Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.WinVNC.A

PUP.WinVNC.A

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.WinVNC.A
Signature status: No Signature

Known Samples

MD5: 2eaa683b977d94e270d945ed87421bc5
SHA1: 32c77d4d5f9673787fa30434fd98a972d99ca34a
File Size: 424.09 KB, 424086 bytes
MD5: 8a6f9dc13ae830f5875becbf61ce64a3
SHA1: ba34a911f513f010b7550aa226b85634f3de7c5f
File Size: 237.57 KB, 237571 bytes
MD5: 966b256f1791a2d681f16ea6a38fd9e2
SHA1: 6df90b054b4780d3542e1befbda44befa55d8c52
File Size: 269.36 KB, 269362 bytes
MD5: a41fb4507548764237cd19481315e0b4
SHA1: 7a668ac6648d2f8e2e704eab4e8ff8b3b403441b
SHA256: C22F4C7ABA6B8A95D55FFC3C602C165CB7BFE558BCD0C1F2DB3C6F50592C6806
File Size: 258.59 KB, 258589 bytes
MD5: 521eaf5462e09bca61f615c95892d900
SHA1: da72236ed463a7ace0506024488667f29514bc7a
SHA256: DFC1646905C00E19090414031B53DFCF91FFFA2D50099664FFF874507565F9BA
File Size: 448.90 KB, 448897 bytes
Show More
MD5: d3ad4bab44f618d13f8878e564598de1
SHA1: 12ec7e7dd9da6f88e5f38ac8992973a223b1f87b
SHA256: D7AC7F191CB98C61F9F633C65E2322E4983E7B8D103AB3F509E332B879BC5643
File Size: 174.28 KB, 174282 bytes
MD5: f648800cf111f3309450f289f752c540
SHA1: b627db9c4838214e1f059ce0b7a86333f60b41b6
SHA256: 00B90991FB6FF839DE282A0429967EF74E02DF22857BB4E3FD09C1EAE59E227C
File Size: 205.10 KB, 205097 bytes
MD5: a9c784765dae30f40c77823e6f6dd8d5
SHA1: 7133565e8b917038260ef65a49ea1c2621b84698
SHA256: 6AB26AA24F54659687F36BD7A550C03BDB7366C2575E83D94B82C82FB89C5430
File Size: 266.61 KB, 266610 bytes
MD5: b2c4caa575b13d439e354e7ada360f26
SHA1: 4d56cb6049d9e883fcafb0e8a18e82150645b613
SHA256: 53C25F1FE13E451498E57030EE0078ACFC20DA57BFB4C1B7F40EEE36F8DEC05C
File Size: 180.76 KB, 180757 bytes
MD5: d3b2e479866d363cebc1c1f15d0471dc
SHA1: bee69096c4b6338f86a757571554bb222cf8dfec
SHA256: 6E00226DAB9DA4340613296E1D3A00D182CFA9541E6B97357FA6AF5CCA489C0E
File Size: 258.07 KB, 258071 bytes
MD5: ab669974957189ad5f3aceb7195a586f
SHA1: c10202f8dcd64fe46f474f47d719eb6227d5a470
SHA256: 8D53FF56ADA68B3859A18804434EDF3A0243A447EB7F6EF75DA15624F7513D73
File Size: 295.59 KB, 295593 bytes
MD5: 279d89d8c2863502d6d9d3ea442ec639
SHA1: 0b01fdc2c5d0209e26cc0862c644acff7bb8fd65
SHA256: 0EBACF194CE6A64495370FC5A9CBF1D62B4A4786489A08160553C3E03D036F60
File Size: 303.74 KB, 303739 bytes
MD5: d76b79c985fbb3a881c54ee2297512d3
SHA1: 0d91f2c87c574e1b6c41f0847a461e782bc25325
SHA256: A60606DDF5E01C3D7AF155ED5B21B727C9D0BE1C4A7294F58BB52ABCD1A6220E
File Size: 174.69 KB, 174692 bytes
MD5: 1d2f850fb507c506f7d38cec12f24933
SHA1: 9d4752d7e0d6a9d69080a78def1445add00a5e5e
SHA256: 076757C3DC2CCC0F601BF09608868BA8F9AFDA88423824F42B81420B6E21B6B4
File Size: 184.62 KB, 184615 bytes
MD5: e32cac887c77655835ab7f9d60ef0598
SHA1: c0c86bf92c5df70e514805133bbc429d0845ccbe
SHA256: 28D0139C85CD52AA96EC02795F51CF2160F44B81CE1C8ED18034E598CF394F1C
File Size: 390.78 KB, 390784 bytes
MD5: 59f078188aacd56ecf00e803a0a0c53d
SHA1: c8f95d763ecf94bd5e3263d37ab200712e36d6c0
SHA256: 9B58270AC913683CB9E25638BA9C5B8F0731E07757BD5D32B08A37FFC6ED9AB8
File Size: 254.44 KB, 254437 bytes
MD5: 1041652249a9ea922e2a938ad89988cf
SHA1: 9b638afce62d7c25348b91d71140ca385e7ac1f8
SHA256: 11D4D8E42BD49F86B4A5576FB4357E2307B507F7E94FCC53FEEDB3B12133FD17
File Size: 242.77 KB, 242774 bytes
MD5: 094715ae1dd37a8abf4e89c2d8610ef4
SHA1: 5f10ee67dd8092a289af82660072ed4861a6dfd2
SHA256: 80FD6884B9C70D9EBE3A09B3C3E676E53EDE998BD0383DA19B0D149959A744AB
File Size: 5.92 MB, 5923042 bytes
MD5: b5434d75fed3110da0cf2efdccddea6b
