modiloader | 95ee0562ceae489dab197732e409e0c49ab89e3bf71eddfaad36179c18986837

Sharing

Copy URL Twitter E-mail

General

Target

95ee0562ceae489dab197732e409e0c49ab89e3bf71eddfaad36179c18986837
Size

6.6MB
MD5

8d1ffb45440bd45faa2f73aeaa5ab791
SHA1

70c7cf5325001a49c6dbd4c6b049d065169dcfeb
SHA256

95ee0562ceae489dab197732e409e0c49ab89e3bf71eddfaad36179c18986837
SHA512

ab74e80f41d1bcdb560d0f92a5a508dcab9552ae786f50854ec96259b2a87fef4e38ab816688b7fab48ae22a42375031489c84b38710c0725d29da3714df7811
SSDEEP

196608:eM4v4MsWxH0Yn8Y9KtWm0br/F3/jGAbTx6n:eMg+WJFbTgG4n

Score

10^/10

upx modiloader

Malware Config

Signatures

ModiLoader First Stage 1 IoCs

resource	yara_rule
static1/unpack001/AutoGK.exe	modiloader_stage1

Modiloader family
modiloader

ACProtect 1.3x - 1.4x DLL software 5 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/VDubMod/AviSynthLexer.lexer	acprotect
static1/unpack001/VDubMod/SciLexer.dll	acprotect
static1/unpack001/VDubMod/corona.dll	acprotect
static1/unpack001/VDubMod/ogg.dll	acprotect
static1/unpack001/VDubMod/vorbis.dll	acprotect

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/VDubMod/AviSynthLexer.lexer	upx
static1/unpack001/VDubMod/SciLexer.dll	upx
static1/unpack001/VDubMod/VirtualDubMod.exe	upx
static1/unpack001/VDubMod/corona.dll	upx
static1/unpack001/VDubMod/ogg.dll	upx
static1/unpack001/VDubMod/vorbis.dll	upx

Unsigned PE 18 IoCs

Checks for missing Authenticode signature.

resource
95ee0562ceae489dab197732e409e0c49ab89e3bf71eddfaad36179c18986837
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/AutoGK.exe
unpack001/VDubMod/AuxSetup.exe
unpack001/VDubMod/AviSynthLexer.lexer
unpack002/out.upx
unpack001/VDubMod/SciLexer.dll
unpack001/VDubMod/VirtualDubMod.exe
unpack001/VDubMod/corona.dll
unpack007/out.upx
unpack001/VDubMod/ogg.dll
unpack008/out.upx
unpack001/VDubMod/vdicmdrv.dll
unpack001/VDubMod/vdremote.dll
unpack001/VDubMod/vdsvrlnk.dll
unpack001/VDubMod/vorbis.dll
unpack009/out.upx
unpack001/bbSummary.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

95ee0562ceae489dab197732e409e0c49ab89e3bf71eddfaad36179c18986837
.exe windows:4 windows x86 arch:x86

9632e80596371cfa7f563f680f3c4498

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

kernel32

SetErrorMode
GetExitCodeProcess
WaitForSingleObject
ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
FindNextFileA
DeleteFileA
FindFirstFileA
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetModuleHandleA
ExitProcess
lstrcpynA
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
EnterCriticalSection
Sleep
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
GlobalFree
LoadLibraryA
GetProcAddress
CreateThread
FreeLibrary
MultiByteToWideChar
GetCurrentProcess
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
MulDiv
CopyFileA

user32

CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
ExitWindowsEx
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
PostQuitMessage

gdi32

GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateBrushIndirect
CreateFontA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

3764e6c387ce3c76b39936a24d523dce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileIntA
MultiByteToWideChar
GetPrivateProfileStringA
MulDiv
lstrcmpiA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GetModuleHandleA
GlobalAlloc

user32

PtInRect
MapWindowPoints
GetDlgCtrlID
LoadIconA
LoadImageA
LoadCursorA
CreateWindowExA
GetDC
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
EnableWindow
SendMessageA
SetWindowTextA
GetWindowTextA
wsprintfA
CharNextA
SetWindowLongA

gdi32

SetTextColor
CreateCompatibleDC
SelectObject
GetTextMetricsA
GetTextExtentPoint32A
DeleteDC
DeleteObject

