615a74b5cc3d5e34ecfc07d05f025dd2e3bb627d0f14a5d2d53f47a3e1c82d90

Sharing

Copy URL

Twitter E-mail

General

Target

615a74b5cc3d5e34ecfc07d05f025dd2e3bb627d0f14a5d2d53f47a3e1c82d90
Size

554KB
MD5

9db4304867f4d1260c3c8634a6781906
SHA1

4f09c473338db61a7867ce9d9ae2b95acb141f36
SHA256

615a74b5cc3d5e34ecfc07d05f025dd2e3bb627d0f14a5d2d53f47a3e1c82d90
SHA512

49051fc04eeb34d83db8a6d602aa223e5218b2655e7554370ce6f4f41e68f0a51acfb3052166e1c2bf487701338332c58419106e5f7f791df1647311d51a6ee4
SSDEEP

12288:1g3HTcCHZ8kNLDO6RLNE6Uvf7/cjPgnh2FmLgF+f8rBjvrEH7P9:m3HTcqZ8kNbLNE6UvbheMgFrRrEH7P9

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
615a74b5cc3d5e34ecfc07d05f025dd2e3bb627d0f14a5d2d53f47a3e1c82d90
unpack001/EZMerge.exe
unpack001/travedit.dll
unpack001/troprmediafmt.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

615a74b5cc3d5e34ecfc07d05f025dd2e3bb627d0f14a5d2d53f47a3e1c82d90
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
EZMerge.exe
.exe windows:5 windows x86 arch:x86

5633fea6a9f20a690e821cc321aabcbd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

travedit

?CreateITRAVMerge@@YAPAVITRAVMerge@@XZ
?ExitTREdit@@YAXXZ
?InitTREdit@@YAXPAUHINSTANCE__@@@Z
?attachTREdit@@YAXPAUHWND__@@@Z
?DestroyITRAVMerge@@YAXPAVITRAVMerge@@@Z

trmediainfo

ord2

trmscrpf

?CreateITRMulScr_P@@YAPAVITRMulScr_profile@@XZ
?DestroyITRMulScr_P@@YAXPAVITRMulScr_profile@@@Z

trencoder

ord2
ord3
ord1
ord4

trmediaprofiles

?has_vcodec@tr_mediaprofile@@QAE_NXZ
??0tr_mediaprofileset@@QAE@XZ
?get_profiles@tr_mediaprofileset@@QAEAAV?$map@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@Vtr_mediaprofile@@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@Vtr_mediaprofile@@@std@@@2@@std@@XZ
?get_vcodec_value@tr_mediaprofile@@QAEPB_WPB_W@Z
?get_main@tr_mediaprofileset@@QAEAAV?$map@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@2@@std@@XZ
?load@tr_mediaprofileset@@QAE_NPB_W@Z
??1tr_mediaprofileset@@QAE@XZ
?save@tr_mediaprofileset@@QAE_NPB_W@Z
?remove_profile@tr_mediaprofileset@@QAE_NPB_W@Z
?get_value@tr_mediaprofile@@QAEPB_WPB_W@Z
?find_profile@tr_mediaprofileset@@QAEPAVtr_mediaprofile@@PB_W@Z
?tkv_get_value@@YAPB_WAAV?$map@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@2@@std@@PB_W@Z
?get_acodec_value@tr_mediaprofile@@QAEPB_WPB_W@Z
?has_acodec@tr_mediaprofile@@QAE_NXZ

troprmediafmt

_select_mediaprofile1@24

trcrptutil

tr_hash_file

kernel32

GetThreadLocale
FileTimeToSystemTime
GetSystemDirectoryW
GetCurrentDirectoryW
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
GetVolumeInformationW
GetFullPathNameW
CreateFileW
SetErrorMode
FileTimeToLocalFileTime
GetFileSizeEx
GetFileTime
GetStartupInfoW
RtlUnwind
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
SetEnvironmentVariableW
SetCurrentDirectoryW
SetCurrentDirectoryA
GetSystemTimeAsFileTime
HeapReAlloc
ExitProcess
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
LCMapStringA
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
InterlockedIncrement
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
LoadLibraryExW
CompareStringA
GetCurrentProcessId
lstrcmpA
GetModuleHandleA
InterlockedDecrement
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetVersionExA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
MulDiv
RaiseException
InterlockedExchange
LocalFree
LocalAlloc
LoadLibraryA
ExpandEnvironmentStringsA
SetFileAttributesW
GetFileAttributesW
GetModuleFileNameW
DeleteFileW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
CloseHandle
ResumeThread
GetPrivateProfileStringW
WritePrivateProfileStringW
GetTickCount
Sleep
FindFirstFileW
FindClose
CreateDirectoryW
GetTempPathW
GetTempFileNameW
WideCharToMultiByte
GetWindowsDirectoryW
FreeLibrary
lstrcatW
CreateProcessW
GetLastError
SetLastError
GetProcAddress
GetModuleHandleW
LoadLibraryW
FreeResource
GetCPInfo
lstrlenA
lstrlenW
lstrcmpiW
FindResourceW
LoadResource
LockResource
SizeofResource
GetVersion
GetVersionExW
MultiByteToWideChar

