File name:

VNC-Viewer-7.5.1-Windows-64bit.exe

Full analysis: https://app.any.run/tasks/ae125008-862d-4190-aceb-6d1a6e75e5fd
Verdict: Malicious activity
Analysis date: August 04, 2023, 03:11:45
OS: Windows 7 Professional Service Pack 1 (build: 7601, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32+ executable (GUI) x86-64, for MS Windows
MD5:

5E343F3422E53B115C433250C5AE0B54

SHA1:

5C002D127BC884C0FB834435A7EBB2B23A0706EE

SHA256:

624AEF6C1ADD55BB540A3C61B581F4008720EAB7478C4711F54E815F457C7FEA

SSDEEP:

196608:HO9sYnLkWzB+irelD+U4PfmzLE2LmFzvpF1V:HOvLrCB+U4PfmzI2LmFzr

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Connects to unusual port

      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2296)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 636)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2560)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2652)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2300)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2964)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2800)

    • Reads the Internet Settings

      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2296)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 636)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2560)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2652)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2300)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2800)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2964)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 868)

    • Application launched itself

      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2812)

  • INFO

    • Creates files or folders in the user directory

      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2812)

    • Checks supported languages

      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2812)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2296)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 636)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2560)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2652)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2300)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2964)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2800)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 868)

    • Reads the machine GUID from the registry

      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2812)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2296)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 636)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2560)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2652)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2300)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2800)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2964)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 868)

    • The process checks LSA protection

      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2812)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2296)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 636)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2300)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2652)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2560)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2800)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2964)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 868)

    • Reads the computer name

      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2812)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2296)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 636)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2560)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2652)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2300)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 868)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2800)
      • VNC-Viewer-7.5.1-Windows-64bit.exe (PID: 2964)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (18)
.exe | Win32 Executable (generic) (2.9)
.exe | Generic Win/DOS Executable (1.3)
.exe | DOS Executable Generic (1.3)

EXIF

EXE

ProgramName: VNC® Viewer
ProductVersion: 7.5.1 (r50075)
ProductName: VNC®
OriginalFileName: vncviewer.exe
LegalTrademarks: RealVNC and VNC are trademarks of RealVNC Ltd and are protected by trademark registrations and/or pending trademark applications in the European Union, United States of America and other jurisdictions.
LegalCopyright: Copyright © RealVNC Ltd.
InternalName: vncviewer
FileVersion: 7.5.1 (r50075)
FileDescription: VNC® Viewer
CompanyName: RealVNC
CharacterSet: Unicode
LanguageCode: English (British)
FileSubtype: -
ObjectFileType: Executable application
FileOS: Windows NT 32-bit
FileFlags: (none)
FileFlagsMask: 0x003f
ProductVersionNumber: 7.5.1.50075
FileVersionNumber: 7.5.1.50075
Subsystem: Windows GUI
SubsystemVersion: 6
ImageVersion: -
OSVersion: 6
EntryPoint: 0x60a180
UninitializedDataSize: -
InitializedDataSize: 3786240
CodeSize: 7127552
LinkerVersion: 14.16
PEType: PE32+
ImageFileCharacteristics: Executable, Large address aware
TimeStamp: 2023:05:30 12:07:58+00:00
MachineType: AMD AMD64

Summary

Architecture: IMAGE_FILE_MACHINE_AMD64
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 30-May-2023 12:07:58
Detected languages:
  • English - United Kingdom
  • English - United States
Debug artifacts:
  • C:\ent-slave-root\workspace\VNCConnect\Builds\Clients\VNC_7.5.x\label\con-windows-64\bld64\RelWithDebInfo\vncviewer.pdb
CompanyName: RealVNC
FileDescription: VNC® Viewer
FileVersion: 7.5.1 (r50075)
InternalName: vncviewer
LegalCopyright: Copyright © RealVNC Ltd.
LegalTrademarks: RealVNC and VNC are trademarks of RealVNC Ltd and are protected by trademark registrations and/or pending trademark applications in the European Union, United States of America and other jurisdictions.
OriginalFilename: vncviewer.exe
ProductName: VNC®
ProductVersion: 7.5.1 (r50075)
ProgramName: VNC® Viewer

