OGMuxer[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

OGMuxer.exe
Size

208KB
MD5

5c35831566f3793c926705058d2f1857
SHA1

1004a7f79a1cddfb09b847df7c7f3d913a56d95f
SHA256

c0aef482c8c7ba9d63ade0fb87dcd1f79dfa494d4c26d9e603271f41d04511e9
SHA512

2c5ec43c4dbcdcc6dde46dc50b7e7c660ced4e7d86f0d7021b045419fb58dacd184d870f89599b607b94e7bedd621190e9fd2a8294dd427c0cdc8b4d4e5e232e
SSDEEP

3072:RFDCFmLiCc0TW2bA5bG8PztFO4vmh1kRD0q5vD6Oafzg4OQv9A:R1CcLiCcjAAdEhWl0IL6XXI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
OGMuxer.exe

Files

OGMuxer.exe
.exe windows:4 windows x86

251d33a8777aa8e09c72dde6a4f39fd4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

basicparser

?getNode@BasicParser@@QAEPAVNode@@PADH@Z
?countNodes@BasicParser@@QAEHPAD@Z
?hasNode@BasicParser@@QAE_NPAD@Z
?dumpTree@BasicParser@@QAEXXZ
?isValid@BasicParser@@QAE_NXZ
?hasAttribute@Node@@QAE_NPAD@Z
?parse@BasicParser@@QAE_NPAD@Z
?parseLine@BasicParser@@QAE_NPAD@Z
??0BasicParser@@QAE@XZ
??1BasicParser@@UAE@XZ
?getAttributeValue@Node@@QAEPADPAD@Z
?hasSubNode@Node@@QAE_NPAD@Z
?getSubNode@Node@@QAEPAV1@PADH@Z
?getValue@Node@@QAEPADXZ
?countSubNodes@Node@@QAEIXZ
?getSubNode@Node@@QAEPAV1@H@Z
?getName@Node@@QAEPADXZ
?getBasicParserCopyright@@YAPADXZ
?countSubNodes@Node@@QAEHPAD@Z
?dumpTags@BasicParser@@QAEXXZ
?endParse@BasicParser@@QAE_NXZ

ogg

ogg_sync_buffer
ogg_sync_pageseek
ogg_stream_packetout
ogg_stream_pagein
ogg_stream_init
ogg_page_serialno
ogg_sync_wrote
ogg_stream_clear
ogg_sync_init
ogg_stream_packetin
ogg_stream_pageout
ogg_stream_flush
ogg_page_granulepos
ogg_stream_reset

vorbis

vorbis_commentheader_out
vorbis_info_init
vorbis_info_clear
vorbis_comment_clear
vorbis_packet_blocksize
vorbis_comment_add
vorbis_synthesis_headerin
vorbis_comment_add_tag
vorbis_comment_init

avifil32

AVIStreamEndStreaming
AVIStreamInfoA
AVIStreamFindSample
AVIStreamRead
AVIStreamStart
AVIStreamLength
AVIStreamReadFormat
AVIFileGetStream
AVIFileRelease
AVIStreamBeginStreaming

winmm

mmioOpenA
mmioSeek
mmioDescend
mmioRead
mmioAscend
mmioClose

kernel32

GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
SetEndOfFile
SetStdHandle
IsBadWritePtr
VirtualAlloc
VirtualFree
GetStringTypeA
GetStringTypeW
FlushFileBuffers
IsBadReadPtr
IsBadCodePtr
VirtualProtect
GetSystemInfo
VirtualQuery
HeapSize
GetLocaleInfoA
LoadLibraryA
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
CloseHandle
GetLastError
CreateFileA
InitializeCriticalSection
FormatMessageA
ReadFile
WriteFile
SetFilePointer
LeaveCriticalSection
EnterCriticalSection
GetFileSize
GetTickCount
MulDiv
QueryPerformanceCounter
GetStartupInfoA
GetStdHandle
ExitProcess
RtlUnwind
RaiseException
HeapAlloc
HeapFree
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
HeapReAlloc
GetFileType
DeleteFileA
GetCommandLineA
GetVersionExA
GetACP
GetOEMCP
GetCPInfo
SetHandleCount

user32

wsprintfA

Sections

.text
Size: 156KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

251d33a8777aa8e09c72dde6a4f39fd4

Headers

File Characteristics

Imports

basicparser

ogg

vorbis

avifil32

winmm

kernel32

user32

Sections

.text Size: 156KB - Virtual size: 154KB

.rdata Size: 40KB - Virtual size: 36KB

.data Size: 8KB - Virtual size: 30KB

.text
Size: 156KB - Virtual size: 154KB

.rdata
Size: 40KB - Virtual size: 36KB

.data
Size: 8KB - Virtual size: 30KB