home

vncviewer.exe

AT&T vncviewer

AT&T Laboratories Cambridge

The application vncviewer.exe has been detected as a potentially unwanted program by 7 anti-malware scanners. This file is typically installed with the program Advanced IP Scanner v1.5 by Famatech. The file has been seen being downloaded from uiandwe.tistory.com. While running, it connects to the Internet address ip-172-18-0-190.ec2.internal on port 5900.
Publisher:
AT&T Laboratories Cambridge

Product:
AT&T vncviewer

Description:
vncviewer

Version:
3, 3, 3, 3

MD5:
fdd6e4b8a91d477ad90d930b1e7372fa

SHA-1:
1c4d5f0c8a601345feb5b2ad0753873101c2c0db

SHA-256:
0855760689f8e39547870135dfd9d4716214370077c759bb4ecafd6f287c2bae

Scanner detections:
7 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 5:17:12 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.RemoteAdmin
7.1.1

Baidu Antivirus
HackTool.Win32.WinVNC
4.0.3.14220

Comodo Security
ApplicUnsaf.Win32.RemoteAdmin.WinVNC.333
17780

Kaspersky
not-a-virus:RemoteAdmin.Win32.WinVNC
14.0.0.4285

NANO AntiVirus
Riskware.Win32.WinVNC.icva
0.28.0.57630

VIPRE Antivirus
RealVNC (not malicious)
26430

ViRobot
RemoteApp.WinVNC.176128
2011.4.7.4223

File size:
172 KB (176,128 bytes)

Product version:
3, 3, 3, 3

Copyright:
Copyright © 1999

Original file name:
vncviewer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\orl\vnc\vncviewer.exe

File PE Metadata
Compilation timestamp:
2/28/2001 7:39:31 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:YuNIB7aeAcNIzh/mgi76fHaUcu8qKaKQ9IU:tSe7cWF/0O8fQOU

Entry address:
0xF0A9

Entry point:
55, 8B, EC, 6A, FF, 68, B0, 66, 41, 00, 68, 0C, 2C, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 5C, 61, 41, 00, 33, D2, 8A, D4, 89, 15, B0, C4, 41, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, AC, C4, 41, 00, C1, E1, 08, 03, CA, 89, 0D, A8, C4, 41, 00, C1, E8, 10, A3, A4, C4, 41, 00, 6A, 01, E8, A4, 22, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, 83, 0A, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Entropy:
5.2494

Code size:
84 KB (86,016 bytes)

The file vncviewer.exe has been discovered within the following program.

Advanced IP Scanner v1.5  by Famatech
Publisher's description - “Advanced IP Scanner is a fast and easy-to-use network scanner for Windows. In a matter of seconds, this utility finds all the computers on any network and provides easy access to their various resources, whether HTTP, HTTPS, FTP or shared folders.”
www.radmin.com
About 1% of users remove it
 
Powered by Should I Remove It?

The file vncviewer.exe has been seen being distributed by the following URL.

http://uiandwe.tistory.com/.../fk140000000007.exe

The executing file has been seen to make the following network communication in live environments.

TCP:
Connects to ip-172-18-0-190.ec2.internal  (172.18.0.190:5900)

Remove vncviewer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.