Overview
overview
9Static
static
7Bandicam_7...it.exe
windows7-x64
3Bandicam_7...it.exe
windows10-2004-x64
7Bandicam_7...it.exe
windows7-x64
3Bandicam_7...it.exe
windows10-2004-x64
7Bandicam_7...en.exe
windows7-x64
5Bandicam_7...en.exe
windows10-2004-x64
5Bandicam_7...32.dll
windows7-x64
1Bandicam_7...32.dll
windows10-2004-x64
1Bandicam_7...up.exe
windows7-x64
9Bandicam_7...up.exe
windows10-2004-x64
9$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$SYSDIR/D3...47.dll
windows10-2004-x64
3$SYSDIR/msvcp110.dll
windows7-x64
3$SYSDIR/msvcp110.dll
windows10-2004-x64
3$SYSDIR/msvcr110.dll
windows7-x64
3$SYSDIR/msvcr110.dll
windows10-2004-x64
3$SYSDIR/vcomp140.dll
windows7-x64
3$SYSDIR/vcomp140.dll
windows10-2004-x64
3$TEMP/BDMP...UP.exe
windows7-x64
5$TEMP/BDMP...UP.exe
windows10-2004-x64
5RegVulkanLayer.bat
windows7-x64
3RegVulkanLayer.bat
windows10-2004-x64
3UnregVulkanLayer.bat
windows7-x64
3UnregVulkanLayer.bat
windows10-2004-x64
3bdcam.exe
windows7-x64
9bdcam.exe
windows10-2004-x64
9bdcam32.exe
windows7-x64
3General
-
Target
_Getintopc.com_Bandicam_7.1.4.2458.rar
-
Size
30.3MB
-
Sample
241117-qy6w6a1erp
-
MD5
500575dbd7bde177a4ddfadbbfdb4de8
-
SHA1
70cfff956440e9c65229d4073146c7f0e5102812
-
SHA256
5eb1c7792aa20e5ba1267e9a045956e762826222d942ab4a3059673f125923b4
-
SHA512
019a39ed637e9cf12d90a6e4699ff121aba3932d6493555905207069b6b1e8fb762c7e1a2d62616cc475cb2f9d2ff19ded3ba52e84275684d1de256b4fce230e
-
SSDEEP
786432:U16k81vFo7Qt39BiGQdvfK6LfO06tutJOw3Q:m9qqA9yvfK6LlkuWp
Behavioral task
behavioral1
Sample
Bandicam_7.1.4.2458/Crack/BC Reset 32-bit.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Bandicam_7.1.4.2458/Crack/BC Reset 32-bit.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Bandicam_7.1.4.2458/Crack/BC Reset 64-bit.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Bandicam_7.1.4.2458/Crack/BC Reset 64-bit.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Bandicam_7.1.4.2458/Crack/Keygen.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Bandicam_7.1.4.2458/Crack/Keygen.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Bandicam_7.1.4.2458/Crack/msimg32.dll
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
Bandicam_7.1.4.2458/Crack/msimg32.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Bandicam_7.1.4.2458/bdcamsetup.exe
Resource
win7-20240729-en
Behavioral task
behavioral10
Sample
Bandicam_7.1.4.2458/bdcamsetup.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20241023-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/ShellExecAsUser.dll
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/ShellExecAsUser.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/System.dll
Resource
win7-20241010-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
$SYSDIR/D3DCompiler_47.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral18
Sample
