winvnc[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

winvnc.exe
Size

251KB
MD5

40a21759f5ad164f5c58e3c4c1a30ede
SHA1

287b840f6bd10a05922d9ded005eda53128efe12
SHA256

5ffb6b4b753e5915516c03f91e6cd09dcfdc87004ce3ecdd2e3e8d51bc0bea72
SHA512

19a1052731f8780dac7855454d38685a0e11a898c98c0138c8dcad722f34f9e50f34bbcad5915bf62886942934795d5907e2be081ce84639d415f14aa368db28
SSDEEP

6144:hKnY9gzc0Yqwqo4whubQ5WtTBR+Iw+4Adj:hEY9gzc0Y6whOQ5WtT7iOj

Score

1^/10

Malware Config

Signatures

Files

winvnc.exe
.exe windows x86

b73e5bbaad306b551b55477412cc3e12

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:2e:ca:04:f7:a4
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2011, 17:15

Not After

18/03/2014, 17:15

Subject

CN=uvnc bvba,O=uvnc bvba,L=Antwerpen,ST=Antwerpen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c0:95:e9:ee:18:d7:e0:96:4d:26:96:27:ad:d9:dc:76:c5:52:7f:6f
Signer

Actual PE Digest

c0:95:e9:ee:18:d7:e0:96:4d:26:96:27:ad:d9:dc:76:c5:52:7f:6f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostname
gethostbyname
ioctlsocket
WSAGetLastError
recv
send
getsockname
getpeername
accept
listen
inet_addr
connect
htons
htonl
bind
shutdown
closesocket
socket
setsockopt
WSACleanup
WSAStartup

winmm

timeGetTime

kernel32

MapViewOfFile
OpenFileMappingA
CloseHandle
UnmapViewOfFile
WaitForSingleObject
CreateMutexA
ReleaseMutex
GetComputerNameA
ResumeThread
CreateThread
IsBadWritePtr
IsBadReadPtr
GetLastError
GetSystemTime
FlushFileBuffers
CreateDirectoryA
MoveFileA
SetErrorMode
GetDriveTypeA
GetLogicalDriveStringsA
FileTimeToSystemTime
GetFileTime
CreateFileA
MulDiv
GetCurrentThreadId
SetFilePointer
ReadFile
WriteFile
SetFileTime
SystemTimeToFileTime
SetEndOfFile
Sleep
GetVersionExA
SetThreadPriority
GetCurrentThread
OpenEventA
GlobalUnlock
GlobalLock
GlobalAlloc
SetProcessShutdownParameters
TerminateProcess
CreateProcessA
GetStdHandle
AllocConsole
MoveFileExA
FormatMessageA
SetLastError
WriteConsoleA
OutputDebugStringA
GetCurrentProcessId
OpenProcess
SearchPathA
GlobalFree
TlsGetValue
TlsFree
TlsAlloc
CreateFileMappingA
DuplicateHandle
TlsSetValue
CreateSemaphoreA
ReleaseSemaphore
DeleteCriticalSection
InitializeCriticalSection
GetProcAddress
LoadLibraryA
FindClose
FindNextFileA
FindFirstFileA
GetModuleFileNameA
DeleteFileA
FreeLibrary
CopyFileA
LeaveCriticalSection
EnterCriticalSection
GetSystemInfo
GetVersion
GetStartupInfoA
GetModuleHandleA
lstrlenA
GetCurrentProcess
GetProfileStringA

