04854c9e066d954247feeded8fede7e6

Sharing

Copy URL Twitter E-mail

General

Target

04854c9e066d954247feeded8fede7e6
Size

298KB
MD5

04854c9e066d954247feeded8fede7e6
SHA1

510c8f836c1b02cb3753dbf56e13b82484a1193a
SHA256

e25b75afcaa1c31da134f7c2a17ffbf1b663d0e0adf3bfe6319730afd983a4bc
SHA512

3d7370b40165b8313fb7ca9899c197ff4c2c36fd6471e4654adf0954d1ffa7a94891188286a3449beaab6723de3e5566217f3ea30d39e4673e83526d660c0e26
SSDEEP

6144:jhiYt3eTFUIqNwBBKDx3NIBnXS28gxjNmQBsBaaZMilmB2PN3NX:zt20NYBdBDjplOBjpcB0dX

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/fenhScreenRecord/ScreenRecord.exe
unpack001/fenhScreenRecord/msvcrtd.dll
unpack001/fenhScreenRecord/rec_chs_regdll.dll
unpack001/fenhScreenRecord/screencap.ax
unpack001/fenhScreenRecord/风华屏幕录像机.exe

Files

04854c9e066d954247feeded8fede7e6
.rar
fenhScreenRecord/ScreenRecord.exe
.exe windows:4 windows x86 arch:x86

1119fbd96195d24a7f6ab266afc47541

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4835
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord489
ord768
ord4258
ord5953
ord3097
ord3098
ord4710
ord3092
ord1779
ord4055
ord1601
ord924
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord3738
ord3798
ord815
ord641
ord2621
ord1134
ord2725
ord4376
ord4853
ord5280
ord4837
ord3597
ord324
ord4234
ord1168
ord2379
ord3571
ord3626
ord755
ord2414
ord640
ord5785
ord1640
ord323
ord1641
ord470
ord6453
ord1200
ord926
ord809
ord556
ord2122
ord1088
ord2431
ord2859
ord922
ord1099
ord5791
ord2860
ord4133
ord4297
ord5788
ord472
ord2753
ord2450
ord283
ord686
ord2408
ord2452
ord2096
ord384
ord5873
ord3337
ord5875
ord2107
ord2841
ord5450
ord5440
ord6383
ord6394
ord5287
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4854
ord4377
ord5265
ord4358
ord4948
ord4976
ord4742
ord4905
ord5160
ord5162
ord5161
ord1907
ord497
ord1008
ord2528
ord771
ord3663
ord1146
ord1644
ord2863
ord6270
ord2438
ord3654
ord2584
ord4220
ord1083
ord4185
ord4299
ord909
ord6880
ord2826
ord2825
ord4284
ord2614
ord2915
ord5572
ord5600
ord773
ord501
ord3702
ord696
ord394
ord4160
ord2864
ord2818
ord6199
ord536
ord5710
ord5683
ord1175
ord535
ord4129
ord2827
ord823
ord825
ord3811
ord2820
ord858
ord939
ord941
ord540
ord860
ord4171
ord537
ord800
ord561
ord1576

msvcrt

_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
_exit
_onexit
__dllonexit
_ftol
wcslen
_except_handler3
_mbschr
_mbsnbcpy
sscanf
sprintf
atoi
_mbsicmp
strncpy
memmove
_mbscmp
__CxxFrameHandler
exit
_setmbcp
_controlfp

kernel32

lstrcpyA
GetUserDefaultLangID
GetPrivateProfileIntA
GetSystemTime
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WinExec
LoadLibraryA
GetProcAddress
FreeLibrary
GetFileAttributesA
GetFullPathNameA
lstrcatA
CreateDirectoryA
FindFirstFileA
CreateFileA
GetFileInformationByHandle
ReadFile
CloseHandle
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
GetLogicalDriveStringsA
GetVolumeInformationA
LocalFree
InterlockedDecrement
LocalAlloc
FormatMessageA
GetStartupInfoA
GetModuleHandleA
GetLastError
GetVersionExA
DeviceIoControl
WriteFile
DeleteFileA
GetFileSize
SetFilePointer
GetModuleFileNameA
GetDriveTypeA

