75066fddbacd6f20fb2cbfd4ff02261996c00492d8f72ed3dde2f8ab619c0eb1

Sharing

Copy URL

Twitter E-mail

General

Target

75066fddbacd6f20fb2cbfd4ff02261996c00492d8f72ed3dde2f8ab619c0eb1
Size

1.2MB
MD5

25b6615e79ec40e50d4458c1ebdc9586
SHA1

996f140ce0b59020ab57d44f907a23d7295abf6a
SHA256

75066fddbacd6f20fb2cbfd4ff02261996c00492d8f72ed3dde2f8ab619c0eb1
SHA512

27b129be3c64875a41fc89d159c2a583a43384ee9620b33cfaa1b1902d32afa226233cf7baf4c177d9222720bb112fa73f5d9b196dd5e6b76c8d9f8b479f88d2
SSDEEP

12288:CQu2zFIhc6Pw+rtLjPIozmDy5a9TQxFqONaQUWdPzO/MwRxnE5D3xBG:tzFyjPIKm25a9TQxFNaQbPMFRy5S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
75066fddbacd6f20fb2cbfd4ff02261996c00492d8f72ed3dde2f8ab619c0eb1

Files

75066fddbacd6f20fb2cbfd4ff02261996c00492d8f72ed3dde2f8ab619c0eb1
.dll windows:5 windows x86 arch:x86

59b867b7b695a18cf24a963b99cec451

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\workspace\avc\dvd-plugin-support\obj\Release\mpeg2lib\mpeg2lib.pdb

Imports

kernel32

MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
CloseHandle
SetEvent
CreateEventA
GetVersion
CreateFileA
DeviceIoControl
FreeLibrary
ReleaseSemaphore
LoadLibraryA
GetProcAddress
ResetEvent
CreateSemaphoreA
InitializeCriticalSection
CreateThread
DeleteCriticalSection
GetTempFileNameA
GetLastError
GetLocalTime
VirtualQuery
GetModuleFileNameA
GetTempPathA
DeleteFileA
MoveFileA
WideCharToMultiByte
SystemTimeToFileTime
CreateFileW
SetFilePointer
GetFileSize
GetFileInformationByHandle
ReadFile
SetFileTime
WriteFile
SetEndOfFile
GetStdHandle
CompareFileTime
VirtualAlloc
VirtualFree
Sleep
InterlockedCompareExchange
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedExchange

user32

CharLowerA
MessageBoxA
CharToOemA
CharUpperW
CharUpperA
CharLowerW
CharPrevExA
GetActiveWindow

oleaut32

VariantClear
VariantCopy
SysAllocString

libmmd

_CIsin
__libm_sse2_sincos
__libm_sse2_cos
__libm_sse2_atan
_CIcos
__libm_sse2_sin

msvcr90

free
fopen
fclose
malloc
calloc
_aligned_malloc
_open
_wopen
_lseek
_close
strtok
toupper
_read
remove
_write
realloc
fwrite
rand
fseek
fread
_findfirst64i32
_findclose
printf
strncpy
__iob_func
fprintf
_except_handler3
fputs
strchr
srand
memset
??3@YAXPAX@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
memcpy_s
??0exception@std@@QAE@ABQBD@Z
_CxxThrowException
??2@YAPAXI@Z
memmove_s
__CxxFrameHandler
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
?what@exception@std@@UBEPBDXZ
??_V@YAXPAX@Z
_vsnprintf
_mbsrchr
ftell
_mbsnbcpy
??_U@YAPAXI@Z
_purecall
memmove
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_unlock
__dllonexit
_lock
_onexit
__clean_type_info_names_internal
_except_handler4_common
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
strrchr
_aligned_free
sprintf
memcpy
_strdup
_stricmp
strncmp
_strnicmp

msvcp90

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?_Xran@_String_base@std@@SAXXZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?allocate@?$allocator@D@std@@QAEPADI@Z
?_Xlen@_String_base@std@@SAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

