73b3dbd47103e85dcda756e1367b8d4d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

73b3dbd47103e85dcda756e1367b8d4d_JaffaCakes118
Size

1.6MB
MD5

73b3dbd47103e85dcda756e1367b8d4d
SHA1

68a0199cc32fbd9346b772d930ab216d76cce619
SHA256

d61ae99e628ef63ea95151648d1ccc5db69621e6b531da0c9da62336db59f190
SHA512

a88fb93f3d182d23255a1ef4e7a906a97e5832330f5fb48b5959759fce76c2d5adc5a8793eeb5716f48c8c46566f11f2389cf13ee4c0748a15c4bc85d091efad
SSDEEP

24576:jgkqwep3LR0Jo2DKnsoLPIfi0e5GxZR14wJjImXfOwCNUtJSxsh3woG:E7dLWJ3DKns+wfyGxL17XXSUtJCsh3wf

Score

3^/10

Malware Config

Signatures

Unsigned PE 23 IoCs

Checks for missing Authenticode signature.

resource
73b3dbd47103e85dcda756e1367b8d4d_JaffaCakes118
unpack001/$PLUGINSDIR/FindProcDLL.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$SYSDIR/DivXa32.acm
unpack001/$SYSDIR/Mpg4c32.dll
unpack001/$SYSDIR/OggDS.dll
unpack001/$SYSDIR/VorbisEnc.dll
unpack001/$SYSDIR/ac3filter.cpl
unpack001/$SYSDIR/mpg4ds32.ax
unpack001/$SYSDIR/msvcr70.dll
unpack001/$SYSDIR/ogg.dll
unpack001/$SYSDIR/quicktime/3ivx Delta 3.5.qtx
unpack001/$SYSDIR/quicktime/3ivx.cm.flask
unpack001/$SYSDIR/vorbis.dll
unpack001/$WINDIR/XviDplg.dll
unpack001/AC3/ac3filter.ax
unpack001/AC3/dialog_patch.exe
unpack001/ffdhow/TomsMoComp_ff.dll
unpack001/ffdhow/ffdshow.ax
unpack001/ffdhow/libavcodec.dll
unpack001/ffdhow/libmpeg2_ff.dll
unpack001/ffdhow/libmplayer.dll
unpack001/uninstall.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninstall.exe	nsis_installer_1
static1/unpack001/uninstall.exe	nsis_installer_2

Files

73b3dbd47103e85dcda756e1367b8d4d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

c480ee4d2a64d4a16edee43fdfe35079

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
HeapCreate
VirtualFree
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
FreeLibrary
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
DisableThreadLibraryCalls
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetACP
GetOEMCP
WriteFile
VirtualAlloc
RtlUnwind
GetStringTypeA
GetStringTypeW
GetCPInfo

user32

wsprintfA

Exports

Exports

FindProc

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$SYSDIR/DivXa32.acm
.dll windows:4 windows x86 arch:x86

4a6b5dd91037124752d0b0b9bee8d857

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

ntdll

RtlUnwind

kernel32

LocalFree
MulDiv
GlobalAlloc
WaitForSingleObject
SetEvent
CreateThread
CreateEventA
LocalAlloc
CloseHandle
LockResource
LoadResource
FindResourceA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
SizeofResource
HeapReAlloc
GetCurrentProcess
HeapSize
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
GetProcAddress
GetModuleHandleA
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
HeapAlloc
GetACP
GetStdHandle
GetFileType
MultiByteToWideChar
GetModuleFileNameA
GetCPInfo
GetOEMCP
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
HeapDestroy
HeapCreate
VirtualFree
WriteFile
HeapFree
VirtualAlloc
GetLocaleInfoA
LCMapStringA
LCMapStringW
SetFilePointer
GetStringTypeA
GetStringTypeW
LoadLibraryA
SetStdHandle
RaiseException
FlushFileBuffers
GetLocaleInfoW
GlobalFree
SetHandleCount
GetStartupInfoA

user32

LoadStringA

winmm

DefDriverProc
GetDriverModuleHandle

Exports

Exports

DriverProc

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 118KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$SYSDIR/Mpg4c32.dll
.dll windows:4 windows x86 arch:x86

7218d5c9b86e089c8756c597ad12f873

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
_initterm
??3@YAXPAX@Z
??2@YAPAXI@Z
malloc
free
_except_handler3

user32

GetDlgItemInt
EndDialog
SetDlgItemInt
wsprintfA
CheckDlgButton
IsDlgButtonChecked
SetScrollPos
GetDC
ReleaseDC
DialogBoxParamA
LoadStringA
SetDlgItemTextA
GetDlgItem
SetScrollRange
GetDesktopWindow
MessageBoxA
GetScrollPos
GetWindowLongA

gdi32

GetSystemPaletteEntries

kernel32

CreateEventA
Sleep
CloseHandle
SetEvent
IsBadReadPtr
DisableThreadLibraryCalls
CreateThread
MultiByteToWideChar
WaitForSingleObject
GetSystemInfo
IsBadWritePtr

