18bffcb06145a25cb5d7affe6b602af2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

18bffcb06145a25cb5d7affe6b602af2_JaffaCakes118
Size

1.0MB
MD5

18bffcb06145a25cb5d7affe6b602af2
SHA1

92de30388c9918c869f45ea7b5f0168d9a9224d6
SHA256

19a281fb881455d3a58cb60883b1139573a39f3742dfe9efdb6c5ce77243ed48
SHA512

8581f732182b78ad1402a74eaddae4ecb754b4dc02497511fd8de07d9ac4e654eaa97cda6c43380e3ffd0fc9b1a0af928a3529eb9024605b35fb9af7b88b556c
SSDEEP

24576:VMaVc+Qd2/myN72QZEW6asZbdfRzW3uNM6W5AE/9sGuTAYPq:Ca+t8/mPQHhC/f0mm0THq

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack002/nLame.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/nLame.dll	upx

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/sdvdinst.exe
unpack002/nLame.dll
unpack002/sdvd-uninst.exe
unpack002/sdvdrip.exe
unpack002/xvid.ax
unpack002/xvidcore.dll
unpack002/xvidvfw.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/sdvdinst.exe	nsis_installer_1
static1/unpack002/sdvd-uninst.exe	nsis_installer_1

Files

18bffcb06145a25cb5d7affe6b602af2_JaffaCakes118
.rar
sdvdinst.exe
.exe windows:4 windows x86 arch:x86

9632e80596371cfa7f563f680f3c4498

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

kernel32

SetErrorMode
GetExitCodeProcess
WaitForSingleObject
ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
FindNextFileA
DeleteFileA
FindFirstFileA
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetModuleHandleA
ExitProcess
lstrcpynA
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
EnterCriticalSection
Sleep
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
GlobalFree
LoadLibraryA
GetProcAddress
CreateThread
FreeLibrary
MultiByteToWideChar
GetCurrentProcess
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
MulDiv
CopyFileA

user32

CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
ExitWindowsEx
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
PostQuitMessage

gdi32

GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateBrushIndirect
CreateFontA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
nLame.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

nlame_callback_set
nlame_delete
nlame_encode_buffer
nlame_encode_buffer_interleaved
nlame_encode_buffer_mono
nlame_encode_flush
nlame_encode_flush_nogap
nlame_histogram_get
nlame_init_params
nlame_lame_string_get
nlame_lame_version_get
nlame_lame_version_get_num
nlame_lame_version_get_psy_num
nlame_new
nlame_var_get_int
nlame_var_set_int
nlame_write_vbr_infotag

Sections

UPX0
Size: - Virtual size: 424KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 105KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
sdvd-uninst.exe
.exe windows:4 windows x86 arch:x86

9632e80596371cfa7f563f680f3c4498

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

kernel32

SetErrorMode
GetExitCodeProcess
WaitForSingleObject
ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
FindNextFileA
DeleteFileA
FindFirstFileA
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetModuleHandleA
ExitProcess
lstrcpynA
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
EnterCriticalSection
Sleep
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
GlobalFree
LoadLibraryA
GetProcAddress
CreateThread
FreeLibrary
MultiByteToWideChar
GetCurrentProcess
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
MulDiv
CopyFileA

user32

CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
ExitWindowsEx
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
PostQuitMessage

gdi32

GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateBrushIndirect
CreateFontA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sdvdrip.chm
.chm
sdvdrip.exe
.exe windows:4 windows x86 arch:x86

ef31b4d188db8f2831dae2ca3d160a4e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvfw32

