49af461330049ce19fdadab6ac5acb1f

Sharing

Copy URL Twitter E-mail

General

Target

49af461330049ce19fdadab6ac5acb1f
Size

1.2MB
MD5

49af461330049ce19fdadab6ac5acb1f
SHA1

b5be817da784e2062885b4312c7cea2ac48e8cbd
SHA256

81e6de584059717c0234340d384ab9025e93df06c7449c3b7f657785d6c52b58
SHA512

c962ad2050eed908140ab91b601ae9a431d2ca4dbfbf3d2063575718ca28f67104d46dbbbaa9d7151fa4fe4b566803918837ba24d6acb3c20ce7034adf0edae4
SSDEEP

24576:ZrG4t6kXlTyPaAhcrza6I/23uT6WgqRlPvbWDTPnrWYQdxKiyyOScxcF:ZrGLkuSJVEquTVnPvberuxKOOScxcF

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/All Media Fixer/MediaFixer.chs.exe
unpack001/All Media Fixer/d3d8thk.dll
unpack001/All Media Fixer/mciwave.dll
unpack001/All Media Fixer/npwmsdrm.dll
unpack001/All Media Fixer/pidgen.dll

Files

49af461330049ce19fdadab6ac5acb1f
.rar
All Media Fixer/Image/MediaFixer.jpg
.jpg
All Media Fixer/Image/Thumbs.db
All Media Fixer/MediaFixer.chs.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 912KB - Virtual size: 912KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 391KB - Virtual size: 391KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
All Media Fixer/MediaFixerHelp.chm
.chm
All Media Fixer/MediaFixer_regcode.ini
All Media Fixer/MediaFixer_skinfile.ini
All Media Fixer/MediaFixer_verdata.ini
All Media Fixer/More/Audio.htm
.html
All Media Fixer/More/AviFixer_MoreData.ini
All Media Fixer/More/Business.htm
.html
All Media Fixer/More/Desktop.htm
.html
All Media Fixer/More/Excellence.htm
.html
All Media Fixer/More/Game.htm
.html
All Media Fixer/More/Internet.htm
.html
All Media Fixer/More/MediaFixer_MoreData.ini
All Media Fixer/More/Multimedia.htm
.html
All Media Fixer/More/NewLive.htm
.html
All Media Fixer/More/Utilities.htm
.html
All Media Fixer/More/WebDeveloper.htm
.html
All Media Fixer/More/allfixer.htm
.html
All Media Fixer/More/avifixer.htm
All Media Fixer/More/css/mail.css
All Media Fixer/More/images/01.gif
.gif
All Media Fixer/More/images/02.gif
.gif
All Media Fixer/More/images/03.gif
.gif
All Media Fixer/More/images/04.gif
.gif
All Media Fixer/More/images/05.gif
.gif
All Media Fixer/More/images/06.gif
.gif
All Media Fixer/More/images/07.gif
.gif
All Media Fixer/More/images/08.gif
.gif
All Media Fixer/More/images/09.gif
