轻量级录屏oCam_v520[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

轻量级录屏oCam_v520.exe
Size

1.2MB
MD5

5244889975607a9679e46df48c0fb6a8
SHA1

cbb8e32daf63a1947a5c8d3d79493dee6d920df0
SHA256

093a529fac0e8a1984672629b7ef5d70cd3ee87ab5e3058bfb67f3a3e6cf2fc4
SHA512

4e0449de05b083d89a5042769bfcb1538f2fa6d155235600d77e8ab60fa6415629d8a79a688bf12093a55a963dd4ab07177186bd4a217c248b48b025ca308fae
SSDEEP

24576:7E7BQWWlkUgrXbpV8FrPXT7aLo8R3I9aRtZG1MO4EasFmYxsSs7:7E+2U4bpV8FjXT7aLt49aXZmMAlsSs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
轻量级录屏oCam_v520.exe

Files

轻量级录屏oCam_v520.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

LoadEnvi
MemoryCompare
MemoryCopy
MemorySet
WndProc1
WndProc1_
WndProc2
WndProc2_
WndProc3
WndProc3_

Sections

.text
Size: 659KB - Virtual size: 659KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

flag_dat
Size: 512B - Virtual size: 19B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 507KB - Virtual size: 506KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