comdlg32

GetOpenFileNameA
CommDlgExtendedError
GetSaveFileNameA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
3rdparty.txt
AutoGK.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 785KB - Virtual size: 784KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 7KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
VDubMod/AuxSetup.exe
.exe windows:4 windows x86 arch:x86

e2368e5129903260d8e4d9364b8d39de

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MulDiv
InterlockedDecrement
CreateFileA
SetPriorityClass
GetCurrentProcess
VirtualAlloc
ReadFile
CloseHandle
SetFilePointer
FlushFileBuffers
WriteFile
GetVolumeInformationA
GetDriveTypeA
GetLogicalDrives
GetModuleHandleA
VirtualFree
InterlockedIncrement
FormatMessageA
GetLastError
DeleteFileA
GetWindowsDirectoryA
GetModuleFileNameA
GetTickCount
GetFullPathNameA
GetStartupInfoA

user32

TranslateMessage
WinHelpA
DispatchMessageA
GetMessageA
SetDlgItemInt
UpdateWindow
ShowWindow
CreateDialogParamA
RegisterClassA
LoadCursorA
LoadIconA
CheckDlgButton
SetWindowTextA
SendDlgItemMessageA
EnableWindow
PeekMessageA
IsDialogMessageA
SetDlgItemTextA
SetFocus
GetDlgItemInt
IsDlgButtonChecked
EndDialog
GetDlgItem
SendMessageA
DefWindowProcA
MessageBoxA
DialogBoxParamA
DestroyWindow
PostQuitMessage

advapi32

RegDeleteKeyA
RegOpenKeyExA
RegEnumKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

ShellExecuteA

version

VerInstallFileA

winmm

mmioWrite
mmioClose
timeSetEvent
mmioOpenA
timeKillEvent

msvcrt

__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
??3@YAXPAX@Z
_CxxThrowException
__CxxFrameHandler
malloc
free
_ftol
sscanf
sprintf
_vsnprintf
vsprintf
__set_app_type
_except_handler3
_controlfp

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
VDubMod/AviSynthLexer.lexer
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Fold
GetLexerCount
GetLexerName
Lex

Sections

UPX0
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 52KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 134B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
VDubMod/Changes_MOD.txt
VDubMod/Codecs.ini
VDubMod/SciLexer.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

Scintilla_DirectFunction
Scintilla_DirectFunction@16

Sections

UPX0
Size: - Virtual size: 272KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 141KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
VDubMod/VirtualDub.vdhelp
.zip
help0.zip
.zip
audio-filters.html
.html
capwarn.html
.html
crash.html
.html
d-audiocompression.html
.html
d-audioconversion.html
.html
d-audiofilters.html
.html
d-audiointerleaving.html
.html
d-audiovolume.html
.html
d-capturepreferences.html
.html
d-capturesettings.html
.html
d-capturevumeter.html
.html
d-preferences.html
.html
d-videocolordepth.html
.html
d-videocompression.html
.html
d-videofilters.html
.html
d-videoframerate.html
.html
d-videorange.html
.html
index.html
.html
pics/d-audiocompression.png
.png
pics/d-audioconversion.png
.png
pics/d-audiofilters.png
.png
pics/d-audiointerleaving.png
.png
pics/d-audiovolume.png
.png
pics/d-capturepreferences.png
.png
pics/d-capturesettings.png
.png
pics/d-capturevumeter.png
.png
pics/d-preferences.png
.png
pics/d-videocolordepth.png
.png
pics/d-videocompression.png
.png
pics/d-videofilters.png
.png
pics/d-videoframerate.png
.png
pics/d-videorange.png
.png
video-filters.html
.html
VDubMod/VirtualDubMod.chm
.chm
VDubMod/VirtualDubMod.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 839KB - Virtual size: 840KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
VDubMod/VirtualDubMod.vdi
VDubMod/copying
VDubMod/corona.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

_CorCloneImage@8
_CorConvertImage@8
_CorConvertPalette@8
_CorCreateImage@12
_CorCreateMemoryFile@8
_CorCreatePalettizedImage@20
_CorGetFullVersion@12
_CorGetPixelSize@4
_CorGetSupportedReadFormats@0
_CorGetSupportedWriteFormats@0
_CorGetVersion@0
_CorOpenImage@8
_CorOpenImageFromFile@8
_CorSaveImage@12
_CorSaveImageToFile@12

