home

tvnserver.exe

TightVNC

GlavSoft LLC.

It runs as a separate (within the context of its own process) windows Service named “TightVNC Server”. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘tvncontrol’.
Publisher:
GlavSoft LLC.  (signed and verified)

Product:
TightVNC

Description:
TightVNC Server for Windows

Version:
2.0.3.0

MD5:
0461faebb17a4a92effa2eb67bc52261

SHA-1:
5588f84aed293aa941713f41c65b230c922bc807

SHA-256:
f8a2c4e9dae47694e312fd893bb197c431021ad201074d343caec166c2851010

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/23/2024 10:03:59 PM UTC  (today)

File size:
807.5 KB (826,896 bytes)

Product version:
2.0.3.0

Copyright:
Copyright (C) 2008-2011 GlavSoft LLC.

Original file name:
tvnserver.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\tightvnc\tvnserver.exe

Digital Signature
Signed by:
GlavSoft LLC.

Authority:
Thawte, Inc.

Valid from:
3/29/2011 7:00:00 PM

Valid to:
3/29/2012 6:59:59 PM

Subject:
CN=GlavSoft LLC., O=GlavSoft LLC., L=Tomsk, S=Tomsk, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
387FDDE484885E7290821D874F860703

File PE Metadata
Compilation timestamp:
5/26/2011 4:44:51 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:ptGrJmO8TsQXAwAmcIxyFLLI6hUXe/s83Hk82ZksmxMD2oGj:OrJmOos9Syprhiys83E9ZksmKoj

Entry address:
0x640E4

Entry point:
E8, 74, 2D, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 14, 56, 57, 33, FF, 3B, C7, 74, 47, 39, 7D, 08, 75, 1B, E8, 2D, 2E, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 8D, 02, 00, 00, 83, C4, 14, 8B, C6, EB, 29, 39, 7D, 10, 74, E0, 39, 45, 0C, 73, 0E, E8, 08, 2E, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, D7, 50, FF, 75, 10, FF, 75, 08, E8, 2E, 0F, 00, 00, 83, C4, 0C, 33, C0, 5F, 5E, 5D, C3, 8B, C1, 83, 60, 04, 00, 83, 60, 08, 00, C7, 00, 78, 15, 48, 00, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D...
 
[+]

Entropy:
6.5444

Code size:
509.5 KB (521,728 bytes)

Service
Display name:
TightVNC Server

Service name:
tvnserver

Type:
Win32OwnProcess


Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
tvncontrol

Command:
"C:\Program Files\tightvnc\tvnserver.exe" -controlservice -slave


Windows Firewall Allowed Program
Name:
C:\Program Files\TightVNC\tvnserver.exe


Scan tvnserver.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.