Exports

Exports

?dvd_image_GetBootImage@@YA_JPAUdvd_image_t@@PAE@Z
?dvd_image_GetBootImageSize@@YA_JPAUdvd_image_t@@@Z
?dvd_image_GetChild@@YAHPBUdvd_dir_t@@HPADHPAH2@Z
?dvd_image_GetDirChildCount@@YAHPAUdvd_dir_t@@@Z
?dvd_image_GetDirDate@@YA?AU_FILETIME@@PAUdvd_dir_t@@@Z
?dvd_image_GetFileDate@@YA?AU_FILETIME@@PAUdvd_file_t@@@Z
?dvd_image_GetVolumeDescriptor@@YAHPAUdvd_image_t@@PAUISOVolumeDiscriptor@@@Z
?dvd_image_IsDir@@YAHPAUdvd_dir_t@@@Z
?dvd_image_IsoCanBoot@@YAHPAUdvd_image_t@@@Z
ConvYUVtoRGB16_pitched
ConvYUVtoRGB24
ConvYUVtoRGB24_ex
ConvYUVtoRGB32
ConvYUVtoYUY2
ConvYUVtoYUY2_pitched
ConvYUVtoYV12
Current_Lba
DeCSSEnd
DeCSSGetCurrentFile
DeCSSGetData
DeCSSGetFileSize
DeCSSGetLba
DeCSSGetLbaError
DeCSSInit
DeCSSParseIFO
DeCSSReInit
DeCSSRestart
DeCSSSeek
DeCSSSetProcess
DecssGetIfoInfo
DecssGetIfoInfoSize
ExitLoop
GetUserBreakFlag
IsEncrypted
MPEG2DecodeData
MPEG2EndDec
MPEG2FreeVobName
MPEG2GetChannels
MPEG2GetCurrentFrameData
MPEG2GetDownsampling
MPEG2GetDvdDir
MPEG2GetFrame
MPEG2GetFrameData
MPEG2GetHeight
MPEG2GetLbaPos
MPEG2GetNbFrame
MPEG2GetNbSample
MPEG2GetPass
MPEG2GetPgcTime
MPEG2GetRatio
MPEG2GetSample
MPEG2GetSampleFrequency
MPEG2GetTime
MPEG2GetVobName
MPEG2GetVolume
MPEG2GetWidth
MPEG2InitDec
MPEG2InitDecVob
MPEG2ReInit
MPEG2ScanFiles
MPEG2Seek
MPEG2SetDownsampling
MPEG2SetPass
MPEG2SetSubtitle
MPEG2SetVolume
MPEG2_GetSubColor
MPEG2_GetSubOffset
MPEG2_GetSubTrans
MPEG2_SetSubColor
MPEG2_SetSubOffset
MPEG2_SetSubTrans
MPEG2_SetSubtitleColor
MPEG2_SetSubtitlePos
MPEG2_UnSetSubtitlePos
MPEG2_UnUseCustomSubColor
SetInstallAspiProc
SetLogProc
SetProgressProc
SetYieldTimeProc
dvd_image_Close
dvd_image_CloseDir
dvd_image_CloseFile
dvd_image_GetFileSize
dvd_image_GetRootDir
dvd_image_GetVolume
dvd_image_OpenA
dvd_image_OpenDir
dvd_image_OpenFile
dvd_image_ReadFile
dvd_image_Seek
fio_read_thread_init
fio_read_thread_uninit
free_ifo_info
ifoGetInfo
ifo_info
mmx_ConvertRGB24toYUY2
mpeg2_ExitLoop
mpeg2_SetLogProc
mpeg2_SetProgressProc
mpeg2_SetYieldTimeProc
mpeg2_StopRip
mpeg_free

Sections

.text
Size: 640KB - Virtual size: 640KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

59b867b7b695a18cf24a963b99cec451

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

oleaut32

libmmd

msvcr90

msvcp90

Exports

Exports

Sections

.text Size: 640KB - Virtual size: 640KB

.text1 Size: 9KB - Virtual size: 9KB

.rdata Size: 129KB - Virtual size: 128KB

.data Size: 165KB - Virtual size: 5.4MB

.idata Size: 6KB - Virtual size: 5KB

.data1 Size: 34KB - Virtual size: 34KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 62KB - Virtual size: 61KB

.text Size: 160KB - Virtual size: 160KB

.text
Size: 640KB - Virtual size: 640KB

.text1
Size: 9KB - Virtual size: 9KB

.rdata
Size: 129KB - Virtual size: 128KB

.data
Size: 165KB - Virtual size: 5.4MB

.idata
Size: 6KB - Virtual size: 5KB

.data1
Size: 34KB - Virtual size: 34KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 62KB - Virtual size: 61KB

.text
Size: 160KB - Virtual size: 160KB