General

  • Target

    842e2bcd8f9cc4479d129b390fc81b3a9c8d0921b907fd0ba10ff802835b66d8

  • Size

    13.3MB

  • MD5

    caa4ae11ed30fcd54f5df98e0520bb21

  • SHA1

    c39df0818251292bcffa7cf1d79aaa0c9589c27e

  • SHA256

    842e2bcd8f9cc4479d129b390fc81b3a9c8d0921b907fd0ba10ff802835b66d8

  • SHA512

    82f7de686d289812d3da51545ca0f20702df131f8bf85066405589ecc6e7e8184e8e0bec6409d03957be61be963bd9c22d361d6fb4bd30f91e66b49ddaecf1c2

  • SSDEEP

    393216:anl0Cp3LGoj4pYuanSIQgDcwfda2RdViPgOKDWGa1chVC4s:EH3s2glgg2a2diIP7VC4s

Score
10/10

Malware Config

Signatures

  • XMRig Miner payload 2 IoCs
  • Xmrig family
  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • 842e2bcd8f9cc4479d129b390fc81b3a9c8d0921b907fd0ba10ff802835b66d8
    .zip
  • FSCapture-10.5-CN/bin/423Down.url
  • FSCapture-10.5-CN/bin/Draw.db
  • FSCapture-10.5-CN/bin/FSCIcon.db
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • FSCapture-10.5-CN/bin/FSCPlugin01.dll
    .dll windows:4 windows x86 arch:x86

    b3edd6daaaef5839333295da0a7b3e29


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • FSCapture-10.5-CN/bin/FSCPlugin02.dll
    .exe windows:6 windows x64 arch:x64

    d4b4a4f7fd3edd016ef0e508830109c2


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • FSCapture-10.5-CN/bin/FSCPlugin03.dll
    .exe windows:6 windows x86 arch:x86

    1a9b7ed0c25aa8f869fdb9042895171f


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • FSCapture-10.5-CN/bin/FSCPlugin04.dll
    .exe windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • FSCapture-10.5-CN/bin/FSCPlugin05.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    705fa014439cda3c5bcd5fb11e6f338a


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • FSCapture-10.5-CN/bin/FSCapture.exe
    .exe windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • FSCapture-10.5-CN/bin/FSCrossHair.exe
    .exe windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • FSCapture-10.5-CN/bin/FSFocus.exe
    .exe windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • FSCapture-10.5-CN/bin/FSRecorder.exe
    .exe windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • FSCapture-10.5-CN/bin/Languages/FSC02.fslang
  • FSCapture-10.5-CN/bin/Languages/FSC03.fslang
  • FSCapture-10.5-CN/bin/Portable.db
  • FSCapture-10.5-CN/bin/fsc.db
  • FSCapture-10.5-CN/bin/libsharpyuv.dll
    .dll windows:5 windows x86 arch:x86

    7c2d8f5e11000d9716b92bd5fcab6c09


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • FSCapture-10.5-CN/bin/libwebp.dll
    .dll windows:5 windows x86 arch:x86

    0d0d7b9e05db7cc05d3e789ef5450a22


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • FSCapture-10.5-CN/bin/re/lib/CrashReporting.bat
    .bat .vbs
  • FSCapture-10.5-CN/bin/re/lib/FSCapture_license.exe
    .exe windows:4 windows x64 arch:x64

    a0a4be492eab39394d440335c7029fc5


    Headers

    Imports

    Sections

  • FSCapture-10.5-CN/bin/re/lib/WinRing0x64.sys
    .sys windows:6 windows x64 arch:x64

    d41fa95d4642dc981f10de36f4dc8cd7


    Code Sign

    Headers

    Imports

    Sections

  • FSCapture-10.5-CN/bin/re/lib/add.ps1
  • FSCapture-10.5-CN/start_FSCapture.bat
  • FSCapture-10.5-CN/使用说明.docx
    .docx office2007