.gif
All Media Fixer/More/images/10.gif
.gif
All Media Fixer/More/images/213.gif
.gif
All Media Fixer/More/images/Newlive.gif
.gif
All Media Fixer/More/images/Thumbs.db
All Media Fixer/More/images/avifixer.jpg
.jpg
All Media Fixer/More/images/bg.gif
.gif
All Media Fixer/More/images/dot.gif
.gif
All Media Fixer/More/images/excellencesoft.gif
.gif
All Media Fixer/More/images/realconvert.gif
All Media Fixer/More/images/smallfixerbox.jpg
.jpg
All Media Fixer/More/images/style1.css
.html
All Media Fixer/More/images/supman.gif
.gif
All Media Fixer/More/more.htm
.html
All Media Fixer/More/support.htm
.html .js polyglot
All Media Fixer/OK.wav
All Media Fixer/Skins/GlassOrange.ssk
All Media Fixer/Skins/Longhorn.ssk
All Media Fixer/Skins/MP10.ssk
All Media Fixer/Skins/MSN.ssk
All Media Fixer/Skins/MacOS.ssk
All Media Fixer/Skins/OneOrange.ssk
All Media Fixer/Skins/RealOne.ssk
All Media Fixer/Skins/SportsOrange.ssk
All Media Fixer/Skins/XPBlue.ssk
All Media Fixer/Skins/XPOrange.ssk
All Media Fixer/SystemIco/0.ico
All Media Fixer/SystemIco/1.ico
All Media Fixer/SystemIco/10.ico
All Media Fixer/SystemIco/11.ico
All Media Fixer/SystemIco/12.ico
All Media Fixer/SystemIco/13.ico
All Media Fixer/SystemIco/14.ico
All Media Fixer/SystemIco/15.ico
All Media Fixer/SystemIco/16.ico
All Media Fixer/SystemIco/17.ico
All Media Fixer/SystemIco/18.ico
All Media Fixer/SystemIco/19.ico
All Media Fixer/SystemIco/2.ico
All Media Fixer/SystemIco/20.ico
All Media Fixer/SystemIco/21.ico
All Media Fixer/SystemIco/22.ico
All Media Fixer/SystemIco/23.ico
All Media Fixer/SystemIco/24.ico
All Media Fixer/SystemIco/25.ico
All Media Fixer/SystemIco/26.ico
All Media Fixer/SystemIco/27.ico
All Media Fixer/SystemIco/28.ico
All Media Fixer/SystemIco/29.ico
All Media Fixer/SystemIco/3.ico
All Media Fixer/SystemIco/30.ico
All Media Fixer/SystemIco/31.ico
All Media Fixer/SystemIco/32.ico
All Media Fixer/SystemIco/33.ico
All Media Fixer/SystemIco/34.ico
All Media Fixer/SystemIco/35.ico
All Media Fixer/SystemIco/4.ico
All Media Fixer/SystemIco/5.ico
All Media Fixer/SystemIco/6.ico
All Media Fixer/SystemIco/7.ico
All Media Fixer/SystemIco/8.ico
All Media Fixer/SystemIco/9.ico
All Media Fixer/d3d8thk.dll
.dll windows:5 windows x86 arch:x86