winmm

GetDriverModuleHandle
DefDriverProc

advapi32

RegQueryValueExA
RegCloseKey
RegSetValueExA
RegOpenKeyA
RegCreateKeyA

Exports

Exports

DriverProc

Sections

.text
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 465KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/OggDS.dll
.dll regsvr32 windows:4 windows x86 arch:x86

af7c9de66c78cdde36da0d0bb620c0a7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SizeofResource
LockResource
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetLastError
CompareStringA
InterlockedExchange
GetModuleHandleA
LoadResource
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
FlushInstructionCache
VirtualQuery
GetVersion
SetLastError
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetModuleFileNameA
FreeLibrary
FlushFileBuffers
HeapSize
SetStdHandle
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetOEMCP
RtlUnwind
GetStringTypeA
WriteFile
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TerminateProcess
IsBadWritePtr
HeapReAlloc
HeapCreate
HeapDestroy
ExitProcess
TlsAlloc
TlsGetValue
TlsFree
LCMapStringA
VirtualProtect
HeapFree
GetVersionExA
GetCommandLineA
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
lstrlenA
WaitForSingleObject
SetEvent
GetTickCount
ResetEvent
GetCurrentThreadId
CloseHandle
CreateThread
GetCurrentProcess
VirtualFree
VirtualAlloc
GetSystemInfo
GetLocaleInfoA
GetACP
ExitThread
HeapAlloc
TlsSetValue
RaiseException

user32

TrackPopupMenu
SetForegroundWindow
TranslateMessage
GetCursorPos
CreatePopupMenu
wsprintfA
GetDlgItem
GetWindowRect
GetDesktopWindow
DestroyWindow
InvalidateRect
ShowWindow
MoveWindow
DestroyMenu

advapi32

RegCloseKey

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
CoFreeUnusedLibraries
CoInitialize
CoUninitialize

oleaut32

VariantInit
VariantClear
OleCreatePropertyFrame
SysAllocStringLen
VariantChangeType
SysAllocString

vorbis

vorbis_analysis_headerout
vorbis_analysis_blockout
vorbis_analysis_buffer
vorbis_bitrate_flushpacket
vorbis_bitrate_addblock
vorbis_commentheader_out
vorbis_comment_query_count
vorbis_analysis
vorbis_analysis_wrote
vorbis_analysis_init
vorbis_synthesis
vorbis_block_clear
vorbis_dsp_clear
vorbis_synthesis_init
vorbis_synthesis_read
vorbis_synthesis_blockin
vorbis_synthesis_pcmout
vorbis_block_init
vorbis_packet_blocksize
vorbis_info_clear
vorbis_synthesis_headerin
vorbis_info_init
vorbis_comment_init
vorbis_comment_add
vorbis_comment_query
vorbis_comment_add_tag
vorbis_comment_clear

vorbisenc

vorbis_encode_init
vorbis_encode_init_vbr

ogg

ogg_stream_clear
ogg_stream_reset
ogg_stream_init
ogg_stream_packetin
ogg_stream_flush
ogg_stream_pageout
ogg_sync_pageout
ogg_page_granulepos
ogg_page_packets
ogg_stream_pagein
ogg_stream_packetout
ogg_sync_buffer
ogg_sync_clear
ogg_page_serialno
ogg_sync_reset
ogg_sync_init
ogg_sync_wrote
ogg_page_pageno

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/VorbisEnc.dll
.dll windows:4 windows x86 arch:x86

e38ae64d38dc21e54ad3e3f0f4d3af8c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

vorbis

vorbis_info_clear

kernel32

WideCharToMultiByte
HeapAlloc
GetCurrentThreadId
TlsSetValue
GetCommandLineA
GetVersionExA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
HeapCreate
VirtualFree
HeapFree
VirtualAlloc
HeapReAlloc
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
TlsFree
SetLastError
TlsGetValue
GetLastError
TlsAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteFile
InitializeCriticalSection
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
RtlUnwind
HeapSize
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualProtect
GetSystemInfo
VirtualQuery

Exports

Exports

vorbis_encode_ctl
vorbis_encode_init
vorbis_encode_init_vbr

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 836KB - Virtual size: 851KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/ac3filter.cpl
.dll regsvr32 windows:4 windows x86 arch:x86

135a6c6d4a158d1051e08a607647b1cb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

fopen
strtod
fclose
memmove
??3@YAXPAX@Z
__CxxFrameHandler
_swab
sprintf
_errno
_ftol
??2@YAPAXI@Z
_purecall
strtol
?terminate@@YAXXZ
_except_handler3
_CIpow

comctl32

ord17

comdlg32

GetOpenFileNameA

olepro32

ord250

kernel32

InterlockedIncrement
GetModuleHandleA
WideCharToMultiByte
GetLastError
GetThreadTimes
SystemTimeToFileTime
GetSystemTime
DuplicateHandle
GetCurrentThread
GetCurrentProcess
CloseHandle
GetPrivateProfileStringA
WritePrivateProfileStringA
GetVersionExA
DisableThreadLibraryCalls
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
lstrlenA
MultiByteToWideChar
GetModuleFileNameA