ICSendMessage
ICSeqCompressFrame
ICSeqCompressFrameEnd
ICCompressorFree
ICOpen
ICCompressorChoose
ICSeqCompressFrameStart

avifil32

AVIStreamRelease
AVIMakeCompressedStream
AVIFileRelease
AVIFileExit
AVIFileCreateStreamA
AVIStreamWrite
AVIFileOpenA
AVIFileInit
AVIStreamSetFormat

msacm32

acmDriverClose
acmStreamClose
acmStreamUnprepareHeader
acmMetrics
acmFormatChooseA
acmStreamOpen
acmDriverDetailsA
acmDriverOpen
acmStreamPrepareHeader
acmStreamSize
acmDriverEnum
acmStreamConvert

mfc42

ord692
ord6215
ord2379
ord2575
ord4396
ord3574
ord4299
ord2864
ord2860
ord2859
ord1146
ord3721
ord3571
ord4220
ord2584
ord3654
ord3626
ord2414
ord2438
ord1644
ord6111
ord1641
ord941
ord2405
ord2086
ord4160
ord755
ord470
ord2714
ord924
ord537
ord1105
ord860
ord2841
ord2107
ord3698
ord2645
ord6453
ord926
ord4133
ord4297
ord6119
ord5781
ord3573
ord3693
ord3639
ord2713
ord6157
ord5981
ord809
ord556
ord4275
ord4284
ord2122
ord5053
ord5788
ord472
ord283
ord5875
ord613
ord6880
ord289
ord6358
ord1088
ord2567
ord4123
ord3873
ord3089
ord2408
ord2096
ord384
ord6654
ord6172
ord5789
ord3742
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord818
ord616
ord1153
ord2152
ord2431
ord5794
ord686
ord2863
ord6734
ord2078
ord3716
ord790
ord3619
ord3546
ord4673
ord4274
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord2621
ord1134
ord4401
ord2581
ord4219
ord2024
ord2413
ord6366
ord1771
ord1168
ord3874
ord656
ord567
ord3610
ord4424
ord3402
ord5290
ord1776
ord6055
ord6394
ord5450
ord6383
ord5440
ord323
ord6605
ord1640
ord5785
ord640
ord858
ord535
ord4224
ord795
ord609
ord765
ord2642
ord823
ord2302
ord540
ord800
ord3663
ord4234
ord2358
ord641
ord825
ord324
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4710
ord4998
ord4853
ord4376
ord5265
ord6199
ord3706
ord1576

msvcrt

qsort
_iob
_purecall
_beginthread
fprintf
vfprintf
fflush
ftell
vsprintf
strtok
_CIfmod
_read
_write
_open
_lseek
calloc
remove
rand
srand
modf
floor
fscanf
ceil
_except_handler3
sscanf
exit
_setmbcp
_fileno
_fstat
_stat
__dllonexit
_chdir
_strdup
isupper
islower
strerror
__mb_cur_max
_errno
clearerr
_snprintf
_vsnprintf
_pctype
_isctype
_close
_CIpow
tolower
strncpy
_stricmp
strchr
_findnext
strstr
_findfirst
_findclose
fopen
fread
fseek
fwrite
fclose
time
ctime
toupper
isalpha
isdigit
strncmp
atoi
strrchr
atof
__CxxFrameHandler
printf
_msize
realloc
_ftol
sprintf
malloc
free
_onexit
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_unlink
_controlfp

kernel32

WaitForSingleObject
GetTempFileNameA
GetTempPathA
VirtualAlloc
DeleteFileA
CreateEventA
SetFilePointer
CreateThread
Sleep
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleHandleA
SizeofResource
LoadResource
FindResourceA
SetLastError
SetEndOfFile
FlushFileBuffers
GetLocalTime
CreateMutexA
ResetEvent
ReleaseMutex
GetDriveTypeA
GetVersionExA
DeviceIoControl
OutputDebugStringA
GetStartupInfoA
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThread
SetThreadPriority
SetEvent
EnterCriticalSection
LeaveCriticalSection
WriteFile
ReadFile
GetVolumeInformationA
GetVersion
GetLastError
GlobalMemoryStatus
GetUserDefaultLangID
GetCurrentProcess
SetPriorityClass
GetSystemDirectoryA
lstrlenA
FreeLibrary
GetProcAddress
LoadLibraryA
CloseHandle
CreateFileA
VirtualFree
GetTickCount

