VNC[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

VNC.exe
Size

1.4MB
MD5

dfd39081dfc3ab5e3263ee1b0e9edd71
SHA1

8459af6639f6f8ff0833728b6687af43c89deca6
SHA256

9c363995b8ddc17c572a5f88c079e6948539193b0bf2b1f880422a68754eaee5
SHA512

31c0ce6a5cbb14ff21fd17c57daddfa3a2c83193dda1f5367113413308eabf4af9f81700262c42a22b9155691eb11d51922ee55f1133c3220a34587704035e1e
SSDEEP

24576:g34nXqLn+L0BviPtY+8zdy+zoEq4PdDBe11+6kisjqtWGz:44a3vwJyk8Usjq4Gz

Score

1^/10

Malware Config

Signatures

Files

VNC.exe
.exe windows x86

537e0419945cdafea79a0cb25eec4a00

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:86:d5:55:e6:df:75:f9:2c:50:35:ae:b7:e1:de:3f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28-09-2007 00:00

Not After

31-10-2010 23:59

Subject

CN=RealVNC Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=RealVNC Limited,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1b:b3:e7:a6:9f:df:21:61:df:dd:ae:f8:5d:06:de:37:f8:f3:08:21
Signer

Actual PE Digest

1b:b3:e7:a6:9f:df:21:61:df:dd:ae:f8:5d:06:de:37:f8:f3:08:21

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSASetEvent
WSAEventSelect
WSAIoctl
getsockopt
WSADuplicateSocketW
WSASocketW
inet_ntoa
gethostbyname
inet_addr
setsockopt
WSAStartup
htons
getsockname
getpeername
send
select
recv
ioctlsocket
accept
htonl
listen
bind
socket
WSAConnect
closesocket
WSAGetLastError

comctl32

PropertySheetW
CreatePropertySheetPageW
ImageList_Destroy
ImageList_Create
ord17
ImageList_ReplaceIcon
ImageList_Draw
_TrackMouseEvent
InitCommonControlsEx

imm32

ImmSetOpenStatus
ImmGetVirtualKey
ImmGetContext

kernel32

GetModuleHandleW
SetErrorMode
FindClose
FindFirstFileA
GetFileAttributesA
GetDiskFreeSpaceW
GetDiskFreeSpaceExW
GetVolumeInformationW
GetDriveTypeW
GetLogicalDrives
ReadFile
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEndOfFile
GetDateFormatA
GetTimeFormatA
GetStringTypeW
LeaveCriticalSection
GetLocaleInfoA
LCMapStringW
MoveFileW
GetProfileStringW
LCMapStringA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
InitializeCriticalSection
CreatePipe
GetLastError
GetCurrentProcess
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
DuplicateHandle
WriteFile
CloseHandle
GetCurrentDirectoryW
Sleep
EnterCriticalSection
DeleteCriticalSection
GetStringTypeA
SetEnvironmentVariableA
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
FreeLibrary
GetProcAddress
LoadLibraryW
GetVersionExW
ExpandEnvironmentStringsW
GetExitCodeProcess
WaitForSingleObject
TerminateProcess
CreateProcessW
SetHandleInformation
GetModuleFileNameW
CreateFileW
OpenProcess
GetStdHandle
AllocConsole
GlobalFree
GetTempFileNameA
GetTempPathA
LocalFree
ExitProcess
GetComputerNameW
LocalAlloc
SetEvent
CreateEventW
WideCharToMultiByte
MultiByteToWideChar
FormatMessageW
GetSystemTimeAsFileTime
WaitForMultipleObjects
ResumeThread
CreateThread
GetThreadTimes
GetCurrentThread
ResetEvent
TerminateThread
OutputDebugStringW
GlobalUnlock
GlobalAlloc
GlobalLock
FindNextFileA
FindNextFileW
FindFirstFileW
CancelIo
GetOverlappedResult
GetTempFileNameW
CreateDirectoryW
GetTempPathW
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
SetFilePointer
GetModuleHandleA
GetCommandLineA
GetEnvironmentStringsW
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
HeapReAlloc
DeleteFileA
GetModuleFileNameA
MoveFileA
DeleteFileW
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
SetHandleCount
GetFileType
SetStdHandle
CreateFileA
LoadLibraryA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
HeapFree

