vmcap[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

vmcap.exe
Size

212KB
MD5

33494c87a275a41b3c9fab3d9528d3af
SHA1

8b8d8eb059f35a61aab7e373c5bd45e6e993972a
SHA256

0813418a0aeccd580bafb3092a6711b3ef339f9866d40fcd49fbb7e5e2a4f022
SHA512

8e82fcbff7ae06b6828f914887f4ac0d442ff3e2410ee7c27156ff85dbca19b5c820cab41d4b549d9c0259e2ceff774a3c2a9e9d82411dfb509453c8b5d78421
SSDEEP

3072:0AeF9CANsmN52tCRAMjyWWNkyzdKu1XO/UKYG20kJJZi61g4OGV3l0ud:0iAKK+SpdGzdKugsKjDkZi61g4nC+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
vmcap.exe

Files

vmcap.exe
.exe windows x86

5bc05cff7e2274e254c7d05ea75838bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

EnumProcesses
GetModuleFileNameExA

winmm

timeGetTime
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInOpen
waveOutOpen
waveInUnprepareHeader
waveOutClose
waveOutReset
waveInClose
waveInReset

msacm32

acmMetrics
acmFormatChooseA

olepro32

ord251
ord250

kernel32

IsBadCodePtr
SetFilePointer
FlushFileBuffers
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
InterlockedExchange
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
lstrcpynA
TerminateProcess
OpenProcess
GetProcAddress
GetModuleHandleA
GetProfileIntA
GetProfileStringA
GetDiskFreeSpaceExA
GlobalFree
IsBadReadPtr
MultiByteToWideChar
lstrlenA
OutputDebugStringA
WideCharToMultiByte
Sleep
GlobalUnlock
GlobalHandle
GlobalLock
GlobalAlloc
CloseHandle
CreateFileA
lstrcmpiA
lstrcatA
lstrcpyA
OpenFile
LoadLibraryA
MulDiv
GetDiskFreeSpaceA
FreeLibrary
GetFullPathNameA
CopyFileA
WriteFile
GetTempPathA
GetFileSize
WriteProfileStringA
GetCurrentProcessId
InitializeCriticalSection
InterlockedIncrement
DeleteCriticalSection
GetModuleFileNameA
GetLastError
RaiseException
LeaveCriticalSection
EnterCriticalSection
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
IsDBCSLeadByte
IsBadWritePtr
GetCurrentThreadId
GetTickCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
SetUnhandledExceptionFilter
HeapSize
GetCurrentProcess
VirtualFree
HeapCreate
HeapDestroy
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
LCMapStringW
LCMapStringA
GetCPInfo
ExitProcess
GetCommandLineA
GetStartupInfoA
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapFree
HeapAlloc
RtlUnwind
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
GetOEMCP
SetStdHandle
ReadFile
GetLocaleInfoW
InterlockedDecrement

user32

CharNextA
FindWindowExA
IsWindow
FindWindowA
SendMessageA
RedrawWindow
CheckDlgButton
IsDlgButtonChecked
SetDlgItemInt
GetDlgItem
EnableWindow
MessageBeep
GetDlgItemTextA
IsCharAlphaA
IsCharAlphaNumericA
SetDlgItemTextA
EndDialog
MessageBoxA
DialogBoxParamA
PostMessageA
GetMenuItemCount
GetSysColor
SetFocus
GetDlgItemInt
GetWindowTextA
SetWindowTextA
ShowWindow
CreateWindowExA
ReleaseDC
GetDC
RegisterClassA
LoadIconA
LoadCursorA
LoadAcceleratorsA
RemoveMenu
AppendMenuA
InvalidateRect
SetTimer
SetWindowPos
EnableMenuItem
CheckMenuItem
GetMenu
GetSubMenu
DestroyWindow
PostQuitMessage
GetAsyncKeyState
BeginPaint
EndPaint
KillTimer
CreateDialogParamA
GetWindowLongA
SetWindowLongA
GetSystemMetrics
GetWindowRect
GetClientRect
UpdateWindow
MoveWindow
wsprintfA
DefWindowProcA
PeekMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
WaitMessage
CreatePopupMenu

gdi32

SelectObject
GetStockObject
SetBkColor
SetTextColor
ExtTextOutA
PatBlt
CreateSolidBrush
CreateFontA
GetTextMetricsA
DeleteDC
DeleteObject
StretchBlt
SetStretchBltMode
CreateDIBSection
CreateCompatibleDC

comdlg32

GetSaveFileNameA

advapi32

RegCloseKey
RegQueryInfoKeyA
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegEnumKeyExA

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize
CoTaskMemFree
MkParseDisplayName
CreateBindCtx
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

SysFreeString
VariantInit
VariantClear
VarUI4FromStr

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5bc05cff7e2274e254c7d05ea75838bf

Headers

File Characteristics

Imports

psapi

winmm

msacm32

olepro32

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

Sections

.text Size: 164KB - Virtual size: 163KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 8KB - Virtual size: 52KB

.rsrc Size: 8KB - Virtual size: 5KB

.text
Size: 164KB - Virtual size: 163KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 8KB - Virtual size: 52KB

.rsrc
Size: 8KB - Virtual size: 5KB