realvncviewer4[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

realvncviewer4.exe
Size

284KB
MD5

0735b4eab59a45af57361b494ee42914
SHA1

512fc4bc14a96657556e9e5d9b1f1bc28c17497f
SHA256

bb07c72f0f1dc925f33bb4bcdbfd26a1fca50b3d7877ce5133a73bf2b1b2ff41
SHA512

1e838ffbbcde726fb31325838a161c84e72b33b6f28534098b75dc8bef0671c137eeaefb46b9569c9bb20dd081c1ecaaed9f439b4d4a08e7edda867d3169bc37
SSDEEP

6144:KD819V7G9n7p8a61SQCHLQ79ezGTSwdqym9iEK4zDkY8UXnMJ:KD819V7G9n7p8a61SQCrQYwdqM8wYfO

Score

1^/10

Malware Config

Signatures

Files

realvncviewer4.exe
.exe windows x86

47f0b31daa4e937833bf24d7fb7abda9

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:70:14
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

17/09/2004, 10:10

Not After

17/09/2005, 10:10

Subject

CN=RealVNC Ltd,OU=Software,O=RealVNC Ltd,L=Cambridge,ST=Cambridgeshire,C=UK

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2a:8a:ab:a9:d1:4e:5a:cf:60:f7:36:d9:9b:92:2b:50:6a:99:29:de
Signer

Actual PE Digest

2a:8a:ab:a9:d1:4e:5a:cf:60:f7:36:d9:9b:92:2b:50:6a:99:29:de

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ModifyMenuA
InsertMenuA
CallNextHookEx
CheckMenuItem
EnableMenuItem
GetSystemMenu
DispatchMessageA
LoadMenuA
GetSubMenu
SetMenuDefaultItem
SetForegroundWindow
PostQuitMessage
GetMessageA
TranslateMessage
GetWindowTextA
SetWindowTextA
ShowCursor
BeginPaint
SetRect
FillRect
EndPaint
GetClientRect
InvalidateRect
SetCursor
AdjustWindowRect
GetSystemMetrics
GetAsyncKeyState
GetCursorPos
TrackPopupMenu
SetScrollInfo
SetTimer
ScrollWindowEx
GetWindowRect
SetWindowPos
KillTimer
DialogBoxParamA
GetDlgItemTextA
SetDlgItemTextA
EnableWindow
EndDialog
ToAscii
GetKeyboardState
DefWindowProcA
SetClipboardViewer
ChangeClipboardChain
CloseClipboard
GetClipboardData
OpenClipboard
GetClipboardOwner
SetClipboardData
EmptyClipboard
IsWindowVisible
PostMessageA
RemoveMenu
GetForegroundWindow
SetWindowsHookExA
UnhookWindowsHookEx
SystemParametersInfoA
GetDesktopWindow
GetDC
ReleaseDC
PostThreadMessageA
CreateWindowExA
UnregisterClassA
RegisterClassA
LoadImageA
GetDlgItem
SendMessageA
SetWindowLongA
CreateDialogParamA
DestroyWindow
MessageBoxA
AppendMenuA
UpdateWindow
GetUpdateRect
GetWindowLongA
ShowWindow
MessageBeep
MsgWaitForMultipleObjects
PeekMessageA

gdi32

CreateCompatibleDC
DeleteDC
CreateCompatibleBitmap
GetDIBits
CreateDIBSection
GetObjectA
SetDIBColorTable
ResizePalette
UnrealizeObject
SetPaletteEntries
SelectPalette
RealizePalette
GetStockObject
BitBlt
DeleteObject
CreatePalette
SelectObject

ws2_32

closesocket
recv
select
connect
gethostbyname
htons
inet_addr
socket
WSAStartup
getsockname
getpeername
ntohs
shutdown
setsockopt
listen
bind
htonl
accept
send
WSAAsyncSelect
WSAEventSelect
inet_ntoa
WSAGetLastError

comctl32

CreatePropertySheetPageA
PropertySheetA
_TrackMouseEvent

shell32

Shell_NotifyIconA

comdlg32

GetSaveFileNameA
CommDlgExtendedError

kernel32

ReadFile
GetStringTypeW
SetStdHandle
SetFilePointer
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
VirtualAlloc
FlushFileBuffers
LCMapStringW
LCMapStringA
MultiByteToWideChar
WriteFile
VirtualFree
HeapCreate
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedExchange
GetStringTypeA
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
HeapReAlloc
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetFileType
CreateEventA
GetModuleHandleA
CloseHandle
ResetEvent
GetLastError
Sleep
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetEvent
GetCurrentDirectoryA
AllocConsole
FreeConsole
QueryPerformanceFrequency
QueryPerformanceCounter
FormatMessageA
ExpandEnvironmentStringsA
TlsAlloc
TlsSetValue
CreateThread
ResumeThread
WaitForSingleObject
GetCurrentThread
GetCurrentThreadId
TlsGetValue
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
CreateFileA
GetModuleFileNameA
GetVersionExA
GetProcAddress
LoadLibraryA
FreeLibrary
WaitForMultipleObjects
RtlUnwind
RaiseException
ExitProcess
TerminateProcess
GetCurrentProcess
GetStartupInfoA
GetCommandLineA
GetVersion
InterlockedDecrement
InterlockedIncrement
GetTimeZoneInformation
GetSystemTime
GetLocalTime
MoveFileA
DeleteFileA
HeapFree
GetSystemTimeAsFileTime
HeapAlloc
HeapSize
SetLastError
SetUnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetStdHandle

advapi32

RegQueryValueExA
RegCreateKeyA
RegCloseKey
RegQueryInfoKeyA
RegEnumValueA
RegOpenKeyExA
RegSetValueExA
RegNotifyChangeKeyValue

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 196KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

47f0b31daa4e937833bf24d7fb7abda9

Code Sign

0aCertificate

Extended Key Usages

Key Usages

20:70:14Certificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

2a:8a:ab:a9:d1:4e:5a:cf:60:f7:36:d9:9b:92:2b:50:6a:99:29:deSigner

Headers

File Characteristics

Imports

user32

gdi32

ws2_32

comctl32

shell32

comdlg32

kernel32

advapi32

version

Sections

.text Size: 196KB - Virtual size: 194KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 36KB - Virtual size: 43KB

.rsrc Size: 20KB - Virtual size: 16KB

0a
Certificate

20:70:14
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

2a:8a:ab:a9:d1:4e:5a:cf:60:f7:36:d9:9b:92:2b:50:6a:99:29:de
Signer

.text
Size: 196KB - Virtual size: 194KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 36KB - Virtual size: 43KB

.rsrc
Size: 20KB - Virtual size: 16KB