user32

ShowWindow
UpdateWindow
keybd_event
MapVirtualKeyW
ToAsciiEx
MessageBeep
SendMessageW
SetForegroundWindow
FindWindowW
IsIconic
GetUpdateRect
InsertMenuW
RemoveMenu
EnableMenuItem
ToUnicodeEx
DialogBoxParamW
IsDialogMessageW
CreateDialogParamW
EndDialog
EnableWindow
IsWindowEnabled
MessageBoxW
DestroyIcon
GetPropW
CallWindowProcW
RemovePropW
SetPropW
DrawTextW
LoadBitmapW
DrawFocusRect
GetFocus
GetMessagePos
GetNextDlgTabItem
GetParent
GetKeyState
GetWindowInfo
RegisterClassW
GetMessageTime
OffsetRect
CreateWindowExA
WaitForInputIdle
ReleaseDC
GetDC
GetWindowDC
ChangeDisplaySettingsW
EnumDisplaySettingsW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowThreadProcessId
GetClassNameW
CloseDesktop
EnumDesktopWindows
OpenDesktopW
EnumDesktopsW
GetProcessWindowStation
MsgWaitForMultipleObjects
PeekMessageW
GetKeyboardLayout
GetKeyboardState
GetForegroundWindow
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
SetClipboardViewer
ChangeClipboardChain
SendMessageTimeoutW
mouse_event
wsprintfW
RegisterClipboardFormatW
GetMessageW
TranslateMessage
LoadMenuW
GetSubMenu
SetMenuDefaultItem
PostQuitMessage
PostMessageW
LoadCursorW
CreateWindowExW
GetSystemMenu
DestroyMenu
LoadIconW
RegisterClassExW
DefWindowProcW
AdjustWindowRect
SetCursor
GetAsyncKeyState
GetCursorPos
TrackPopupMenu
BeginPaint
EndPaint
ScreenToClient
ClientToScreen
ValidateRect
SetCapture
SetWindowTextW
CheckMenuItem
AppendMenuW
DispatchMessageW
InvalidateRect
SystemParametersInfoW
ReleaseCapture
SetRect
AdjustWindowRectEx
GetSystemMetrics
SetScrollInfo
ShowCursor
GetClientRect
ScrollWindowEx
UnregisterClassW
DestroyWindow
GetClipboardOwner
GetComboBoxInfo
GetWindowLongW
LoadImageW
SetTimer
KillTimer
IsWindowVisible
GetSysColorBrush
FillRect
SetWindowLongW
GetWindowRect
SetFocus
GetDlgItem
SetWindowPos
PostThreadMessageW

gdi32

OffsetRgn
GetStockObject
SetStretchBltMode
SetBrushOrgEx
StretchBlt
GetRandomRgn
EndDoc
BitBlt
GetRegionData
StretchDIBits
PlayEnhMetaFile
GetEnhMetaFileW
StartDocW
ResetDCW
StartPage
EndPage
SetPaletteEntries
CreateDIBSection
SetDIBColorTable
GetDIBits
CreateDCW
CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
DeleteDC
GetCurrentObject
GetTextExtentPoint32W
SetTextColor
CreatePen
CreateBrushIndirect
Rectangle
SetBkColor
SelectObject
CreatePalette
DeleteObject
CreateFontIndirectW
GetObjectW
CreateRectRgn
RealizePalette
SelectPalette

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

shell32

ShellExecuteW
SHGetDesktopFolder
SHBrowseForFolderW
Shell_NotifyIconW
SHGetMalloc
SHGetPathFromIDListW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winspool.drv

DeletePrinter
GetPrinterW
EnumPrinterDriversW
OpenPrinterW
ClosePrinter
SetPrinterW
EnumJobsW
AddPrinterW
DocumentPropertiesW
EnumMonitorsW
EnumPortsW
DeviceCapabilitiesW
EnumPrintersW

advapi32

GetAclInformation
SetSecurityDescriptorDacl
ImpersonateLoggedOnUser
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegNotifyChangeKeyValue
RegSetValueExW
RegEnumValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
CreateProcessAsUserW
OpenProcessToken
RevertToSelf
InitializeSecurityDescriptor
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetTokenInformation
AllocateAndInitializeSid
FreeSid
IsValidSid
GetLengthSid
CopySid
EqualSid
GetUserNameW

ole32

OleSetClipboard
ReleaseStgMedium
OleGetClipboard
OleInitialize
OleUninitialize
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoTaskMemAlloc
CoInitialize
CoCreateInstance

Sections

.text
Size: 784KB - Virtual size: 783KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 444KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

537e0419945cdafea79a0cb25eec4a00

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

70:86:d5:55:e6:df:75:f9:2c:50:35:ae:b7:e1:de:3fCertificate

Extended Key Usages

Key Usages

1b:b3:e7:a6:9f:df:21:61:df:dd:ae:f8:5d:06:de:37:f8:f3:08:21Signer

Headers

File Characteristics

Imports

ws2_32

comctl32

imm32

kernel32

user32

gdi32

comdlg32

shell32

version

winspool.drv

advapi32

ole32

Sections

.text Size: 784KB - Virtual size: 783KB

.rdata Size: 200KB - Virtual size: 197KB

.data Size: 28KB - Virtual size: 55KB

.rsrc Size: 444KB - Virtual size: 440KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

70:86:d5:55:e6:df:75:f9:2c:50:35:ae:b7:e1:de:3f
Certificate

1b:b3:e7:a6:9f:df:21:61:df:dd:ae:f8:5d:06:de:37:f8:f3:08:21
Signer

.text
Size: 784KB - Virtual size: 783KB

.rdata
Size: 200KB - Virtual size: 197KB

.data
Size: 28KB - Virtual size: 55KB

.rsrc
Size: 444KB - Virtual size: 440KB