SHA1: de212b53455876e63f97c71bf9f64eab508240d1
SHA256: 59AC7FF79D95F2859E98FF98C391FF2E5526EC4CB7E1550D3431DAF13AF9DB5B
File Size: 231.19 KB, 231193 bytes
MD5: 5838715b175cf84418af4e5e17599b00
SHA1: 5edf1b79bc982af79617318efa1f796e5e93b389
SHA256: 0D52FB369091291AAAA8B5665301045C0ED86D7997DEFEDA8AF98973C6B6D159
File Size: 2.41 MB, 2411914 bytes
MD5: 2f5707883894a95429d22534f41db994
SHA1: 2a1e233cd9909b924cea7dc59f677cfce3332019
SHA256: 9AE3A5EF2F95286E0A2396D6BA128C7F7E4E7447C538EAA5C771C251E4C7BDE3
File Size: 678.66 KB, 678662 bytes
MD5: c6c20e8585421631c4868e1fae35aab5
SHA1: b6a3a0cf9464b6c57475257fd793f4faa74622cd
SHA256: 97741F8D63C0FA5E24AA84EFC37B887E18C96E1B26B328196D35B35B9AE9C40F
File Size: 254.87 KB, 254873 bytes
MD5: ffaaa78386f5beb51e5ae937646f52d8
SHA1: 4d03cbb129cc114e79989ed429d607e8e19a9e72
SHA256: B50A411CB482E8C4809071607B3C86D03A88BADFEB57F2565B524DEA9CBD4E74
File Size: 274.43 KB, 274432 bytes
MD5: 6659ee524d5732aeffe4f85d62e268d3
SHA1: eb0d133f56d2d5376049051f07c16b3051e109e6
SHA256: DD4E5518CAD0608A5A10FAD1811D4063D69855AF93124D0D8DCEED01848B760F
File Size: 228.49 KB, 228485 bytes
MD5: db89a689dbac3346d694de359309100a
SHA1: b530da96625c0a12e95c56821d357ab59040400a
SHA256: 5F33809141A5D5F287B6A7BF60A3EBB68656B18F8B7E6DB42E23BC09F878B070
File Size: 170.12 KB, 170125 bytes
MD5: a17c7a91d0b84ac5abc344e146cd628d
SHA1: 9db7bb3bed1cbd1a440d864b373d3e165d644bf6
SHA256: 2C55FA39460E3973F2AFAC07C0F302B96077503FA3EE721EB5B07B92D8D5835D
File Size: 175.66 KB, 175665 bytes
MD5: ab6dce1655b18a45c051aa406a4d4366
SHA1: 297b1bc814b3610d57c9960f8972592267fd65c3
SHA256: 4D81DE5304B8E0EC69BBA799EBDFCCC3B2ACA270E84466C73D51DD7A0F0782B6
File Size: 183.88 KB, 183877 bytes
MD5: a3c58e30419954968f4fb29cde7c4589
SHA1: a6134e9bff1b14e02f43545ffe1ce4bac8b18d54
SHA256: 878872BF84E02F76224ED0D6EBC7051694D2EBDE70047A2D8C9BAC4016A2A767
File Size: 987.82 KB, 987816 bytes
MD5: dfb2007038ccb9319af2aec9555f8a38
SHA1: 0bfb5c09c629e9b7785de35771a2eadbbb5228d2
SHA256: 2E2C2D12D7A279FF6F6838E60EF51EDA1EA6395D57423AB99CD28CAECE6014A5
File Size: 5.34 MB, 5337088 bytes
MD5: 1ab6d833b67455624285f2a99145322d
SHA1: 6aec31a687a02f6734eac5e8db1938e3c7cdaab3
SHA256: C1C86EB3F75BE78DE486E812FBD0EBF76E5A46110379A3569751955B953D524F
File Size: 169.56 KB, 169561 bytes
MD5: b1509b793601fcc8f33ae6ca72216a92
SHA1: c91c76363a74d992a71a6519541ff32048047b46
SHA256: 57A264026C2D7575F399E11600A85113B4D55CD2C1B235A0111E227A83F39CFD
File Size: 178.72 KB, 178720 bytes
MD5: 0434fb3be4a570b59001e933776516b2
SHA1: 3750a7337c99daee4f324297e1289e2a9ddf9fe7
SHA256: 077241324AE84A0582E212E824F0856C5270055EB18A0BF2AD8E6CD5F4F9FA3E
File Size: 234.38 KB, 234381 bytes
MD5: 12390391b0fa5403b9704d3f9abacccd
SHA1: 73ccccf23846ec60f1d8851b82f05eea7a5be766
SHA256: 01FACA753A04EBF1291E39D9D7B19737515906A6DC0A2533315CAA35A89FC3E7
File Size: 224.31 KB, 224309 bytes
MD5: 309c6123ec1763499a7eea555370d612
SHA1: 46297b860a024959aba1fb8c56f130cdf8a8a5c1
SHA256: 59EBD2B6BCC9177A756DAA1CC785539812C74EAD5D39B671B26B72A72F32BB30
File Size: 155.35 KB, 155354 bytes
MD5: 56283ed1229eed321730d9d5836571de
SHA1: b2f673df3ec363a43a0f57e838abc442183aa4a7
SHA256: 28ECF70D408DF6CFBEA3F544AAFA1CA34E4472E3C78ED8A8BC8561C4D5049810
File Size: 527.20 KB, 527202 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has TLS information
  • File is .NET application
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
Show More
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