user32

IsDlgButtonChecked
CheckDlgButton
EndDialog
DialogBoxParamA
GetDlgCtrlID
GetDlgItemTextA
InvalidateRect
CreateDialogParamA
SetTimer
DefWindowProcA
wsprintfA
MoveWindow
IsWindowVisible
LoadStringA
LoadStringW
GetWindowRect
GetDesktopWindow
GetClientRect
GetWindowTextA
DrawTextA
BeginPaint
SetDlgItemTextA
SendDlgItemMessageA
EnableWindow
GetWindowLongA
CallWindowProcA
SendMessageA
SetWindowLongA
MessageBoxA
ShowWindow
DestroyWindow
GetDlgItem
EndPaint

gdi32

SelectObject
SetTextColor
DeleteObject
CreateFontA

shell32

ShellExecuteA

ole32

CoInitialize
CoUninitialize
CoFreeUnusedLibraries
StringFromGUID2
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree

advapi32

RegEnumValueA
RegCreateKeyA
RegSetValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteValueA
RegCloseKey
RegDeleteKeyA

Exports

Exports

CPlApplet
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
config

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/mpg4ds32.ax
.dll regsvr32 windows:4 windows x86 arch:x86

398b30b97cec9554019381f370365b26

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
MulDiv
GetProfileIntA
GetVersionExA
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
FreeLibrary
lstrlenA
MultiByteToWideChar
GetLastError
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetSystemInfo

user32

GetDC
ReleaseDC
IsRectEmpty
GetWindowLongA
SetWindowLongA
CreateDialogParamA
MoveWindow
InvalidateRect
ShowWindow
DestroyWindow
DefWindowProcA
wsprintfA
GetDesktopWindow
LoadStringA
LoadStringW
GetWindowRect
EnableWindow
GetDlgItem
SendMessageA
SetDlgItemTextA

gdi32

GetSystemPaletteEntries

advapi32

RegCreateKeyA
RegQueryValueExA
RegSetValueA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegSetValueExA
RegCloseKey
RegOpenKeyA

ole32

CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CoFreeUnusedLibraries
StringFromGUID2
CoInitialize
CoUninitialize

winmm

timeGetTime

msvcrt

_purecall
sprintf
??3@YAXPAX@Z
??2@YAPAXI@Z
__dllonexit
_onexit

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/msvcr70.dll
.dll windows:4 windows x86 arch:x86

1042bb30696d4426da7447f341f51a6e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcr70.pdb

Imports

kernel32

GetModuleFileNameA
GetModuleFileNameW
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetCurrentThreadId
TlsSetValue
GetCommandLineA
GetVersionExA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitThread
CloseHandle
TlsGetValue
GetLastError
ResumeThread
CreateThread
TlsFree
SetLastError
GetCurrentThread
TlsAlloc
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
HeapAlloc
HeapFree
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetHandleCount
GetFileType
GetStartupInfoA
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
MultiByteToWideChar
GetCommandLineW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
InitializeCriticalSection
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetEnvironmentVariableA
SetEnvironmentVariableW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
RtlUnwind
GetLocaleInfoW
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
HeapSize
VirtualProtect
GetSystemInfo
VirtualQuery
FlushFileBuffers
SetFilePointer
SetStdHandle
CompareStringA
CompareStringW
Sleep
Beep
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetDriveTypeA
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
MoveFileA
RaiseException
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadCodePtr
GetExitCodeProcess
WaitForSingleObject
FreeLibrary
CreateProcessA
CreateProcessW
HeapValidate
HeapCompact
HeapWalk
ReadConsoleA
SetConsoleMode
GetConsoleMode
IsDBCSLeadByteEx
GetConsoleCP
ReadConsoleW
SetEndOfFile
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
DuplicateHandle
GetFileInformationByHandle
PeekNamedPipe
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
LockFile
UnlockFile
CreateFileA
CreatePipe
ReadFile
CreateFileW
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetLocalTime
SetLocalTime