user32

GetSubMenu
GetCursorPos
CheckMenuItem
EnableMenuItem
GetWindowPlacement
GetClientRect
OffsetRect
InvalidateRect
GetWindowRect
GetWindowTextLengthA
SetDlgItemTextA
GetSystemMenu
LoadMenuA
SetWindowLongA
IsIconic
EnableWindow
LoadIconA
EqualRect
DrawIcon
GetSystemMetrics
SetWindowTextA
GetDlgItem
ShowWindow
SetTimer
DrawTextA
LoadImageA
FillRect
SetCapture
PtInRect
GetDC
ReleaseDC
SendMessageA
IsWindow
FindWindowA
PostQuitMessage
KillTimer
CopyRect
wsprintfA
AppendMenuA
MessageBoxA

gdi32

DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
GetObjectA
BitBlt
RealizePalette
GetDeviceCaps
ExcludeClipRect

advapi32

RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteA
SHBrowseForFolderA

comctl32

ImageList_Draw
ImageList_AddMasked

ole32

OleRun
CLSIDFromString
CLSIDFromProgID
OleUninitialize
OleInitialize
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

OleLoadPicturePath
SysAllocStringByteLen
VariantClear
SysAllocString
SysFreeString
SysStringByteLen
GetErrorInfo

shlwapi

PathIsDirectoryA
PathFileExistsA

msvcp60

?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ

msvcrtd

_CxxThrowException

Sections

.text
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fenhScreenRecord/fhua.dat
fenhScreenRecord/msvcrtd.dll
.dll windows:4 windows x86 arch:x86

265cd32afd4d72991a91eb9bf6c51bae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetEnvironmentVariableW
RtlUnwind
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
SetUnhandledExceptionFilter
GetModuleFileNameA
GetModuleFileNameW
ExitProcess
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
ResumeThread
GetLastError
CreateThread
TlsSetValue
ExitThread
CloseHandle
GetCurrentThreadId
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
HeapFree
HeapAlloc
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
HeapValidate
GetProcAddress
LoadLibraryA
DebugBreak
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
MultiByteToWideChar
GetCommandLineW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetConsoleCtrlHandler
RaiseException
FlushFileBuffers
SetFilePointer
SetStdHandle
Sleep
CompareStringA
CompareStringW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoW
GetTimeZoneInformation
SetEnvironmentVariableA
Beep
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetDriveTypeA
GetCurrentProcessId
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
MoveFileA
GetExitCodeProcess
WaitForSingleObject
FreeLibrary
CreateProcessA
CreateProcessW
HeapCompact
HeapWalk
ReadConsoleA
SetConsoleMode
GetConsoleMode
SetEndOfFile
WriteConsoleA
DuplicateHandle
GetFileInformationByHandle
PeekNamedPipe
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
LockFile
UnlockFile
CreateFileA
CreatePipe
ReadFile
CreateFileW
GetSystemTimeAsFileTime
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetLocalTime
SetLocalTime
GetSystemTime