Windows PE Version Information

Name Value
Assembly Version 3.8.0.2
Comments
  • DLL de Interface GwNfc-e
  • This installation was built with Inno Setup.
Company Name
  • Controplan Software
  • EnergoTools
  • Igor Pavlov
  • RealVNC Ltd.
  • Termtek
  • UltraVnc
File Description
  • 7z Setup SFX
  • DLL de Interface GwNfc-e
  • Proton+
  • Remote Manager 6.2 Setup
  • UltraVnc Self-Extract Setup
  • VNC Viewer for Win32
File Version
  • 4.42
  • 4.0
  • 4, 10, 0, 1
  • 3.94
  • 3.8.0.0002
Internal Name
  • 7zS.sfx
  • Nfce2015.Forms.dll
  • UltraVncSC
  • VNCViewer 4.0
Legal Copyright
  • Copyright (c) 1999-2006 Igor Pavlov
  • Copyright (C) UltraVnc
  • Copyright © Controplan Software 2024
  • Copyright © RealVNC Ltd. 2002-2004
  • EnergoTools
Legal Trademarks RealVNC
Original Filename
  • 7zS.sfx.exe
  • Nfce2015.Forms.dll
  • UltraVncSC
  • vncviewer.exe
Product Name
  • 7-Zip
  • Nfce2015.Forms
  • PROTON+ Programy dla Elektryka
  • UltraVncSC
  • VNC Viewer 4.0
Product Version
  • 4.42
  • 4.0
  • 4, 10, 0, 1
  • 3.9.4.10051
  • 3.8.0.0002