user32

SetThreadDesktop
GetProcessWindowStation
GetUserObjectInformationA
ExitWindowsEx
EnableWindow
GetSubMenu
OpenInputDesktop
TrackPopupMenu
GetMenuItemID
EnableMenuItem
DestroyMenu
LoadMenuA
ToAscii
SetMenuDefaultItem
VkKeyScanA
GetAsyncKeyState
MapVirtualKeyA
PeekMessageA
WaitMessage
IsIconic
WaitForInputIdle
GetParent
GetClipboardOwner
GetClipboardData
GetForegroundWindow
IsWindowVisible
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetIconInfo
DrawIconEx
SetClipboardViewer
IsWindow
EnumWindows
OpenDesktopA
EnumDesktopWindows
CloseDesktop
FindWindowA
GetClassNameA
ChangeClipboardChain
DestroyWindow
GetDesktopWindow
WindowFromPoint
GetWindowRect
RegisterWindowMessageA
GetThreadDesktop
mouse_event
GetCursorPos
InvalidateRect
wsprintfA
GetKeyboardState
keybd_event
GetDC
ReleaseDC
EnumDisplaySettingsA
GetDlgItemTextA
SetFocus
EndDialog
SetWindowTextA
LoadStringA
DialogBoxParamA
GetScrollInfo
PostMessageA
SetDlgItemTextA
GetDlgItem
SendDlgItemMessageA
SetForegroundWindow
MessageBoxA
SystemParametersInfoA
SendMessageA
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
KillTimer
PostQuitMessage
SetTimer
LoadIconA
LoadCursorA
RegisterClassExA
AdjustWindowRect
CreateWindowExA
GetWindowLongA
SetWindowLongA
ShowWindow
GetSystemMetrics
SetWindowPos
IsRectEmpty
LoadImageA
GetWindowTextA

gdi32

CreateCompatibleBitmap
SetDIBColorTable
RealizePalette
SelectPalette
GetDeviceCaps
GdiFlush
GetBitmapBits
GetObjectA
CreateDIBSection
BitBlt
GetPixel
GetSystemPaletteEntries
SetBkMode
GetStockObject
GetClipBox
CreateCompatibleDC
CreateSolidBrush
SelectObject
DeleteDC
GetDIBits
CreateDCA
DeleteObject
CreatePalette
PatBlt
StretchBlt

shell32

Shell_NotifyIconA
ShellExecuteExA
SHAppBarMessage
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA

advapi32

RegCreateKeyExA
OpenProcessToken
RegSetValueExA
RegCloseKey
RevertToSelf
DuplicateToken
ImpersonateLoggedOnUser
GetUserNameA
RegQueryValueExA
RegOpenKeyExA

ole32

CoInitialize
CoCreateInstance

comctl32

InitCommonControlsEx

msvcrt

sscanf
memmove
memcmp
free
malloc
strcmp
strstr
_snprintf
_purecall
??2@YAPAXI@Z
_ismbcdigit
atoi
_mbsicmp
memcpy
strcpy
strrchr
strlen
strcat
??3@YAXPAX@Z
__CxxFrameHandler
_initterm
sprintf
memset
abs
_strdup
__setusermatherr
_adjust_fdiv
__p__commode
fflush
printf
_dup2
_open_osfhandle
fclose
_iob
_vsnprintf
ctime
time
_stricmp
fgets
fopen
exit
setbuf
_CxxThrowException
__p__fmode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
_controlfp
strncat
strncpy
_strnicmp
strchr
tolower
calloc
strncmp
_beginthreadex
_endthreadex
fprintf
realloc
__dllonexit
_onexit
_XcptFilter
_acmdln
__getmainargs
_fdopen
_exit
_itoa

msvcp60

??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ

Sections

.text
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b73e5bbaad306b551b55477412cc3e12

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4eCertificate

Key Usages

04:00:00:00:00:01:23:9e:0f:ac:b3Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

01:00:00:00:00:01:2e:ca:04:f7:a4Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:1e:44:a5:ec:beCertificate

Key Usages

c0:95:e9:ee:18:d7:e0:96:4d:26:96:27:ad:d9:dc:76:c5:52:7f:6fSigner

Headers

File Characteristics

Imports

wsock32

winmm

kernel32

user32

gdi32

shell32

advapi32

ole32

comctl32

msvcrt

msvcp60

Sections

.text Size: 160KB - Virtual size: 157KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 32KB - Virtual size: 46KB

.rsrc Size: 16KB - Virtual size: 12KB

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

01:00:00:00:00:01:2e:ca:04:f7:a4
Certificate

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

c0:95:e9:ee:18:d7:e0:96:4d:26:96:27:ad:d9:dc:76:c5:52:7f:6f
Signer

.text
Size: 160KB - Virtual size: 157KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 32KB - Virtual size: 46KB

.rsrc
Size: 16KB - Virtual size: 12KB