rvncvierwer_5[.]2[.]1[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

rvncvierwer_5.2.1.exe
Size

2.4MB
MD5

119055d1c41f9a44b486c3c213e69d6c
SHA1

8b8242bda86388345b641d16e06ffed63bd705bb
SHA256

48a9ddba2014017ca299148ba7da8c552b3233186b62c6b7fd8ce404053487a7
SHA512

6c1d57d294a1b608904a23b8401172cb13ee2315e399041471ccf6d12374ffdf86a4f4d128f036d38fa60207717c2ee570e0498684434684316b36719c5acc2e
SSDEEP

49152:t/3CJMQ1IlTtbG1eVq9lLic6h9eGGEQTAf/TktjE:9yxiTtbaLsOdADJ

Score

1^/10

Malware Config

Signatures

Files

rvncvierwer_5.2.1.exe
.exe windows x86

90ec8bbea0dc1df6219b2cdf6b534b9c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

28:38:aa:2a:b3:50:5b:fa:bd:47:4c:9c:37:3c:42:53
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10/08/2012, 00:00

Not After

21/08/2015, 23:59

Subject

CN=RealVNC Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=RealVNC Ltd,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7f:0f:79:88:96:50:d4:78:5d:b1:7a:0d:50:31:dd:f1:5c:f1:83:79
Signer

Actual PE Digest

7f:0f:79:88:96:50:d4:78:5d:b1:7a:0d:50:31:dd:f1:5c:f1:83:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSASocketW
listen
__WSAFDIsSet
WSADuplicateSocketW
ntohs
setsockopt
closesocket
WSAStartup
getsockopt
ioctlsocket
socket
WSAIoctl
WSAEventSelect
accept
recv
shutdown
select
send
getsockname
getpeername
WSASetLastError
getservbyport
gethostbyaddr
htons
getservbyname
htonl
inet_ntoa
gethostbyname
inet_addr
bind
WSAConnect
WSAEnumNetworkEvents
WSAGetLastError

kernel32

GetVersionExW
FlushFileBuffers
GetLocaleInfoW
GetUserDefaultLCID
ExitProcess
GetSystemInfo
FindFirstFileW
FindNextFileW
FindNextFileA
LoadLibraryA
GetSystemDirectoryA
GetComputerNameW
GetDateFormatW
GetTimeFormatW
ResumeThread
CreateThread
TerminateThread
GetCurrentThread
GetThreadTimes
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
SetFileAttributesW
GetProfileStringW
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetModuleHandleA
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
SetFilePointer
HeapReAlloc
GetModuleFileNameA
SetEndOfFile
GetConsoleCP
InterlockedIncrement
InterlockedDecrement
SystemTimeToTzSpecificLocalTime
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetProcAddress
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
LCMapStringA
LCMapStringW
VirtualAlloc
CreateFileA
WriteConsoleA
GetConsoleOutputCP
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetVersion
GlobalMemoryStatus
GetLastError
GetFileType
SetStdHandle
ReadFile
WriteFile
GetStdHandle
GetCurrentProcessId
GetTickCount
SetEnvironmentVariableW
DeleteFileA
GetTempPathW
GetTempFileNameW
OutputDebugStringW
FileTimeToSystemTime
GetSystemTimeAsFileTime
WaitForMultipleObjects
LocalFree
GetOverlappedResult
CreateNamedPipeW
ConnectNamedPipe
SetEvent
CancelIo
ResetEvent
CreateEventW
LocalAlloc
CreateFileW
OpenProcess
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
FreeEnvironmentStringsA
GetTimeZoneInformation
RemoveDirectoryW
CreateDirectoryW
MoveFileW
DeleteFileW
GetFileAttributesW
FormatMessageW
WriteConsoleW
AllocConsole
GetConsoleMode
ExpandEnvironmentStringsW
SetHandleInformation
DuplicateHandle
GetCurrentDirectoryW
CreateProcessW
TerminateProcess
WaitForSingleObject
GetExitCodeProcess
GetCurrentProcess
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GlobalFree
FindResourceW
LoadResource
LockResource
SizeofResource
SetLastError
GetModuleHandleW
GetCurrentThreadId
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
LoadLibraryW
GetModuleFileNameW
FreeLibrary
GetLogicalDrives
GetFileAttributesA
FindFirstFileA
FindClose
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
SetErrorMode
Sleep