user32

DestroyMenu
SetRectEmpty
GetCursorPos
ValidateRect
TranslateMessage
GetMessageW
GetWindowDC
BeginPaint
EndPaint
GetWindowThreadProcessId
PostQuitMessage
MapDialogRect
SetWindowContextHelpId
IsRectEmpty
UnregisterClassW
CharNextW
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
CharUpperW
RegisterClipboardFormatW
PostThreadMessageW
GetLastActivePopup
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
TrackPopupMenu
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
DefWindowProcW
CallWindowProcW
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetFocus
SetWindowPos
ShowWindow
MoveWindow
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SetMenuItemBitmaps
SendDlgItemMessageW
GetWindowTextLengthW
GetWindowTextW
GetWindow
SetFocus
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
IsWindowEnabled
EndDialog
GetMenuStringW
UpdateWindow
KillTimer
SetTimer
wvsprintfW
MessageBoxW
LoadIconW
IsIconic
DrawIcon
LoadCursorW
CopyIcon
SetWindowLongW
IsWindow
ReleaseCapture
MessageBeep
SetCapture
RedrawWindow
PtInRect
DestroyCursor
LoadImageW
PostMessageW
SetCursor
GetWindowLongW
WindowFromPoint
GetParent
GetNextDlgTabItem
GetActiveWindow
InvalidateRect
ClientToScreen
GetClientRect
GetWindowRect
SendMessageW
DrawFocusRect
FrameRect
OffsetRect
InflateRect
GetIconInfo
CreateIconIndirect
DrawStateW
IsMenu
GetMenuItemInfoW
GetSystemMetrics
SystemParametersInfoW
DrawIconEx
DestroyIcon
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetSysColorBrush
GetSysColor
GetDesktopWindow
ReleaseDC
GetDC
ModifyMenuW
GetSubMenu
GetMenuState
GetMenuItemID
GetMenuItemCount
AppendMenuW
CreatePopupMenu
CreateMenu
DrawEdge
FillRect
GetMenuCheckMarkDimensions
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
LoadBitmapW
CopyRect
SetRect
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
EnableWindow
GetSystemMenu
GetMenu

gdi32

SetBkColor
CreateBitmap
CreateFontW
RoundRect
GetClipBox
SetMapMode
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetTextColor
ScaleViewportExtEx
SetWindowOrgEx
Escape
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreateRectRgnIndirect
GetMapMode
GetTextColor
GetRgnBox
SetViewportExtEx
GetStockObject
SetBkMode
RestoreDC
SaveDC
GetBkColor
StretchDIBits
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
GetTextExtentPoint32W
SetPixel
GetPixel
BitBlt
PatBlt
Rectangle
Ellipse
GetBkMode
GetDeviceCaps
CreateCompatibleDC
GetObjectW
CreateCompatibleBitmap
CreateFontIndirectW
CreateSolidBrush
CreatePen
GetCharWidthW

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegCloseKey
RegCreateKeyExA
RegSetValueExA
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegOpenKeyExA
RegQueryValueExA
RegQueryValueW
RegOpenKeyExW

shell32

ShellExecuteW
SHGetFolderPathW
DragAcceptFiles
DragFinish
DragQueryFileW
ShellExecuteExW
SHFileOperationW

comctl32

_TrackMouseEvent

shlwapi

PathFindExtensionW
PathRemoveFileSpecW
PathStripToRootW
PathFindFileNameW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoTaskMemFree
CoInitializeEx
CoUninitialize
CreateILockBytesOnHGlobal

oleaut32

VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString
SysFreeString
SysStringLen

winmm

PlaySoundW

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 455KB - Virtual size: 456KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
travedit.dll
.dll windows:5 windows x86 arch:x86

793264a1d623041f583729f6f44a39f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\trproject\trunk\travedit\bin\travedit.pdb