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0090
Pages in file: 0x0003
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x0000
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x00B8
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x0000
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x00000138

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_AMD64
Number of sections: 8
Time date stamp: 30-May-2023 12:07:58
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00F0
Characteristics:
  • IMAGE_FILE_EXECUTABLE_IMAGE
  • IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
.text
0x00001000
0x006CC0CC
0x006CC200
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
6.49397
.rdata
0x006CE000
0x002A3890
0x002A3A00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
5.51998
.data
0x00972000
0x0002A7B0
0x00018A00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
4.57193
.pdata
0x0099D000
0x00052DA0
0x00052E00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
6.54842
.rodata
0x009F0000
0x00000890
0x00000A00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
3.81285
.gehcont(
0x009F1000
0x00000028
0x00000200
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
0.203682
.rsrc
0x009F2000
0x00080EB0
0x00081000
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
7.05178
.reloc
0x00A73000
0x0000B7C8
0x0000B800
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
5.46526

Resources

Title
Entropy
Size
Codepage
Language
Type
1
5.19874
1678
Latin 1 / Western European
English - United States
RT_MANIFEST
2
4.65517
1128
Latin 1 / Western European
English - United States
RT_ICON
3
4.17421
4264
Latin 1 / Western European
English - United States
RT_ICON
4
3.9793
4264
Latin 1 / Western European
English - United States
RT_ICON
5
3.68509
9640
Latin 1 / Western European
English - United States
RT_ICON
6
3.48661
9640
Latin 1 / Western European
English - United States
RT_ICON
7
7.94883
10622
Latin 1 / Western European
English - United States
RT_ICON
ADDRESSBOOK_2X.PNG
5.794
177
Latin 1 / Western European
English - United States
BUILTINRESOURCE
ADDRESSBOOK_SEL_2X.PNG
5.62152
177
Latin 1 / Western European
English - United States
BUILTINRESOURCE
ANNOTATEOFF.PNG
7.46722
985
Latin 1 / Western European
English - United States
BUILTINRESOURCE

Imports

ADVAPI32.dll
COMCTL32.dll
COMDLG32.dll
CRYPT32.dll
GDI32.dll
IMM32.dll
KERNEL32.dll
OLEAUT32.dll
SHELL32.dll
USER32.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
9
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start vnc-viewer-7.5.1-windows-64bit.exe no specs vnc-viewer-7.5.1-windows-64bit.exe vnc-viewer-7.5.1-windows-64bit.exe vnc-viewer-7.5.1-windows-64bit.exe vnc-viewer-7.5.1-windows-64bit.exe vnc-viewer-7.5.1-windows-64bit.exe vnc-viewer-7.5.1-windows-64bit.exe vnc-viewer-7.5.1-windows-64bit.exe vnc-viewer-7.5.1-windows-64bit.exe