user32

ScreenToClient
GetSysColorBrush
RegisterClassExA
LoadImageA
GetIconInfo
CreateIconIndirect
FillRect
DrawStateA
CopyRect
FrameRect
InflateRect
DrawFocusRect
GetSubMenu
TrackPopupMenuEx
WindowFromPoint
wsprintfA
PeekMessageA
TranslateMessage
GetActiveWindow
GetNextDlgTabItem
DestroyIcon
DestroyCursor
DestroyMenu
GetSysColor
GetClassNameA
ClientToScreen
DefWindowProcA
KillTimer
OffsetRect
CheckMenuItem
SetClipboardData
CloseClipboard
GetClipboardData
OpenClipboard
GetKeyState
SetCursor
ExitWindowsEx
IsIconic
DrawIcon
SetTimer
LoadCursorA
LoadBitmapA
GetWindowLongA
SetWindowLongA
CreateMenu
InsertMenuA
GetWindowRect
LoadIconA
GetDC
ReleaseDC
GetParent
IsWindowVisible
GetSystemMetrics
InvalidateRect
PostMessageA
GetClientRect
SendMessageA
EnableWindow
MessageBoxA
GetMenuItemInfoA
GetMenuItemID
GetMessageA
DispatchMessageA

gdi32

Rectangle
CreateRectRgn
CreateBrushIndirect
DeleteObject
SetBkMode
RoundRect
ExcludeClipRect
SelectClipRgn
CreateFontIndirectA
SetBitmapBits
CreatePenIndirect
SelectObject
GetDeviceCaps
CreateBitmap
GetTextExtentPointA
CreateCompatibleDC
GetObjectA
TextOutA
GetPixel
SetPixel
SetBkColor
SetTextColor
DeleteDC
CreateCompatibleBitmap
StretchBlt
BitBlt
GetStockObject

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegSetValueA
RegCreateKeyA
RegOpenKeyA
RegQueryValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey

shell32

SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteExA

comctl32

_TrackMouseEvent
ImageList_ReplaceIcon
ImageList_Remove
ImageList_GetImageCount

msvcp60

??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

Sections

.text
Size: 608KB - Virtual size: 607KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 504KB - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xvid.ax
.dll regsvr32 windows:4 windows x86 arch:x86

17fde9879ca43c508b02b958e81a3690

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
LoadLibraryA
GetProcAddress
OutputDebugStringA
InterlockedIncrement
InterlockedDecrement
GetVersionExA
DisableThreadLibraryCalls
lstrlenA
MultiByteToWideChar
GetLastError
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection

user32

GetDesktopWindow
GetWindowLongA
SetWindowLongA
CreateDialogParamA
MoveWindow
InvalidateRect
DestroyWindow
DefWindowProcA
wsprintfA
LoadStringA
LoadStringW
GetWindowRect
ShowWindow
GetDlgItem
SendMessageA
MessageBoxA
EnableWindow

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler
_purecall

advapi32

RegSetValueA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCreateKeyA
RegCloseKey
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA

ole32

StringFromGUID2
CoUninitialize
CoFreeUnusedLibraries
CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemFree

comctl32

PropertySheetA
ord17

winmm

timeGetTime

Exports

Exports

Configure
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xvid.inf
xvidcore.dll
.dll windows:4 windows x86 arch:x86

8c6cf3c7f9082f43029ae889242b0467

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
HeapAlloc
HeapReAlloc
RtlUnwind
GetCommandLineA
GetVersion
GetProcAddress
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
GetLastError
CloseHandle
WriteFile
InitializeCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
DeleteCriticalSection
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
SetFilePointer
SetStdHandle
FlushFileBuffers
CreateFileA
ReadFile
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetEndOfFile

