PUP.WinVNC

By CagedTech in Potentially Unwanted Programs

Table of Contents

Analysis Report

General information

Family Name:	PUP.WinVNC
Packers:	UPX
Signature status:	No Signature

Known Samples

MD5: 6b657a50ad20cc70ca97e43bb4ea6c88

SHA1: db3f350b3a730c119f6a95586d9375571d2414de

File Size: 1.25 MB, 1250304 bytes

MD5: a4b077245c32e797cb91d9c83687822a

SHA1: 8328f57be487ccf97bb1b140624208b4737efd76

SHA256: 95138901D6C2CE6EC846AD7D21F4550C638A5C3DB32DE15C24A1BA4B5BB4CBD5

File Size: 954.88 KB, 954880 bytes

MD5: 5487bdab899600f3aa198e7386f01db4

SHA1: 3a2d525ac82966a05d7c93a6efd9f2fc92e83022

SHA256: 137B86FE133DB39EC3CF52526934120E034E0DE309BB5362111FE4C05B4E2B45

File Size: 1.02 MB, 1021760 bytes

MD5: 672c2573e78c4a6b799571330383f040

SHA1: 2f5b6bd208fcab226a09fe2689066b040827bf82

SHA256: 5C747B0C9A108873A834E09C28D2147B3B03F5B8D1E8884C51DF29E82C46CFE9

File Size: 690.70 KB, 690695 bytes

MD5: 010aaf0f2b5000b6a19362cc32931f2a

SHA1: 42fc61d16e3e22e108a362c4d40940ff0ce82403

SHA256: FFAA91AA70F6AEF9746357953D46BB35A2105C2FBB4CB064EB6609870B882F21

File Size: 1.93 MB, 1933586 bytes

MD5: 71fd09a269a468c77e3619b91bad7795

SHA1: 70dc65f31f87624e84d2c8eea31fc10d730a1ba5

SHA256: E34E55726EBE0D438E0ABEC108A80E8C99E0C3A0C6B3C5B20B8F041D5EFA8167

File Size: 2.72 MB, 2720256 bytes

MD5: 5fe167b3eab80f17b25b772ed5239861

SHA1: 9b43ceb2e2d069244283ec3654d857f38628e594

SHA256: 0FBB3795AD70021914CADDBD5AF83836CE8937F7A0C3777F953DC8B697EA9104

File Size: 1.84 MB, 1837056 bytes

MD5: ad77262a8d324342a7cabec6d33ffcbf

SHA1: a14a9d50d7344c26e9b4e72ccefb1e91c0af4e88

SHA256: 0ADD536CADA9C01F6766EC598181380A1B6E524D5FCD055289EADC83B67E78F9

File Size: 301.21 KB, 301213 bytes

MD5: 4a8cff557421b6f2873a3d02b2f8c755

SHA1: f3d3eb3c7eda19b504464f8c103f3bd704b78991

SHA256: 9CB7065BBF8190E63C7E1488852C3928B722DC3ED5179147A7F5AB9EC8D53BA5

File Size: 1.00 MB, 1000085 bytes

MD5: 9286d21674858d1c5197ddba6fbb81e7

SHA1: 7adef33a2913cc1ccfcc94b9b580c0c5a1591d46

SHA256: 18E984A1799A45352369D592E0943ADAAE0B8D367FB7F72B3081A6F86C7635E6

File Size: 5.71 MB, 5707070 bytes

MD5: 6f67f68b52345788e7c1e49db69cbe91

SHA1: 5160998fbbad458bf32e8399fc7873d8c2f77781

SHA256: DDFA56EF98AC932C3DB7134A2009AD1DD68754B23AFCCA3CCBD1D40C44DC3147

File Size: 705.61 KB, 705605 bytes

MD5: 6bf75c93ab93892e2f949dee1a4e7836

SHA1: 9f9ef8e5be0e6aa6d405bddf01793611ef9e4e21

SHA256: 4FF14969665DA11E45F88F3C552DBFEB53EC1DC46B74E18269A94A18F48B0622

File Size: 924.65 KB, 924649 bytes

MD5: 6a0990621be1309bc547c49a964deb3b

SHA1: ac2bc8c37a65a7561a0ba4e5d5aca87c917f87a5

SHA256: 5F79864B249848F688D726D593F751271E6D673E2786DA53C17469CB121B457B

File Size: 1.40 MB, 1396969 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has been packed
File has exports table
File has TLS information
File is 32-bit executable
File is 64-bit executable

