home

WinVNC.exe

CrossLoop, Inc

It runs as a separate (within the context of its own process) windows Service named “uvnc_service”. This file is installed with the program CrossLoop 2.82.
Publisher:
UltraVNC  (signed by CrossLoop, Inc)

Product:
UltraVNC

Description:
VNC server for X64/win32

Version:
1.0.8.2

MD5:
6259d80c85ffaa1beebb916c6f413b6b

SHA-1:
b389bb06adbd4e472dd2cbabfeb3fdd54fe95bf6

SHA-256:
5f55124b9bd414f2bca50b57bcc8cee04297ff45084c4aa19a15f7999ba47df4

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/25/2024 6:52:41 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Hacktool.Win32.WinVNC
4.0.3.1472

Kaspersky
not-a-virus:RemoteAdmin.Win32.WinVNC
14.0.0.3621

File size:
1.5 MB (1,587,352 bytes)

Product version:
1.0.8.2

Copyright:
Copyright © 2009 UltraVNC

Trademarks:
VNC

Original file name:
WinVNC.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\crossloop\winvnc.exe

Digital Signature
Signed by:
CrossLoop, Inc

Authority:
The USERTRUST Network

Valid from:
11/1/2007 8:00:00 PM

Valid to:
11/1/2010 7:59:59 PM

Subject:
CN="CrossLoop, Inc", O="CrossLoop, Inc", STREET="1 Lower Ragsdale Dr., Bldg. 1,", STREET=Suite 210, L=Monterey, S=CA, PostalCode=93940, C=US

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
26E44F4E6D17682D60C48B89B4899CFF

File PE Metadata
Compilation timestamp:
12/6/2009 10:45:33 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:VJl0toMn9kr7RsLMvLYTn8OIshcAUA/JpC:ykuLVT8OIbAUA/J8

Entry address:
0x804B6

Entry point:
E8, 74, F8, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 3D, 48, 6C, 52, 00, 00, 56, 8B, 35, 54, 8B, 4D, 00, 75, 04, 33, C0, EB, 63, 57, 85, F6, 75, 1B, 39, 35, 5C, 8B, 4D, 00, 74, 53, E8, E2, F9, 00, 00, 85, C0, 75, 4A, 8B, 35, 54, 8B, 4D, 00, 85, F6, 74, 40, 83, 7D, 08, 00, 74, 3A, FF, 75, 08, E8, C9, 01, 00, 00, 59, 8B, F8, EB, 27, 50, E8, BE, 01, 00, 00, 59, 3B, C7, 76, 19, 8B, 06, 80, 3C, 38, 3D, 75, 11, 57, FF, 75, 08, 50, E8, 8A, F9, 00, 00, 83, C4, 0C, 85, C0, 74, 0F, 83, C6, 04, 8B, 06, 85...
 
[+]

Entropy:
6.5446

Code size:
617.5 KB (632,320 bytes)

Service
Display name:
uvnc_service

Type:
Win32OwnProcess


The file WinVNC.exe has been discovered within the following program.

CrossLoop 2.82  by CrossLoop, Inc.
Publisher's description - “CrossLoop is a free, secure screen-sharing utility designed for people of all technical skill levels.”
www.CrossLoop.com
5% remove it
 
Powered by Should I Remove It?

Scan WinVNC.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.