$SYSDIR/msvcp110.dll
Resource
win7-20240903-en
Behavioral task
behavioral19
Sample
$SYSDIR/msvcp110.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral20
Sample
$SYSDIR/msvcr110.dll
Resource
win7-20241023-en
Behavioral task
behavioral21
Sample
$SYSDIR/msvcr110.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral22
Sample
$SYSDIR/vcomp140.dll
Resource
win7-20240903-en
Behavioral task
behavioral23
Sample
$SYSDIR/vcomp140.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral24
Sample
$TEMP/BDMPEG1SETUP.exe
Resource
win7-20240903-en
Behavioral task
behavioral25
Sample
$TEMP/BDMPEG1SETUP.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral26
Sample
RegVulkanLayer.bat
Resource
win7-20241010-en
Behavioral task
behavioral27
Sample
RegVulkanLayer.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral28
Sample
UnregVulkanLayer.bat
Resource
win7-20240903-en
Behavioral task
behavioral29
Sample
UnregVulkanLayer.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral30
Sample
bdcam.exe
Resource
win7-20240729-en
Behavioral task
behavioral31
Sample
bdcam.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral32
Sample
bdcam32.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
Bandicam_7.1.4.2458/Crack/BC Reset 32-bit.exe
-
Size
133KB
-
MD5
0cb81e9844e38d82e96ad5c797981634
-
SHA1
eeaa433d35112f8ebaf476c6e4f47bf9c957cea4
-
SHA256
ec14ca80084366c2ca2b34bd717ea2c7cf6a1437f70be3780a396697c709025f
-
SHA512
5436b46c82f1ed85bcbb2dcd0f150e1b327d00034048508def2c0c748002230706ffc6f6b4beffe9e553fbd3afbc785bca339181c20ef5114c5853a95420340b
-
SSDEEP
3072:tq6+ouCpk2mpcWJ0r+QNTBfp1F/OHdHZorDa7Rfyg:tldk1cWQRNTBhuHzoXa9f3
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
Bandicam_7.1.4.2458/Crack/BC Reset 64-bit.exe
-
Size
166KB
-
MD5
66c058437ec794aba3f851cc7e3cf4fa
-
SHA1
521bad222e4ba40761aae033ee1aba676e1af474
-
SHA256
00748d7ea4ccfb6fc6ff59e3fe24c46b862ab3dd9c562ff6b13b5dfb31326bc6
-
SHA512
e839f645d0be95ecf11dd832982a05f513f481566f764fccf060b1ddd9fdaa2b71c7bec4f99b66bca048b3cf8b921f812c68d45d0ae4d39b26058cb404df49f1
-
SSDEEP
3072:PV3J6kkt5h1X+HqTi0BW69hd1MMdxPe9N9uA0/+hL9TBfnPIkF/OHdHZorDa7Rfk:Ct5hBPi0BW69hd1MMdxPe9N9uA069TBd
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
Bandicam_7.1.4.2458/Crack/Keygen.exe
-
Size
69KB
-
MD5
8a8a0d8aa60c7529753089dfd1d7d8a5
-
SHA1
a129fca9b5a7cff9a586f6dc7931b79c7f53b373
-
SHA256
3921c96ee71d9f7271c2d256958bdfc2c1081d9e3d5149f035635e0421253892
-
SHA512
b6874ed1569e6d9434e5924f2bf80645e878b4b2680d2f5bf30821e15edf149510bee14b0420a218ffb6f4619cdee06154ed72a474d8a8682d814ee7281a81ac
-
SSDEEP
1536:m6UzoyE5BIKEJRjZa7NdUYDg/JrE1Uw7UI:TU8ycaKEJRdkTNYJrnw7
-
-
-
Target
Bandicam_7.1.4.2458/Crack/msimg32.dll
-
Size
12KB
-
MD5
4b4705640975b0df28adb898ac74811f
-
SHA1
a1def7e9a9195e652c57711afd8251651f6dd69e
-
SHA256
523198b4b933f95af21970328e505f28bb7a7331c6193626fbb681cf3bcca65e