Process information

PID
CMD
Path
Indicators
Parent process
636C:\Users\admin\AppData\Roaming\VNC-Viewer-7.5.1-Windows-64bit.exe -child 95.123.43.185 -hash 86f4a35d80393810d8a7efd3162af59965e6f9839b3dc8c38d1872acc4040819 -sid S-1-5-21-3896776584-4254864009-862391680-1000 RealVNC.admin.vncviewer.launchpipe.3367945402C:\Users\admin\AppData\Roaming\VNC-Viewer-7.5.1-Windows-64bit.exe
VNC-Viewer-7.5.1-Windows-64bit.exe
User:
admin
Company:
RealVNC
Integrity Level:
MEDIUM
Description:
VNC® Viewer
Exit code:
0
Version:
7.5.1 (r50075)
Modules
Images
c:\users\admin\appdata\roaming\vnc-viewer-7.5.1-windows-64bit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
868C:\Users\admin\AppData\Roaming\VNC-Viewer-7.5.1-Windows-64bit.exe -child 18.224.21.93 -hash b97982b004aa254375d1e628a6a7e353a75c506210a6339b441de89f51b88c54 -sid S-1-5-21-3896776584-4254864009-862391680-1000 RealVNC.admin.vncviewer.launchpipe.1339303932C:\Users\admin\AppData\Roaming\VNC-Viewer-7.5.1-Windows-64bit.exe
VNC-Viewer-7.5.1-Windows-64bit.exe
User:
admin
Company:
RealVNC
Integrity Level:
MEDIUM
Description:
VNC® Viewer
Exit code:
0
Version:
7.5.1 (r50075)
Modules
Images
c:\users\admin\appdata\roaming\vnc-viewer-7.5.1-windows-64bit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
2296C:\Users\admin\AppData\Roaming\VNC-Viewer-7.5.1-Windows-64bit.exe -child 162.190.41.122 -hash 25249052fc13ecd71295f57e5173934b3a2b57b36626dd35c434d99454456771 -sid S-1-5-21-3896776584-4254864009-862391680-1000 RealVNC.admin.vncviewer.launchpipe.354218896C:\Users\admin\AppData\Roaming\VNC-Viewer-7.5.1-Windows-64bit.exe
VNC-Viewer-7.5.1-Windows-64bit.exe
User:
admin
Company:
RealVNC
Integrity Level:
MEDIUM
Description:
VNC® Viewer
Exit code:
0
Version:
7.5.1 (r50075)
Modules
Images
c:\users\admin\appdata\roaming\vnc-viewer-7.5.1-windows-64bit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
2300C:\Users\admin\AppData\Roaming\VNC-Viewer-7.5.1-Windows-64bit.exe -child 42.48.85.156 -hash d3f63f3ef77b5f024c139932446f26e75d0335d16cc5712275bbb9131fadf034 -sid S-1-5-21-3896776584-4254864009-862391680-1000 RealVNC.admin.vncviewer.launchpipe.2332399709C:\Users\admin\AppData\Roaming\VNC-Viewer-7.5.1-Windows-64bit.exe
VNC-Viewer-7.5.1-Windows-64bit.exe
User:
admin
Company:
RealVNC
Integrity Level:
MEDIUM
Description:
VNC® Viewer
Exit code:
0
Version:
7.5.1 (r50075)
Modules
Images
c:\windows\system32\ntdll.dll
c:\users\admin\appdata\roaming\vnc-viewer-7.5.1-windows-64bit.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
2560C:\Users\admin\AppData\Roaming\VNC-Viewer-7.5.1-Windows-64bit.exe -child 79.145.28.104 -hash 827feeb4c6a8739bff8506af941e741e3800aab8966f55eac6e2a7fcb26ff1e8 -sid S-1-5-21-3896776584-4254864009-862391680-1000 RealVNC.admin.vncviewer.launchpipe.834265337C:\Users\admin\AppData\Roaming\VNC-Viewer-7.5.1-Windows-64bit.exe
