CamCapture Plugin

Description

(Cylance) This Win32 PE DLL arrives in a partially obfuscated form with its entry point obscured by garbage opcodes, useless instructions, and non-linear code flow. It exports several functions that can possibly be invoked with the use of Roland backdoor’s run_dll command.

Most of these exports provide various screenshot and video capture functionality.

Names

Name
CamCapture Plugin

Category

Malware

Type

• Exfiltration

Information

• https://www.cylance.com/content/dam/cylance-web/en-us/resources/knowledge-center/resource-library/reports/SpyRATsofOceanLotusMalwareWhitePaper.pdf

Other Information

Uuid

f02f03d7-3d90-4cb2-8774-dd53a2718b70

Last Card Change

2020-04-20