File Traits

  • 2+ executable sections
  • HighEntropy
  • x86

Block Information

Similar Families

  • Agent.EDA
  • DarkKomet.H
  • IEHelper.B
  • Lamer.CF
  • Stealer.BBA
Show More
  • Wapomi.F
  • WinVNC.A

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3b6f.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3b6f.tmp\background.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3b6f.tmp\background.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3b6f.tmp\helpdesk.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3b6f.tmp\helpdesk.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3b6f.tmp\icon1.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3b6f.tmp\icon1.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3b6f.tmp\icon2.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3b6f.tmp\icon2.ico Synchronize,Write Attributes
Show More
c:\users\user\appdata\local\temp\7zs3b6f.tmp\logo.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3b6f.tmp\logo.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3b6f.tmp\msrc4plugin.dsm Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3b6f.tmp\msrc4plugin.dsm Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3b6f.tmp\rc4.key Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3b6f.tmp\rc4.key Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3b6f.tmp\vnchooks.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3b6f.tmp\vnchooks.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3b6f.tmp\winvnc.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3b6f.tmp\winvnc.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3ff3.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3ff3.tmp\background.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3ff3.tmp\background.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3ff3.tmp\helpdesk.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3ff3.tmp\helpdesk.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3ff3.tmp\icon1.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3ff3.tmp\icon1.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3ff3.tmp\icon2.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3ff3.tmp\icon2.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3ff3.tmp\logo.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3ff3.tmp\logo.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3ff3.tmp\msrc4plugin.dsm Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3ff3.tmp\msrc4plugin.dsm Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3ff3.tmp\rc4.key Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3ff3.tmp\rc4.key Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3ff3.tmp\vnchooks.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3ff3.tmp\vnchooks.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3ff3.tmp\winvnc.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3ff3.tmp\winvnc.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs41a8.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs41a8.tmp\helpdesk.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs41a8.tmp\helpdesk.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs41a8.tmp\icon3.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs41a8.tmp\icon3.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs41a8.tmp\logo.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs41a8.tmp\logo.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs41a8.tmp\winvnc.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs41a8.tmp\winvnc.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4c9b.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4c9b.tmp\background.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4c9b.tmp\background.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4c9b.tmp\helpdesk.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4c9b.tmp\helpdesk.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4c9b.tmp\icon1.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4c9b.tmp\icon1.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4c9b.tmp\logo.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4c9b.tmp\logo.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4c9b.tmp\msrc4plugin.dsm Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4c9b.tmp\msrc4plugin.dsm Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4c9b.tmp\vnchooks.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4c9b.tmp\vnchooks.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4c9b.tmp\winvnc.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4c9b.tmp\winvnc.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs590d.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs590d.tmp\background.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs590d.tmp\background.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs590d.tmp\helpdesk.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs590d.tmp\helpdesk.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs590d.tmp\icon1.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs590d.tmp\icon1.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs590d.tmp\icon2.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs590d.tmp\icon2.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs590d.tmp\logo.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs590d.tmp\logo.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs590d.tmp\msrc4plugin.dsm Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs590d.tmp\msrc4plugin.dsm Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs590d.tmp\rc4.key Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs590d.tmp\rc4.key Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs590d.tmp\vnchooks.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs590d.tmp\vnchooks.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs590d.tmp\winvnc.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs590d.tmp\winvnc.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs5c6c.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs5c6c.tmp\background.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs5c6c.tmp\background.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs5c6c.tmp\helpdesk.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs5c6c.tmp\helpdesk.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs5c6c.tmp\icon1.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs5c6c.tmp\icon1.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs5c6c.tmp\icon2.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs5c6c.tmp\icon2.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs5c6c.tmp\logo.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs5c6c.tmp\logo.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs5c6c.tmp\msrc4plugin.dsm Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs5c6c.tmp\msrc4plugin.dsm Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs5c6c.tmp\rc4.key Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs5c6c.tmp\rc4.key Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs5c6c.tmp\vnchooks.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs5c6c.tmp\vnchooks.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs5c6c.tmp\winvnc.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs5c6c.tmp\winvnc.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs5d4.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs5d4.tmp\background.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs5d4.tmp\background.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs5d4.tmp\enter.