Overview

overview

5

Static

static

1

npcap-1.10.exe

windows7-x64

4

npcap-1.10.exe

windows10-2004-x64

4

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...SC.dll

windows7-x64

3

$PLUGINSDI...SC.dll

windows10-2004-x64

3

$PLUGINSDI...re.dll

windows7-x64

3

$PLUGINSDI...re.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

DiagReport.bat

windows7-x64

5

DiagReport.bat

windows10-2004-x64

5

DiagReport.ps1

windows7-x64

3

DiagReport.ps1

windows10-2004-x64

3

FixInstall.bat

windows7-x64

1

FixInstall.bat

windows10-2004-x64

1

NpcapHelper.exe

windows7-x64

1

NpcapHelper.exe

windows10-2004-x64

1

Packet.dll

windows7-x64

3

Packet.dll

windows10-2004-x64

3

WlanHelper.exe

windows7-x64

1

WlanHelper.exe

windows10-2004-x64

1

npcap.sys

windows10-2004-x64

1

wpcap.dll

windows7-x64

3

wpcap.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    npcap-1.10.exe

  • Size

    773KB

  • MD5

    84f1a974bb04dafbe581c66ef875def0

  • SHA1

    20c1af092ff3d98a8b5dce69ec28d833b06b741e

  • SHA256

    bcfbc57d41c00e40298c5c3040264e694cc8fc7da55939729aedc1041c8e92dd

  • SHA512

    312101506ce296065cf084245506f23b2bcda955e9bdbb1747bd5dcc65432c8bb5d8abea25b459917dec0adf168ad4b513f5db7f083b9d8f0b7c41a8f5b74661

  • SSDEEP

    24576:QeESRx0dtRgAbrO30X8S7H0YhT6oP2C5AoC:zRx0d5brOy8+HlTZKoC

Score
1/10

Malware Config

Signatures

  • NSIS installer 2 IoCs
    installer

Files

  • npcap-1.10.exe
    .exe windows:4 windows x86 arch:x86

    16cdca0a54bf8076dc7e57fab55dbc5b


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    738dc9bb91549f627cf1953c2000e1d6


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/SimpleSC.dll
    .dll windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Exports

    Sections

  • $PLUGINSDIR/SysRestore.dll
    .dll windows:6 windows x86 arch:x86

    85e5ccd224baa6cdcd31e3be33a1d2bc


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    f2ac1ab587d5531d5f1bf76c094aef4c


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/final.ini
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x86 arch:x86

    8abe046ef411de4d3e6e831b6b1ee264


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/options.ini
  • DiagReport.bat
    .bat .vbs
  • DiagReport.ps1
  • FixInstall.bat
  • LICENSE
  • NpcapHelper.exe
    .exe windows:6 windows x86 arch:x86

    56a29ee32c45f19895b1e6f87646a0ba


    Code Sign

    Headers

    Imports

    Sections

  • Packet.dll
    .dll windows:6 windows x86 arch:x86

    c32f23f62c3e927bb603b2fec6e876ed


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • WlanHelper.exe
    .exe windows:6 windows x86 arch:x86

    f80d7719c04f12a0b7416e5c7e5c32e0


    Code Sign

    Headers

    Imports

    Sections

  • npcap.cat
  • npcap.inf
  • npcap.sys
    .sys windows:10 windows x86 arch:x86

    ad78d21533b3b7883dfc743e073ef782


    Code Sign

    Headers

    Imports

    Sections

  • wpcap.dll
    .dll windows:6 windows x86 arch:x86

    0eea9165117f4b0b41ada88aaa4d34ad


    Code Sign

    Headers

    Imports

    Exports

    Sections