Sections

UPX0
Size: - Virtual size: 140KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 120KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VDubMod/license_corona.txt
VDubMod/ogg.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ogg_packet_clear
ogg_page_bos
ogg_page_continued
ogg_page_eos
ogg_page_granulepos
ogg_page_packets
ogg_page_pageno
ogg_page_serialno
ogg_page_version
ogg_stream_clear
ogg_stream_destroy
ogg_stream_eos
ogg_stream_flush
ogg_stream_init
ogg_stream_packetin
ogg_stream_packetout
ogg_stream_packetpeek
ogg_stream_pagein
ogg_stream_pageout
ogg_stream_reset
ogg_stream_reset_serialno
ogg_sync_buffer
ogg_sync_clear
ogg_sync_destroy
ogg_sync_init
ogg_sync_pageout
ogg_sync_pageseek
ogg_sync_reset
ogg_sync_wrote
oggpack_adv
oggpack_adv1
oggpack_bits
oggpack_bytes
oggpack_get_buffer
oggpack_look
oggpack_look1
oggpack_read
oggpack_read1
oggpack_readinit
oggpack_reset
oggpack_write
oggpack_writealign
oggpack_writeclear
oggpack_writeinit

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VDubMod/proxyoff.reg
VDubMod/proxyon.reg
VDubMod/readme.txt
VDubMod/readme_AviSynthesizer.txt
VDubMod/readme_SyncPatch.txt
VDubMod/readme_VirtualDubMod.txt
VDubMod/readme_virtualdubmod_dlls.txt
VDubMod/vdicmdrv.dll
.dll windows:4 windows x86 arch:x86

91d7d214297b3155a0ca6096bb170eaf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
FreeLibrary

user32

DialogBoxParamA
EndDialog

winmm

DefDriverProc

msvcrt

_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
??3@YAXPAX@Z
_purecall
??2@YAPAXI@Z
__CxxFrameHandler
wcscpy

Exports

Exports

DriverProc

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VDubMod/vdremote.dll
.dll windows:4 windows x86 arch:x86

444cc0a964a3bf29eebaed4156b0f640

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
AreFileApisANSI
WideCharToMultiByte

ole32

CoCreateInstance
CoInitialize
CoUninitialize

winmm

mmioDescend
mmioOpenA
mmioRead
mmioClose
mmioSeek

avifil32

IID_IAVIStream

vdsvrlnk

GetDubServerInterface

msvcrt

_adjust_fdiv
_initterm
free
??1type_info@@UAE@XZ
memset
memcpy
wcscpy
_stricmp
_CxxThrowException
memcmp
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler
malloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VDubMod/vdsvrlnk.dll
.dll windows:4 windows x86 arch:x86

f5ed8634b424dc38ed47a7ada8191575

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
UnmapViewOfFile
CreateMutexA
MapViewOfFile
GetLastError
CreateFileMappingA
GetTickCount
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryA
WaitForSingleObject
ReleaseMutex
lstrcpyA

user32

SendMessageA
wsprintfA

msvcrt

_stricmp
memset
strncpy
memcpy
??3@YAXPAX@Z
??2@YAPAXI@Z
free
_initterm
malloc
_adjust_fdiv

Exports

Exports

GetDubServerInterface

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 310B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VDubMod/vorbis.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

_floor_P
_mapping_P
_residue_P
vorbis_analysis
vorbis_analysis_blockout
vorbis_analysis_buffer
vorbis_analysis_headerout
vorbis_analysis_init
vorbis_analysis_wrote
vorbis_bitrate_addblock
vorbis_bitrate_flushpacket
vorbis_block_clear
vorbis_block_init
vorbis_comment_add
vorbis_comment_add_tag
vorbis_comment_clear
vorbis_comment_init
vorbis_comment_query
vorbis_comment_query_count
vorbis_commentheader_out
vorbis_dsp_clear
vorbis_info_blocksize
vorbis_info_clear
vorbis_info_init
vorbis_packet_blocksize
vorbis_synthesis
vorbis_synthesis_blockin
vorbis_synthesis_headerin
vorbis_synthesis_init
vorbis_synthesis_pcmout
vorbis_synthesis_read
vorbis_synthesis_trackonly

