vncviewer[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

vncviewer.exe
Size

154KB
MD5

db0556a8dda60080126f09404113dae1
SHA1

ae40a42017178839527b418b9b60728da7025ca4
SHA256

7f2cc1371f1dbdf87e62c92f2168a95fa828943f763414d1439e58e4e6c386c7
SHA512

83b9c34623ccd151a6c48cf6e4367fa1a9c1ae50c3382a2ab54584d00f30886f88764e20258c56285740a79a53cd33278c4e7e2e514d0da8a2fb44878080674d
SSDEEP

3072:sJGcQeDbXO7TLVomlNWkb9+UbTy2fkw1FB5ZsMxAAfGq7oGGFqZEQhEw:M3DDOBdlVoUv31FB5Zso+QGwZEwh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume5/Studio Tock S.r.l/Dokumente - Studio Tock/Gem.Dateien-Tock/Interna/Alte Mitarbeiterdateien/Evi/Kopie von C/VNCSRV/vncviewer.exe

Files

vncviewer.exe
.zip

Password: &eoJ!D_#Hxbn-o
Device/HarddiskVolume5/Studio Tock S.r.l/Dokumente - Studio Tock/Gem.Dateien-Tock/Interna/Alte Mitarbeiterdateien/Evi/Kopie von C/VNCSRV/vncviewer.exe
.exe windows:4 windows x86 arch:x86

Password: &eoJ!D_#Hxbn-o

e0d5575fd5da566b2c101de2b2e2dfda

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

PlaySoundA

kernel32

GetModuleFileNameA
WriteConsoleA
OutputDebugStringA
GetStdHandle
AllocConsole
SetFilePointer
SetEndOfFile
FindNextFileA
GetVersionExA
GetLogicalDriveStringsA
DeleteFileA
SetFileTime
WriteFile
FindFirstFileA
GetPrivateProfileIntA
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
UnhandledExceptionFilter
GetDriveTypeA
FreeEnvironmentStringsA
InterlockedIncrement
InterlockedDecrement
GetCurrentDirectoryA
IsBadWritePtr
HeapReAlloc
HeapSize
VirtualFree
HeapCreate
VirtualAlloc
GetEnvironmentVariableA
SetLastError
HeapDestroy
SetUnhandledExceptionFilter
CreateThread
GetVersion
ExitThread
GetStartupInfoA
GetModuleHandleA
GetCommandLineA
GetFileAttributesA
TerminateProcess
GetFullPathNameA
HeapAlloc
HeapFree
ExitProcess
RaiseException
InterlockedExchange
RtlUnwind
TlsGetValue
ResumeThread
GetCurrentProcess
GetCurrentThread
TlsAlloc
GetCurrentThreadId
TlsSetValue
DuplicateHandle
CreateSemaphoreA
SetThreadPriority
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
InitializeCriticalSection
LoadLibraryA
DeleteCriticalSection
GetEnvironmentStringsW
GetLastError
GetProcAddress
SetHandleCount
GetFileType
Sleep
IsBadCodePtr
MultiByteToWideChar
IsBadReadPtr
GetStringTypeW
GetCPInfo
GetStringTypeA
LCMapStringA
GetACP
GetOEMCP
LCMapStringW
CompareStringA
CompareStringW
FlushFileBuffers
CloseHandle
LocalFree
FormatMessageA
GlobalUnlock
GlobalLock
GlobalAlloc
WritePrivateProfileStringA
GetPrivateProfileStringA
Beep
ReadFile
CreateFileA
SetEnvironmentVariableA
SetStdHandle
FindClose
SetErrorMode

user32

SetClipboardViewer
GetDlgItemTextA
GetSystemMenu
SetDlgItemTextA
SetWindowTextA
EndDialog
DialogBoxParamA
CheckMenuItem
DrawMenuBar
AppendMenuA
GetWindowLongA
ShowWindow
CreateWindowExA
RegisterClassA
GetSysColorBrush
SetWindowPlacement
LoadCursorA
LoadIconA
SendMessageA
EnableMenuItem
SetForegroundWindow
GetMessageA
IsDialogMessageA
LoadKeyboardLayoutA
SetDlgItemInt
SetClassLongA
GetDlgCtrlID
GetKeyboardState
GetDlgItemInt
MapWindowPoints
DestroyAcceleratorTable
ToAscii
GetKeyState
OpenDesktopA
TranslateAcceleratorA
CreateAcceleratorTableA
FindWindowA
EnumDesktopWindows
CloseDesktop
TranslateMessage
GetClassNameA
PeekMessageA
EnableWindow
DispatchMessageA
GetWindowTextA
LoadImageA
CreateDialogParamA
GetDlgItem
GetSubMenu
DestroyIcon
DestroyMenu
TrackPopupMenu
GetMenuItemID
SetMenuDefaultItem
GetCursorPos
RegisterClassExA
LoadMenuA
EmptyClipboard
SetCursorPos
GetSystemMetrics
OpenClipboard
SetClipboardData
GetClipboardOwner
GetKeyboardLayoutNameA
GetClipboardData
CloseClipboard
EndPaint
SetScrollInfo
BeginPaint
GetForegroundWindow
SetTimer
PostMessageA
SetCursor
GetWindow
GetFocus
SetFocus
WindowFromPoint
ScreenToClient
MessageBoxA
ChangeClipboardChain
KillTimer
DestroyWindow
PostQuitMessage
DefWindowProcA
DrawTextA
ReleaseDC
GetDC
IsIconic
GetClientRect
ShowScrollBar
UpdateWindow
ScrollWindowEx
InvalidateRect
AdjustWindowRectEx
SystemParametersInfoA
SetRect
GetWindowPlacement
GetMenuState
GetWindowRect
SetWindowLongA
LoadStringA
SetWindowPos

gdi32

SetBkColor
UpdateColors
BitBlt
SetBkMode
CreatePalette
GdiFlush
CreateCompatibleDC
GetStockObject
GetDeviceCaps
CreateCompatibleBitmap
DeleteObject
SetTextColor
SelectObject
RealizePalette
ExtTextOutA
DeleteDC
StretchBlt
SelectPalette
GetClipBox
Rectangle
SetStretchBltMode
CreateFontIndirectA
SetPixelV
SetBrushOrgEx

comdlg32

GetSaveFileNameA
CommDlgExtendedError
GetOpenFileNameA

advapi32

RegOpenKeyA
RegEnumValueA
RegCloseKey
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
RegCreateKeyA
RegSetValueA
RegCreateKeyExA

shell32

Shell_NotifyIconA

wsock32

WSACleanup
accept
WSAStartup
inet_ntoa
listen
WSAAsyncSelect
send
bind
WSAGetLastError
shutdown
recv
setsockopt
socket
ioctlsocket
gethostbyname
htons
connect
getpeername
closesocket

comctl32

CreateToolbarEx
ord17

Sections

.text
Size: 236KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: &eoJ!D_#Hxbn-o

Password: &eoJ!D_#Hxbn-o

e0d5575fd5da566b2c101de2b2e2dfda

Headers

File Characteristics

Imports

winmm

kernel32

user32

gdi32

comdlg32

advapi32

shell32

wsock32

comctl32

Sections

.text Size: 236KB - Virtual size: 233KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 40KB - Virtual size: 42KB

.rsrc Size: 56KB - Virtual size: 53KB

.text
Size: 236KB - Virtual size: 233KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 40KB - Virtual size: 42KB

.rsrc
Size: 56KB - Virtual size: 53KB