» vncserver.exe
Overview
Analysis
File Details
Behaviors (1)

vncserver.exe

VNC

RealVNC

The executable vncserver.exe has been detected as malware by 10 anti-virus scanners. It runs as a windows Service named “VNC Server”.

File name:

vncserver.exe

Publisher:

RealVNC Ltd (signed by RealVNC)

Product:

VNC®

Description:

VNC® Server

Version:

5.3.0 (r15303)

MD5:

d5d65684399d8b3754d83fcdcdbd0a65

SHA-1:

15b763da2934059c4ec4715a243d3e7004f10578

SHA-256:

a5d768c0d45008ba19ac26e32cd61e75f2c3264b131c597fcf5a718bf878d2d2

Scanner detections:

10 / 68

Status:

Malware

Analysis date:

4/25/2024 10:21:43 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Expiro-EH

150717-0

AVG

Win32/Expiro

2015.0.4355

Dr.Web

Win64.Expiro.100

9.0.1.05190

Emsisoft Anti-Malware

Win64.Expiro.Gen

11.5.0.6191

ESET NOD32

Win64/Expiro.BB virus

8.0.319.0

F-Secure

Win64.Expiro.Gen.3

5.15.96

Kaspersky

Virus.Win64.Expiro

15.0.0.562

Microsoft Security Essentials

Threat.Undefined

1.219.1022.0

Norman

Win64.Expiro.Gen.3

10.04.2016 15:29:17

Sophos

Virus 'W64/Expiro-V'

5.23

File size:

5.9 MB (6,226,432 bytes)

Product version:

5.3.0 (r15303)

Trademarks:

VNC is a registered trademark of RealVNC Ltd in the U.S. and in other countries.

Original file name:

vncserver.exe

File type:

Executable application (Win64 EXE)

Language:

English (United Kingdom)

Common path:

C:\Program Files\realvnc\vnc server\vncserver.exe

Digital Signature

Signed by:

RealVNC

Authority:

RealVNC

Valid from:

11/13/2015 11:13:14 PM

Valid to:

11/10/2025 11:13:14 PM

Subject:

CN=RootCA:Root 006 2015, O=RealVNC

Issuer:

CN=RootCA:Root 006 2015, O=RealVNC

Serial number:

0098383CC518DA01FE

File PE Metadata

Compilation timestamp:

3/16/2016 1:46:20 AM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows Console

Linker version:

8.0

CTPH (ssdeep):

98304:rfEc5iUiy+clkgJ90Aj6QuS6TAtm7Sfa:rfEc5HimkgIAOQF7

Entry address:

0x327C30

Entry point:

47, 55, 41, 51, 41, 56, 45, BE, F0, 15, 04, 00, 4F, B9, 00, E0, 5F, 40, 01, 00, 00, 00, 57, 45, BD, E9, 1A, 00, 00, BF, 13, 64, 02, 00, 4C, 0F, AF, EF, 4A, BF, 5B, 0C, 00, 00, 01, 00, 00, 00, 4E, 03, EF, E8, 25, 00, 00, 00, 4F, BD, A6, 3F, 5B, 40, 01, 00, 00, 00, 43, BE, D0, E1, 00, 00, 4F, B9, 00, 20, 74, 40, 01, 00, 00, 00, E8, 06, 00, 00, 00, 5F, 4F, 39, CD, 75, 33, 41, 8B, 7D, 00, 81, F7, C5, 06, B4, 65, 41, 89, 39, 4B, FF, C5, 4B, FF, C5, 4D, FF, CE, 4D, FF, CE, 4D, FF, C5, 49, FF, C5, 4D, 81, C1, 04... 
[+]

Entropy:

6.6479

Code size:

3.5 MB (3,656,704 bytes)

Service

Display name:

VNC Server

Service name:

vncserver

Description:

Enables VNC Viewer users to connect to and control this computer. To manage connectivity, configure the VNC Server application. Note that if this service is stopped, all VNC Viewer users will be disco

Type:

Win32OwnProcess, InteractiveProcess

Remove vncserver.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.