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 45KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bbSummary.exe
.exe windows:4 windows x86 arch:x86

258ff3f955db994965ba9ed50f157d56

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
HeapFree
HeapAlloc
GetCommandLineA
GetVersionExA
GetLastError
ReadFile
CloseHandle
SetFilePointer
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapSize
CreateFileA
SetStdHandle
FlushFileBuffers
LoadLibraryA
MultiByteToWideChar
VirtualProtect
GetSystemInfo
VirtualQuery
GetACP
GetOEMCP
GetCPInfo
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetEndOfFile
RaiseException
RtlUnwind
GetLocaleInfoA

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
help/AboutScreen.jpg
.jpg
help/AddingMovie.jpg
.jpg
help/Advanced Options.jpg
.jpg
help/Angles.jpg
.jpg
help/AutoGK.html
.html
help/Burn.jpg
.jpg
help/CD Compilation.jpg
.jpg
help/Episodes.jpg
.jpg
help/FrameCalc.jpg
.jpg
help/HiddenOptions.jpg
.jpg
help/Hyperthread.jpg
.jpg
help/IFOSettings.jpg
.jpg
help/LogWindow.jpg
.jpg
help/Mainscreen1.jpg
.jpg
help/Mainscreen2.jpg
.jpg
help/Mainscreen3.jpg
.jpg
help/Preview1.jpg
.jpg
help/Preview2.jpg
.jpg
help/SetIFO.jpg
.jpg
help/Standard DVD.jpg
.jpg
help/StreamProcessingTab.jpg
.jpg
help/T2Extreme.jpg
.jpg
help/UnusualDVD.jpg
.jpg
hidden_options.txt
history.txt
license.txt
shortcuts.txt

Sharing

General

Malware Config

Signatures

Files

9632e80596371cfa7f563f680f3c4498

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 9KB - Virtual size: 12KB

3764e6c387ce3c76b39936a24d523dce

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 924B

Headers

File Characteristics

Sections

CODE Size: 785KB - Virtual size: 784KB

DATA Size: 9KB - Virtual size: 8KB

BSS Size: - Virtual size: 7KB

.idata Size: 11KB - Virtual size: 11KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 51KB - Virtual size: 50KB

.rsrc Size: 152KB - Virtual size: 152KB

e2368e5129903260d8e4d9364b8d39de

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

version

winmm

msvcrt

Sections

.text Size: 12KB - Virtual size: 9KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 5KB

.rsrc Size: 12KB - Virtual size: 8KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 88KB

UPX1 Size: 52KB - Virtual size: 56KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 99KB - Virtual size: 99KB

DATA Size: 2KB - Virtual size: 1KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 9KB - Virtual size: 12KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 924B

CODE
Size: 785KB - Virtual size: 784KB

DATA
Size: 9KB - Virtual size: 8KB

BSS
Size: - Virtual size: 7KB

.idata
Size: 11KB - Virtual size: 11KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 51KB - Virtual size: 50KB

.rsrc
Size: 152KB - Virtual size: 152KB

.text
Size: 12KB - Virtual size: 9KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 12KB - Virtual size: 8KB

UPX0
Size: - Virtual size: 88KB

UPX1
Size: 52KB - Virtual size: 56KB

.rsrc
Size: 2KB - Virtual size: 4KB

CODE
Size: 99KB - Virtual size: 99KB

DATA
Size: 2KB - Virtual size: 1KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 134B

.reloc
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 6KB - Virtual size: 6KB

UPX0
Size: - Virtual size: 272KB

UPX1
Size: 141KB - Virtual size: 144KB

.rsrc
Size: 1KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 2.1MB

UPX1
Size: 839KB - Virtual size: 840KB

.rsrc
Size: 17KB - Virtual size: 20KB

UPX0
Size: - Virtual size: 140KB

UPX1
Size: 120KB - Virtual size: 124KB

UPX2
Size: 1024B - Virtual size: 4KB

.text
Size: 192KB - Virtual size: 191KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 32KB - Virtual size: 37KB

.reloc
Size: 8KB - Virtual size: 7KB

UPX0
Size: - Virtual size: 36KB

UPX1
Size: 18KB - Virtual size: 20KB

UPX2
Size: 1KB - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 13KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 4KB - Virtual size: 3KB