PUP.MSIL.CaptureScreen.A
Table of Contents
Analysis Report
General information
| Family Name: | PUP.MSIL.CaptureScreen.A |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
70141fc4b678b62a1ecaaa042264b569
SHA1:
46b382f56f925f7ef0ff291c7e9df21333b0c4f8
SHA256:
BA4BB4A12DFC1462E0603586EAB27EDE8B1DA46EC388288AE485AA8E7B5BD6D9
File Size:
12.80 KB, 12800 bytes
|
|
MD5:
e5a05439324d2ddad38934d9b7e143e6
SHA1:
f5ce85bc884547ef20c376f24369287f555d0d46
SHA256:
44B6A8D4BFD899B29AAC46930EE4714837B52DFD5AC45A74202F520EAFF05B23
File Size:
12.80 KB, 12800 bytes
|
|
MD5:
d45d24c33c07757e3f9a70df7d4f251a
SHA1:
3541924423ef53efa203b2d65ea7e1a2482d5cc6
SHA256:
C94872C2523053670D01D9E07F66F398CD32D33BB6DCC7F4BA1F218690CBCE33
File Size:
12.80 KB, 12800 bytes
|
|
MD5:
7261f65b9957ee0f571fce345c859503
SHA1:
5941dab5425eb812b6ac822e954a978b45effe80
SHA256:
4A2FEAFD523FED32EF3BCBD711DD6432FB0FCF1AC232F17468A0606F9F8BBFE8
File Size:
12.80 KB, 12800 bytes
|
|
MD5:
d4efc6c899f91e1bd8ffd719378418d1
SHA1:
d6e053637de895f649a58d69b6c9d9a24736ddbf
SHA256:
78EC96C4218ECD046B7CB4B3014CFFB577D6D053CC3AD2DF1EAB46DC1BC0709D
File Size:
12.80 KB, 12800 bytes
|
Show More
|
MD5:
eaf5bd55b2ee1389013c2ad20e3f2f1a
SHA1:
bb773f02add3f77151e54ae3d5b2ff2ecfee2d65
SHA256:
1085E04AD2E98333D0379EBD232BCFF56256E9DBDA95D5E1B68B98D26D4EF054
File Size:
12.80 KB, 12800 bytes
|
|
MD5:
d187a8c6ec965f6f68356422e645b5a2
SHA1:
ac99f175ffad9027a284347be5880d2025f506a7
SHA256:
B4044FCED107512C9A9DCA69A1F2D702D22F6C92F17BAEC674E4A66495B60BDD
File Size:
12.80 KB, 12800 bytes
|
|
MD5:
ea538ce4b1b3acdb086a340f027fefed
SHA1:
d02549c4d389658d4dd518fcad93a8006c0b31da
SHA256:
BF2F4CE9A76186B8468CD10D8DB7CF606EC7515799B9E6032A93E883949B8BF7
File Size:
12.80 KB, 12800 bytes
|
|
MD5:
817dfc089000e6d2fbab7c9d1db0b18c
SHA1:
917d3f843550a4164e8144b3d16c999fb911aae6
SHA256:
6D26F8286D1EF3B1359F2BA8469EE0C8A97CFE5E5330BFA1EA47C044C0D0EE4F
File Size:
12.80 KB, 12800 bytes
|
|
MD5:
62064874a93d78e0c5ac5c72b893ed1a
SHA1:
85173e4dd138d618ece59d3e4da2ec95fb4d17a5
SHA256:
F494121B9F10A54851A4440ADECE1DB1A6462F3704CC5E0C239E48B980F4C9BA
File Size:
12.80 KB, 12800 bytes
|
|
MD5:
4be58a4efcd0a62debfad44f40adb0ab
SHA1:
6450261ef1d1c6ed9c3b15ef8cb23459e026abaf
SHA256:
EF6DC5B9B45E091FB7EF7D1DC4C8884460B2536A28555A59C8B3C1552A2BCD65
File Size:
12.80 KB, 12800 bytes
|
|
MD5:
e4ff88c98929aab5934220d994c083c8
SHA1:
da06b91a371c8f470c4c59212554943956cd35df
SHA256:
0039BD42E42BE1E0FC70FFF34EF8FA110A33E8BFF396F292CD037618CC64CD2A
File Size:
12.80 KB, 12800 bytes
|
|
MD5:
12b261776b9bcef785e26f8bbf84bb37
SHA1:
3e8cebad5f484a036723940df0bbf20b88b55ceb
SHA256:
2383FFEC92F2B095C3E8A5C215BF16AFDBBD06FAEC06FD2D657323A227DF764B
File Size:
