IEcapt[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

IEcapt.exe
Size

175KB
MD5

3da5f546814c719ae26a38c5196450ed
SHA1

d44e1940f3f7d5b1d5f33c0f14caa21b4dfd5ffc
SHA256

790d1ae131129df3e03e4c61bc957439009b7593ef170b6baa2403f5822ea333
SHA512

56d1068bea39fbe92a6a731591f3d87e8affaf2f89670912745d017ab017b4f85b0fe3fbc2faf7943f5576a44e724a5b704220091c577952da2614b2c968bc34
SSDEEP

3072:Xd4n4KaZHNCa7VY6zUYxupVFxs9AB4eCqzn5F3/:XddZHhYqk664Dwn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
IEcapt.exe

Files

IEcapt.exe
.exe windows:5 windows x86 arch:x86

e3af9d209b4449d444b472c1c9935205

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalUnlock
FlushInstructionCache
RaiseException
InterlockedExchange
GetLastError
SetLastError
lstrcmpiA
GetProcAddress
EnterCriticalSection
LockResource
GetModuleFileNameA
GetModuleHandleA
LoadLibraryExA
DeleteCriticalSection
GetCurrentThreadId
CloseHandle
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapDestroy
HeapReAlloc
HeapSize
CompareStringW
CompareStringA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
SetFilePointer
lstrlenW
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
GetStdHandle
ExitProcess
Sleep
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
MultiByteToWideChar
IsDBCSLeadByte
MulDiv
LeaveCriticalSection
SizeofResource
WideCharToMultiByte
GlobalAlloc
FindResourceExA
InitializeCriticalSection
GetCommandLineA
GetSystemTimeAsFileTime
GetDateFormatA
GetTimeFormatA
VirtualQuery
GetSystemInfo
GetModuleHandleW
SetEnvironmentVariableA
VirtualProtect
WriteFile
GlobalLock
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
LoadResource
FreeLibrary
lstrlenA
lstrcmpA
FindResourceA
GetLocaleInfoA
CreateFileA

user32

MoveWindow
GetWindow
LoadCursorA
CallWindowProcA
SetWindowTextA
ReleaseCapture
DispatchMessageA
PostMessageA
IsWindow
SetWindowPos
GetSysColor
GetDesktopWindow
RedrawWindow
DefWindowProcA
GetDlgItem
ReleaseDC
CreateWindowExA
GetWindowLongA
CreateAcceleratorTableA
InvalidateRect
SetWindowLongA
GetWindowTextA
TranslateMessage
GetDC
BeginPaint
RegisterWindowMessageA
SendMessageA
GetWindowTextLengthA
SetFocus
GetClientRect
CharNextA
InvalidateRgn
GetParent
GetFocus
KillTimer
SetCapture
UnregisterClassA
EndPaint
ClientToScreen
DestroyWindow
GetMessageA
GetClassNameA
DestroyAcceleratorTable
SetTimer
ScreenToClient
RegisterClassExA
PostQuitMessage
FillRect
IsChild
GetClassInfoExA

advapi32

RegSetValueExA
RegEnumKeyExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegDeleteValueA
RegCloseKey
RegDeleteKeyA

ole32

OleUninitialize
StringFromGUID2
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoTaskMemRealloc
OleLockRunning
CoCreateInstance
CoTaskMemFree
CoGetClassObject
CoTaskMemAlloc
OleInitialize

oleaut32

SysFreeString
LoadRegTypeLi
SysStringLen
VariantClear
LoadTypeLi
VarUI4FromStr
OleCreateFontIndirect
SysAllocStringLen
VariantInit
SysAllocString

shlwapi

PathFindExtensionW
PathFindExtensionA

gdi32

DeleteDC
CreateDIBSection
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
BitBlt
CreateSolidBrush
GetStockObject

gdiplus

GdipGetImageEncoders
GdipDeleteBrush
GdipFree
GdipCloneBrush
GdipCreateBitmapFromScan0
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateSolidFill
GdiplusStartup
GdipReleaseDC
GdipRecordMetafileFileName
GdipCloneImage
GdipSaveImageToFile
GdipCreateFromHDC
GdipCreateFontFamilyFromName
GdipGetDC
GdipDrawString
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipCreateFont
GdipDisposeImage
GdipGetImageEncodersSize
GdiplusShutdown

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3af9d209b4449d444b472c1c9935205

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

gdi32

gdiplus

Sections

.text Size: 125KB - Virtual size: 124KB

.rdata Size: 29KB - Virtual size: 28KB

.data Size: 8KB - Virtual size: 15KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 125KB - Virtual size: 124KB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 8KB - Virtual size: 15KB

.reloc
Size: 11KB - Virtual size: 11KB