-
SHA512
7f3968daf85dbcd3f49f3488f5b4a01924edb16bb686c070afcc99ae13dde2a01b0b194fedca7dbc0a98a88bf66228b1a52305b0a5b4434234a635c8f369c071
-
SSDEEP
192:OD7/70NPblKbUDFL00XvBgKBsqTYTTwZYYeyQW3qIW:ODbAblKYDFRvBHBL8feeyQWaIW
Score1/10 -
-
-
Target
Bandicam_7.1.4.2458/bdcamsetup.exe
-
Size
30.1MB
-
MD5
19e1756c53cd2366d3d0ac1838c09f53
-
SHA1
5d637d39e37b71abd130c43c393865da5b6471f4
-
SHA256
bf76a5b846bb434469560b70a84175361bb276484ba5d45b040a4997f90eba55
-
SHA512
ce8918a879eee3434eefe76c76a6498a540d4f793611430414232c2db145c151e10a1e58731dc4584a5aff8ba7728b50bb1269ce4df7e7c1660bf895e0bc4b5e
-
SSDEEP
786432:tmY0YHo15h+TeYB4zK8ZjyhtOJ3HmmTeh+BDr9R8V0PYNr/h4vu:U1J1qTFOu8ZSOJ3NTeQDxRgr/9
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
15KB
-
MD5
720304c57dcfa17751ed455b3bb9c10a
-
SHA1
59a1c3a746de10b8875229ff29006f1fd36b1e41
-
SHA256
6486029d3939231bd9f10457fd9a5ab2e44f30315af443197a3347df4e18c4e9
-
SHA512
c64c161290f5c21d642ecf16cc6ad3ee4a31bf5bab41c65c74907a5c158eaca429ef99cd8d2b55dc2ecb8478bb0b85c1576402389a07568f36c871b2772ead04
-
SSDEEP
384:E1C43tPegZ3eBaRwCPOYY7nNYXC0A/Yosa:E8TgZ3eBTCmrnNAf
Score3/10 -
-
-
Target
$PLUGINSDIR/ShellExecAsUser.dll
-
Size
43KB
-
MD5
552cba3c6c9987e01be178e1ee22d36b
-
SHA1
4c0ab0127453b0b53aeb27e407859bccb229ea1b
-
SHA256
1f17e4d5ffe7b2c9a396ee9932ac5198f0c050241e5f9ccd3a56e576613d8a29
-
SHA512
9bcf47b62ca8ffa578751008cae523d279cdb1699fd916754491899c31ace99f18007ed0e2cbe9902abf132d516259b5fb283379d2fead37c76b19e2e835e95a
-
SSDEEP
768:SA49ATJ9ONLkh9J5lDYDzG8yVAf7hiJFkkAqnTEDlV4vihdk:SA4CJ9OFpXf0AfNiTkIMrhdk
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
17ed1c86bd67e78ade4712be48a7d2bd
-
SHA1
1cc9fe86d6d6030b4dae45ecddce5907991c01a0
-
SHA256
bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb
-
SHA512
0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5
-
SSDEEP
192:eY24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol+Sl:E8QIl975eXqlWBrz7YLOl+
Score3/10 -
-
-
Target
$SYSDIR/D3DCompiler_47.dll
-
Size
3.5MB
-
MD5
7375633014ca3bcabf6d337abe399afc
-
SHA1
bbaf4aa50ffc0d2bd363d5debe56d41121a1fec2
-
SHA256
80b8f0435b379b18bbfd91f9e62e3797b3e9bf07d77bb8e5201a74f590cba37a
-
SHA512
d81bfffb7b031f48e08ddf9d3f4862851ed87ce50d149c63eb74fa68d92e336c1da66a5bcceb55f22211c877441570111439d7383597ad6a2cecdbd5b7502990
-
SSDEEP
49152:VtdNhilBx6wvXmPwJTtLgvUACN5m5fsRu9qLHyPQiC7:VTNUlBUwv5hdAGQfsRu2uk
Score3/10 -
-
-
Target
$SYSDIR/msvcp110.dll
-
Size
522KB
-
MD5
3e29914113ec4b968ba5eb1f6d194a0a
-
SHA1
557b67e372e85eb39989cb53cffd3ef1adabb9fe
-
SHA256
c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a
-
SHA512
75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43
-
SSDEEP
12288:FqULIc5nb9rywgfyhUgiW6QR7t5sA3Ooc8sHkC2eRxUH:PLHnhryLfBA3Ooc8sHkC2eRxUH
Score3/10 -
-
-
Target
$SYSDIR/msvcr110.dll
-
Size
854KB
-
MD5
4ba25d2cbe1587a841dcfb8c8c4a6ea6
