f68149335cff520315e75b8f9cfa976d3524512cdd378ddcaf0096e327386080

Sharing

Copy URL

Twitter E-mail

General

Target

f68149335cff520315e75b8f9cfa976d3524512cdd378ddcaf0096e327386080
Size

1.7MB
MD5

cc3678566fd9f106c4d893762b45382e
SHA1

77c9ba6551e9c20a48ae6ad2a25c88fbfd9084e9
SHA256

f68149335cff520315e75b8f9cfa976d3524512cdd378ddcaf0096e327386080
SHA512

c56fbabf3318e78131876578c714f3eadb0da6f53af2ca2d26f612ba7f56e28346cee3c58a3c560e3af2624c6310c7442ba10bba7d26429bd53093f2e45370c4
SSDEEP

24576:5pYtRa6dr8+vy6EKTcq8mHVgsctvq57VNYCuOXv2B:5pvGDvSKTWFq57VN/uOXve

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f68149335cff520315e75b8f9cfa976d3524512cdd378ddcaf0096e327386080

Files

f68149335cff520315e75b8f9cfa976d3524512cdd378ddcaf0096e327386080
.exe windows:6 windows x86 arch:x86

bcbac914dca3fe2f2ad9d4f30cab4236

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\data\landun\workspace\p-3d7f88f5f52b43179dd219a5c6dd1b5c\src\bin\Release_Win32\ScreenCapture.exe.pdb

Imports

gdiplus

GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusShutdown
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipDrawImageRectRectI
GdipFree
GdipSetPenWidth
GdipCreatePath
GdipDeletePath
GdipSetPenStartCap
GdipCreateMatrix
GdipDeleteMatrix
GdipTranslateMatrix
GdipCloneBrush
GdiplusStartup
GdipSetPenEndCap
GdipSetPenLineJoin
GdipSetPenBrushFill
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipSaveImageToFile
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipSetTextureTransform
GdipDeleteBrush
GdipGetImageHeight
GdipCreateBitmapFromHBITMAP
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipDrawRectangleI
GdipDrawEllipseI
GdipDrawPath
GdipFillRectangleI
GdipFillEllipseI
GdipFillPath
GdipAddPathLine2I
GdipCreateTexture2I
GdipAlloc

kernel32

GlobalUnlock
GlobalLock
MulDiv
lstrlenW
GlobalAddAtomW
VerifyVersionInfoW
DecodePointer
VirtualAlloc
TlsAlloc
RtlUnwind
GetCPInfo
GetStringTypeW
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
InterlockedPushEntrySList
InterlockedPopEntrySList
EncodePointer
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
WaitForSingleObjectEx
TlsFree
InitializeCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
SetEvent
ReleaseMutex
CreateMutexW
FlushFileBuffers
OutputDebugStringW
LoadLibraryW
InitializeCriticalSectionAndSpinCount
OpenMutexW
OpenEventW
GetModuleHandleW
GetTempPathW
GetFileTime
GetModuleFileNameW
FreeLibrary
FindResourceExW
GetSystemDirectoryW
GetTickCount
GetLocalTime
OpenProcess
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
RaiseException
CloseHandle
GetFullPathNameW
FindNextFileW
FindFirstFileW
FindClose
GetCommandLineW
VerSetConditionMask
GetVersionExW
GetProcAddress
FindResourceW
SizeofResource
LockResource
DeleteFileW
FileTimeToSystemTime
SetFileAttributesW
GetFileAttributesW
GetFileSize
LocalFree
CreateThread
CreateEventW
ExitThread
ReadFile
WideCharToMultiByte
MultiByteToWideChar
SetUnhandledExceptionFilter
IsDebuggerPresent
lstrcpyW
CreateProcessW
lstrcatW
LocalAlloc
FormatMessageW
Sleep
CreateFileW
SetFilePointer
GetModuleHandleExW
WriteFile
LoadLibraryExW
LoadLibraryExA
LoadResource
GetLastError
VirtualFree
GlobalFree
FreeLibraryAndExitThread
VirtualQuery
FlushInstructionCache
ExitProcess
GetStdHandle
ResumeThread
GetFileType
CompareStringW
LCMapStringW
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
ReadConsoleW
FindFirstFileExW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
SetEndOfFile
WriteConsoleW
GetEnvironmentVariableW
GlobalHandle
GlobalAlloc
TlsGetValue
TlsSetValue
ResetEvent

