ffmpeg[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ffmpeg.exe
Size

54.2MB
MD5

d8185c8dfd4ff0ff14946d1490dfb02c
SHA1

7e5b9b850e982fb3fed0dd05eaa2328c3b0c2517
SHA256

6969f4e23bb922d64772182a9181becc75aa1c5c31c9ff14e9c694965c7de0c2
SHA512

b4ca06b3eb7d3937747d3860e98a9107add6ee1b11c5da77bc785b328a1af97a91c1dfec69730ac6fe3590d816ad0420a7c35ccbbcf1b2acf1619c6869d5deb0
SSDEEP

393216:D6WDFMvslEz76rxBxW+QjJPEJYtyLAo4xUxgnX4zUoT3vPu7R6OMYbgNvnjTDQg+:D6Fsl58uT33sgCT+TM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ffmpeg.exe

Files

ffmpeg.exe
.exe windows:6 windows x64 arch:x64

005ec9e51f5f2186230184ea5afcb8b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\FFmpegBin\FFmpegBin\buildtrees\ffmpeg\x64-windows-static-release-rel\ffmpeg_g.pdb

Imports

psapi

GetProcessMemoryInfo

ole32

CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
PropVariantClear
CoInitialize
CreateBindCtx
OleLoadFromStream
CoGetMalloc
OleSaveToStream
CLSIDFromString
StringFromGUID2

oleaut32

OleCreatePropertyFrame
SysFreeString

shlwapi

SHCreateStreamOnFileA

gdi32

GetObjectA
CombineRgn
CreateCompatibleDC
CreateRectRgn
DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject
BitBlt
CreateSolidBrush
CreateCompatibleBitmap
CreateDCW
GetDIBits
CreateBitmap
GetICMProfileW
GetDeviceGammaRamp
SetDeviceGammaRamp
CreateFontIndirectW
GetTextExtentPoint32A
GetTextMetricsW
ChoosePixelFormat
DescribePixelFormat
GetPixelFormat
SelectObject
SetPixelFormat
SwapBuffers
EnumFontFamiliesW
GetTextFaceW
CreateDIBSection
GetDIBColorTable

avicap32

capGetDriverDescriptionA
capCreateCaptureWindowA

opengl32

glTexSubImage2D
glTexParameteri
glTexImage2D
glPixelStorei
glGetString
glGetIntegerv
glGetError
glViewport
glEnable
glDrawElements
glDeleteTextures
glClearColor
glClear
glBlendFunc
glBindTexture
wglGetProcAddress
glGenTextures

