5577ca0a368af348e377ae32687e49e33ee38e6e2e8b6be6a81b297f54353497

Sharing

Copy URL Twitter E-mail

General

Target

5577ca0a368af348e377ae32687e49e33ee38e6e2e8b6be6a81b297f54353497
Size

281KB
MD5

6b428eb00afd0aa434c7afd42da6aee6
SHA1

827497a7805f6d631fc0fe9170b27973bbcb9feb
SHA256

5577ca0a368af348e377ae32687e49e33ee38e6e2e8b6be6a81b297f54353497
SHA512

c1b821e573d095890998dcecdefd2d3bd03f573e4f195677beb513648b4bf40f1397d0152620650370b33f70febb6af3c4d783efdd836aff82cd3e3ee6aab703
SSDEEP

6144:+XfXdo8mwG9ldz1xT1Gi3UbFcvlZvWiozcp:+XfXW8mwGuWvvW/zcp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5577ca0a368af348e377ae32687e49e33ee38e6e2e8b6be6a81b297f54353497

Files

5577ca0a368af348e377ae32687e49e33ee38e6e2e8b6be6a81b297f54353497
.exe windows:5 windows x64 arch:x64

9e2ef0ab68464d43825cd9d1d84b0294

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\jenkins\workspace\SkinnyBetaWindows-i386Blue\bjnAppCapture\x64\Release\bjnAppCapture64.pdb

Imports

bjnappcapturedll64

getBJnAppCaptureHandle

winmm

timeGetTime

kernel32

OpenFileMappingW
ReleaseMutex
SetEvent
GetCurrentProcess
GetTickCount
Sleep
GetCurrentProcessId
OpenEventW
QueryPerformanceCounter
QueryPerformanceFrequency
SetEndOfFile
CreateFileW
CreateFileA
SetStdHandle
SetFilePointer
WriteConsoleW
HeapReAlloc
HeapSize
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
GetLocaleInfoW
FlsAlloc
GetCurrentThreadId
SetLastError
FlsFree
FlsSetValue
OpenMutexW
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
GetVersion
HeapSetInformation
GetFileType
GetStdHandle
SetHandleCount
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WriteFile
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LCMapStringW
RtlUnwindEx
RtlLookupFunctionEntry
GetCPInfo
RtlPcToFileHeader
RaiseException
GetStartupInfoW
GetCommandLineW
HeapAlloc
GetSystemTimeAsFileTime
GetTimeZoneInformation
ExitProcess
GetVersionExW
LoadLibraryW
WaitForSingleObject
FreeLibrary
VirtualQuery
UnmapViewOfFile
SetEnvironmentVariableA
MapViewOfFile
LocalFree
CloseHandle
CreateToolhelp32Snapshot
Process32NextW
LocalAlloc
Process32FirstW
GetProcAddress
GetLastError
GetExitCodeProcess
OpenProcess
GetModuleHandleW
GetProcessHeap
ReadFile
CompareStringW
FlsGetValue
HeapFree
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DecodePointer
EncodePointer
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte

user32

GetWindow
GetWindowThreadProcessId
DestroyWindow
GetWindowPlacement
InvalidateRect
ChangeWindowMessageFilter
PostQuitMessage
RegisterWindowMessageW
LoadCursorW
TranslateMessage
RegisterClassExW
PeekMessageW
SetLayeredWindowAttributes
ShowWindow
CreateWindowExW
UpdateWindow
DefWindowProcW
DispatchMessageW
GetWindowRgnBox
GetClassNameA
MonitorFromPoint
GetParent
FindWindowExA
GetClientRect
GetClassNameW
FindWindowExW
EnumDisplayMonitors
GetWindowRect
IsIconic
FillRect
GetTopWindow
SetForegroundWindow
DrawIcon
FindWindowW
EnumWindows
PtInRect
GetIconInfo
GetDC
GetForegroundWindow
GetCursorInfo
DisplayConfigGetDeviceInfo
IntersectRect
GetWindowLongW
GetAncestor
SystemParametersInfoW
ReleaseDC
MonitorFromWindow
RedrawWindow
GetDesktopWindow
EqualRect
GetSystemMetrics
IsWindowVisible
GetMonitorInfoW

gdi32

GetRgnBox
BitBlt
DeleteDC
CreateDIBSection
GetDeviceCaps
CreateDCW
DeleteObject
SelectObject
CreateCompatibleDC
CombineRgn
FillRgn
SetStretchBltMode
CreateRectRgn
CreateSolidBrush
SelectClipRgn

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken

magnification

MagSetWindowFilterList
MagInitialize
MagSetWindowTransform
MagSetImageScalingCallback
MagSetWindowSource
MagUninitialize

d3d11

D3D11CreateDevice

oleacc

AccessibleObjectFromWindow

Sections

.text
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e2ef0ab68464d43825cd9d1d84b0294

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bjnappcapturedll64

winmm

kernel32

user32

gdi32

advapi32

magnification

d3d11

oleacc

Sections

.text Size: 211KB - Virtual size: 210KB

.rdata Size: 47KB - Virtual size: 47KB

.data Size: 7KB - Virtual size: 17KB

.pdata Size: 11KB - Virtual size: 11KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 211KB - Virtual size: 210KB

.rdata
Size: 47KB - Virtual size: 47KB

.data
Size: 7KB - Virtual size: 17KB

.pdata
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB