2500cee0f814d15bf479db7b42de8ec7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2500cee0f814d15bf479db7b42de8ec7_JaffaCakes118
Size

1.6MB
MD5

2500cee0f814d15bf479db7b42de8ec7
SHA1

731e72fcc50bfa1594500e25f7e1a05a12aa0d90
SHA256

335827ac742a3303e172c74a68222b81b358c1fc3f4eb7a5e9d513f1c67007ac
SHA512

bd35384e9c277dafa3f307c60e3f51bbc06b98505b33ed2526552166556f2424622a244dc3eb9c23aa3c0b7ecd43fd3e55dbb3c16da67890e2b0ddf78e2f899a
SSDEEP

49152:0H5JuWZsjwEx+KgoPBGJN2RPR/Jja0xfKd9C9XXtx:0H/Fg9PBRZ5BKrCF

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 5 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/VirtualDub/PlugIns/LogoRemover.vdf	acprotect
static1/unpack001/VirtualDub/PlugIns/MotionEstimation.vdf	acprotect
static1/unpack001/VirtualDub/VDIcmDrv.dll	acprotect
static1/unpack001/VirtualDub/VDRemote.dll	acprotect
static1/unpack001/VirtualDub/VDSvrLnk.dll	acprotect

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/VirtualDub/PlugIns/LogoRemover.vdf	upx
static1/unpack001/VirtualDub/PlugIns/MotionEstimation.vdf	upx
static1/unpack001/VirtualDub/VDIcmDrv.dll	upx
static1/unpack001/VirtualDub/VDRemote.dll	upx
static1/unpack001/VirtualDub/VDSvrLnk.dll	upx

Unsigned PE 18 IoCs

Checks for missing Authenticode signature.

resource
unpack001/VirtualDub/AuxSetup.exe
unpack001/VirtualDub/PlugIns/DeInterlace.vdf
unpack001/VirtualDub/PlugIns/DeInterlace_KeyGen.exe
unpack001/VirtualDub/PlugIns/LogoRemover.vdf
unpack002/out.upx
unpack001/VirtualDub/PlugIns/MotionEstimation.vdf
unpack003/out.upx
unpack001/VirtualDub/PlugIns/Smart.vdf
unpack001/VirtualDub/PlugIns/SubTitler.vdf
unpack001/VirtualDub/PlugIns32/WMV.vdplugin
unpack001/VirtualDub/VDIcmDrv.dll
unpack004/out.upx
unpack001/VirtualDub/VDRemote.dll
unpack005/out.upx
unpack001/VirtualDub/VDSvrLnk.dll
unpack006/out.upx
unpack001/VirtualDub/VDub.exe
unpack001/VirtualDub/VirtualDub.exe

Files

2500cee0f814d15bf479db7b42de8ec7_JaffaCakes118
.rar
VirtualDub/AVIProxy/ProxyOff.reg
VirtualDub/AVIProxy/ProxyOn.reg
VirtualDub/AVIProxy/ReadMe.txt
VirtualDub/AuxSetup.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
VirtualDub/Copying
VirtualDub/PlugIns/DeInterlace.vdf
.dll windows:4 windows x86 arch:x86

1da866e538e5a3df3d47dadac43d88f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GetVolumeInformationA
GetDriveTypeA
GetLogicalDriveStringsA
ReadFile
GetStringTypeW
GetTickCount
LCMapStringW
LoadResource
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
CreateFileA
FlushFileBuffers
SetStdHandle
InitializeCriticalSection
LoadLibraryA
GetPrivateProfileSectionNamesA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetFileAttributesExA
GetModuleFileNameA
GetStringTypeA
FindResourceA
MultiByteToWideChar
GetOEMCP
LockResource
LCMapStringA
GetProcessHeap
GetACP
GetCPInfo
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetLastError
DeleteFileA
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
HeapSize
ExitProcess
CloseHandle
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
WriteFile
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode

user32

CheckDlgButton
SetDlgItemInt
IsDlgButtonChecked
DestroyWindow
DialogBoxParamA
EnableWindow
CheckRadioButton
CreateWindowExA
SetWindowPos
GetFocus
MessageBoxA
SetDlgItemTextA
SendDlgItemMessageA
SendMessageA
GetWindowTextA
DrawTextA
GetDlgItemTextA
ChildWindowFromPoint
GetDlgCtrlID
GetDlgItem
InvalidateRect
EndDialog
GetDlgItemInt

gdi32

GetObjectA
CreateFontIndirectA
SetBkMode
SelectObject
SetTextColor
GetStockObject