File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Comments	Inno Setup home page: http://www.innosetup.com UltraVNC - Remote Control for all
Company Name	Sec IT UltraVNC UltraVnc
Compiled Script	AutoIt v3 Script : 3, 2, 12, 1 AutoIt v3 Script: 3, 3, 8, 1
File Description	Setup/Uninstall UltraVnc Self-Extract Setup VNC2Me SC (Single Click) Compressed Archive VNC server for Win32
File Version	51.46.0.0 51.42.0.0 4.0.0.3 4, 10, 0, 1 3, 3, 8, 1 3, 2, 12, 1 1.1.0.3 0, 2, 0, 0
Internal Name	UltraVncSC VNC2Me.exe WinVNC
Legal Copyright	Copyright (C) 1997-2005 Jordan Russell. Portions Copyright (C) 2000-2005 Martijn Laan. Copyright (C) 1997-2007 Jordan Russell. Portions Copyright (C) 2000-2007 Martijn Laan. Copyright (C) 2008-2009 Sec IT Copyright (C) UltraVnc Copyright © 2002-2005 UltraVNC team members
Legal Trademarks	VNC
Original Filename	UltraVncSC VNC2Me.exe WinVNC.exe
Product Name	Inno Setup UltraVNC UltraVncSC VNC2Me
Product Version	4.0.0.3 4, 10, 0, 1 1.1.0.3 0.0.0.0 0, 2, 0, 0

Digital Signatures

Signer	Root	Status
uvnc bvba	GlobalSign Primary Object Publishing CA	Hash Mismatch

File Traits

2+ executable sections
Autoit
big overlay
HighEntropy
Inno
InnoSetup Installer
Installer Manifest
Installer Version
packed
WriteProcessMemory

Block Information

Total Blocks:	1,570
Potentially Malicious Blocks:	0
Whitelisted Blocks:	1,570
Unknown Blocks:	0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 1 0 0 0 0 1 0 0 0 1 0 0 1 1 0 0 0 0 1 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 2 2 2 3 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 1 0 0 1 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Autoit
Delf.Q
Dropper.Delf.CF
Filecoder.DF
Injector.AJA

Morto.B
Philadelphia.A
Philadelphia.B
Softcnapp.N
Trojan.Kryptik.Gen.EZ

Files Modified

File	Attributes
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
c:\iproremote\setup\daueronline.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\suporte hypercomp\icon2.ico	Generic Write,Read Attributes
c:\users\user\appdata\local\suporte hypercomp\lang_portuguese.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\suporte hypercomp\logo.ico	Generic Write,Read Attributes
c:\users\user\appdata\local\suporte hypercomp\logo.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\suporte hypercomp\noimage.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\suporte hypercomp\scprompt.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\suporte hypercomp\scprompt.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\suporte hypercomp\ultravnc.ini	Generic Write,Read Attributes