ca9067d44c94cd8b6f01ab628299122b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

DdEntry1
DdEntry2
DdEntry3
DdEntry5
DdEntry4
DdEntry7
DdEntry8
DdEntry9
DdEntry10
DdEntry11
DdEntry13
DdEntry12
DdEntry14
DdEntry17
DdEntry15
DdEntry18
DdEntry16
DdEntry50
DdEntry19
DdEntry20
DdEntry21
DdEntry24
DdEntry22
DdEntry23
DdEntry25
DdEntry26
DdEntry27
DdEntry28
DdEntry29
DdEntry30
DdEntry31
DdEntry6
DdEntry32
DdEntry33
DdEntry34
DdEntry35
DdEntry37
DdEntry36
DdEntry38
DdEntry39
DdEntry40
DdEntry41
DdEntry42
DdEntry43
DdEntry44
DdEntry45
DdEntry46
DdEntry47
DdEntry48
DdEntry49
DdEntry51
DdEntry52
DdEntry53
DdEntry54
DdEntry55
DdEntry56

msvcrt

_adjust_fdiv
malloc
_initterm
free

kernel32

DisableThreadLibraryCalls

Exports

Exports

OsThunkD3dContextCreate
OsThunkD3dContextDestroy
OsThunkD3dContextDestroyAll
OsThunkD3dDrawPrimitives2
OsThunkD3dValidateTextureStageState
OsThunkDdAddAttachedSurface
OsThunkDdAlphaBlt
OsThunkDdAttachSurface
OsThunkDdBeginMoCompFrame
OsThunkDdBlt
OsThunkDdCanCreateD3DBuffer
OsThunkDdCanCreateSurface
OsThunkDdColorControl
OsThunkDdCreateD3DBuffer
OsThunkDdCreateDirectDrawObject
OsThunkDdCreateMoComp
OsThunkDdCreateSurface
OsThunkDdCreateSurfaceEx
OsThunkDdCreateSurfaceObject
OsThunkDdDeleteDirectDrawObject
OsThunkDdDeleteSurfaceObject
OsThunkDdDestroyD3DBuffer
OsThunkDdDestroyMoComp
OsThunkDdDestroySurface
OsThunkDdEndMoCompFrame
OsThunkDdFlip
OsThunkDdFlipToGDISurface
OsThunkDdGetAvailDriverMemory
OsThunkDdGetBltStatus
OsThunkDdGetDC
OsThunkDdGetDriverInfo
OsThunkDdGetDriverState
OsThunkDdGetDxHandle
OsThunkDdGetFlipStatus
OsThunkDdGetInternalMoCompInfo
OsThunkDdGetMoCompBuffInfo
OsThunkDdGetMoCompFormats
OsThunkDdGetMoCompGuids
OsThunkDdGetScanLine
OsThunkDdLock
OsThunkDdLockD3D
OsThunkDdQueryDirectDrawObject
OsThunkDdQueryMoCompStatus
OsThunkDdReenableDirectDrawObject
OsThunkDdReleaseDC
OsThunkDdRenderMoComp
OsThunkDdResetVisrgn
OsThunkDdSetColorKey
OsThunkDdSetExclusiveMode
OsThunkDdSetGammaRamp
OsThunkDdSetOverlayPosition
OsThunkDdUnattachSurface
OsThunkDdUnlock
OsThunkDdUnlockD3D
OsThunkDdUpdateOverlay
OsThunkDdWaitForVerticalBlank

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
All Media Fixer/face/1a.jpg
.jpg
All Media Fixer/face/1b.jpg
.jpg
All Media Fixer/face/2a.jpg
.jpg
All Media Fixer/face/2b.jpg
.jpg
All Media Fixer/face/3a.jpg
.jpg
All Media Fixer/face/3b.jpg
.jpg
All Media Fixer/face/4a.jpg
.jpg
All Media Fixer/face/4b.jpg
.jpg
All Media Fixer/face/Thumbs.db
All Media Fixer/mciwave.dll
.dll windows:5 windows x86 arch:x86

379d3a6ca76b9e605e48d5eb0d75a943

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

wcsncpy

user32

PostThreadMessageW
GetMessageW
DispatchMessageW
DialogBoxParamW
GetDlgItemInt
SetScrollPos
SetDlgItemInt
EndDialog
GetDlgItem
SetScrollRange
LoadStringW
WinHelpW
wsprintfW
GetDesktopWindow

kernel32

GetCurrentProcessId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WriteProfileStringW
GetPrivateProfileStringW
GetProfileStringW
SetFilePointer
ReadFile
WriteFile
GlobalFree
GlobalAlloc
lstrcpyW
GlobalUnlock
GlobalHandle
DeleteFileW
CloseHandle
GlobalLock
Sleep
lstrlenW
GlobalReAlloc
MulDiv
LocalFree
LocalAlloc
CreateFileW
GetTempFileNameW
GetTempPathW
lstrcmpW
DisableThreadLibraryCalls

winmm

DefDriverProc
mmioClose
mmioAscend
mmioWrite
mmioCreateChunk
mmioOpenW
mmioDescend
mmioRenameW
mmioRead
mmioSeek
waveInAddBuffer
waveInStart
waveInGetDevCapsW
waveInGetID
waveOutGetDevCapsW
waveOutGetID
waveOutPause
waveOutWrite
waveInReset
waveOutReset
mciGetCreatorTask
waveInClose
waveOutClose
waveInOpen
waveOutOpen
mciDriverNotify
waveOutGetPosition
waveInPrepareHeader
waveOutPrepareHeader
waveInUnprepareHeader
waveOutUnprepareHeader
mciDriverYield
waveOutRestart
waveInStop
mmGetCurrentTask
mciSetDriverData
mmTaskCreate
mciGetDriverData
mciLoadCommandResource
waveInGetNumDevs
waveOutGetNumDevs
mciFreeCommandResource