VNC-Viewer-7.5.1-Windows-64bit.exe
User:
admin
Company:
RealVNC
Integrity Level:
MEDIUM
Description:
VNC® Viewer
Exit code:
0
Version:
7.5.1 (r50075)
Modules
Images
c:\windows\system32\ntdll.dll
c:\users\admin\appdata\roaming\vnc-viewer-7.5.1-windows-64bit.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
2652C:\Users\admin\AppData\Roaming\VNC-Viewer-7.5.1-Windows-64bit.exe -child 220.229.238.68 -hash cd010892bcbafcf9334f659e2c99ff56059df9ade9ae738c00b69825c1f38142 -sid S-1-5-21-3896776584-4254864009-862391680-1000 RealVNC.admin.vncviewer.launchpipe.3593508584C:\Users\admin\AppData\Roaming\VNC-Viewer-7.5.1-Windows-64bit.exe
VNC-Viewer-7.5.1-Windows-64bit.exe
User:
admin
Company:
RealVNC
Integrity Level:
MEDIUM
Description:
VNC® Viewer
Exit code:
0
Version:
7.5.1 (r50075)
Modules
Images
c:\users\admin\appdata\roaming\vnc-viewer-7.5.1-windows-64bit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\nsi.dll
2800C:\Users\admin\AppData\Roaming\VNC-Viewer-7.5.1-Windows-64bit.exe -child 97.97.16.25 -hash c7a80715d3ea2679b0e8efc00fb687c2b1e5ff875709437e6d236cfe4e463277 -sid S-1-5-21-3896776584-4254864009-862391680-1000 RealVNC.admin.vncviewer.launchpipe.1319306629C:\Users\admin\AppData\Roaming\VNC-Viewer-7.5.1-Windows-64bit.exe
VNC-Viewer-7.5.1-Windows-64bit.exe
User:
admin
Company:
RealVNC
Integrity Level:
MEDIUM
Description:
VNC® Viewer
Exit code:
0
Version:
7.5.1 (r50075)
Modules
Images
c:\windows\system32\ntdll.dll
c:\users\admin\appdata\roaming\vnc-viewer-7.5.1-windows-64bit.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\nsi.dll
c:\windows\system32\rpcrt4.dll
2812"C:\Users\admin\AppData\Roaming\VNC-Viewer-7.5.1-Windows-64bit.exe" C:\Users\admin\AppData\Roaming\VNC-Viewer-7.5.1-Windows-64bit.exeexplorer.exe
User:
admin
Company:
RealVNC
Integrity Level:
MEDIUM
Description:
VNC® Viewer
Exit code:
0
Version:
7.5.1 (r50075)
Modules
Images
c:\users\admin\appdata\roaming\vnc-viewer-7.5.1-windows-64bit.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
2964C:\Users\admin\AppData\Roaming\VNC-Viewer-7.5.1-Windows-64bit.exe -child 43.228.77.161 -hash 4ed04b12c79767b958cb1f309fab339d8c9b7a7401777a1d7ddd412b98a7c508 -sid S-1-5-21-3896776584-4254864009-862391680-1000 RealVNC.admin.vncviewer.launchpipe.394230440C:\Users\admin\AppData\Roaming\VNC-Viewer-7.5.1-Windows-64bit.exe
VNC-Viewer-7.5.1-Windows-64bit.exe
User:
admin
Company:
RealVNC
Integrity Level:
MEDIUM
Description:
VNC® Viewer
Exit code:
0
Version:
7.5.1 (r50075)
Modules
Images
c:\windows\system32\ntdll.dll
c:\users\admin\appdata\roaming\vnc-viewer-7.5.1-windows-64bit.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\rpcrt4.dll
Total events
3 111
Read events
3 111
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
4
Text files
6
Unknown types
0