Imports

trmpg

ord5
ord2
ord3
ord4
ord1

traviutil

?ExitAVIPack@IAVIPack@@SAXXZ
?InitAVIPack@IAVIPack@@SAXPAUHINSTANCE__@@@Z
?attach@IAVIPack@@SAXPAUHWND__@@@Z
?CreateIAVIPack@@YAPAVIAVIPack@@XZ

trrmutil

ord1
ord3
ord2

trwmvutil

ord1
ord2
ord3

trmediainfo

ord3

trencoder

ord1
ord3
ord2
ord4

kernel32

GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetProcessHeap
SetEndOfFile
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
LoadLibraryA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
CloseHandle
CreateFileW
GetFileSize
SetFilePointer
GetModuleFileNameW
lstrlenW
WideCharToMultiByte
GetLastError
lstrlenA
MultiByteToWideChar
WriteFile
Sleep
CreatePipe
CreateProcessW
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
PeekNamedPipe
LoadLibraryW
GetProcAddress
FreeLibrary
FormatMessageW
LocalFree
RtlUnwind
GetCurrentProcessId
GetTickCount
ReadFile
GetCommandLineA
QueryPerformanceCounter
GetEnvironmentStringsW
HeapFree
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetConsoleCP
GetConsoleMode
GetCurrentThreadId
GetModuleHandleA
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
HeapReAlloc
GetStdHandle
GetModuleFileNameA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
VirtualAlloc
RaiseException
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
SetStdHandle
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW

user32

wsprintfW
LoadStringW

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextA

ole32

CoCreateInstance

Exports

Exports

??0ITRAVCut@@QAE@ABV0@@Z
??0ITRAVCut@@QAE@XZ
??0ITRAVEditCallback@@QAE@ABV0@@Z
??0ITRAVEditCallback@@QAE@XZ
??0ITRAVMerge@@QAE@ABV0@@Z
??0ITRAVMerge@@QAE@XZ
??1ITRAVCut@@UAE@XZ
??1ITRAVMerge@@UAE@XZ
??4ITRAVCut@@QAEAAV0@ABV0@@Z
??4ITRAVEditCallback@@QAEAAV0@ABV0@@Z
??4ITRAVMerge@@QAEAAV0@ABV0@@Z
??_7ITRAVCut@@6B@
??_7ITRAVEditCallback@@6B@
??_7ITRAVMerge@@6B@
?CreateITRAVCut@@YAPAVITRAVCut@@XZ
?CreateITRAVMerge@@YAPAVITRAVMerge@@XZ
?DestroyITRAVCut@@YAXPAVITRAVCut@@@Z
?DestroyITRAVMerge@@YAXPAVITRAVMerge@@@Z
?ExitTREdit@@YAXXZ
?InitTREdit@@YAXPAUHINSTANCE__@@@Z
?TRGetMediaType@@YAHPB_WAA_J@Z
?attachTREdit@@YAXPAUHWND__@@@Z

Sections

.text
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
troprmediafmt.dll
.dll windows:5 windows x86 arch:x86

679df76a57c2210a81bd7eb153d5aa92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\trproject\trunk\bin\troprmediafmt.pdb

Imports

trmediaprofiles

??0tr_mediaprofileset@@QAE@XZ
?load@tr_mediaprofileset@@QAE_NPB_W@Z
?save@tr_mediaprofileset@@QAE_NPB_W@Z
?getfilename@tr_mediaprofileset@@QAEPB_WXZ
?get_main@tr_mediaprofileset@@QAEAAV?$map@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@2@@std@@XZ
??0tr_mediaprofile@@QAE@XZ
??1tr_mediaprofile@@QAE@XZ
?get_value@acodec_param@@QAEPB_WPB_W@Z
?get_value@tr_mediaprofile@@QAEPB_WPB_W@Z
?set_value@tr_mediaprofile@@QAEHPB_W0@Z
?get_vcodec_value@tr_mediaprofile@@QAEPB_WPB_W@Z
?set_vcodec_value@tr_mediaprofile@@QAEHPB_W0@Z
?get_acodec_value@tr_mediaprofile@@QAEPB_WPB_W@Z
?set_acodec_value@tr_mediaprofile@@QAEHPB_W0@Z
?tkv_get_value@@YAPB_WAAV?$map@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@2@@std@@PB_W@Z
?get_acodec_param@tr_mediaprofileset@@QAEAAV?$map@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@Vacodec_param@@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@Vacodec_param@@@std@@@2@@std@@XZ
?get_vcodec_param@tr_mediaprofileset@@QAEAAV?$map@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@Vvcodec_param@@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@Vvcodec_param@@@std@@@2@@std@@XZ
?get_profiles@tr_mediaprofileset@@QAEAAV?$map@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@Vtr_mediaprofile@@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@Vtr_mediaprofile@@@std@@@2@@std@@XZ
?find_profile@tr_mediaprofileset@@QAEPAVtr_mediaprofile@@PB_W_N@Z
?find_profile@tr_mediaprofileset@@QAEPAVtr_mediaprofile@@PB_W@Z
?clone_profile@tr_mediaprofileset@@QAE_NPB_WAAVtr_mediaprofile@@@Z
?add_profile@tr_mediaprofileset@@QAE_NAAVtr_mediaprofile@@@Z
?remove_profile@tr_mediaprofileset@@QAE_NPB_W@Z
?find_audio_sample_rate@tr_mediaprofileset@@QAEPAV?$map@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$map@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@2@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@2@@std@@@2@@2@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$map@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@2@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@2@@std@@@2@@2@@std@@@2@@std@@PB_W0@Z
?find_audio_channels@tr_mediaprofileset@@QAEPAV?$map@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@2@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@2@@std@@@2@@std@@PB_W00@Z
?has_video_param@tr_mediaprofileset@@QAE_NXZ
?has_audio_param@tr_mediaprofileset@@QAE_NXZ
?get_nr@vcodec_param@@QAEPB_WPB_W0@Z

