mRemoteNG.exe

  • File Path: C:\Program Files (x86)\mRemoteNG\mRemoteNG.exe
  • Description: mRemoteNG
  • Comments: Multi-protocol remote connections manager

Hashes

Type Hash
MD5 26D6A0729744CDFE6B2BF38243F6E287
SHA1 8141BFDCFC280F29B48CE1C751E9515AC08EEB1C
SHA256 6EC4C234894AC6CA598477E45B6EB5C187B1B75E250A6C78954805463BDA17B9
SHA384 1133FCF9A60558302C0942728F520AAF95722E3638D2DB49317AF80C5DFC02FA0748368E7D5B5FE3F74A078A33F9A43B
SHA512 0CD09B2D07AF9FB219531D798C5D1A223B935423DEE9FDDC91FDD5454E87B0C3E974B6EE416D9F18856AD0C0A3DC7A83FA9360EAF9BF166528832A8FC80E4006
SSDEEP 24576:1+i8BCRKyo8UWX0HNNIFb9sv7VdyMOJlXcTJwTK6Ej7jc:eBC0vBWX0HNNIFbavLyMOJlXcdwTZG3c
IMP F34D5F2D4577ED6D9CEEC516C1F5A744
PESHA1 92B93E3D3CEF6871358E670C55EDE8BECF7D724B
PE256 88E0D15B0EB011384BCDE73BDA9F40B009A45BD02C72D5D45DE2B810EA5703A3

Runtime Data

Open Handles:

Path Type
(R–) C:\Users\user\AppData\Roaming\mRemoteNG\mRemoteNG.log File
(R-D) C:\Program Files (x86)\mRemoteNG\BouncyCastle.Crypto.dll File
(R-D) C:\Program Files (x86)\mRemoteNG\en-US\mRemoteNG.resources.dll File
(R-D) C:\Program Files (x86)\mRemoteNG\log4net.dll File
(R-D) C:\Program Files (x86)\mRemoteNG\MagicLibrary.dll File
(R-D) C:\Program Files (x86)\mRemoteNG\WeifenLuo.WinFormsUI.Docking.dll File
(R-D) C:\Program Files (x86)\mRemoteNG\WeifenLuo.WinFormsUI.Docking.ThemeVS2003.dll File
(R-D) C:\Program Files (x86)\mRemoteNG\WeifenLuo.WinFormsUI.Docking.ThemeVS2012.dll File
(R-D) C:\Program Files (x86)\mRemoteNG\WeifenLuo.WinFormsUI.Docking.ThemeVS2013.dll File
(R-D) C:\Program Files (x86)\mRemoteNG\WeifenLuo.WinFormsUI.Docking.ThemeVS2015.dll File
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll File
(R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll File
(R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll File
(R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll File
(R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll File
(R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll File
(R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll File
(R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll File
(R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll File
(R-D) C:\Windows\System32\en-US\winnlsres.dll.mui File
(R-D) C:\Windows\SysWOW64\en-US\user32.dll.mui File
(RW-) C:\Windows File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.488_none_89e6152f0b32762e File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_11b1e5df2ffd8627 File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.572_none_4296d9128a9564c1 File
(RW-) C:\xCyclopedia File
...\Cor_SxSPublic_IPCBlock Section
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\Cor_Private_IPCBlock_v4_3288 Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\1\BaseNamedObjects\SessionImmersiveColorPreference Section
\Sessions\1\BaseNamedObjects\UrlZonesSM_user Section
\Sessions\1\BaseNamedObjects\windows_shell_global_counters Section
\Sessions\1\Windows\Theme289354956 Section
\Windows\Theme1665484522 Section

Loaded Modules:

Path
C:\Program Files (x86)\mRemoteNG\mRemoteNG.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

  • Status: Signature verified.
  • Serial: 0C1FDD2DDD38ACC9AFE620097FBB3B65
  • Thumbprint: DEFFB77C09F5ADC3691A0EA8A36E2617577AF8AB
  • Issuer: CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  • Subject: CN=David Sparer, O=David Sparer, L=Prescott, S=Wisconsin, C=US

File Metadata

  • Original Filename: mRemoteNG.exe
  • Product Name: mRemoteNG
  • Company Name:
  • File Version: 1.76.20.24615
  • Product Version: 1.76.20.24615
  • Language: Language Neutral
  • Legal Copyright: Copyright 2019 mRemoteNG Dev Team; 2010-2013 Riley McArdle; 2007-2009 Felix Deimel
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/69
  • VirusTotal Link: https://www.virustotal.com/gui/file/6ec4c234894ac6ca598477e45b6eb5c187b1b75e250a6c78954805463bda17b9/detection/

Possible Misuse

The following table contains possible examples of mRemoteNG.exe being misused. While mRemoteNG.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma net_connection_win_susp_rdp.yml - '\mRemoteNG.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.