c:\users\user\appdata\local\suporte hypercomp\vnchooks.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\suporte hypercomp\winvnc.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\icon1.ico	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\icon1.ico	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\icon2.ico	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\icon2.ico	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\license.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\license.txt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\logo.ico	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\logo.ico	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\logo.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\logo.jpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\logo.maljpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\logo.maljpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\msrc4plugin.dsm	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\msrc4plugin.dsm	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\noimage.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\noimage.jpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\qc_skin_bg.gif	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\qc_skin_bg.gif	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\qc_skin_border.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\qc_skin_border.png	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\schook.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\schook.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\scprompt.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\scprompt.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\scprompt.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\scprompt.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\scprompt.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\scprompt.ini.bak	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\scprompt.ini.bak	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\scprompt_example.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\scprompt_example.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\ultravnc.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\ultravnc.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\v2m_lang.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\v2m_lang.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\v2m_lang.ini.bak	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\v2m_lang.ini.bak	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\vnchooks.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\vnchooks.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\winvnc.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3129.tmp\scprompt\winvnc.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsa67c.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsa67c.tmp\scprompt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsa67c.tmp\scprompt\icon1.ico	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsa67c.tmp\scprompt\icon1.ico	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsa67c.tmp\scprompt\icon2.ico	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsa67c.tmp\scprompt\icon2.ico	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsa67c.tmp\scprompt\logo.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsa67c.tmp\scprompt\logo.jpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsa67c.tmp\scprompt\schook.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsa67c.tmp\scprompt\schook.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsa67c.tmp\scprompt\scprompt.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsa67c.tmp\scprompt\scprompt.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsa67c.tmp\scprompt\scprompt.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\7zsa67c.tmp\scprompt\scprompt.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsa67c.tmp\scprompt\scprompt.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsa67c.tmp\scprompt\start.bat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsa67c.tmp\scprompt\start.bat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsa67c.tmp\scprompt\ultravnc.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsa67c.tmp\scprompt\ultravnc.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsa67c.tmp\scprompt\uvnc.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsa67c.tmp\scprompt\uvnc.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsa67c.tmp\scprompt\v2m_lang.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsa67c.tmp\scprompt\v2m_lang.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\auta989.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\auta99a.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\auta9ba.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autaa19.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autaa39.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autaa49.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autaa5a.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autaa6b.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autaa7b.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\chunkvnc_temp_files\cad.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\chunkvnc_temp_files\cad.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\chunkvnc_temp_files\chunkvnc.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\chunkvnc_temp_files\chunkvnc.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\chunkvnc_temp_files\chunkvnc.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\chunkvnc_temp_files\chunkvnc.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\chunkvnc_temp_files\instantsupportvnc.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\chunkvnc_temp_files\instantsupportvnc.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\chunkvnc_temp_files\logo.jpg	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\chunkvnc_temp_files\logo.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\chunkvnc_temp_files\msrc4plugin.dsm	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\chunkvnc_temp_files\msrc4plugin.dsm	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\chunkvnc_temp_files\rc4.key	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\chunkvnc_temp_files\rc4.key	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\chunkvnc_temp_files\schook.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\chunkvnc_temp_files\schook.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\chunkvnc_temp_files\ultravnc.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\chunkvnc_temp_files\ultravnc.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsaedde.tmp\advsplash.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsaedde.tmp\splash.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_2356718	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\modules	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\modules	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\modules\api_usbfix.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\modules\api_usbfix.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\account-over.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\account-over.png	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\account.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\account.png	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\angle-149.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\angle-149.png	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\angle.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\angle.png	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\angle2.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\angle2.png	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\apply.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\apply.jpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\apply2.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\apply2.jpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\applyover.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\applyover.jpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\arrow_left.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\arrow_left.png	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\autoclean.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\autoclean.png	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\autovaccine.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\autovaccine.png	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\bg-buton.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\bg-buton.png	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\bg-footer-768x70.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\bg-footer-768x70.png	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\bitdefender-2015.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\bitdefender-2015.png	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\bitdefender-en-1.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\bitdefender-en-1.jpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\bitdefender-en-3.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\bitdefender-en-3.jpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\bitdefender-fr-1.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\bitdefender-fr-1.jpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\bitdefender-fr-2.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\bitdefender-fr-2.jpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\bitdefender-texte.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\bitdefender-texte.png	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\bitdefender-texte_en.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\bitdefender-texte_en.png	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\brngscan.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\brngscan.png	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\bug.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\bug.png	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\center direction-50.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\center direction-50.png	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\center direction-64.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\center direction-64.png	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\checked-40.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\checked-40.png	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\checkout-64.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\checkout-64.png	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\computer-64.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\computer-64.png	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\detected.ico	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\detected.ico	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\domain-50.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\domain-50.png	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\donate.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\donate.jpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\donateover.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\donateover.jpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\encart-bitdefender-en.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\encart-bitdefender-en.jpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\encart-bitdefender-en.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\encart-bitdefender-en.png	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\encart-bitdefender-fr.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\encart-bitdefender-fr.png	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\eula-en.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\eula-en.txt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\eula.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\eula.txt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\exit-64.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\exit-64.png	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\facebook.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\facebook.jpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\facebookover.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\facebookover.jpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\fastscan.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\fastscan.png	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\folder.ico	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\folder.ico	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\folder.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\folder.png	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\res\forum.jpg	Generic Write,Read Attributes

212 additional files are not displayed above.