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@@QAE@ABV0@@Z
??0__non_rtti_object@@QAE@PBD@Z
??0bad_cast@@AAE@PBQBD@Z
??0bad_cast@@QAE@ABQBD@Z
??0bad_cast@@QAE@ABV0@@Z
??0bad_cast@@QAE@PBD@Z
??0bad_typeid@@QAE@ABV0@@Z
??0bad_typeid@@QAE@PBD@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1__non_rtti_object@@UAE@XZ
??1bad_cast@@UAE@XZ
??1bad_typeid@@UAE@XZ
??1exception@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??3@YAXPAX@Z
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
??4bad_cast@@QAEAAV0@ABV0@@Z
??4bad_typeid@@QAEAAV0@ABV0@@Z
??4exception@@QAEAAV0@ABV0@@Z
??8type_info@@QBEHABV0@@Z
??9type_info@@QBEHABV0@@Z
??_7__non_rtti_object@@6B@
??_7bad_cast@@6B@
??_7bad_typeid@@6B@
??_7exception@@6B@
??_E__non_rtti_object@@UAEPAXI@Z
??_Ebad_cast@@UAEPAXI@Z
??_Ebad_typeid@@UAEPAXI@Z
??_Eexception@@UAEPAXI@Z
??_Fbad_cast@@QAEXXZ
??_Fbad_typeid@@QAEXXZ
??_G__non_rtti_object@@UAEPAXI@Z
??_Gbad_cast@@UAEPAXI@Z
??_Gbad_typeid@@UAEPAXI@Z
??_Gexception@@UAEPAXI@Z
??_U@YAPAXI@Z
??_V@YAXPAX@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDXZ
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?terminate@@YAXXZ
?unexpected@@YAXXZ
?what@exception@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CRT_RTC_INIT
_CxxThrowException
_EH_prolog
_Getdays
_Getmonths
_Gettnames
_HUGE
_Strftime
_XcptFilter
__CxxCallUnwindDtor
__CxxCallUnwindVecDtor
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
___lc_codepage_func
___lc_collate_cp_func
___lc_handle_func
___mb_cur_max_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__buffer_overrun
__crtCompareStringA
__crtCompareStringW
__crtGetLocaleInfoW
__crtGetStringTypeW
__crtLCMapStringA
__crtLCMapStringW
__dllonexit
__doserrno
__fpecode
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__lc_clike
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv_init
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fileinfo
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__osver
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__winmajor
__p__winminor
__p__winver
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__security_error_handler
__set_app_type
__set_buffer_overrun_handler
__setlc_active
__setusermatherr
__threadhandle
__threadid
__toascii
__unDName
__unDNameEx
__uncaught_exception
__unguarded_readlc_active
__wargv
__wcserror
__wgetmainargs
__winitenv
_abnormal_termination
_access
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_aligned_free
_aligned_malloc
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_realloc
_amsg_exit
_assert
_atodbl
_atoi64
_atoldbl
_beep
_beginthread
_beginthreadex
_c_exit
_cabs
_callnewh
_cexit
_cgets
_cgetws
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_clearfp
_close
_commit
_commode
_control87
_controlfp
_copysign
_cprintf
_cputs
_cputws
_creat
_cscanf
_ctime64
_ctype
_cwait
_cwprintf
_cwscanf
_daylight
_dstbias
_dup
_dup2
_ecvt
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fcloseall
_fcvt
_fdopen
_fgetchar
_fgetwchar
_filbuf
_fileinfo
_filelength
_filelengthi64
_fileno
_findclose
_findfirst
_findfirst64
_findfirsti64
_findnext
_findnext64
_findnexti64
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fputchar
_fputwchar
_fsopen
_fstat
_fstat64
_fstati64
_ftime
_ftime64
_ftol
_fullpath
_futime
_futime64
_gcvt
_get_osfhandle
_get_sbh_threshold
_getch
_getche
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getwch
_getwche
_getws
_global_unwind2
_gmtime64
_heapadd
_heapchk
_heapmin
_heapset
_heapused
_heapwalk
_hypot
_i64toa
_i64tow
_initterm
_inp
_inpd
_inpw
_iob
_isatty
_isctype
_ismbbalnum
_ismbbalpha
_ismbbgraph
_ismbbkalnum
_ismbbkana
_ismbbkprint
_ismbbkpunct
_ismbblead
_ismbbprint
_ismbbpunct
_ismbbtrail
_ismbcalnum
_ismbcalpha
_ismbcdigit
_ismbcgraph
_ismbchira
_ismbckata
_ismbcl0
_ismbcl1
_ismbcl2
_ismbclegal
_ismbclower
_ismbcprint
_ismbcpunct
_ismbcspace
_ismbcsymbol
_ismbcupper
_ismbslead
_ismbstrail
_isnan
_itoa
_itow
_j0
_j1
_jn
_kbhit
_lfind
_loaddll
_local_unwind2
_localtime64
_lock
_locking
_logb
_longjmpex
_lrotl
_lrotr
_lsearch
_lseek
_lseeki64
_ltoa
_ltow
_makepath
_mbbtombc
_mbbtype
_mbcasemap
_mbccpy
_mbcjistojms
_mbcjmstojis
_mbclen
_mbctohira
_mbctokata
_mbctolower
_mbctombb
_mbctoupper
_mbctype
_mbsbtype
_mbscat
_mbschr
_mbscmp
_mbscoll
_mbscpy
_mbscspn
_mbsdec
_mbsdup
_mbsicmp
_mbsicoll
_mbsinc
_mbslen
_mbslwr
_mbsnbcat
_mbsnbcmp
_mbsnbcnt
_mbsnbcoll
_mbsnbcpy
_mbsnbicmp
_mbsnbicoll
_mbsnbset
_mbsncat
_mbsnccnt
_mbsncmp
_mbsncoll
_mbsncpy
_mbsnextc
_mbsnicmp
_mbsnicoll
_mbsninc
_mbsnset
_mbspbrk
_mbsrchr
_mbsrev
_mbsset
_mbsspn
_mbsspnp
_mbsstr
_mbstok
_mbstrlen
_mbsupr
_memccpy
_memicmp
_mkdir
_mktemp
_mktime64
_msize
_nextafter
_onexit
_open
_open_osfhandle
_osplatform
_osver
_outp
_outpd
_outpw
_pclose
_pctype
_pgmptr
_pipe
_popen
_purecall
_putch
_putenv
_putw
_putwch
_putws
_pwctype
_read
_resetstkoflw
_rmdir
_rmtmp
_rotl
_rotr
_safe_fdiv
_safe_fdivr
_safe_fprem
_safe_fprem1
_scalb
_scprintf
_scwprintf
_searchenv
_seh_longjmp_unwind
_set_SSE2_enable
_set_error_mode
_set_sbh_threshold
_set_security_error_handler
_seterrormode
_setjmp
_setjmp3
_setmaxstdio
_setmbcp
_setmode
_setsystime
_sleep
_snprintf
_snscanf
_snwprintf
_snwscanf
_sopen
_spawnl
_spawnle
_spawnlp
_spawnlpe
_spawnv