kernel32

MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
LoadLibraryA
OutputDebugStringW
CreateFileW
GetFileSizeEx
ReadFile
SetFilePointer
SetFilePointerEx
WriteFile
SetErrorMode
GetTickCount
MulDiv
SetThreadExecutionState
ExitProcess
TerminateProcess
GlobalMemoryStatusEx
GetSystemInfo
CreateDirectoryW
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
ReleaseSemaphore
CreateSemaphoreW
GetEnvironmentVariableA
SetEnvironmentVariableA
IsDebuggerPresent
RaiseException
CreateThread
GetCurrentThread
SetThreadPriority
QueryPerformanceCounter
QueryPerformanceFrequency
VerSetConditionMask
CreateFileA
DeviceIoControl
GetOverlappedResult
CancelIo
CreateEventW
FormatMessageW
VerifyVersionInfoW
TlsAlloc
TlsGetValue
TlsSetValue
GlobalAlloc
GlobalUnlock
GlobalLock
CompareStringA
GetModuleHandleExW
GetFileTime
GetSystemPowerStatus
GetLocaleInfoA
InitOnceComplete
FlsGetValue
FlsAlloc
GetConsoleCP
GetCommandLineA
GetConsoleOutputCP
GetTimeZoneInformation
SetStdHandle
RemoveDirectoryW
InitOnceBeginInitialize
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
DeleteFileW
FreeLibraryAndExitThread
ResumeThread
ExitThread
RtlUnwind
InterlockedPushEntrySList
RtlPcToFileHeader
RtlUnwindEx
GetCPInfo
LoadLibraryExW
LCMapStringEx
DecodePointer
EncodePointer
GetStringTypeW
GetProcessAffinityMask
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
SetThreadGroupAffinity
GetNumaNodeProcessorMaskEx
GetNumaHighestNodeNumber
GetThreadPriority
DebugBreak
GetThreadGroupAffinity
GetNativeSystemInfo
SleepConditionVariableCS
InitializeCriticalSectionEx
ReadConsoleW
ReadConsoleA
SetConsoleMode
ConvertThreadToFiberEx
ConvertFiberToThread
GetEnvironmentVariableW
GetFileType
GetCurrentProcessId
RtlVirtualUnwind
CreateSemaphoreA
GetExitCodeThread
FormatMessageA
GetSystemDirectoryA
SystemTimeToFileTime
GetSystemTime
CreateFiberEx
DeleteFiber
SwitchToFiber
VirtualFree
AcquireSRWLockShared
ReleaseSRWLockShared
SetLastError
FindFirstFileW
lstrcmpiA
IsValidCodePage
lstrcpyA
lstrcpynA
GlobalFree
GlobalHandle
GetACP
TlsFree
GetModuleFileNameA
GetModuleHandleA
InitOnceExecuteOnce
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc
InitializeCriticalSection
AreFileApisANSI
FindNextFileW
FindFirstFileExW
FindClose
LoadLibraryExA
GetProcAddress
FreeLibrary
GetLastError
WaitForMultipleObjects
CreateEventA
CreateMutexA
WaitForSingleObject
ReleaseMutex
ResetEvent
SetEvent
DuplicateHandle
SetConsoleCtrlHandler
GetConsoleMode
GetCurrentProcess
GetProcessTimes
Sleep
PeekNamedPipe
GetStdHandle
SetDllDirectoryA
LocalFree
GetModuleFileNameW
GetCommandLineW
SleepConditionVariableSRW
WakeAllConditionVariable
InitializeConditionVariable
PeekConsoleInputA
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
SetEndOfFile
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
WideCharToMultiByte
MultiByteToWideChar
GetSystemTimeAsFileTime
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
WriteConsoleW
GetModuleHandleW
GetSystemDirectoryW
CancelIoEx
MoveFileExW
MoveFileExA
TryAcquireSRWLockExclusive
WakeConditionVariable
GetFullPathNameW
WaitForSingleObjectEx
CloseHandle
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
GetCurrentDirectoryW
HeapSize
HeapQueryInformation
SetEnvironmentVariableW
GetFileAttributesExW
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetNumberOfConsoleInputEvents
ReadConsoleInputW
CompareStringW

user32

MessageBoxW
DispatchMessageA
PeekMessageA
DefWindowProcA
CreateWindowExA
GetUserObjectInformationW
ShowWindow
GetSystemMetrics
DrawIcon
GetDC
ReleaseDC
BeginPaint
EndPaint
GetProcessWindowStation
DestroyWindow
wsprintfA
SetWindowRgn
GetClientRect
GetWindowRect
AdjustWindowRectEx
FrameRect
SetWindowLongPtrA
FindWindowW
LoadCursorA
DestroyCursor
PostThreadMessageW
GetMessageW
GetRawInputDeviceList
GetRawInputDeviceInfoA
SystemParametersInfoA
DrawTextW
GetDlgItem
EndDialog
DialogBoxIndirectParamW
MonitorFromWindow
MonitorFromRect
CreateIconFromResource
SetWindowsHookExW
GetWindowThreadProcessId
GetParent
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
PtInRect
IntersectRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RemovePropW
SetPropW
SetForegroundWindow
SetActiveWindow
GetFocus
SetFocus
FlashWindowEx
SetLayeredWindowAttributes
CreateWindowExW
RegisterClassW
AttachThreadInput
SendMessageW
RegisterRawInputDevices
SystemParametersInfoW
CreateIconIndirect
CopyImage
LoadCursorW
SetCursorPos
ReleaseCapture
SetCapture
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
EnumDisplayDevicesW
EnumDisplaySettingsW
ChangeDisplaySettingsExW
MapVirtualKeyW
ToUnicode
GetKeyboardState
GetKeyboardLayout
IsClipboardFormatAvailable
EmptyClipboard
GetClipboardData
SetClipboardData
GetClipboardSequenceNumber
CloseClipboard
OpenClipboard
RegisterClassExA
UnregisterClassA
UnregisterDeviceNotification
RegisterDeviceNotificationW
GetDoubleClickTime
RegisterWindowMessageA
GetRawInputData
DestroyIcon
LoadIconW
CallNextHookEx
GetWindowLongW
FillRect
ClipCursor
ScreenToClient
ClientToScreen
GetClipCursor
GetCursorPos
SetCursor
GetPropW
ValidateRect
InvalidateRect
GetUpdateRect
GetForegroundWindow
GetMenu
KillTimer
SetTimer
MsgWaitForMultipleObjects
GetAsyncKeyState
GetKeyState
IsIconic
SetWindowPos
GetClassInfoExW
RegisterClassExW
UnregisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
GetMessageExtraInfo
PeekMessageW
DispatchMessageW
TranslateMessage
TrackMouseEvent
MessageBoxA
GetDesktopWindow
GetWindowLongPtrA
SendMessageA
GetCursorInfo
GetIconInfo
CopyIcon
UnhookWindowsHookEx

