Threat Database Potentially Unwanted Programs PUP.MSIL.CaptureScreen.A

PUP.MSIL.CaptureScreen.A

By CagedTech in Potentially Unwanted Programs

Table of Contents

Analysis Report

General information

Family Name:	PUP.MSIL.CaptureScreen.A
Signature status:	No Signature

Known Samples

MD5: 70141fc4b678b62a1ecaaa042264b569

SHA1: 46b382f56f925f7ef0ff291c7e9df21333b0c4f8

SHA256: BA4BB4A12DFC1462E0603586EAB27EDE8B1DA46EC388288AE485AA8E7B5BD6D9

File Size: 12.80 KB, 12800 bytes

MD5: e5a05439324d2ddad38934d9b7e143e6

SHA1: f5ce85bc884547ef20c376f24369287f555d0d46

SHA256: 44B6A8D4BFD899B29AAC46930EE4714837B52DFD5AC45A74202F520EAFF05B23

File Size: 12.80 KB, 12800 bytes

MD5: d45d24c33c07757e3f9a70df7d4f251a

SHA1: 3541924423ef53efa203b2d65ea7e1a2482d5cc6

SHA256: C94872C2523053670D01D9E07F66F398CD32D33BB6DCC7F4BA1F218690CBCE33

File Size: 12.80 KB, 12800 bytes

MD5: 7261f65b9957ee0f571fce345c859503

SHA1: 5941dab5425eb812b6ac822e954a978b45effe80

SHA256: 4A2FEAFD523FED32EF3BCBD711DD6432FB0FCF1AC232F17468A0606F9F8BBFE8

File Size: 12.80 KB, 12800 bytes

MD5: d4efc6c899f91e1bd8ffd719378418d1

SHA1: d6e053637de895f649a58d69b6c9d9a24736ddbf

SHA256: 78EC96C4218ECD046B7CB4B3014CFFB577D6D053CC3AD2DF1EAB46DC1BC0709D

File Size: 12.80 KB, 12800 bytes

Show More

MD5: eaf5bd55b2ee1389013c2ad20e3f2f1a

SHA1: bb773f02add3f77151e54ae3d5b2ff2ecfee2d65

SHA256: 1085E04AD2E98333D0379EBD232BCFF56256E9DBDA95D5E1B68B98D26D4EF054

File Size: 12.80 KB, 12800 bytes

MD5: d187a8c6ec965f6f68356422e645b5a2

SHA1: ac99f175ffad9027a284347be5880d2025f506a7

SHA256: B4044FCED107512C9A9DCA69A1F2D702D22F6C92F17BAEC674E4A66495B60BDD

File Size: 12.80 KB, 12800 bytes

MD5: ea538ce4b1b3acdb086a340f027fefed

SHA1: d02549c4d389658d4dd518fcad93a8006c0b31da

SHA256: BF2F4CE9A76186B8468CD10D8DB7CF606EC7515799B9E6032A93E883949B8BF7

File Size: 12.80 KB, 12800 bytes

MD5: 817dfc089000e6d2fbab7c9d1db0b18c

SHA1: 917d3f843550a4164e8144b3d16c999fb911aae6

SHA256: 6D26F8286D1EF3B1359F2BA8469EE0C8A97CFE5E5330BFA1EA47C044C0D0EE4F

File Size: 12.80 KB, 12800 bytes

MD5: 62064874a93d78e0c5ac5c72b893ed1a

SHA1: 85173e4dd138d618ece59d3e4da2ec95fb4d17a5

SHA256: F494121B9F10A54851A4440ADECE1DB1A6462F3704CC5E0C239E48B980F4C9BA

File Size: 12.80 KB, 12800 bytes

MD5: 4be58a4efcd0a62debfad44f40adb0ab

SHA1: 6450261ef1d1c6ed9c3b15ef8cb23459e026abaf

SHA256: EF6DC5B9B45E091FB7EF7D1DC4C8884460B2536A28555A59C8B3C1552A2BCD65

File Size: 12.80 KB, 12800 bytes

MD5: e4ff88c98929aab5934220d994c083c8

SHA1: da06b91a371c8f470c4c59212554943956cd35df

SHA256: 0039BD42E42BE1E0FC70FFF34EF8FA110A33E8BFF396F292CD037618CC64CD2A

File Size: 12.80 KB, 12800 bytes

MD5: 12b261776b9bcef785e26f8bbf84bb37

SHA1: 3e8cebad5f484a036723940df0bbf20b88b55ceb

SHA256: 2383FFEC92F2B095C3E8A5C215BF16AFDBBD06FAEC06FD2D657323A227DF764B

File Size: 12.80 KB, 12800 bytes

MD5: 54a41d74c28ebd52c349bd3791461842