12.80 KB, 12800 bytes
|
|
MD5:
54a41d74c28ebd52c349bd3791461842
SHA1:
e6f0bcbd05daf4137a98c50e70b2b8c54c63900a
SHA256:
C438B8040C5FD59CDA9BD8A7703C6F25D35631B5B0E5591CEBB687A54206AC07
File Size:
12.80 KB, 12800 bytes
|
|
MD5:
6f4988f15e5830686ed63e392a6848bb
SHA1:
12be63a165bcdb34d87523e415beb92a68ddc186
SHA256:
FB81940706CA891FB0BF65E6F8E71D0944205AA1BE53CF911ABC603761AD9722
File Size:
12.80 KB, 12800 bytes
|
|
MD5:
850304e02f9978d31bd41d6bc77dba8d
SHA1:
a62d307590d9f484244d638e7c64df9fb6616319
SHA256:
1B374542D28484E4E29A6F8574C45F9FCADDA0A1CD9CC13E65883B032598FA4D
File Size:
12.80 KB, 12800 bytes
|
|
MD5:
39c4445ad9cdf98f53a05ffcbcafbf25
SHA1:
5afe6d1b724b30908033ce8481fd4a097ae176f3
SHA256:
9687C110A1B65ECED70202874BC26A7A79FD25058916813A6B75728CE0CB57B2
File Size:
12.80 KB, 12800 bytes
|
|
MD5:
1723b83523ef9cb27da30f6f92e93738
SHA1:
4bbe196141dffda2e5b2f3e6996e6ebfa8498ea9
SHA256:
D04E5DBBB15FC92B9CB49CD60C6336A8982CED5247AA3F0DCAF9157C77F0C57E
File Size:
12.80 KB, 12800 bytes
|
|
MD5:
1e7c0ff9443cb45b65848711382f7832
SHA1:
c7571379c1f7bf2e33572e82e6f92c513e5e9e16
SHA256:
4AF90F8E4FB13D95FA9C6AA43FA0EEE9BCFC258E0CC289DDD04D99403BF1F2C1
File Size:
12.80 KB, 12800 bytes
|
|
MD5:
25951214efb5123ff7725465e216a834
SHA1:
60639f626ebad82b20c6e99af8d7e74bedb0578b
SHA256:
0168C8C409C6AD62A4B3D68E96F1A18511B99F44A0DB7E61692A545E01B35B36
File Size:
12.80 KB, 12800 bytes
|
|
MD5:
a5b61944d4c17579719271b2dd3bb4e9
SHA1:
aba410bc6e0aa625410d8ec21a9c5c34e4fc7842
SHA256:
C27130026CF4E12CE0C486C82507A33F28137C4E82FB6F662E23429914C7A586
File Size:
12.80 KB, 12800 bytes
|
|
MD5:
3275fbc6820414e819a4b1dcbc0a4058
SHA1:
627b393d5a89b319b4cb9663f82f7c0c6520a100
SHA256:
2F1C41D044A7B96D5F6D2A783F25876D089FDDC507881255BAA8263A12905B00
File Size:
12.80 KB, 12800 bytes
|
|
MD5:
345732d27e28aa7bf720e42ad4065abe
SHA1:
c5de5e728ab662d5ff4e4152d5a86c61f3f4b717
SHA256:
E64C5DE3774FBDD171800D79E8084D16923023BA660964565DF95A9A45AF9068
File Size:
12.80 KB, 12800 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have security information
- File is .NET application
- File is 32-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Assembly Version | 0.0.0.0 |
| File Version | 0.0.0.0 |
| Internal Name | screenCapture_1.3.2.exe |
| Original Filename | screenCapture_1.3.2.exe |
| Product Version | 0.0.0.0 |
File Traits
- .NET
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 19 |
|---|---|
| Potentially Malicious Blocks: | 12 |
| Whitelisted Blocks: | 7 |
| Unknown Blocks: | 0 |
Visual Map
0
x
x
x
0
0
x
x
x
x
x
x
x
x
x
0
0
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- MSIL.CaptureScreen.A
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| User Data Access |
|