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@@QAE@ABV0@@Z
??0__non_rtti_object@@QAE@PBD@Z
??0bad_cast@@QAE@ABQBD@Z
??0bad_cast@@QAE@ABV0@@Z
??0bad_typeid@@QAE@ABV0@@Z
??0bad_typeid@@QAE@PBD@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1__non_rtti_object@@UAE@XZ
??1bad_cast@@UAE@XZ
??1bad_typeid@@UAE@XZ
??1exception@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??2@YAPAXIHPBDH@Z
??3@YAXPAX@Z
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
??4bad_cast@@QAEAAV0@ABV0@@Z
??4bad_typeid@@QAEAAV0@ABV0@@Z
??4exception@@QAEAAV0@ABV0@@Z
??8type_info@@QBEHABV0@@Z
??9type_info@@QBEHABV0@@Z
??_7__non_rtti_object@@6B@
??_7bad_cast@@6B@
??_7bad_typeid@@6B@
??_7exception@@6B@
??_E__non_rtti_object@@UAEPAXI@Z
??_Ebad_cast@@UAEPAXI@Z
??_Ebad_typeid@@UAEPAXI@Z
??_Eexception@@UAEPAXI@Z
??_G__non_rtti_object@@UAEPAXI@Z
??_Gbad_cast@@UAEPAXI@Z
??_Gbad_typeid@@UAEPAXI@Z
??_Gexception@@UAEPAXI@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDXZ
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?terminate@@YAXXZ
?unexpected@@YAXXZ
?what@exception@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CrtCheckMemory
_CrtDbgBreak
_CrtDbgReport
_CrtDoForAllClientObjects
_CrtDumpMemoryLeaks
_CrtIsMemoryBlock
_CrtIsValidHeapPointer
_CrtIsValidPointer
_CrtMemCheckpoint
_CrtMemDifference
_CrtMemDumpAllObjectsSince
_CrtMemDumpStatistics
_CrtSetAllocHook
_CrtSetBreakAlloc
_CrtSetDbgBlockType
_CrtSetDbgFlag
_CrtSetDumpClient
_CrtSetReportFile
_CrtSetReportHook
_CrtSetReportMode
_CxxThrowException
_EH_prolog
_Getdays
_Getmonths
_Gettnames
_HUGE
_Strftime
_XcptFilter
__CxxFrameHandler
__CxxLongjmpUnwind
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__argc
__argv
__badioinfo
__crtCompareStringA
__crtGetLocaleInfoW
__crtLCMapStringA
__dllonexit
__doserrno
__fpecode
__getmainargs
__initenv
__isascii
__iscsym
__iscsymf
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv_init
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__crtAssertBusy
__p__crtBreakAlloc
__p__crtDbgFlag
__p__daylight
__p__dstbias
__p__environ
__p__fileinfo
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__osver
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__winmajor
__p__winminor
__p__winver
__p__wpgmptr
__pioinfo
__pxcptinfoptrs
__set_app_type
__setlc_active
__setusermatherr
__threadhandle
__threadid
__toascii
__unDName
__unDNameEx
__unguarded_readlc_active
__wargv
__wgetmainargs
__winitenv
_abnormal_termination
_access
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_amsg_exit
_assert
_atodbl
_atoi64
_atoldbl
_beep
_beginthread
_beginthreadex
_c_exit
_cabs
_callnewh
_calloc_dbg
_cexit
_cgets