-
SHA1
52693d4b5e0b55a929099b680348c3932f2c3c62
-
SHA256
b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49
-
SHA512
82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6
-
SSDEEP
12288:TmCyHcMpK7QdgD+9Tr8r3FmJciMgLFWkA8qTWu+FVlofpJCjNdr12iqwZeq:TmCyHNIQdTryVmCipIkqTWu+Fr
Score3/10 -
-
-
Target
$SYSDIR/vcomp140.dll
-
Size
178KB
-
MD5
1cd23a0f3daf4210f86ba8eb60b2612b
-
SHA1
979ab8d98d27fc0c8810822d80a4f1361657f21d
-
SHA256
dbc67dd65ef7d68bde9147c6244e7aaa8cb275ed6d0ef60301c7e4fbb95a5a42
-
SHA512
90941648d2cebf4bcd65e54c503a2ced7362fe2b5afa6772b0ecc8ca945d2e43ea14e90a17e64f3eab8ef76ecbb0ea3cc801dbcfeaa8a90ab8b1fe2e081c17c6
-
SSDEEP
3072:KDGRbh7RozAcuolrdTl2E72uRcQnFCt+DVFf/w62dQ:HoTuIT73CG/SQ
Score3/10 -
-
-
Target
$TEMP/BDMPEG1SETUP.EXE
-
Size
1.4MB
-
MD5
461d135a4fccd51bbae38f742e123fd3
-
SHA1
c12a442fbcd4a9c44102f0a560ba03d59bc501ed
-
SHA256
4c441e7d744a2a273f780103bcf5bcb1e32c2d9c6a32b62f9044b32107544079
-
SHA512
41eb816bf0cc0ca12b5c6c07517cd718b8701255ea81e94ffc937f2538b8cdf5db24751cdbc22fefd6496b767fc0d631fea76216b0363f4b625557097b3caaee
-
SSDEEP
24576:KmJpkgDvk80bh06JsAD8JLPHXcovQjy1jR8Qlq7m5xHlwP4mWunSCiwpFHNi:KUM80bO6JsA+jnb9iZK5plDjCTpFU
Score5/10-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
RegVulkanLayer.bat
-
Size
118B
-
MD5
b35e7d846a436bf1bc48b53125176f0b
-
SHA1
6e859c9374441da33fb404bff2041bbb6b068f23
-
SHA256
8198189537e866909dbeb383bb3ce43fec3351fe85ca8ddc8e9955193054f808
-
SHA512
00644acf7e72887e4dcc3e29a83362f17fd3f5338d640b0f85407f8ed173f4f3763e2a6e85dca3fdbad2495b90c3aa1761859bdfe539231b250e93ba504a56e2
Score3/10 -
-
-
Target
UnregVulkanLayer.bat
-
Size
122B
-
MD5
13e241026906e9c49e8dcc436313dc55
-
SHA1
3d2c1fdb2e0166f915796569c6e4c04167aba9d3
-
SHA256
ec319ae952e4ffac8ff5edede7029050d53452a4df9bc026de3375ecfa983a44
-
SHA512
338fd96cad17b7f73328b9361a9a23da5c184c39a0fb185d772719daa2eb7abc268834fcba5cc2f0d6e6adf1b6364d3f7e59f9b330dba1ce769674cad295b0c7
Score3/10 -
-
-
Target
bdcam.exe
-
Size
10.7MB
-
MD5
5b260a4fc628ef1c009ebf22fb13788f
-
SHA1
9e004b48fa97dd3a39a3a17f224c9776574d0b1c
-
SHA256
db444d97939b34fbf776998af277663c682d252a57ad20766ec3c21c08ce2992
-
SHA512
8c5bd3bffa4ec25cc934f1625f9f627068300d71055500ad8e39f709adff577b3d3ad0991c9f17b8a1b8786ec5617da5515741129d690e4031488b02a92a54d6
-
SSDEEP
196608:wf8k629L9XGPMaYIGMzxniZdvbKbF0JbeUa/xes/o:wf8URXNM/SVa/xA
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
bdcam32.bin
-
Size
2.1MB
-
MD5
1ed0bb2eb99690b58f16431d9d7131c7
-
SHA1
01f4604651f1e21f70da640a0c488364b3962952
-
SHA256
71fb772141ff4b8fb2a032f338bf35ae8451d9f046bb22e632b58d7fe82b826a
-
SHA512
69eb5057dab8b47491b261f1c65cfd0b15e687174507c28ca514779cad5d2919b4c422f85decdc05aeb4cf9b8b0a108b57b54f7a47b4ecf39d77bee942671b57
-
SSDEEP
49152:lf5D+mnZS+AUN99dg2MSLFgILqg4RL4IZgtFrwtG9GDw:lEWDb99dBMSLFBqgWL4IZgtFrwI
Score3/10 -