SHA1: e6f0bcbd05daf4137a98c50e70b2b8c54c63900a

SHA256: C438B8040C5FD59CDA9BD8A7703C6F25D35631B5B0E5591CEBB687A54206AC07

File Size: 12.80 KB, 12800 bytes

MD5: 6f4988f15e5830686ed63e392a6848bb

SHA1: 12be63a165bcdb34d87523e415beb92a68ddc186

SHA256: FB81940706CA891FB0BF65E6F8E71D0944205AA1BE53CF911ABC603761AD9722

File Size: 12.80 KB, 12800 bytes

MD5: 850304e02f9978d31bd41d6bc77dba8d

SHA1: a62d307590d9f484244d638e7c64df9fb6616319

SHA256: 1B374542D28484E4E29A6F8574C45F9FCADDA0A1CD9CC13E65883B032598FA4D

File Size: 12.80 KB, 12800 bytes

MD5: 39c4445ad9cdf98f53a05ffcbcafbf25

SHA1: 5afe6d1b724b30908033ce8481fd4a097ae176f3

SHA256: 9687C110A1B65ECED70202874BC26A7A79FD25058916813A6B75728CE0CB57B2

File Size: 12.80 KB, 12800 bytes

MD5: 1723b83523ef9cb27da30f6f92e93738

SHA1: 4bbe196141dffda2e5b2f3e6996e6ebfa8498ea9

SHA256: D04E5DBBB15FC92B9CB49CD60C6336A8982CED5247AA3F0DCAF9157C77F0C57E

File Size: 12.80 KB, 12800 bytes

MD5: 1e7c0ff9443cb45b65848711382f7832

SHA1: c7571379c1f7bf2e33572e82e6f92c513e5e9e16

SHA256: 4AF90F8E4FB13D95FA9C6AA43FA0EEE9BCFC258E0CC289DDD04D99403BF1F2C1

File Size: 12.80 KB, 12800 bytes

MD5: 25951214efb5123ff7725465e216a834

SHA1: 60639f626ebad82b20c6e99af8d7e74bedb0578b

SHA256: 0168C8C409C6AD62A4B3D68E96F1A18511B99F44A0DB7E61692A545E01B35B36

File Size: 12.80 KB, 12800 bytes

MD5: a5b61944d4c17579719271b2dd3bb4e9

SHA1: aba410bc6e0aa625410d8ec21a9c5c34e4fc7842

SHA256: C27130026CF4E12CE0C486C82507A33F28137C4E82FB6F662E23429914C7A586

File Size: 12.80 KB, 12800 bytes

MD5: 3275fbc6820414e819a4b1dcbc0a4058

SHA1: 627b393d5a89b319b4cb9663f82f7c0c6520a100

SHA256: 2F1C41D044A7B96D5F6D2A783F25876D089FDDC507881255BAA8263A12905B00

File Size: 12.80 KB, 12800 bytes

MD5: 345732d27e28aa7bf720e42ad4065abe

SHA1: c5de5e728ab662d5ff4e4152d5a86c61f3f4b717

SHA256: E64C5DE3774FBDD171800D79E8084D16923023BA660964565DF95A9A45AF9068

File Size: 12.80 KB, 12800 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have security information
File is .NET application
File is 32-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)

Show More

IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name	Value
Assembly Version	0.0.0.0
File Version	0.0.0.0
Internal Name	screenCapture_1.3.2.exe
Original Filename	screenCapture_1.3.2.exe
Product Version	0.0.0.0

File Traits

.NET
x86

Block Information

Total Blocks:	19
Potentially Malicious Blocks:	12
Whitelisted Blocks:	7
Unknown Blocks:	0

Visual Map

0 x x x 0 0 x x x x x x x x x 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

MSIL.CaptureScreen.A

Windows API Usage

Category

API

Syscall Use

ntdll.dll!NtAlertThreadByThreadId
ntdll.dll!NtAlpcSendWaitReceivePort
ntdll.dll!NtClearEvent
ntdll.dll!NtClose
ntdll.dll!NtCreateEvent
ntdll.dll!NtCreateFile
ntdll.dll!NtCreateMutant
ntdll.dll!NtCreatePrivateNamespace
ntdll.dll!NtCreateSection
ntdll.dll!NtCreateThreadEx