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_clearfp
_close
_commit
_commode
_control87
_controlfp
_copysign
_cprintf
_cputs
_creat
_crtAssertBusy
_crtBreakAlloc
_crtDbgFlag
_cscanf
_ctype
_cwait
_daylight
_dstbias
_dup
_dup2
_ecvt
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_expand_dbg
_fcloseall
_fcvt
_fdopen
_fgetchar
_fgetwchar
_filbuf
_fileinfo
_filelength
_filelengthi64
_fileno
_findclose
_findfirst
_findfirsti64
_findnext
_findnexti64
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fputchar
_fputwchar
_free_dbg
_fsopen
_fstat
_fstati64
_ftime
_ftol
_fullpath
_futime
_gcvt
_get_osfhandle
_get_sbh_threshold
_getch
_getche
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getws
_global_unwind2
_heapadd
_heapchk
_heapmin
_heapset
_heapused
_heapwalk
_hypot
_i64toa
_i64tow
_initterm
_inp
_inpd
_inpw
_iob
_isatty
_isctype
_ismbbalnum
_ismbbalpha
_ismbbgraph
_ismbbkalnum
_ismbbkana
_ismbbkprint
_ismbbkpunct
_ismbblead
_ismbbprint
_ismbbpunct
_ismbbtrail
_ismbcalnum
_ismbcalpha
_ismbcdigit
_ismbcgraph
_ismbchira
_ismbckata
_ismbcl0
_ismbcl1
_ismbcl2
_ismbclegal
_ismbclower
_ismbcprint
_ismbcpunct
_ismbcspace
_ismbcsymbol
_ismbcupper
_ismbslead
_ismbstrail
_isnan
_itoa
_itow
_j0
_j1
_jn
_kbhit
_lfind
_loaddll
_local_unwind2
_lock
_locking
_logb
_longjmpex
_lrotl
_lrotr
_lsearch
_lseek
_lseeki64
_ltoa
_ltow
_makepath
_malloc_dbg
_mbbtombc
_mbbtype
_mbcasemap
_mbccpy
_mbcjistojms
_mbcjmstojis
_mbclen
_mbctohira
_mbctokata
_mbctolower
_mbctombb
_mbctoupper
_mbctype
_mbsbtype
_mbscat
_mbschr
_mbscmp
_mbscoll
_mbscpy
_mbscspn
_mbsdec
_mbsdup
_mbsicmp
_mbsicoll
_mbsinc
_mbslen
_mbslwr
_mbsnbcat
_mbsnbcmp
_mbsnbcnt
_mbsnbcoll
_mbsnbcpy
_mbsnbicmp
_mbsnbicoll
_mbsnbset
_mbsncat
_mbsnccnt
_mbsncmp
_mbsncoll
_mbsncpy
_mbsnextc
_mbsnicmp
_mbsnicoll
_mbsninc
_mbsnset
_mbspbrk
_mbsrchr
_mbsrev
_mbsset
_mbsspn
_mbsspnp
_mbsstr
_mbstok
_mbstrlen
_mbsupr
_memccpy
_memicmp
_mkdir
_mktemp
_msize
_msize_dbg
_nextafter
_onexit
_open
_open_osfhandle
_osver
_outp
_outpd
_outpw
_pclose
_pctype
_pgmptr
_pipe
_popen
_purecall
_putch
_putenv
_putw
_putws
_pwctype
_read
_realloc_dbg
_rmdir
_rmtmp
_rotl
_rotr
_safe_fdiv
_safe_fdivr
_safe_fprem
_safe_fprem1
_scalb
_searchenv
_seh_longjmp_unwind
_set_error_mode
_set_sbh_threshold
_seterrormode
_setjmp
_setjmp3
_setmaxstdio
_setmbcp
_setmode
_setsystime
_sleep
_snprintf
_snwprintf
_sopen
_spawnl
_spawnle
_spawnlp
_spawnlpe
_spawnv
_spawnve
_spawnvp
_spawnvpe
_splitpath
_stat
_stati64
_statusfp
_strcmpi
_strdate
_strdup
_strerror
_stricmp
_stricoll
_strlwr
_strncoll
_strnicmp
_strnicoll
_strnset
_strrev
_strset
_strtime
_strupr
_swab
_sys_errlist
_sys_nerr
_tell
_telli64
_tempnam
_timezone