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

shell32

ShellExecuteA

Exports

Exports

VirtualdubFilterModuleDeinit
VirtualdubFilterModuleInit2

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VirtualDub/PlugIns/DeInterlace_KeyGen.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
VirtualDub/PlugIns/LogoRemover.vdf
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

VirtualdubFilterModuleDeinit
VirtualdubFilterModuleInit2

Sections

UPX0
Size: - Virtual size: 148KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 85KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VirtualDub/PlugIns/MotionEstimation.vdf
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

VirtualdubFilterModuleDeinit
VirtualdubFilterModuleInit2

Sections

UPX0
Size: - Virtual size: 284KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 137KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 232KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VirtualDub/PlugIns/ReadMe.txt
VirtualDub/PlugIns/Smart.vdf
.dll windows:4 windows x86 arch:x86

eabc37995ba3c2ca028724a970252517

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFullPathNameA
GetModuleFileNameA
DisableThreadLibraryCalls

user32

SetDlgItemInt
DialogBoxParamA
GetWindowLongA
EndDialog
IsDlgButtonChecked
GetDlgItemInt
SetWindowLongA
CheckDlgButton

shell32

ShellExecuteA

msvcrt

_snprintf
_adjust_fdiv
malloc
_initterm
free
??3@YAXPAX@Z
??2@YAPAXI@Z

Exports

Exports

VirtualdubFilterModuleDeinit
VirtualdubFilterModuleInit2

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 783B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VirtualDub/PlugIns/SubTitler.vdf
.dll windows:4 windows x86 arch:x86

481f6ab216fdd2e14980d69716e8e2b3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
DebugBreak
MulDiv
DisableThreadLibraryCalls
GetVersion

user32

EndDialog
IntersectRect
SendMessageA
GetDlgItem
CheckDlgButton
SetWindowLongA
IsDlgButtonChecked
GetWindowLongA
DialogBoxParamA
MessageBoxA
CharNextExA
wsprintfA

gdi32

TextOutW
GdiFlush
CreateCompatibleDC
SetTextAlign
SetTextColor
SetBkColor
SetBkMode
GetTextExtentPoint32W
GetTextExtentExPointW
TranslateCharsetInfo
GetTextMetricsA
CloseFigure
EndPath
GetPath
AbortPath
TextOutA
BeginPath
SelectObject
CreateFontA
DeleteObject
DeleteDC

comdlg32

GetOpenFileNameA

msvcrt

fgets
_strdup
_onexit
__dllonexit
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
strtol
isdigit
_CIpow
_ftol
??2@YAPAXI@Z
??3@YAXPAX@Z
free
qsort
__CxxFrameHandler
_snprintf
strtoul
toupper
fclose
sscanf
_strnicmp
atoi
strerror
_errno
fopen
_CxxThrowException
strchr
isspace
realloc
malloc

Exports

Exports

VirtualdubFilterModuleCheckVersion
VirtualdubFilterModuleDeinit
VirtualdubFilterModuleInit2

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VirtualDub/PlugIns32/WMV.vdplugin
.dll windows:4 windows x86 arch:x86

973d01f77e8206871ed95d9ac4696432

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FlushFileBuffers
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
LoadLibraryA
GetOEMCP
lstrlenA
GetFileSize
GetLastError
GetVersion
CreateFileW
WideCharToMultiByte
CreateFileA
SetFilePointer
ReadFile
SetStdHandle
CloseHandle
GetACP
GetCPInfo
InterlockedIncrement
InterlockedDecrement
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
HeapFree
HeapAlloc
RtlUnwind
GetCommandLineA
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetProcAddress
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile

user32

DialogBoxParamA
EndDialog
SetDlgItemTextA
GetActiveWindow
FillRect
DestroyWindow
PeekMessageA
IsWindow
IsDialogMessageA
TranslateMessage
DispatchMessageA
GetWindowLongA
GetDlgItem
SendMessageA
SendDlgItemMessageA
SetWindowLongA
SetTimer
ShowWindow
CreateDialogParamA

gdi32

CreateCompatibleBitmap
SelectObject
GetStockObject
SetBkColor
SetTextColor
SetTextAlign
ExtTextOutA
GetDIBits
DeleteObject
DeleteDC
CreateCompatibleDC

msvfw32

ICDecompress
ICLocate
ICSendMessage
ICClose
ICGetInfo

msacm32

acmFormatTagDetailsA

Exports

Exports

VDGetPluginInfo

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VirtualDub/VDIcmDrv.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DriverProc

