Portable vnchelper[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Portable vnchelper.zip
Size

92KB
MD5

e82aeaccef152112e8da36ee85fd7045
SHA1

3ea876bd4dca1df0005998db0482d643d264e156
SHA256

33f23e9945c2f4b538828087e436d46905b3133693c2eedb01227e1b9d40ee58
SHA512

b4e00a12f863d34d8ceb01245314c337d6350b07a363bff4150cecc2b52ce2e7a8740ed7093b889580da2d52e5b25d332c44e8c9d720bcc6304ab3b9f8e3959e
SSDEEP

1536:AGTQiSE/ob5gBdduXkbZ4vRdzt65C2h5GDgQNBLesQIDx8aLLvBbNfg:AGTQiBobCg0V4Pz0NIN8sV88Lg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/vnchelper.exe

Files

Portable vnchelper.zip
.zip
vnchelper.exe
.exe windows:5 windows x86 arch:x86

01652c2f4170b6e1aefc719822ffa9bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc90

ord6048
ord820
ord1045
ord6559
ord4311
ord6760
ord4030
ord693
ord3554
ord4644
ord265
ord1258
ord1254
ord3627
ord2590
ord6327
ord4513
ord6071
ord3157
ord3148
ord5179
ord744
ord2753
ord524
ord6333
ord5307
ord1603
ord1607
ord798
ord3140
ord3997
ord4029
ord4952
ord589
ord3659
ord4890
ord3110
ord6001
ord5646
ord5663
ord4981
ord4333
ord2447
ord5659
ord5657
ord3209
ord2087
ord4199
ord5813
ord6721
ord5533
ord1046
ord4165
ord6018
ord2206
ord2251
ord4733
ord6781
ord4159
ord6783
ord4409
ord4434
ord793
ord2208
ord554
ord758
ord639
ord616
ord654
ord5063
ord4801
ord310
ord6784
ord3480
ord4638
ord1668
ord2274
ord611
ord4252
ord374
ord3506
ord4668
ord4650
ord1496
ord6388
ord3344
ord1678
ord1809
ord1810
ord5309
ord5152
ord4617
ord5615
ord5167
ord780
ord6815
ord578
ord320
ord5891
ord1039
ord6787
ord4516
ord5776
ord4727
ord4529
ord5963
ord4507
ord4116
ord5877
ord6646
ord2146
ord1691
ord4248
ord6615
ord4993
ord5636
ord2368
ord436
ord686
ord4640
ord2277
ord4496
ord1604
ord2103
ord3519
ord3489
ord3228
ord5151
ord4616
ord3488
ord1671
ord1770
ord6335
ord2496
ord2899
ord2470
ord4251
ord2360
ord3056
ord2207
ord340
ord1937
ord2057
ord4160
ord6782
ord3671
ord5389
ord6356
ord3218
ord1446
ord5608
ord2139
ord1792
ord1791
ord1728
ord5633
ord2766
ord2978
ord3107
ord4714
ord2961
ord3135
ord2769
ord2888
ord2759
ord3277
ord4066
ord4067
ord4057
ord2886
ord4334
ord4895
ord4667
ord3643
ord595
ord2069
ord2592
ord2588
ord3213
ord305
ord6613
ord1611
ord945
ord300
ord6802
ord5761
ord2691
ord5835
ord2481
ord4506
ord2262
ord6170
ord4392
ord817
ord6079
ord2480
ord3178
ord6527
ord6791
ord1709
ord5750
ord1247
ord3579
ord367
ord333
ord2097
ord636
ord2587
ord1108
ord1361
ord2130
ord4498
ord2282
ord3730
ord6557
ord789
ord586
ord2327
ord777
ord2283
ord1720
ord3346
ord6391
ord1755
ord1752
ord4331
ord1497
ord4646
ord5585
ord2074
ord5497
ord6780
ord4589
ord5647
ord3732
ord5139
ord4688
ord1729
ord6446
ord5668
ord5666
ord958
ord963
ord967
ord965
ord969
ord2610
ord2630
ord2614
ord2620
ord2618
ord2616
ord2633
ord2628
ord2612
ord2635
ord2623
ord2605
ord2607
ord2625
ord266
ord2375
ord3568
ord6074
ord1357
ord3477
ord1358
ord3528
ord3479
ord2106
ord316
ord2539
ord910
ord1183
ord601
ord3534
ord1144
ord1137
ord1061
ord1087
ord3726
ord3987
ord1644
ord1252
ord2566
ord1265
ord800
ord1276

msvcr90

memset
_setmbcp
__CxxFrameHandler3
_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_except_handler4_common
atol
atof
_resetstkoflw
floor
ceil
free
malloc
strstr
atoi

kernel32

GetModuleHandleA
GetLastError
GetProcAddress
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
MultiByteToWideChar
lstrcatA
lstrlenA
WinExec
lstrcpyA
GetWindowsDirectoryA
FreeLibrary
SetLastError
LoadLibraryA

user32

IsIconic
AppendMenuA
CreatePopupMenu
DrawIcon
LoadBitmapA
GetCursorPos
GetSystemMetrics
GetAsyncKeyState
WindowFromPoint
GetDesktopWindow
GetFocus
UpdateWindow
ScreenToClient
ClientToScreen
SetWindowLongA
MessageBeep
IsWindow
ReleaseCapture
EnableWindow
GetParent
SetCapture
RedrawWindow
InvalidateRect
GetClientRect
GetWindowRect
SendMessageA
InflateRect
PtInRect
LoadCursorA
CopyIcon
SetCursor
GetMenuStringA
SetMenuItemInfoA
GetSysColor
SystemParametersInfoA
GetMenuCheckMarkDimensions
ReleaseDC
GetDC
LoadMenuA
GetMenuItemInfoA
GetMenuState
GetMenuItemID
GetMenuItemCount
DrawTextA
DrawEdge
FillRect
CopyRect
LoadIconA

gdi32

CreateCompatibleBitmap
GetObjectA
CreateRectRgnIndirect
CreateBitmapIndirect
CreatePatternBrush
CreateFontIndirectA
CreateSolidBrush
DeleteObject
GetTextExtentPoint32A
GetStockObject
BitBlt
PatBlt
CreateCompatibleDC

advapi32

RegQueryValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

ole32

CoUninitialize
CoInitialize

oleaut32

VarDateFromStr

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
vnchelper.rtf
.rtf

Sharing

General

Malware Config

Signatures

Files

01652c2f4170b6e1aefc719822ffa9bb

Headers

DLL Characteristics

File Characteristics

Imports

mfc90

msvcr90

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 55KB - Virtual size: 55KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 1024B - Virtual size: 5KB

.rsrc Size: 105KB - Virtual size: 105KB

.text
Size: 55KB - Virtual size: 55KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 1024B - Virtual size: 5KB

.rsrc
Size: 105KB - Virtual size: 105KB