Sections

.text
Size: 312KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fenhScreenRecord/readme.txt
fenhScreenRecord/rec_chs_regdll.dll
.dll windows:4 windows x86 arch:x86

3c8a2342fddd9a960034ffe0f9f956de

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord324
ord825
ord641
ord4234
ord4853
ord3092
ord5953
ord6199
ord4710
ord800
ord3098
ord3097
ord540
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord4622
ord4424
ord3738
ord561
ord815
ord6467
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord4376
ord2642
ord5265
ord600
ord826
ord269
ord1116

msvcrt

sprintf
__CxxFrameHandler
_EH_prolog
??2@YAPAXI@Z
__dllonexit
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit

kernel32

LocalFree
LocalAlloc

user32

EnableWindow
PostMessageA
MessageBoxA

shell32

ShellExecuteA

Exports

Exports

Reg

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fenhScreenRecord/screencap.ax
.dll regsvr32 windows:4 windows x86 arch:x86

36d5f4e570920f7af8d85d57059ea929

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

malloc
__CxxFrameHandler
??3@YAXPAX@Z
_onexit
__dllonexit
_adjust_fdiv
??2@YAPAXI@Z
_initterm
free
_wtoi
_purecall

winmm

timeGetTime
timeSetEvent

kernel32

WaitForMultipleObjects
WaitForSingleObject
CreateSemaphoreA
ReleaseSemaphore
GetSystemInfo
VirtualAlloc
VirtualFree
SetEvent
Sleep
lstrlenA
CreateFileMappingA
lstrcmpiA
FreeLibrary
LoadLibraryA
MultiByteToWideChar
GetModuleFileNameA
GetVersionExA
DisableThreadLibraryCalls
CreateThread
GetProcAddress
GetModuleHandleA
WideCharToMultiByte
GetACP
SetThreadPriority
GetThreadPriority
GetCurrentThread
GetTickCount
SetErrorMode
GetCurrentThreadId
GetCurrentProcess
DuplicateHandle
ResetEvent
CreateEventA
InterlockedDecrement
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentDirectoryA
CreateFileA
lstrcpynA
lstrcatA
OutputDebugStringA
GetLastError
GetFileSize
ReadFile
CloseHandle
InterlockedExchange

user32

wvsprintfA
PostThreadMessageA
GetQueueStatus
DispatchMessageA
LoadStringA
LoadStringW
GetDesktopWindow
MsgWaitForMultipleObjects
PeekMessageA
MoveWindow
CreateDialogParamA
IsWindowVisible
SetForegroundWindow
InvalidateRect
GetClassInfoA
LoadCursorA
RegisterClassA
CreateWindowExA
GetDC
ReleaseDC
DefWindowProcA
GetClientRect
MapWindowPoints
GetParent
GetWindowRect
GetWindowLongA
AdjustWindowRectEx
SetWindowPos
ShowWindow
GetWindowThreadProcessId
SetWindowLongA
DestroyWindow
PostMessageA
RegisterWindowMessageA
GetDlgItemTextA
GetDlgItem
SendMessageA
SetDlgItemTextA
SetRectEmpty
wsprintfA
MessageBoxA
IsRectEmpty
IsWindow

gdi32

CreateCompatibleDC
CreateDCA
DeleteObject
SelectPalette
GetStockObject
GetDeviceCaps
SetStretchBltMode
GetTextExtentPoint32A
CreateCompatibleBitmap
StretchBlt
StretchDIBits
SetDIBitsToDevice
GdiFlush
GetObjectA
CreateDIBSection
CreatePalette
GetSystemPaletteEntries
SelectObject
BitBlt
SetBkMode
SetTextColor
TextOutA
GetDIBits
SetDIBColorTable
DeleteDC
RealizePalette

advapi32

RegCreateKeyA
RegSetValueExA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueA

ole32

CoInitialize
CoUninitialize
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoFreeUnusedLibraries

oleaut32

SysAllocString
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fenhScreenRecord/screencap.xml
.xml
fenhScreenRecord/skins/control.xml
.xml
fenhScreenRecord/skins/control_disable.bmp
fenhScreenRecord/skins/control_down.bmp
fenhScreenRecord/skins/control_normal.bmp
fenhScreenRecord/skins/control_over.bmp
fenhScreenRecord/skins/t1.bmp
fenhScreenRecord/skins/t2.bmp
fenhScreenRecord/sn.dat
fenhScreenRecord/使用说明.txt
fenhScreenRecord/侠盗阿凡提.url
.url
fenhScreenRecord/注册说明.htm
.html
fenhScreenRecord/风华屏幕录像机.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

code
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1119fbd96195d24a7f6ab266afc47541

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

shlwapi

msvcp60

msvcrtd

Sections

.text Size: 92KB - Virtual size: 88KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 3KB

265cd32afd4d72991a91eb9bf6c51bae

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 312KB - Virtual size: 308KB

.rdata Size: 36KB - Virtual size: 32KB

.data Size: 20KB - Virtual size: 26KB

.rsrc Size: 4KB - Virtual size: 936B

.reloc Size: 16KB - Virtual size: 14KB

3c8a2342fddd9a960034ffe0f9f956de

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

shell32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 676B

36d5f4e570920f7af8d85d57059ea929

Headers

File Characteristics

Imports

msvcrt

winmm

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 60KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text
Size: 92KB - Virtual size: 88KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 312KB - Virtual size: 308KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 20KB - Virtual size: 26KB

.rsrc
Size: 4KB - Virtual size: 936B

.reloc
Size: 16KB - Virtual size: 14KB

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 676B

.text
Size: 64KB - Virtual size: 60KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB

code
Size: - Virtual size: 40KB

text
Size: 11KB - Virtual size: 12KB

.rsrc
Size: 6KB - Virtual size: 8KB