winmm

waveOutOpen
waveOutClose
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutWrite
waveOutReset
waveInGetNumDevs
waveOutGetErrorTextW
waveInOpen
waveInClose
waveInPrepareHeader
waveInUnprepareHeader
waveInAddBuffer
waveInStart
waveInReset
waveOutGetDevCapsW
waveOutGetNumDevs
timeBeginPeriod
timeEndPeriod
waveInGetDevCapsW

imm32

ImmSetCandidateWindow
ImmSetCompositionWindow
ImmNotifyIME
ImmGetCandidateListW
ImmSetCompositionStringW
ImmGetCompositionStringW
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmGetIMEFileNameA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

advapi32

GetTokenInformation
ReportEventW
RegQueryValueExW
GetUserNameA
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
RegQueryValueExA
CryptAcquireContextW
RegOpenKeyExW
RegCloseKey
RegisterEventSourceW
DeregisterEventSource
CryptGenRandom
CryptReleaseContext
CryptDestroyKey
GetSidSubAuthority
OpenProcessToken
GetSidSubAuthorityCount
RegEnumValueA
RegOpenKeyExA

setupapi

SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
CM_Get_Device_IDA
CM_Get_Parent
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
CM_Locate_DevNodeA
SetupDiEnumDeviceInterfaces

shell32

CommandLineToArgvW
DragFinish
ShellExecuteW
SHGetSpecialFolderPathA
ExtractIconExW
SHGetFolderPathW
DragAcceptFiles
DragQueryFileW

cfgmgr32

CM_Get_Device_ID_ListW
CM_Get_Device_IDW
CM_Get_Device_ID_List_SizeW
CM_Get_DevNode_Registry_PropertyW
CM_Get_DevNode_Status
CM_Get_Sibling
CM_Get_Child
CM_Locate_DevNodeW
CM_Open_DevNode_Key

ws2_32

WSASendTo
WSARecvFrom
getservbyname
getservbyport
gethostbyname
gethostbyaddr
inet_ntoa
gethostname
select
ioctlsocket
__WSAFDIsSet
getpeername
getsockname
shutdown
send
recv
sendto
recvfrom
ntohs
htons
WSAGetLastError
WSACleanup
WSAStartup
socket
setsockopt
ntohl
listen
getsockopt
WSAStringToAddressA
closesocket
bind
accept
getnameinfo
freeaddrinfo
getaddrinfo
connect
inet_addr
htonl
WSASetLastError

crypt32

CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertCloseStore
CertOpenStore
CertOpenSystemStoreW

bcrypt

BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptGenRandom

Exports

Exports

_libiconv_version
iconv_canonicalize
libiconv
libiconv_close
libiconv_open
libiconv_open_into
libiconvctl
libiconvlist
locale_charset

Sections

.text
Size: 37.9MB - Virtual size: 37.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14.9MB - Virtual size: 14.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 223KB - Virtual size: 24.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1015KB - Virtual size: 1014KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

005ec9e51f5f2186230184ea5afcb8b6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

ole32

oleaut32

shlwapi

gdi32

avicap32

opengl32

kernel32

user32

winmm

imm32

version

advapi32

setupapi

shell32

cfgmgr32

ws2_32

crypt32

bcrypt

Exports

Exports

Sections

.text Size: 37.9MB - Virtual size: 37.9MB

.rodata Size: 2KB - Virtual size: 2KB

.rdata Size: 14.9MB - Virtual size: 14.9MB

.data Size: 223KB - Virtual size: 24.5MB

.pdata Size: 1015KB - Virtual size: 1014KB

.rodata Size: 1024B - Virtual size: 932B

_RDATA Size: 1024B - Virtual size: 1012B

.reloc Size: 218KB - Virtual size: 217KB

.text
Size: 37.9MB - Virtual size: 37.9MB

.rodata
Size: 2KB - Virtual size: 2KB

.rdata
Size: 14.9MB - Virtual size: 14.9MB

.data
Size: 223KB - Virtual size: 24.5MB

.pdata
Size: 1015KB - Virtual size: 1014KB

.rodata
Size: 1024B - Virtual size: 932B

_RDATA
Size: 1024B - Virtual size: 1012B

.reloc
Size: 218KB - Virtual size: 217KB