kernel32

WritePrivateProfileStringW
WriteFile
SetFilePointer
FlushFileBuffers
GetCurrentProcess
InterlockedIncrement
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
HeapAlloc
HeapFree
HeapReAlloc
RtlUnwind
RaiseException
Sleep
ExitProcess
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
VirtualAlloc
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
lstrlenA
GlobalFlags
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedDecrement
CloseHandle
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryExW
InterlockedExchange
GetModuleHandleA
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryW
CompareStringW
LoadLibraryA
FreeLibrary
lstrcmpW
GetModuleHandleW
GetProcAddress
GetVersionExA
GlobalAlloc
FormatMessageW
LocalFree
MulDiv
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
GetLastError
SetLastError
lstrlenW
WideCharToMultiByte
GetModuleFileNameW
GetVersionExW
MultiByteToWideChar
LockResource
SizeofResource
LoadResource
FindResourceW

user32

GetWindowThreadProcessId
ValidateRect
GetCursorPos
TranslateMessage
GetMessageW
UnregisterClassW
GetSysColorBrush
LoadCursorW
DestroyMenu
ShowWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetTopWindow
SetCursor
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetClientRect
PostMessageW
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindowTextLengthW
GetWindowTextW
GetWindow
SetFocus
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
GetMenuState
PostQuitMessage
EndPaint
BeginPaint
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
UnhookWindowsHookEx
EnableMenuItem
CheckMenuItem
GetWindowRect
GetDC
ReleaseDC
SendMessageW
EnableWindow

gdi32

SetMapMode
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SaveDC
DeleteDC
GetStockObject
RestoreDC
GetObjectW
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
CreateBitmap
GetTextExtentPoint32W
DeleteObject

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shlwapi

PathFindExtensionW
PathFindFileNameW

oleaut32

VariantInit
VariantChangeType
VariantClear

Exports

Exports

_get_mediachannels@24
_get_medianame@8
_get_mediaparam@16
_get_mediaprofilename@16
_save_mediaprofile@0
_select_mediaprofile1@24
_select_mediaprofile2@20
_select_mediaprofile3@16
_set_mediaparam@20

Sections

.text
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 16KB - Virtual size: 16KB

5633fea6a9f20a690e821cc321aabcbd

Headers

DLL Characteristics

File Characteristics

Imports

travedit

trmediainfo

trmscrpf

trencoder

trmediaprofiles

troprmediafmt

trcrptutil

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

winmm

Sections

.text Size: 478KB - Virtual size: 477KB

.rdata Size: 103KB - Virtual size: 103KB

.data Size: 14KB - Virtual size: 35KB

.rsrc Size: 455KB - Virtual size: 456KB

793264a1d623041f583729f6f44a39f4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

trmpg

traviutil

trrmutil

trwmvutil

trmediainfo

trencoder

kernel32

user32

advapi32

ole32

Exports

Exports

Sections

.text Size: 170KB - Virtual size: 169KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 7KB - Virtual size: 21KB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 10KB - Virtual size: 10KB

679df76a57c2210a81bd7eb153d5aa92

Headers

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 16KB - Virtual size: 16KB

.text
Size: 478KB - Virtual size: 477KB

.rdata
Size: 103KB - Virtual size: 103KB

.data
Size: 14KB - Virtual size: 35KB

.rsrc
Size: 455KB - Virtual size: 456KB

.text
Size: 170KB - Virtual size: 169KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 7KB - Virtual size: 21KB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 10KB - Virtual size: 10KB

.text
Size: 178KB - Virtual size: 178KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 9KB - Virtual size: 23KB

.rsrc
Size: 17KB - Virtual size: 20KB

.reloc
Size: 30KB - Virtual size: 30KB