Dropped files

PID
Process
Filename
Type
2812VNC-Viewer-7.5.1-Windows-64bit.exeC:\Users\admin\AppData\Roaming\RealVNC\ViewerStore\2e1d3117-f735-4b54-9e4b-a4661473bd04.jrle.tmpbinary
MD5:15E3687F6646D01375295AE8BE88CC33
SHA256:B7DA0CDF611CF3BA4CC228F46996570FB707B1CB945E643EF1AEDFB3C4C9CA47
2812VNC-Viewer-7.5.1-Windows-64bit.exeC:\Users\admin\AppData\Roaming\RealVNC\ViewerStore\2e1d3117-f735-4b54-9e4b-a4661473bd04.jrlebinary
MD5:15E3687F6646D01375295AE8BE88CC33
SHA256:B7DA0CDF611CF3BA4CC228F46996570FB707B1CB945E643EF1AEDFB3C4C9CA47
2812VNC-Viewer-7.5.1-Windows-64bit.exeC:\Users\admin\AppData\Roaming\RealVNC\ViewerStore\2e1d3117-f735-4b54-9e4b-a4661473bd04.vnctext
MD5:77FF5EDA47C7EDAFEC243C12CA574B07
SHA256:C069C8BACEAFA86CF4998A31875B9968FF57D04649433CA8EE14E5C59281FF1C
2812VNC-Viewer-7.5.1-Windows-64bit.exeC:\Users\admin\AppData\Roaming\RealVNC\ViewerStore\96af5674-c74b-448f-aa46-6f7ab96d7e61.jrle.tmpbinary
MD5:654ED4C099336298E961774FD545C8F9
SHA256:C39CDD314A715A29E493114464F038A1638D1C39F1CF012D876B04DC91250DD2
2812VNC-Viewer-7.5.1-Windows-64bit.exeC:\Users\admin\AppData\Roaming\RealVNC\ViewerStore\96af5674-c74b-448f-aa46-6f7ab96d7e61.jrlebinary
MD5:654ED4C099336298E961774FD545C8F9
SHA256:C39CDD314A715A29E493114464F038A1638D1C39F1CF012D876B04DC91250DD2
2812VNC-Viewer-7.5.1-Windows-64bit.exeC:\Users\admin\AppData\Roaming\RealVNC\ViewerStore\96af5674-c74b-448f-aa46-6f7ab96d7e61.vnc.tmptext
MD5:5736E8E434E345C8B1D9BBF164FB1CF7
SHA256:C0960FA57571B8F6785B72C68F5C04A7EB2A97E767AF2752E606BF73AC2ABD27
2812VNC-Viewer-7.5.1-Windows-64bit.exeC:\Users\admin\AppData\Roaming\RealVNC\ViewerStore\2e1d3117-f735-4b54-9e4b-a4661473bd04.vnc.tmptext
MD5:77FF5EDA47C7EDAFEC243C12CA574B07
SHA256:C069C8BACEAFA86CF4998A31875B9968FF57D04649433CA8EE14E5C59281FF1C
2812VNC-Viewer-7.5.1-Windows-64bit.exeC:\Users\admin\AppData\Roaming\RealVNC\ViewerStore\96af5674-c74b-448f-aa46-6f7ab96d7e61.vnctext
MD5:5736E8E434E345C8B1D9BBF164FB1CF7
SHA256:C0960FA57571B8F6785B72C68F5C04A7EB2A97E767AF2752E606BF73AC2ABD27
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
16
DNS requests
4
Threats
3

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2296
VNC-Viewer-7.5.1-Windows-64bit.exe
162.190.41.122:5900
unknown
636
VNC-Viewer-7.5.1-Windows-64bit.exe
95.123.43.185:5900
unknown
2560
VNC-Viewer-7.5.1-Windows-64bit.exe
79.145.28.104:5900
unknown
2652
VNC-Viewer-7.5.1-Windows-64bit.exe
220.229.238.68:5900
suspicious
2300
VNC-Viewer-7.5.1-Windows-64bit.exe
42.48.85.156:5900
unknown
2964
VNC-Viewer-7.5.1-Windows-64bit.exe
43.228.77.161:5900
suspicious
2800
VNC-Viewer-7.5.1-Windows-64bit.exe
97.97.16.25:5900
unknown
868
VNC-Viewer-7.5.1-Windows-64bit.exe
18.224.21.93:5900
unknown

DNS requests

Domain
IP
Reputation
dns.msftncsi.com
  • 131.107.255.255
shared

Threats

PID
Process
Class
Message
2652
VNC-Viewer-7.5.1-Windows-64bit.exe
Potential Corporate Privacy Violation
SUSPICIOUS [ANY.RUN] VNC negotiation was detected (ProtocolVersion message)
2652
VNC-Viewer-7.5.1-Windows-64bit.exe
Potential Corporate Privacy Violation
SUSPICIOUS [ANY.RUN] VNC negotiation was detected (Server Security type - None)
2964
VNC-Viewer-7.5.1-Windows-64bit.exe
Potential Corporate Privacy Violation
SUSPICIOUS [ANY.RUN] VNC negotiation was detected (Server Security type - None)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
VNC-Viewer-7.5.1-Windows-64bit.exe