Sections

.text
Size: 224KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/ogg.dll
.dll windows:4 windows x86 arch:x86

a17b6497dce2abe2d00aedc76157f796

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
HeapAlloc
HeapReAlloc
GetCurrentThreadId
TlsSetValue
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
TlsFree
SetLastError
TlsGetValue
GetLastError
TlsAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
WriteFile
InitializeCriticalSection
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
RtlUnwind
HeapSize
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualProtect
GetSystemInfo
VirtualQuery

Exports

Exports

ogg_packet_clear
ogg_page_bos
ogg_page_continued
ogg_page_eos
ogg_page_granulepos
ogg_page_packets
ogg_page_pageno
ogg_page_serialno
ogg_page_version
ogg_stream_clear
ogg_stream_destroy
ogg_stream_eos
ogg_stream_flush
ogg_stream_init
ogg_stream_packetin
ogg_stream_packetout
ogg_stream_packetpeek
ogg_stream_pagein
ogg_stream_pageout
ogg_stream_reset
ogg_stream_reset_serialno
ogg_sync_buffer
ogg_sync_clear
ogg_sync_destroy
ogg_sync_init
ogg_sync_pageout
ogg_sync_pageseek
ogg_sync_reset
ogg_sync_wrote
oggpack_adv
oggpack_adv1
oggpack_bits
oggpack_bytes
oggpack_get_buffer
oggpack_look
oggpack_look1
oggpack_read
oggpack_read1
oggpack_readinit
oggpack_reset
oggpack_write
oggpack_writealign
oggpack_writeclear
oggpack_writeinit

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/quicktime/3ivx Delta 3.5.qtx
.dll windows:4 windows x86 arch:x86

07a453398a4dc873bacce12ab89cb359

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
GetModuleFileNameA
LoadLibraryA
GetSystemDirectoryA
GetProcAddress
CloseHandle
GetModuleHandleA
LCMapStringA
GetFileType
GetStartupInfoA
CompareStringW
CompareStringA
SetEnvironmentVariableA
ReadFile
SetEndOfFile
GetTimeZoneInformation
GetSystemTime
GetLocalTime
InterlockedDecrement
InterlockedIncrement
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
RaiseException
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
MultiByteToWideChar
FreeLibrary
LCMapStringW
HeapFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
HeapAlloc
GetCPInfo
HeapReAlloc
RtlUnwind
GetStringTypeA
GetStringTypeW
SetFilePointer
VirtualAlloc
CreateFileA
SetStdHandle
FlushFileBuffers
GetACP
GetOEMCP

user32

GetClientRect
GetWindowLongA
LoadImageA
CallWindowProcA
SetWindowLongA

gdi32

SelectObject
PatBlt
CreatePatternBrush

advapi32

RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA

Exports

Exports

ThrivXCDComponentDispatch

Sections

.text
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/quicktime/3ivx.cm.flask
.dll windows:4 windows x86 arch:x86

75644c6ef7d9bf066d0e46ca6c0d7df1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord4627
ord4424
ord3582
ord567
ord825
ord616
ord4080
ord4275
ord823
ord1168
ord5277
ord3619
ord3626
ord3663
ord800
ord941
ord3825
ord3079
ord540
ord2414
ord283
ord2859
ord2379
ord4407
ord3716
ord790
ord3742
ord818
ord6880
ord2152
ord537
ord1233
ord3317
ord2971
ord5759
ord2243
ord3571
ord6186
ord4330
ord6189
ord6172
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord755
ord640
ord5785
ord4133
ord4297
ord2754
ord6194
ord6021
ord1640
ord323
ord470
ord3573
ord1641
ord5788
ord472
ord5265
ord3749
ord6192
ord5241
ord2514
ord6052
ord1775
ord5280
ord5756
ord2976
ord3402
ord641
ord324
ord2302
ord4234
ord4710
ord1948
ord2396
ord3346
ord5300
ord5303
ord4079
ord4699
ord5307
ord5289
ord5715
ord4538
ord565
ord817
ord2726
ord4226
ord3092
ord5953
ord2645
ord2575
ord4396
ord3574
ord609
ord860
ord2299
ord6646
ord6111
ord2642
ord4694
ord3089
ord4476
ord3098
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord5302
ord2725
ord4698
ord5714
ord3953
ord3738
ord561
ord815
ord6467
ord1105
ord6215
ord2086
ord6055
ord2023
ord2411
ord4774
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord3831
ord3830
ord3262
ord3081
ord2985
ord3259
ord3136
ord4465
ord2124
ord3147
ord2982
ord1727
ord2446
ord5261
ord4425
ord5065
ord3597
ord4398
ord1776
ord4078
ord4998
ord4376
ord4853
ord4622
ord1243
ord1116
ord1176
ord1575
ord1577
ord1182
ord342
ord269
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826

