mcravnc.exe

MicroCreative

It runs as a separate (within the context of its own process) windows Service named “uvnc_service”.
Publisher:
UltraVNC  (signed by MicroCreative)

Product:
UltraVNC

Description:
VNC server for win32

Version:
1.1.9.6

MD5:
236afa801c5d0d4e09f39e9a7cd455b5

SHA-1:
ed9394a415c0a402bd9954b98d74d5956054a732

SHA-256:
e3f3f215f49cee4711f4847a6c88cf60c6c5b037c1c7041b598c86000fb9140a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
9/24/2018 8:54:17 PM UTC  (today)

File size:
1 MB (1,095,512 bytes)

Product version:
1.1.9.6

Copyright:
Copyright © 2010 UltraVNC

Trademarks:
VNC

Original file name:
WinVNC.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\microcreativera\mcravnc.exe

Digital Signature
Signed by:

Authority:
Unizeto Technologies S.A.

Valid from:
2/4/2014 2:04:13 PM

Valid to:
2/4/2015 2:04:13 PM

Subject:
E=biuro@microcreative.pl, CN=MicroCreative, O=MicroCreative, C=PL

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
27C717B1B2959DECC42D64F309BE86DC

File PE Metadata
Compilation timestamp:
12/5/2013 10:34:10 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:7bH3AUjH4z6G86A444ggAA44AAg44ggAA44AgoIwS/QRFHK3y/YR9jub+bQhZbOt:vo5Erjr189YtmOwWE2qG

Entry address:
0xACD01

Entry point:
E8, FE, CF, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 75, 15, E8, DD, 36, 00, 00, C7, 00, 16, 00, 00, 00, E8, 3C, 7F, 00, 00, 83, C8, FF, 5D, C3, 8B, 40, 10, 5D, C3, 8B, FF, 56, 8B, F1, 85, F6, 74, 1B, 85, C0, 74, 17, 3B, C6, 74, 13, 57, 6A, 36, 59, 8B, F8, F3, A5, 83, 20, 00, 50, E8, BA, 87, 00, 00, 59, 5F, 5E, C3, 33, C0, C3, 8B, FF, 55, 8B, EC, 53, 57, 33, DB, 33, FF, 39, 5D, 10, 7E, 22, 56, 8D, 75, 10, 83, C6, 04, FF, 36, FF, 75, 0C, FF, 75, 08, E8, E8, CD, FF, FF, 83, C4, 0C...
 
[+]

Code size:
796 KB (815,104 bytes)

Service
Display name:
uvnc_service

Description:
Provides secure remote desktop sharing

Type:
Win32OwnProcess

Depends on:
Tcpip


Scan mcravnc.exe - Powered by Reason Core Security