Exports

Exports

xvid_decore
xvid_encore
xvid_global
xvid_plugin_2pass1
xvid_plugin_2pass2
xvid_plugin_dump
xvid_plugin_lumimasking
xvid_plugin_psnr
xvid_plugin_single

Sections

.text
Size: 484KB - Virtual size: 482KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xvidvfw.dll
.dll windows:4 windows x86 arch:x86

9884024acc7e36a44b8a4b1db68151af

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

SetDlgItemTextA
SendMessageA
GetParent
LoadStringA
GetDlgCtrlID
KillTimer
GetDC
GetWindowRect
SetTimer
InvalidateRect
CreateDialogParamA
ShowWindow
DestroyWindow
GetDesktopWindow
CheckDlgButton
DialogBoxParamA
CheckRadioButton
IsDlgButtonChecked
EnableWindow
MessageBoxA
GetDlgItemTextA
GetDlgItemInt
GetWindowLongA
SetWindowLongA
SendDlgItemMessageA
CreateWindowExA
SetWindowPos
EnumChildWindows
LoadCursorA
GetDlgItem
SetClassLongA
EndDialog
SetDlgItemInt
wsprintfA

comdlg32

GetSaveFileNameA
GetOpenFileNameA

comctl32

PropertySheetA
ord17

advapi32

RegQueryValueExA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA

gdi32

GetStockObject
SetTextColor
CreateFontIndirectA
SetBkMode
GetTextMetricsA
SetBkColor
SelectObject
TextOutA
SetTextAlign
GetTextAlign
SetDIBitsToDevice
GetObjectA

shell32

ShellExecuteA

winmm

DefDriverProc

kernel32

GetCurrentProcess
TerminateProcess
ExitProcess
HeapReAlloc
VirtualAlloc
VirtualFree
SetHandleCount
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
GetModuleHandleA
GetVersion
GetCommandLineA
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetFilePointer
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
RtlUnwind
LCMapStringA
LCMapStringW
FlushFileBuffers
HeapCreate
LoadResource
LockResource
HeapAlloc
HeapFree
CloseHandle
CreateFileA
OutputDebugStringA
GetProcAddress
LoadLibraryA
lstrcmpiA
FreeLibrary
lstrlenA
GetLastError
GetFileSize
ReadFile
WriteFile
lstrcpyA
FreeResource
FindResourceA

Exports

Exports

Configure
DriverProc

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

9632e80596371cfa7f563f680f3c4498

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 29KB - Virtual size: 32KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 424KB

UPX1 Size: 105KB - Virtual size: 108KB

UPX2 Size: 1024B - Virtual size: 4KB

9632e80596371cfa7f563f680f3c4498

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 29KB - Virtual size: 32KB

ef31b4d188db8f2831dae2ca3d160a4e

Headers

File Characteristics

Imports

msvfw32

avifil32

msacm32

mfc42

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

msvcp60

Sections

.text Size: 608KB - Virtual size: 607KB

.rdata Size: 176KB - Virtual size: 173KB

.data Size: 172KB - Virtual size: 4.3MB

.rsrc Size: 504KB - Virtual size: 501KB

17fde9879ca43c508b02b958e81a3690

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

advapi32

ole32

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 29KB - Virtual size: 32KB

UPX0
Size: - Virtual size: 424KB

UPX1
Size: 105KB - Virtual size: 108KB

UPX2
Size: 1024B - Virtual size: 4KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 29KB - Virtual size: 32KB

.text
Size: 608KB - Virtual size: 607KB

.rdata
Size: 176KB - Virtual size: 173KB

.data
Size: 172KB - Virtual size: 4.3MB

.rsrc
Size: 504KB - Virtual size: 501KB

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 484KB - Virtual size: 482KB

.rodata
Size: 16KB - Virtual size: 12KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 16KB - Virtual size: 480KB

.reloc
Size: 20KB - Virtual size: 18KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 16KB - Virtual size: 23KB

.rsrc
Size: 60KB - Virtual size: 57KB

.reloc
Size: 8KB - Virtual size: 4KB