msvcrt

_onexit
sprintf
_ftol
free
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
floor
__dllonexit
atoi
strncpy
_CIpow
__CxxFrameHandler

kernel32

GetCurrentProcessId
CreateMutexA
LocalFree
ReleaseMutex
CloseHandle
GetLastError
GetModuleFileNameA
LoadLibraryA
GetModuleHandleA
GetProcAddress
FreeLibrary
GetSystemDirectoryA
WaitForSingleObject
ResetEvent
CreateEventA
lstrcpyA
SetEvent
LocalAlloc

user32

EnableWindow
LoadImageA
IsDialogMessageA
DrawIconEx
SendMessageA
DispatchMessageA
FillRect
GetSysColor
wsprintfA
GetMessageA
GrayStringA
TranslateMessage
MessageBoxA
PostQuitMessage
InvalidateRect
DrawTextA
TabbedTextOutA
GetWindowRect

gdi32

SelectObject
BitBlt
GetBkColor
DPtoLP
PtVisible
GetMapMode
LPtoDP
CreateCompatibleDC
CreateSolidBrush
CreateCompatibleBitmap
GetStockObject
RectVisible
TextOutA
ExtTextOutA
Escape

comdlg32

GetOpenFileNameA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

Exports

Exports

xCompileEntry

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/vorbis.dll
.dll windows:4 windows x86 arch:x86

2067b3db959aa4bd25a94f14beb7491f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ogg

oggpack_writealign
oggpack_readinit
oggpack_look
oggpack_write
oggpack_adv
oggpack_read
oggpack_writeinit
oggpack_writeclear
oggpack_get_buffer
oggpack_reset
oggpack_bytes

kernel32

SetLastError
HeapSize
GetSystemTimeAsFileTime
GetCurrentProcessId
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
HeapReAlloc
GetCurrentThreadId
TlsSetValue
GetCommandLineA
GetVersionExA
SetStdHandle
GetLastError
GetFileType
WriteFile
CloseHandle
SetHandleCount
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
TlsFree
TlsGetValue
TlsAlloc
RaiseException
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetFilePointer
InitializeCriticalSection
FlushFileBuffers
GetLocaleInfoA
GetCPInfo
VirtualProtect
GetSystemInfo
VirtualQuery
GetStringTypeA
GetStringTypeW
RtlUnwind
GetACP
GetOEMCP
LoadLibraryA
QueryPerformanceCounter
GetTickCount

Exports

Exports

_floor_P
_mapping_P
_residue_P
vorbis_analysis
vorbis_analysis_blockout
vorbis_analysis_buffer
vorbis_analysis_headerout
vorbis_analysis_init
vorbis_analysis_wrote
vorbis_bitrate_addblock
vorbis_bitrate_flushpacket
vorbis_block_clear
vorbis_block_init
vorbis_comment_add
vorbis_comment_add_tag
vorbis_comment_clear
vorbis_comment_init
vorbis_comment_query
vorbis_comment_query_count
vorbis_commentheader_out
vorbis_dsp_clear
vorbis_info_blocksize
vorbis_info_clear
vorbis_info_init
vorbis_packet_blocksize
vorbis_synthesis
vorbis_synthesis_blockin
vorbis_synthesis_headerin
vorbis_synthesis_init
vorbis_synthesis_pcmout
vorbis_synthesis_read
vorbis_synthesis_trackonly

Sections

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/XviDplg.dll
.dll regsvr32 windows:5 windows x86 arch:x86

15110b136bb63417f9f8db68a2ed1535

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

wininet

InternetCrackUrlA

user32

GetWindow

advapi32

RegSetValueExA

shell32

SHGetFileInfoA

ole32

CoTaskMemRealloc

oleaut32

LoadRegTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 114KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
AC3/ac3filter.ax
.dll regsvr32 windows:4 windows x86 arch:x86

135a6c6d4a158d1051e08a607647b1cb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

fopen
strtod
fclose
memmove
??3@YAXPAX@Z
__CxxFrameHandler
_swab
sprintf
_errno
_ftol
??2@YAPAXI@Z
_purecall
strtol
?terminate@@YAXXZ
_except_handler3
_CIpow

comctl32

ord17

comdlg32

GetOpenFileNameA

olepro32

ord250

kernel32

InterlockedIncrement
GetModuleHandleA
WideCharToMultiByte
GetLastError
GetThreadTimes
SystemTimeToFileTime
GetSystemTime
DuplicateHandle
GetCurrentThread
GetCurrentProcess
CloseHandle
GetPrivateProfileStringA
WritePrivateProfileStringA
GetVersionExA
DisableThreadLibraryCalls
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
lstrlenA
MultiByteToWideChar
GetModuleFileNameA