Exports

Exports

DriverProc

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 782B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
All Media Fixer/npwmsdrm.dll
.dll windows:5 windows x86 arch:x86

fe1a342dc07a8479f165020c4a4a0b63

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
TerminateProcess
GetCurrentProcess
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
DisableThreadLibraryCalls

mfc42

ord825
ord823

msvcrt

malloc
_adjust_fdiv
_initterm
free
_stricmp
strlen
sprintf

ole32

CoCreateInstance

user32

DestroyWindow
DefWindowProcA
KillTimer
InvalidateRect
GetWindowLongA
UpdateWindow
SetPropA
SetWindowLongA

Exports

Exports

?native_Npwmsdrm_printToStdout@@YAXPAPBUJRIEnvInterface@@PAUNpwmsdrm@@PAUjava_lang_String@@@Z
NP_GetEntryPoints
NP_Initialize
NP_Shutdown
register_Npwmsdrm
unregister_Npwmsdrm
unuse_Npwmsdrm
unuse_netscape_plugin_Plugin
use_Npwmsdrm
use_netscape_plugin_Plugin

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
All Media Fixer/option.ini
All Media Fixer/pidgen.dll
.dll windows:4 windows x86 arch:x86

cef8c2dc6e50519e4deb8c5c6f44bed9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalMemoryStatus
CloseHandle
DeviceIoControl
GetVolumeInformationA
CreateFileA
lstrcmpA
QueryDosDeviceA
lstrcpyA
SystemTimeToFileTime
GetProcessHeap
lstrlenA
HeapAlloc
LockResource
LoadResource
FindResourceA
SizeofResource
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
HeapFree
GetLocalTime
GetTickCount
FreeResource

user32

CharNextA
wsprintfA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Exports

Exports

PIDGenA
PIDGenSimpA
PIDGenSimpW
PIDGenW

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
All Media Fixer/thank.txt
All Media Fixer/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 912KB - Virtual size: 912KB

DATA Size: 12KB - Virtual size: 12KB

BSS Size: 4KB - Virtual size: 4KB

.idata Size: 12KB - Virtual size: 12KB

.tls Size: 4KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 4KB

.reloc Size: 60KB - Virtual size: 60KB

.rsrc Size: 391KB - Virtual size: 391KB

.aspack Size: 12KB - Virtual size: 12KB

ca9067d44c94cd8b6f01ab628299122b

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.data Size: - Virtual size: 20B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 216B

379d3a6ca76b9e605e48d5eb0d75a943

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

user32

kernel32

winmm

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 512B - Virtual size: 136B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 782B

fe1a342dc07a8479f165020c4a4a0b63

Headers

File Characteristics

Imports

kernel32

mfc42

msvcrt

ole32

user32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 128B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 472B

cef8c2dc6e50519e4deb8c5c6f44bed9

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 436B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 292B

CODE
Size: 912KB - Virtual size: 912KB

DATA
Size: 12KB - Virtual size: 12KB

BSS
Size: 4KB - Virtual size: 4KB

.idata
Size: 12KB - Virtual size: 12KB

.tls
Size: 4KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 4KB

.reloc
Size: 60KB - Virtual size: 60KB

.rsrc
Size: 391KB - Virtual size: 391KB

.aspack
Size: 12KB - Virtual size: 12KB

.text
Size: 4KB - Virtual size: 4KB

.data
Size: - Virtual size: 20B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 216B

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 512B - Virtual size: 136B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 782B

.text
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 128B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 472B

.text
Size: 12KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 436B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 292B