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs5d4.tmp\enter.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs5d4.tmp\helpdesk.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs5d4.tmp\helpdesk.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs5d4.tmp\icon1.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs5d4.tmp\icon1.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs5d4.tmp\icon2.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs5d4.tmp\icon2.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs5d4.tmp\logo.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs5d4.tmp\logo.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs5d4.tmp\msrc4plugin.dsm Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs5d4.tmp\msrc4plugin.dsm Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs5d4.tmp\rc4.key Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs5d4.tmp\rc4.key Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs5d4.tmp\vnchooks.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs5d4.tmp\vnchooks.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs5d4.tmp\winvnc.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs5d4.tmp\winvnc.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs5d9b.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs5d9b.tmp\background.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs5d9b.tmp\background.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs5d9b.tmp\helpdesk.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs5d9b.tmp\helpdesk.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs5d9b.tmp\icon1.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs5d9b.tmp\icon1.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs5d9b.tmp\icon2.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs5d9b.tmp\icon2.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs5d9b.tmp\logo.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs5d9b.tmp\logo.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs5d9b.tmp\msrc4plugin.dsm Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs5d9b.tmp\msrc4plugin.dsm Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs5d9b.tmp\vnchooks.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs5d9b.tmp\vnchooks.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs5d9b.tmp\winvnc.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs5d9b.tmp\winvnc.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs76bb.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs76bb.tmp\background.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs76bb.tmp\background.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs76bb.tmp\enter.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs76bb.tmp\enter.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs76bb.tmp\helpdesk.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs76bb.tmp\helpdesk.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs76bb.tmp\icon1.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs76bb.tmp\icon1.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs76bb.tmp\logo.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs76bb.tmp\logo.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs76bb.tmp\msrc4plugin.dsm Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs76bb.tmp\msrc4plugin.dsm Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs76bb.tmp\vnchooks.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs76bb.tmp\vnchooks.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs76bb.tmp\winvnc.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs76bb.tmp\winvnc.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs809a.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs809a.tmp\background.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs809a.tmp\background.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs809a.tmp\helpdesk.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs809a.tmp\helpdesk.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs809a.tmp\icon1.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs809a.tmp\icon1.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs809a.tmp\icon2.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs809a.tmp\icon2.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs809a.tmp\logo.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs809a.tmp\logo.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs809a.tmp\msrc4plugin.dsm Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs809a.tmp\msrc4plugin.dsm Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs809a.tmp\rc4.key Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs809a.tmp\rc4.key Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs809a.tmp\vnchooks.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs809a.tmp\vnchooks.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs809a.tmp\winvnc.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs809a.tmp\winvnc.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsa459.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsa459.tmp\background.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsa459.tmp\background.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsa459.tmp\helpdesk.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsa459.tmp\helpdesk.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsa459.tmp\icon1.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsa459.tmp\icon1.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsa459.tmp\logo.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsa459.tmp\logo.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsa459.tmp\msrc4plugin.dsm Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsa459.tmp\msrc4plugin.dsm Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsa459.tmp\rc4.key Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsa459.tmp\rc4.key Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsa459.tmp\vnchooks.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsa459.tmp\vnchooks.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsa459.tmp\winvnc.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsa459.tmp\winvnc.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsa785.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsa785.tmp\background.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsa785.tmp\background.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsa785.tmp\enter.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsa785.tmp\enter.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsa785.tmp\helpdesk.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsa785.tmp\helpdesk.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsa785.tmp\icon1.ico Generic Write,Read Attributes

312 additional files are not displayed above.

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
Show More
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Keyboard Access
  • GetKeyState
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetUserObjectInformation
  • OpenClipboard
Network Winsock2
  • WSAStartup
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtQueryAttributesFile
Show More
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWriteFile

Shell Command Execution

(NULL) C:\Users\Jcauluhv\AppData\Local\Temp\RarSFX0\rrsuporte.exe
.\winvnc.exe
(NULL) winvnc
.\winvnc.exe
(NULL) winvnc.cmd
Show More
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0bfb5c09c629e9b7785de35771a2eadbbb5228d2_0005337088.,LiQMAxHB

Trending

Most Viewed

Loading...