5de66fa2477ba8b5716e38e43bd1e8f7d0320e457dd5b3a5d713769a8f467fbe

Sharing

Copy URL Twitter E-mail

General

Target

5de66fa2477ba8b5716e38e43bd1e8f7d0320e457dd5b3a5d713769a8f467fbe
Size

524KB
MD5

37a7b287f98b051fadaad2cfbd2508b3
SHA1

bc5fb64d9f455856c51379863e13a6ae201cab8c
SHA256

5de66fa2477ba8b5716e38e43bd1e8f7d0320e457dd5b3a5d713769a8f467fbe
SHA512

b71e84f26474ba91fdb283cbf6a9e09404c0e8db67244b68a9f6db72d00ba19e3affe40e62c636076b29eeb6bae6462067fcc6641eba150210db4938a9ab2453
SSDEEP

6144:Jw51zAmRuPkTkyuQeewQeeSQeesQeeXPQeefQeePcSszK2hmvPVG0evAOhfMbaEZ:Jw51TqLWomv87c3uq0L8/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5de66fa2477ba8b5716e38e43bd1e8f7d0320e457dd5b3a5d713769a8f467fbe

Files

5de66fa2477ba8b5716e38e43bd1e8f7d0320e457dd5b3a5d713769a8f467fbe
.dll windows:4 windows x86 arch:x86

6a6752ea8e83b6f3da7bfba00da96e1e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\GameCapture2.0\Release\emgc.pdb

Imports

winmm

timeGetTime

recordsound

King_RecordSound_Start
King_RecordSound_Stop
King_RecordSound_Init

converternogui

VC_ConvertVideo

vcen

VCInit
VCExit
VC_SetFrameInfoCallBack

kernel32

GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
GetStdHandle
GetOEMCP
GetCPInfo
HeapSize
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedDecrement
InterlockedIncrement
ExitProcess
GetCommandLineA
GetCurrentThreadId
VirtualQuery
VirtualAlloc
HeapReAlloc
VirtualFree
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
HeapDestroy
HeapCreate
FindClose
RtlUnwind
GetThreadLocale
GetLocaleInfoA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
QueryPerformanceFrequency
ExitThread
GetLocalTime
CloseHandle
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
CreateThread
lstrcpyA
HeapFree
GetProcessHeap
lstrcmpA
GetCurrentDirectoryA
GetModuleFileNameA
lstrlenA
HeapAlloc
ReadFile
CreateFileA
Sleep
QueryPerformanceCounter
MultiByteToWideChar
WideCharToMultiByte
lstrcpynA
GetFullPathNameA
FreeLibrary
GetProcAddress
LoadLibraryA
GetLastError
GetModuleHandleA
GetTickCount
InterlockedExchange
lstrcmpiA
GetCurrentProcessId
WriteFile
CompareStringA
CompareStringW
SetFilePointer
GetWindowsDirectoryA
FlushFileBuffers
VirtualProtect
OutputDebugStringA
CreateDirectoryA
SetEnvironmentVariableA
IsProcessorFeaturePresent
GetVersionExA
LocalAlloc
RaiseException
GetACP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
lstrcatA
GetSystemInfo

user32

IsWindow
GetIconInfo
PostMessageA
GetWindowLongA
GetCursor
GetClientRect
DrawIcon
GetDC
InvalidateRect
KillTimer
FillRect
WindowFromDC
CallWindowProcA
SetTimer
GetCursorPos
SetWindowLongA
UnhookWindowsHookEx
CallNextHookEx
MapVirtualKeyA
SetWindowsHookExA
GetWindowThreadProcessId
GetParent
ReleaseDC

gdi32

CreateCompatibleDC
GetDIBits
SelectObject
CreateCompatibleBitmap
BitBlt
StretchBlt
DeleteObject
DeleteDC
CreateSolidBrush

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey

Exports

Exports

EMGC_BeTrue
EMGC_ExitDll
EMGC_GetVideoFileName
EMGC_GetVideoFileSize
EMGC_InitCaptureWndHandle
EMGC_InitParams
EMGC_InstallHook
EMGC_MakeScreenShot
EMGC_PauseRecord
EMGC_SetCapDeviceId
EMGC_StartRecord
EMGC_StopRecord
EMGC_TestIfDllExist
EMGC_UninstallHook

Sections

.text
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARED
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6a6752ea8e83b6f3da7bfba00da96e1e

Headers

File Characteristics

PDB Paths

Imports

winmm

recordsound

converternogui

vcen

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 212KB - Virtual size: 211KB

.rdata Size: 100KB - Virtual size: 98KB

.data Size: 48KB - Virtual size: 1.7MB

.SHARED Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 836B

.reloc Size: 36KB - Virtual size: 32KB

.text Size: 116KB - Virtual size: 116KB

.text
Size: 212KB - Virtual size: 211KB

.rdata
Size: 100KB - Virtual size: 98KB

.data
Size: 48KB - Virtual size: 1.7MB

.SHARED
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 836B

.reloc
Size: 36KB - Virtual size: 32KB

.text
Size: 116KB - Virtual size: 116KB