user32

GetWindowPlacement
GetSysColorBrush
GetDlgCtrlID
ReleaseCapture
InflateRect
DrawFrameControl
FrameRect
ShowCursor
SetRect
IsIconic
GetUpdateRect
MessageBeep
ValidateRect
AdjustWindowRect
GetKeyboardState
GetOpenClipboardWindow
EmptyClipboard
SetClipboardData
RegisterClipboardFormatW
PostThreadMessageW
GetScrollInfo
AppendMenuW
mouse_event
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
MsgWaitForMultipleObjects
IsWindowVisible
MapVirtualKeyW
keybd_event
VkKeyScanExW
VkKeyScanExA
ToUnicodeEx
ToAsciiEx
GetAsyncKeyState
GetWindowDC
CreateIconIndirect
FillRect
RegisterWindowMessageW
GetDC
ReleaseDC
ClientToScreen
DefWindowProcW
GetKeyState
GetNextDlgTabItem
SetCursor
GetMessagePos
SetCapture
DrawFocusRect
GetMessageW
SystemParametersInfoW
GetParent
PostMessageW
GetWindowInfo
IsChild
SetParent
GetKeyboardLayout
GetMenuItemCount
InsertMenuItemW
DestroyMenu
DeleteMenu
SetMenuItemInfoW
CreatePopupMenu
GetMenuState
SetMenuDefaultItem
TrackPopupMenu
LoadImageW
DefDlgProcW
GetDesktopWindow
CreateWindowExW
DestroyWindow
LoadCursorW
CallWindowProcW
RegisterClassExW
GetWindowTextLengthW
UnregisterClassW
GetClassNameW
GetWindowRect
ScreenToClient
GetComboBoxInfo
SetFocus
GetSysColor
DestroyIcon
EnumChildWindows
EndDialog
CreateDialogParamW
GetWindowTextW
SetWindowTextW
IsDialogMessageW
DialogBoxParamW
SetWindowLongW
GetWindowLongW
LoadIconW
DispatchMessageW
TranslateMessage
SetWindowsHookExW
MessageBoxW
CallNextHookEx
BeginPaint
DrawTextW
AdjustWindowRectEx
OffsetRect
ScrollWindowEx
UpdateWindow
EnumDisplaySettingsW
SetScrollInfo
ChangeDisplaySettingsW
IsRectEmpty
GetWindowThreadProcessId
RegisterClassW
GetFocus
PeekMessageW
EndPaint
InvalidateRect
SetWindowPos
GetClientRect
EnableWindow
ChangeClipboardChain
SetClipboardViewer
GetClipboardOwner
SendMessageTimeoutW
GetClipboardData
OpenClipboard
CloseClipboard
SetWindowRgn
IsZoomed
GetIconInfo
DrawIconEx
CopyRect
GetForegroundWindow
CloseDesktop
EnumDesktopWindows
OpenDesktopW
EnumDesktopsW
PostQuitMessage
GetDlgItem
GetSystemMetrics
GetSystemMenu
EnableMenuItem
GetCursorPos
FindWindowW
ShowWindow
SetForegroundWindow
SendMessageW
CheckMenuItem
UnhookWindowsHookEx

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

comctl32

ImageList_Destroy
ImageList_Draw
ImageList_Create
ImageList_Add
_TrackMouseEvent
InitCommonControlsEx

imm32

ImmGetContext
ImmSetOpenStatus
ImmGetVirtualKey

oleacc

LresultFromObject
AccessibleObjectFromWindow

gdi32

BitBlt
SetDIBColorTable
SetPixelV
CreateBitmap
CreateDIBSection
CreateCompatibleBitmap
SetBkColor
DeleteDC
CreateCompatibleDC
CreateDCW
CreateSolidBrush
ExcludeClipRect
LineTo
MoveToEx
PatBlt
CreateRectRgn
RealizePalette
CreatePen
CombineRgn
StretchBlt
CreatePalette
SetPaletteEntries
GetRegionData
OffsetRgn
GetRandomRgn
SetBrushOrgEx
SetStretchBltMode
CreateBrushIndirect
EndDoc
EndPage
StartPage
ResetDCW
StartDocW
StretchDIBits
GetCurrentObject
GetTextExtentPoint32W
GetDeviceCaps
GetStockObject
SetRectRgn
Rectangle
GetObjectW
CreateFontIndirectW
DeleteObject
SetBkMode
SetTextColor
SelectPalette
GetDIBits
CreateRectRgnIndirect
SelectObject

winspool.drv

GetPrinterW
OpenPrinterW
ClosePrinter
DocumentPropertiesW
DeviceCapabilitiesW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

advapi32

ImpersonateLoggedOnUser
RevertToSelf
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
InitializeAcl
GetAclInformation
SetEntriesInAclW
GetUserNameW
LookupAccountNameW
AllocateAndInitializeSid
FreeSid
IsValidSid
GetLengthSid
CopySid
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetSecurityDescriptorControl
GetSecurityDescriptorLength
MakeSelfRelativeSD
EqualSid
SetNamedSecurityInfoW
GetSecurityInfo
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
SetSecurityInfo
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW
RegNotifyChangeKeyValue
RegQueryValueExW
RegCloseKey
CreateProcessAsUserW
OpenProcessToken
GetTokenInformation
DeregisterEventSource
ReportEventA
RegisterEventSourceA

shell32

SHGetMalloc
SHGetDesktopFolder
SHAddToRecentDocs
SHFileOperationW
SHGetFileInfoW
Shell_NotifyIconW
ShellExecuteW
SHBrowseForFolderW

ole32

CoTaskMemAlloc
OleSetClipboard
OleGetClipboard
ReleaseStgMedium
CoInitializeEx
CoUninitialize
OleInitialize
OleUninitialize
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoTaskMemFree
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512KB - Virtual size: 508KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90ec8bbea0dc1df6219b2cdf6b534b9c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

28:38:aa:2a:b3:50:5b:fa:bd:47:4c:9c:37:3c:42:53Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

7f:0f:79:88:96:50:d4:78:5d:b1:7a:0d:50:31:dd:f1:5c:f1:83:79Signer

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

version

comctl32

imm32

oleacc

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 512KB - Virtual size: 508KB

.data Size: 88KB - Virtual size: 104KB

.rsrc Size: 240KB - Virtual size: 236KB

.reloc Size: 140KB - Virtual size: 138KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

28:38:aa:2a:b3:50:5b:fa:bd:47:4c:9c:37:3c:42:53
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

7f:0f:79:88:96:50:d4:78:5d:b1:7a:0d:50:31:dd:f1:5c:f1:83:79
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 512KB - Virtual size: 508KB

.data
Size: 88KB - Virtual size: 104KB

.rsrc
Size: 240KB - Virtual size: 236KB

.reloc
Size: 140KB - Virtual size: 138KB