user32

IsDlgButtonChecked
CheckDlgButton
EndDialog
DialogBoxParamA
GetDlgCtrlID
GetDlgItemTextA
InvalidateRect
CreateDialogParamA
SetTimer
DefWindowProcA
wsprintfA
MoveWindow
IsWindowVisible
LoadStringA
LoadStringW
GetWindowRect
GetDesktopWindow
GetClientRect
GetWindowTextA
DrawTextA
BeginPaint
SetDlgItemTextA
SendDlgItemMessageA
EnableWindow
GetWindowLongA
CallWindowProcA
SendMessageA
SetWindowLongA
MessageBoxA
ShowWindow
DestroyWindow
GetDlgItem
EndPaint

gdi32

SelectObject
SetTextColor
DeleteObject
CreateFontA

shell32

ShellExecuteA

ole32

CoInitialize
CoUninitialize
CoFreeUnusedLibraries
StringFromGUID2
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree

advapi32

RegEnumValueA
RegCreateKeyA
RegSetValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteValueA
RegCloseKey
RegDeleteKeyA

Exports

Exports

CPlApplet
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
config

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AC3/dialog_patch.exe
.exe windows:4 windows x86 arch:x86

e4d6d7f3f0c0db6f2549f2eb543b9e85

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_initterm
fwrite
fread
fseek
printf
fopen
_exit
_XcptFilter
exit
__p___initenv
__getmainargs
fclose
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

Sections

.text
Size: 4KB - Virtual size: 636B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 486B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ffdhow/TomsMoComp_ff.dll
.dll windows:4 windows x86 arch:x86

a39681e7ddb0f3b2c5b9b4e6e015393f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_initterm
malloc
??3@YAXPAX@Z
_adjust_fdiv
free
??2@YAPAXI@Z

kernel32

DisableThreadLibraryCalls

Exports

Exports

create
destroy
process

Sections

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ffdhow/ffdshow.ax
.dll regsvr32 windows:4 windows x86 arch:x86

706e8a14262559c78d79b4150906ffd5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
GetACP
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls
lstrlenA
Sleep
LocalAlloc
LocalFree
DeleteFileA
GetPrivateProfileStringA
FindResourceA
LoadResource
SizeofResource
LockResource
LoadLibraryA
GetProcAddress
FreeLibrary
WritePrivateProfileStringA
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
CloseHandle
CreateEventA
GetCurrentProcessId
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
WideCharToMultiByte
GetVersionExA
SystemTimeToFileTime
SearchPathA
GetModuleFileNameA
GetSystemDirectoryA
InterlockedExchange
MultiByteToWideChar
GetFileAttributesA
FindFirstFileA
FindNextFileA
FindClose
OutputDebugStringA
WaitForSingleObject

user32

EndDialog
DialogBoxParamA
GetWindowPlacement
SetWindowPlacement
IsWindow
CreateDialogParamA
DrawEdge
MapWindowPoints
PtInRect
WindowFromPoint
LoadMenuA
GetSubMenu
MessageBoxA
EnableMenuItem
ScreenToClient
LoadCursorA
SetCursor
GetClientRect
RegisterWindowMessageA
SendMessageA
GetDesktopWindow
LoadStringW
SetMenuItemInfoA
GetMenuItemInfoA
GetMenuItemCount
ScrollWindow
ClientToScreen
SetCursorPos
GetSysColor
LoadBitmapA
SetCapture
ReleaseCapture
DestroyIcon
GetDC
ReleaseDC
GetFocus
GetDlgItemInt
SetDlgItemInt
GetWindowRect
GetParent
OffsetRect
MoveWindow
SetWindowPos
SetFocus
ShowWindow
IsWindowVisible
InvalidateRect
CallWindowProcA
EnableWindow
GetDlgItemTextA
SendDlgItemMessageA
SetDlgItemTextA
FillRect
LoadIconA
KillTimer
SetTimer
GetCursorPos
SetForegroundWindow
GetScrollInfo
SetScrollInfo
GetSystemMetrics
CreateDialogIndirectParamA
wsprintfA
UnregisterClassA
DispatchMessageA
TranslateMessage
TrackPopupMenu
GetMenuStringA
DestroyMenu
CreatePopupMenu
InsertMenuItemA
LoadStringA
GetDlgItem
SetWindowTextA
EnumChildWindows
GetWindowTextA
GetDlgCtrlID
DestroyWindow
GetForegroundWindow
GetWindowThreadProcessId
PostMessageA
GetWindowLongA
PostQuitMessage
DefWindowProcA
RegisterClassA
CreateWindowExA
SetWindowLongA
GetMessageA

msvcrt

??1type_info@@UAE@XZ
_stricoll
memchr
_vsnprintf
strtod
strtoul
fread
fputs
_strtime
fwrite
floor
_snprintf
strrchr
_CIpow
calloc
rewind
strncmp
sscanf
_beginthreadex
_endthreadex
vsprintf
__CxxFrameHandler
memmove
??2@YAPAXI@Z
strtol
_makepath
_splitpath
_ftol
??3@YAXPAX@Z
??0exception@@QAE@ABV0@@Z
_CxxThrowException
strncpy
??0exception@@QAE@XZ
??1exception@@UAE@XZ
malloc
free
memcpy
_purecall
realloc
srand
time
clock
_stricmp
strchr
sprintf
rand
_beginthread
atoi
fclose
fgets
fopen
_itoa
_strdup
isspace
_strnicmp
strstr