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\internet explorer\main::operationaldata		RegNtPreCreateKey
HKCU\software\usbfix::langage	EN	RegNtPreCreateKey
HKCU\software\usbfix::optiondisableautoplay		RegNtPreCreateKey
HKCU\software\usbfix::optionmakelisting		RegNtPreCreateKey
HKCU\software\usbfix::listing+		RegNtPreCreateKey
HKCU\software\usbfix::bbcode	BBCode	RegNtPreCreateKey
HKCU\software\usbfix::ini		RegNtPreCreateKey
HKCU\software\usbfix::upok		RegNtPreCreateKey
HKCU\software\usbfix::wsh		RegNtPreCreateKey
HKCU\software\usbfix::autorun		RegNtPreCreateKey

HKLM\software\wow6432node\microsoft\windows script host\settings::enabled		RegNtPreCreateKey
HKCU\software\microsoft\windows script host\settings::enabled		RegNtPreCreateKey
HKLM\software\microsoft\windows script host\settings::enabled		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::promptonsecuredesktop_v2m		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::promptonsecuredesktop		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::consentpromptbehavioradmin_v2m		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::consentpromptbehavioradmin		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAccessCheckByType ntdll.dll!NtAddAtomEx ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAllocateUuids ntdll.dll!NtAlpcAcceptConnectPort ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcCreatePort ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcSendWaitReceivePort Show More ntdll.dll!NtAlpcSetInformation ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateKey ntdll.dll!NtCreateMutant ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer ntdll.dll!NtDelayExecution ntdll.dll!NtDeleteValueKey ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtImpersonateAnonymousToken ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenPrivateNamespace ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThreadToken ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtQueryWnfStateNameInformation ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSetSecurityObject ntdll.dll!NtSetSystemInformation ntdll.dll!NtSetTimer2 ntdll.dll!NtSetTimerEx ntdll.dll!NtSetValueKey ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtTraceEvent ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtUpdateWnfStateData ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForMultipleObjects ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory win32u.dll!NtGdiBitBlt win32u.dll!NtGdiCreateBitmap win32u.dll!NtGdiCreateCompatibleBitmap win32u.dll!NtGdiCreateCompatibleDC win32u.dll!NtGdiCreateDIBitmapInternal win32u.dll!NtGdiCreateDIBSection win32u.dll!NtGdiCreateHalftonePalette win32u.dll!NtGdiCreatePaletteInternal win32u.dll!NtGdiCreatePatternBrushInternal win32u.dll!NtGdiCreateSolidBrush 53 additional items are not displayed above.
Anti Debug	IsDebuggerPresent OutputDebugString
User Data Access	GetComputerName GetUserName GetUserObjectInformation
Process Shell Execute	CreateProcess ShellExecuteEx
Network Winsock2	WSAStartup
Network Winsock	bind closesocket connect gethostbyname gethostname inet_addr setsockopt socket
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Service Control	OpenSCManager OpenService
Keyboard Access	GetAsyncKeyState GetKeyState

Shell Command Execution


							C:\Program Files\uvnc bvba\ultravnc\winvnc.exe


							C:\Program Files\Internet Explorer\iexplore.exe www.iplus.carlcomms.com/utils/RealVNC-install.exe


							c:\users\user\downloads\xdmcp\xdmcp.exe


							C:\Users\Fzyiqkmd\AppData\Local\Suporte Hypercomp\scprompt.exe


							C:\Program Files\VNC\winvnc.exe


									.\scprompt\scprompt.exe


									(NULL) C:\Users\Walgkqxz\AppData\Local\Temp\RarSFX0\UsbFix.exe


									.\scprompt\scprompt


									open C:\Users\Galjurfy\AppData\Local\Temp\ChunkVNC_Temp_Files\InstantSupportVNC.exe -autoreconnect ID:881666 -connect 82.139.132.246:5500 -run

PUP.WinVNC

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Related Posts

Trending

Most Viewed