user32

IsWindowEnabled
SetMenuItemInfoW
SetTimer
TrackPopupMenu
GetWindowPlacement
CreatePopupMenu
InsertMenuItemW
AppendMenuW
EnableWindow
GetPropW
NotifyWinEvent
DestroyMenu
SetPropW
GetCursor
MoveWindow
MonitorFromRect
SubtractRect
GetForegroundWindow
UpdateLayeredWindow
PeekMessageW
TrackMouseEvent
wsprintfW
GetCursorInfo
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
GetIconInfo
LoadCursorW
GetWindow
FindWindowW
GetParent
PtInRect
IsRectEmpty
UnionRect
IntersectRect
InflateRect
CopyRect
SetRectEmpty
SetRect
FillRect
ChildWindowFromPointEx
ScreenToClient
ClientToScreen
HideCaret
GetCursorPos
SetCursor
SetCursorPos
MessageBoxW
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
InvalidateRect
EndPaint
BeginPaint
SetForegroundWindow
UpdateWindow
DrawTextW
DrawIcon
GetSystemMetrics
KillTimer
ReleaseCapture
SetCapture
GetKeyState
SetFocus
IsClipboardFormatAvailable
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
IsWindowVisible
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
CallWindowProcW
PostQuitMessage
DefWindowProcW
WaitForInputIdle
UnregisterHotKey
RegisterHotKey
DispatchMessageW
TranslateMessage
GetMessageW
GetDesktopWindow
ReleaseDC
GetDC
SendMessageW
SetWindowLongW
GetWindowLongW
GetClientRect
IsWindow
PostMessageW
GetFocus
IsIconic
wvsprintfW

gdi32

SetTextCharacterExtra
SetViewportOrgEx
EnumFontFamiliesExW
SetTextColor
StretchBlt
SetBkMode
GetTextExtentExPointW
GetTextExtentPointW
GetStockObject
GetPixel
GetClipBox
GetBitmapDimensionEx
CreateSolidBrush
CreateFontIndirectW
CreateCompatibleBitmap
MoveToEx
GetObjectW
StrokePath
StrokeAndFillPath
EndPath
CreateDIBSection
SelectObject
LineTo
GetDeviceCaps
DeleteObject
DeleteDC
CreatePen
CreateCompatibleDC
BitBlt
GetFontData

comdlg32

ChooseColorW
GetSaveFileNameW
GetOpenFileNameW

shell32

ShellExecuteExW
SHFileOperationW
SHGetSpecialFolderPathW
SHGetFolderPathW
ShellExecuteW

ole32

CoUninitialize
CoInitialize

oleaut32

VariantClear
VariantInit
SysAllocString

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetProcessMemoryInfo

imm32

ImmDisableIME

wininet

InternetCrackUrlA
InternetWriteFile
HttpOpenRequestA
HttpSendRequestExW
InternetOpenW
InternetErrorDlg
HttpEndRequestW
InternetConnectA
HttpAddRequestHeadersW
InternetCloseHandle

msimg32

TransparentBlt
AlphaBlend

oleacc

LresultFromObject
AccessibleObjectFromWindow

advapi32

CryptAcquireContextW
CryptSetKeyParam
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptReleaseContext
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
InitializeAcl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
AddAccessAllowedAceEx
GetLengthSid
LookupAccountSidW
RegCreateKeyExW
OpenProcessToken
RegOpenKeyExW
GetTokenInformation
RegCloseKey
RegSetValueExW
RegOpenKeyW
RegQueryValueExW
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl

Sections

.text
Size: 732KB - Virtual size: 731KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 179KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 19KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 703KB - Virtual size: 702KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 107KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bcbac914dca3fe2f2ad9d4f30cab4236

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

kernel32

user32

gdi32

comdlg32

shell32

ole32

oleaut32

version

psapi

imm32

wininet

msimg32

oleacc

advapi32

Sections

.text Size: 732KB - Virtual size: 731KB

.rdata Size: 179KB - Virtual size: 178KB

.data Size: 19KB - Virtual size: 77KB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.rsrc Size: 703KB - Virtual size: 702KB

.reloc Size: 107KB - Virtual size: 108KB

.text
Size: 732KB - Virtual size: 731KB

.rdata
Size: 179KB - Virtual size: 178KB

.data
Size: 19KB - Virtual size: 77KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rsrc
Size: 703KB - Virtual size: 702KB

.reloc
Size: 107KB - Virtual size: 108KB