The ec0ec7ce8ef71cb7e7d1c2418c47ad94cea8833db8578ccdf94271f8efed38d3 exe (VNC server) UltraVNC File Malware Analysis

The ec0ec7ce8ef71cb7e7d1c2418c47ad94cea8833db8578ccdf94271f8efed38d3.exe (VNC server) File Analysis

Updated 1 year ago

Checked by Malaware Check

ec0ec7ce8ef71cb7e7d1c2418c47ad94cea8833db8578ccdf94271f8efed38d3.exe

Hash Type	Value	Action
MD5	7cd339f9be1417421acf8790c9738922
SHA1	c25eff4d9d2d5b55f1cc4ffc623354004565e8b9
SHA256	ec0ec7ce8ef71cb7e7d1c2418c47ad94cea8833db8578ccdf94271f8efed38d3
SHA512	f118ea660a51ff38abc20a9ad16f6505cf8a862df1b564829d9af06710e0c4b91d0abbedc4b852696acf0e807a25138d82c2fc518cd54c32dba92f513467b411
ImpHash	310b1cc8abef97edfcabf0ed406947cf

Hash Type

Value

Action

MD5

7cd339f9be1417421acf8790c9738922

SHA1

c25eff4d9d2d5b55f1cc4ffc623354004565e8b9

SHA256

ec0ec7ce8ef71cb7e7d1c2418c47ad94cea8833db8578ccdf94271f8efed38d3

SHA512

f118ea660a51ff38abc20a9ad16f6505cf8a862df1b564829d9af06710e0c4b91d0abbedc4b852696acf0e807a25138d82c2fc518cd54c32dba92f513467b411

ImpHash

310b1cc8abef97edfcabf0ed406947cf

PE Analysis

Basic Information

▼

Icon	Hash: f9701898cc62ca8fa2431d1cbb7a0d91 Fuzzy: 8cf551329b1269d3156746ccffa24a2f dHash: d0cc8ecccc8ef0d4
Image Base	`0x140000000`
Entry Point	`0x140132ebc`
Compilation Time	2023-04-15 15:22:57
Checksum	0x002e9971 (Actual: 0x002e9971)
OS Version	6.0
PEiD Signatures	`PE32+ executable (GUI) x86-64, for MS Windows`
PDB Path	`C:\Users\rudi\Desktop\git_ultravnc\winvnc\winvnc\x64\Release\winvnc.pdb`
Digital Signature	OK
Imports	13 libraries
Exports	51 functions
Resources	82 Resources
Sections	7 Sections

Digital Signatures

▼

AAA Certificate Services	Sectigo Limited (GB)
Sectigo Public Code Signing CA R36	uvnc bvba (BE)
Sectigo Public Code Signing Root R46	Sectigo Limited (GB)

Version Information

▼

Comments	UltraVNC - Remote Control for all
CompanyName	UltraVNC
FileDescription	VNC server
FileVersion	1.4.2.0
InternalName	WinVNC
LegalCopyright	Copyright © 2021 UltraVNC
LegalTrademarks	VNC
OriginalFilename	WinVNC.exe
PrivateBuild	1.4.2.0
ProductName	UltraVNC
ProductVersion	1.4.2.0
Translation	0x0000 0x04b0

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	1,542,688 bytes	1,543,168 bytes	6.55 (Compressed)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`1552765ED83A35FFE9113B561238B851`
`.rdata`	`0x0017a000`	574,170 bytes	574,464 bytes	5.34 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`E934C99034E15765D1DB578E6405C7E2`
`.data`	`0x00207000`	644,432 bytes	8,704 bytes	3.03 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`2E9734A232D357816E658E855884E1D8`
`.pdata`	`0x002a5000`	48,024 bytes	48,128 bytes	6.23 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`F67B091706CAA69E143DE9698F72B127`
`_RDATA`	`0x002b1000`	244 bytes	512 bytes	2.42 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`E19DCA33925CDCAC4BD0B6CFB1CF0978`
`.rsrc`	`0x002b2000`	820,008 bytes	820,224 bytes	6.00 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`68E21BCC1FC5B35FEA726D0FE6D85503`
`.reloc`	`0x0037b000`	4,672 bytes	5,120 bytes	5.26 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`979092F6149455888B9F0F12F09BE6AA`

Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

▼

Total Resources: 82 (815,449 bytes)

Resource Type	Count	Total Size	Percentage
AFX_DIALOG_LAYOUT	6	12 bytes	0%
JAVAARCHIVE	2	147,884 bytes	18.1%
RT_CURSOR	19	32,276 bytes	4%
RT_BITMAP	6	16,600 bytes	2%
RT_ICON	18	593,872 bytes	72.8%
RT_MENU	2	766 bytes	0.1%
RT_DIALOG	10	14,330 bytes	1.8%
RT_STRING	5	7,340 bytes	0.9%
RT_GROUP_CURSOR	10	326 bytes	0%
RT_GROUP_ICON	2	264 bytes	0%
RT_VERSION	1	876 bytes	0.1%
RT_MANIFEST	1	903 bytes	0.1%

Certificate Chain Analysis

▼

Certificate #1

Subject	Sectigo Public Code Signing Root R46 Sectigo Limited GB
Issuer	AAA Certificate Services
Serial Number	`97015870309959729927281967672979788822`

Certificate #2

Subject	uvnc bvba uvnc bvba BE
Issuer	Sectigo Public Code Signing CA R36
Serial Number	`101038994466143036515266525615653240071`

Certificate #3

Subject	Sectigo Public Code Signing CA R36 Sectigo Limited GB
Issuer	Sectigo Public Code Signing Root R46
Serial Number	`130417131954583740712891216934480190474`

File Name	ec0ec7ce8ef71cb7e7d1c2418c47ad94cea8833db8578ccdf94271f8efed38d3.exe
File Type	PE32+ executable (GUI) x86-64, for MS Windows
Scanner Version	1.0.142.174
Database Version	2023-10-09 17:02:07 UTC

The ec0ec7ce8ef71cb7e7d1c2418c47ad94cea8833db8578ccdf94271f8efed38d3.exe (VNC server) File Analysis

Technical Analysis

Clean File

Scan Another File

File Identification