MFCaptureEngine[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

MFCaptureEngine.dll
Size

453KB
MD5

76ecaafd4aa1dae7b84edac7c769e176
SHA1

e20441a851bc0a4cffc8bfaca6f836e1c3a5e3d1
SHA256

0ac7abf993b5b32620b558569825a6a151773b168f67799d0eb433f56addb727
SHA512

33ea1b603dff1d1fe4ed441cd5ceece2297fb861f5eb177a7cc7ccffa6705ac71c5626a9daaaa9ae36597c27ab1bc1b9280483e04e349c1846d9343fd41e6318
SSDEEP

12288:2JEirib059diOZs2t8XwBKyw1zQUuhXCBx:yrib059diOZtt8XwBLw1zwX8

Score

1^/10

Malware Config

Signatures

Files

MFCaptureEngine.dll
.dll windows:10 windows x86 arch:x86

9f3f7f7ca7a2eddea14c3f933fc2122a

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d9:83:67:d8:8a:a1:e9:a7:bd:48:e6:bf:75:8b:36:af:a1:c5:d4:02:c0:4b:9d:01:17:46:ae:ee:e3:a0:97:86
Signer

Actual PE Digest

d9:83:67:d8:8a:a1:e9:a7:bd:48:e6:bf:75:8b:36:af:a1:c5:d4:02:c0:4b:9d:01:17:46:ae:ee:e3:a0:97:86

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

MFCaptureEngine.pdb

Imports

msvcrt

wcstombs
_vsnprintf
_gcvt_s
_i64toa_s
memmove
strnlen
_CxxThrowException
_ftol2
memcmp
_onexit
strncpy_s
_unlock
memcpy
_ltoa_s
realloc
_errno
??1type_info@@UAE@XZ
_ultoa_s
_CIsqrt
_except_handler4_common
_vsnwprintf
?terminate@@YAXXZ
_initterm
_amsg_exit
__dllonexit
_XcptFilter
_vscprintf
_callnewh
_purecall
qsort
_lock
memcpy_s
free
malloc
wcsncpy_s
__CxxFrameHandler3
_CIlog10
memset

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TlsGetValue
TlsSetValue
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
GetTraceEnableLevel
UnregisterTraceGuids
TraceMessage
RegisterTraceGuidsW
GetTraceEnableFlags

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadLibraryExW
GetProcAddress
FreeLibrary
DisableThreadLibraryCalls
GetModuleFileNameW
FindResourceExW
GetModuleFileNameA
GetModuleHandleExW
LoadResource
SizeofResource

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegGetValueW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteValueW
RegCreateKeyExW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
ResetEvent
AcquireSRWLockExclusive
SetEvent
LeaveCriticalSection
CreateEventW
EnterCriticalSection
WaitForSingleObjectEx
OpenSemaphoreW
InitializeCriticalSection
ReleaseMutex
CreateSemaphoreExW
WaitForSingleObject
DeleteCriticalSection
ReleaseSRWLockExclusive
CreateMutexExW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-synch-l1-2-0

Sleep
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GlobalMemoryStatusEx
GetSystemTimeAsFileTime
GetLocalTime
GetTickCount64

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringA
OutputDebugStringW

api-ms-win-core-psapi-l1-1-0

K32GetProcessMemoryInfo

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-realtime-l1-1-0

QueryProcessCycleTime

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

ntdll

RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlAllocateWnfSerializationGroup
RtlUnsubscribeWnfNotificationWaitForCompletion

api-ms-win-core-featurestaging-l1-1-0

RecordFeatureUsage
UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification
GetFeatureEnabledState

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalFree

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
MFCreateCaptureEngine

Sections

.text
Size: 382KB - Virtual size: 381KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f3f7f7ca7a2eddea14c3f933fc2122a

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

d9:83:67:d8:8a:a1:e9:a7:bd:48:e6:bf:75:8b:36:af:a1:c5:d4:02:c0:4b:9d:01:17:46:ae:ee:e3:a0:97:86Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-realtime-l1-1-0

api-ms-win-core-synch-l1-2-1

ntdll

api-ms-win-core-featurestaging-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-quirks-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-shcore-stream-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 382KB - Virtual size: 381KB

.data Size: 512B - Virtual size: 5KB

.idata Size: 6KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 296B

.rsrc Size: 23KB - Virtual size: 23KB

.reloc Size: 27KB - Virtual size: 27KB

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

d9:83:67:d8:8a:a1:e9:a7:bd:48:e6:bf:75:8b:36:af:a1:c5:d4:02:c0:4b:9d:01:17:46:ae:ee:e3:a0:97:86
Signer

.text
Size: 382KB - Virtual size: 381KB

.data
Size: 512B - Virtual size: 5KB

.idata
Size: 6KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 296B

.rsrc
Size: 23KB - Virtual size: 23KB

.reloc
Size: 27KB - Virtual size: 27KB