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegSetValueA
RegCreateKeyA

winmm

timeGetTime

ole32

GetRunningObjectTable
CoTaskMemFree
CoGetMalloc
CoInitialize
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoFreeUnusedLibraries
StringFromGUID2

oleaut32

OleCreatePropertyFrame

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_DrawEx
ImageList_Draw
ImageList_Add

gdi32

TextOutA
SetBkColor
SetTextColor
GetStockObject
SelectObject
CreateCompatibleBitmap
DeleteDC
SetTextCharacterExtra
CreateCompatibleDC
CreateFontIndirectA
GetDIBits
CreateBrushIndirect
GetObjectA
GetCurrentObject
Polygon
SetTextAlign
CreatePen
CreateSolidBrush
StretchDIBits
StretchBlt
SetDIBitsToDevice
EnumFontFamiliesExA
GetTextExtentPoint32A
DeleteObject

shell32

Shell_NotifyIconA
ShellExecuteA
SHGetPathFromIDListA
SHBrowseForFolderA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
ChooseColorA

dinput

DirectInputCreateA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
configure

Sections

.text
Size: 488KB - Virtual size: 487KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ffdhow/ffdshow.ax.manifest
.xml
ffdhow/libavcodec.dll
.dll windows:4 windows x86 arch:x86

b51fc6a8a7c9a782ca6484d1910a8809

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

msvcrt

__dllonexit
_errno
abort
cos
exit
fflush
free
malloc
memcpy
memmove
memset
perror
sqrt
sscanf
strlen
strtoul
toupper

kernel32

AddAtomA
CreateMutexA
FindAtomA
GetAtomNameA
InterlockedIncrement
ReleaseMutex
Sleep
WaitForSingleObject

Exports

Exports

av_free_static
avcodec_alloc_context
avcodec_alloc_frame
avcodec_close
avcodec_decode_video
avcodec_find_decoder
avcodec_flush_buffers
avcodec_init
avcodec_open
avcodec_register_all
getVersion
setAllocator

Sections

.text
Size: 727KB - Virtual size: 726KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ffdhow/libmpeg2_ff.dll
.dll windows:4 windows x86 arch:x86

67db939c52f2b57725ae990f2d0abbd9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

msvcrt

__dllonexit
_errno
abort
fflush
free
malloc
memset
strlen
strtoul

kernel32

AddAtomA
CreateMutexA
FindAtomA
GetAtomNameA
InterlockedIncrement
ReleaseMutex
Sleep
WaitForSingleObject

Exports

Exports

mpeg2_buffer
mpeg2_close
mpeg2_info
mpeg2_init
mpeg2_parse

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ffdhow/libmplayer.dll
.dll windows:4 windows x86 arch:x86

25b02e99a161d0ccae01e276f5a2a8ec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

msvcrt

__dllonexit
_assert
_errno
abort
ceil
exp
fflush
floor
free
frexp
ldexp
log
malloc
memcpy
memset
rand
srand
strlen
strtoul

kernel32

AddAtomA
CreateMutexA
FindAtomA
GetAtomNameA
InterlockedIncrement
ReleaseMutex
Sleep
WaitForSingleObject

Exports

Exports

init_mplayer
mp_noise_
mp_noise_done
mp_noise_init
mp_noise_process
pp_free_context
pp_get_context
pp_postprocess
sws_freeContext
sws_getContextFromCmdLine
sws_scale
yuy2toyv12
yv12toyuy2

Sections

.text
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 73KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 764B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
uninstall.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 39KB - Virtual size: 38KB

c480ee4d2a64d4a16edee43fdfe35079

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 9KB - Virtual size: 10KB

.reloc Size: 1KB - Virtual size: 1KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

4a6b5dd91037124752d0b0b9bee8d857

Headers

File Characteristics

Imports

ntdll

kernel32

user32

winmm

Exports

Exports

Sections

.text Size: 119KB - Virtual size: 119KB

.data Size: 35KB - Virtual size: 57KB

.data1 Size: 512B - Virtual size: 176B

.reloc Size: 6KB - Virtual size: 5KB

.rsrc Size: 118KB - Virtual size: 120KB

7218d5c9b86e089c8756c597ad12f873

Headers

File Characteristics

Imports

msvcrt

user32

gdi32

kernel32

winmm

advapi32

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 39KB - Virtual size: 38KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 9KB - Virtual size: 10KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 119KB - Virtual size: 119KB

.data
Size: 35KB - Virtual size: 57KB

.data1
Size: 512B - Virtual size: 176B

.reloc
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 118KB - Virtual size: 120KB

.text
Size: 230KB - Virtual size: 229KB

.data
Size: 160KB - Virtual size: 465KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 10KB - Virtual size: 10KB

.text
Size: 140KB - Virtual size: 139KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 24KB - Virtual size: 20KB

.reloc
Size: 16KB - Virtual size: 15KB

.text
Size: 36KB - Virtual size: 32KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 836KB - Virtual size: 851KB

.reloc
Size: 16KB - Virtual size: 12KB

.text
Size: 100KB - Virtual size: 96KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 28KB - Virtual size: 25KB

.reloc
Size: 8KB - Virtual size: 7KB