Show More

ntdll.dll!NtDeviceIoControlFile
ntdll.dll!NtDuplicateObject
ntdll.dll!NtEnumerateKey
ntdll.dll!NtEnumerateValueKey
ntdll.dll!NtFlushProcessWriteBuffers
ntdll.dll!NtFreeVirtualMemory
ntdll.dll!NtMapViewOfSection
ntdll.dll!NtOpenDirectoryObject
ntdll.dll!NtOpenEvent
ntdll.dll!NtOpenFile
ntdll.dll!NtOpenKey
ntdll.dll!NtOpenKeyEx
ntdll.dll!NtOpenProcess
ntdll.dll!NtOpenProcessToken
ntdll.dll!NtOpenSection
ntdll.dll!NtOpenThreadToken
ntdll.dll!NtProtectVirtualMemory
ntdll.dll!NtQueryAttributesFile
ntdll.dll!NtQueryDefaultLocale
ntdll.dll!NtQueryDirectoryFileEx
ntdll.dll!NtQueryFullAttributesFile
ntdll.dll!NtQueryInformationFile
ntdll.dll!NtQueryInformationJobObject
ntdll.dll!NtQueryInformationProcess
ntdll.dll!NtQueryInformationThread
ntdll.dll!NtQueryInformationToken
ntdll.dll!NtQueryKey
ntdll.dll!NtQueryLicenseValue
ntdll.dll!NtQueryPerformanceCounter
ntdll.dll!NtQuerySecurityAttributesToken
ntdll.dll!NtQuerySecurityObject
ntdll.dll!NtQuerySystemInformation
ntdll.dll!NtQuerySystemInformationEx
ntdll.dll!NtQueryValueKey
ntdll.dll!NtQueryVirtualMemory
ntdll.dll!NtQueryVolumeInformationFile
ntdll.dll!NtQueryWnfStateData
ntdll.dll!NtReadFile
ntdll.dll!NtReadRequestData
ntdll.dll!NtReleaseMutant
ntdll.dll!NtReleaseWorkerFactoryWorker
ntdll.dll!NtResumeThread
ntdll.dll!NtSetEvent
ntdll.dll!NtSetInformationKey
ntdll.dll!NtSetInformationProcess
ntdll.dll!NtSetInformationThread
ntdll.dll!NtSetInformationWorkerFactory
ntdll.dll!NtSubscribeWnfStateChange
ntdll.dll!NtTestAlert
ntdll.dll!NtTraceControl
ntdll.dll!NtUnmapViewOfSection
ntdll.dll!NtUnmapViewOfSectionEx
ntdll.dll!NtWaitForAlertByThreadId
ntdll.dll!NtWaitForMultipleObjects
ntdll.dll!NtWaitForSingleObject
ntdll.dll!NtWaitForWorkViaWorkerFactory
ntdll.dll!NtWorkerFactoryWorkerReady
ntdll.dll!NtWriteFile
UNKNOWN

User Data Access

GetUserDefaultLocaleName
GetUserObjectInformation

Trending

Trojan.Downloader.ConsCorr

January 19, 2023

Analysis Report General information Family Name: PUP.MSIL.CaptureScreen.A Signature status: No Signature Known Samples i Known Samples This section lists other file samples believed to be...

Trojan.Vapsup

January 19, 2023

Analysis Report General information Family Name: PUP.MSIL.CaptureScreen.A Signature status: No Signature Known Samples i Known Samples This section lists other file samples believed to be...

Trojan.Vundo.HM screenshot

Trojan.Vundo.HM

January 11, 2023

Analysis Report General information Family Name: PUP.MSIL.CaptureScreen.A Signature status: No Signature Known Samples i Known Samples This section lists other file samples believed to be...

Most Viewed

Pornktube.porn

December 28, 2023 34,274

Analysis Report General information Family Name: PUP.MSIL.CaptureScreen.A Signature status: No Signature Known Samples i Known Samples This section lists other file samples believed to be...

How To Fix 'Printer Driver is Unavailable' Error

June 29, 2021 34,180

Printers are notorious for refusing to do their job whenever the user needs it the most. Luckily, if your printer is displaying the Printer Driver is Unavailable' error, then there are a couple of...

Discord Shows Black Screen when Sharing Screen screenshot

Discord Shows Black Screen when Sharing Screen

June 21, 2021 29,080

When it first launched, Discord was a VoIP platform geared toward the gaming community. However, in the following years, it expanded its scope, added numerous new features, and became one of the...

Loading...