Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: ba3ffac32028db0af1b778305a0fe3f0 --

Hashes
MD5: ba3ffac32028db0af1b778305a0fe3f0
SHA1: 579f9f4b144958e1dc706ae9ea04a143ec9ca810
SHA256: 68af44a541563284fb661686bc418bd334c6cd0544cffdc1a92718ba16143e8e
SSDEEP: 768:YQMGCilINH1c1ChOEq+UAM02gkkLEDfP4neCNee8byeoe40eMC+FAg:BMG1O1LnWgk321e7Ge40eMC+FAg
Details
File Type: PE32
Yara Hits
YRP/Visual_Cpp_2005_DLL_Microsoft | YRP/Visual_Cpp_2003_DLL_Microsoft | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_registry | YRP/win_hook |
Parent Files
04f50b7f721e3ae2bee5686a4cb584bd
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
^SSSSS
j@j ^V
< tK<	tG
URPQQh
t"SS9] u
;t$,v-
UQPXY]Y[
v	N+D$
PPPPPPPP
PPPPPPPP
VNCHooks.PopUpMenu.Selected
Application_Prefs
Software
VNCHooks
use_Deferral
use_RButtonUp
use_MButtonUp
use_LButtonUp
use_KeyPress
use_Timer
use_GetUpdateRect
Local\SeamlessRDPData
WinVNC desktop sink
WinVNC
VNCHooks.Deferred.UpdateMessage
CorExitProcess
bad allocation
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
Unknown exception
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
C:\Users\rudi\Desktop\UltraVNC_INSTALLER_OTHER\ultravnc_test2\UltraVNC Project Root\UltraVNC\winvnc\Release\vnchooks.pdb
GetModuleFileNameA
GetModuleHandleA
GlobalAddAtomA
GlobalDeleteAtom
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
KERNEL32.dll
RemovePropA
ClientToScreen
GetClientRect
PostThreadMessageA
PostMessageA
GetWindowRect
IsWindowVisible
GetCursor
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
EnumWindows
FindWindowA
SetPropA
GetPropA
GetUpdateRgn
RegisterWindowMessageA
USER32.dll
DeleteObject
GetRegionData
CreateRectRgn
GDI32.dll
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
ADVAPI32.dll
GetLastError
HeapFree
HeapAlloc
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
HeapCreate
HeapDestroy
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
RtlUnwind
IsProcessorFeaturePresent
HeapSize
LCMapStringW
MultiByteToWideChar
GetStringTypeW
VNCHooks.dll
HooksType
SetHooks
SetKeyboardFilterHook
SetMouseFilterHook
UnSetHooks
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVtype_info@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
0!0J0a0
1G1W1f1
2&2,2^2k2
464=4D4Z4h4
5(5H5Z5c5o5t5
646;6[6c6q6z6
7%7V7`7f7q7w7
748B8Z8_8k8u8
9;9C9K9S9X9e9p9z9
: :&:D:O:W:
:+;9;G;{;
=J=Q=W=
1I1S1p1
2 2(232S2g2m2|2
20363H3j3
4=4B4L4
5"575i5
7%707<7A7Q7V7\7b7x7
:4:W:k:w:
:E;M;`;k;p;
<,<e<o<
>*>^>k>
?H?o?|?
0%0*020B0L0R0f0{0
191N1t1
2#3+3w3
4%4+434:4?4G4P4\4a4f4l4p4v4{4
5"5(5@5s5|5
6"6G6m6s6
6E7O7z7
8D8g8m8
9#9d9o9y9
9U;f;n;t;y;
=b=<>D>\>w>
2%282\2
3Q3W3\3j3o3t3y3
4L4Q4X4]4d4i4w4
6*6M6R6W6n6
7E8h8s8y8
9I9c9}9
=$>x>;?i?
4 4D4{4
7(7D7M7S7\7a7p7
;,<D<K<S<X<\<`<
<:=@=D=H=L=
>7>i>p>t>x>|>
4"444F4X4~4
5 525D5V5o5
94=A=G=L=S=W=\=
<t>x>|>
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
1 1$1(1,1014181<1@1
30343D3H3X3\3d3|3
40484L4h4t4
54585X5x5
1 3$3(3,3034383<3@3D3H3h3l3p3t3x3|3
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
4(585H5X5h5
; ;$;(;,;0;4;8;@;D;`;
GlobalSign nv-sa1
Root CA1
GlobalSign Root CA0
990128130000Z
170127120000Z0
GlobalSign nv-sa1%0#
Primary Object Publishing CA100.
'GlobalSign Primary Object Publishing CA0
%uyP}_
"http://crl.globalsign.net/Root.crl0
GlobalSign nv-sa1
Root CA1
GlobalSign Root CA0
990128130000Z
170127120000Z0
GlobalSign nv-sa1%0#
Primary Object Publishing CA100.
'GlobalSign Primary Object Publishing CA0
%uyP}_
"http://crl.globalsign.net/Root.crl0
GlobalSign nv-sa1
Root CA1
GlobalSign Root CA0
090318110000Z
280128120000Z0T1
Timestamping CA1
GlobalSign1#0!
GlobalSign Timestamping CA0
:	D:CrA
%http://www.globalsign.net/repository/03
"http://crl.globalsign.net/root.crl0
Timestamping CA1
GlobalSign1#0!
GlobalSign Timestamping CA0
091221093256Z
201222093256Z0R1
GlobalSign NV1+0)
"GlobalSign Time Stamping Authority0
+http://crl.globalsign.net/Timestamping1.crl0
%http://www.globalsign.net/repository/0
GlobalSign nv-sa1
ObjectSign CA1!0
GlobalSign ObjectSign CA0
110318171546Z
140318171542Z0]1
	Antwerpen1
	Antwerpen1
	uvnc bvba1
	uvnc bvba0
2http://secure.globalsign.net/cacert/ObjectSign.crt09
(http://crl.globalsign.net/ObjectSign.crl0	
%http://www.globalsign.net/repository/0
GlobalSign nv-sa1%0#
Primary Object Publishing CA100.
'GlobalSign Primary Object Publishing CA0
040122100000Z
170127110000Z0c1
GlobalSign nv-sa1
ObjectSign CA1!0
GlobalSign ObjectSign CA0
$http://www.globalsign.net/repository09
(http://crl.globalsign.net/primobject.crl0N
2http://secure.globalsign.net/cacert/PrimObject.crt0
GlobalSign nv-sa1
ObjectSign CA1!0
GlobalSign ObjectSign CA
i&"rIp$
Timestamping CA1
GlobalSign1#0!
GlobalSign Timestamping CA
121109143210Z0#
[A~Il0g0X
Timestamping CA1
GlobalSign1#0!
GlobalSign Timestamping CA