimer
CreateDialogIndirectParamA
EnableWindow
MsgWaitForMultipleObjectsEx
RegisterClassExA
GetClassInfoExA
CreateWindowExA
IsWindow
IsChild
DestroyWindow
MoveWindow
SetWindowPos
EndDialog
GetDlgItem
CharNextA
SetFocus
GetFocus
SetCapture
ReleaseCapture
CreateAcceleratorTableA
DestroyAcceleratorTable
GetDC
ReleaseDC
BeginPaint
EndPaint
InvalidateRect
InvalidateRgn
RedrawWindow
SetWindowTextA
IsDialogMessageA
GetWindowTextA
GetWindowTextLengthA
GetClientRect
SetWindowContextHelpId
MessageBoxA
ClientToScreen
ScreenToClient
GetSysColor
FillRect
GetWindowLongA
SetWindowLongA
GetDesktopWindow
GetDlgItemTextA
SetDlgItemTextA
MapDialogRect
LoadCursorA
GetWindow

gdi32

GetTextMetricsA
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject
GetObjectA
SelectObject

advapi32

RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA

shell32

ShellExecuteA

ole32

CoTaskMemRealloc
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
OleLockRunning
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoGetClassObject

oleaut32

LoadRegTypeLi
SysAllocStringLen
SysFreeString
VarUI4FromStr
OleCreateFontIndirect
DispCallFunc
SysAllocString
LoadTypeLi
VariantClear
VariantInit
SysStringLen

comctl32

InitCommonControlsEx

winmm

timeGetTime

ws2_32

WSAStartup
listen
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSASetLastError
recv
WSAGetOverlappedResult
socket
connect
bind
WSACleanup
getaddrinfo
WSASend
WSARecv
WSAIoctl
WSAGetLastError
shutdown
setsockopt
ntohs
inet_addr
htons
getsockname
closesocket
freeaddrinfo
send

Sections

.text
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cdb7c9cd29553ae4efd750f6e7fb40e9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

winmm

ws2_32

Sections

.text Size: 159KB - Virtual size: 159KB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 9KB - Virtual size: 17KB

.rsrc Size: 15KB - Virtual size: 14KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 159KB - Virtual size: 159KB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 9KB - Virtual size: 17KB

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 12KB - Virtual size: 11KB