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VirtualDub/VDRemote.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

UPX0
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VirtualDub/VDSvrLnk.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetDubServerInterface

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VirtualDub/VDub.exe
.exe windows:4 windows x86 arch:x86

1f261e01f868bd1bf8372a2b9d31147b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\p4root\dev18\out\Release\vdub.pdb

Imports

kernel32

lstrlenA
CreatePipe
LeaveCriticalSection
GetModuleFileNameA
GetExitCodeProcess
SetErrorMode
CreateProcessA
DeleteCriticalSection
ReadFile
CloseHandle
WaitForSingleObject
LocalFree
CreateThread
lstrcpyA
SleepEx
GetStdHandle
WaitForSingleObjectEx
GetLastError
EnterCriticalSection
FormatMessageA
WriteFile
GetFullPathNameA
GetCommandLineA
GetConsoleScreenBufferInfo
InitializeCriticalSection
SetConsoleCtrlHandler
CreateFileA

user32

PostThreadMessageA

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 29B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
VirtualDub/VirtualDub.chm
.chm
VirtualDub/VirtualDub.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.const
Size: 512B - Virtual size: 51B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 169B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
VirtualDub/VirtualDub.vdi
VirtualDub/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 8KB - Virtual size: 8KB

1da866e538e5a3df3d47dadac43d88f2

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 69KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 12KB - Virtual size: 10KB

.reloc Size: 8KB - Virtual size: 7KB

Headers

File Characteristics

Sections

Size: - Virtual size: 48KB

Size: 18KB - Virtual size: 20KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 148KB

UPX1 Size: 85KB - Virtual size: 88KB

.rsrc Size: 8KB - Virtual size: 12KB

Headers

File Characteristics

Sections

.text Size: 136KB - Virtual size: 133KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 16KB - Virtual size: 28KB

.rsrc Size: 20KB - Virtual size: 17KB

.reloc Size: 16KB - Virtual size: 13KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 284KB

UPX1 Size: 137KB - Virtual size: 140KB

.rsrc Size: 40KB - Virtual size: 40KB

Headers

File Characteristics

Sections

.text Size: 232KB - Virtual size: 229KB

.text1 Size: 4KB - Virtual size: 2KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 12KB - Virtual size: 23KB

.data1 Size: 16KB - Virtual size: 12KB

_RDATA Size: 4KB - Virtual size: 1KB

.rsrc Size: 56KB - Virtual size: 54KB

.reloc Size: 32KB - Virtual size: 30KB

eabc37995ba3c2ca028724a970252517

Headers

File Characteristics

Imports

kernel32

user32

shell32

msvcrt

Exports

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 8KB - Virtual size: 8KB

.text
Size: 72KB - Virtual size: 69KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 7KB

UPX0
Size: - Virtual size: 148KB

UPX1
Size: 85KB - Virtual size: 88KB

.rsrc
Size: 8KB - Virtual size: 12KB

.text
Size: 136KB - Virtual size: 133KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 16KB - Virtual size: 28KB

.rsrc
Size: 20KB - Virtual size: 17KB

.reloc
Size: 16KB - Virtual size: 13KB

UPX0
Size: - Virtual size: 284KB

UPX1
Size: 137KB - Virtual size: 140KB

.rsrc
Size: 40KB - Virtual size: 40KB

.text
Size: 232KB - Virtual size: 229KB

.text1
Size: 4KB - Virtual size: 2KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 12KB - Virtual size: 23KB

.data1
Size: 16KB - Virtual size: 12KB

_RDATA
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 56KB - Virtual size: 54KB

.reloc
Size: 32KB - Virtual size: 30KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size: 783B

.data
Size: 4KB - Virtual size: 376B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 232B

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 48KB

UPX1
Size: 26KB - Virtual size: 28KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 5KB