cfeb69db03998240d2593c880a3cc09d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

cfeb69db03998240d2593c880a3cc09d_JaffaCakes118
Size

1.9MB
MD5

cfeb69db03998240d2593c880a3cc09d
SHA1

0575c83c5324edaeb43aa67f6a8260e9b875f77f
SHA256

18e4070da2cf9394ab213161933e536f2ed69cae8833b94b0f60a3619b37f89f
SHA512

f92df0c003257531015e0959215f37284403dd34a227137e61891621edc121213fe26af3b2fde5a9a3e368d7a14a70b625a530449efb1d4beadd2307642bb8a3
SSDEEP

49152:M8cqpZwfuS0Bos/qxCuC9FMh9LH5Kn289uL9AGklk:tcWZwfI6xC9mhZZSV9uJ5

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
cfeb69db03998240d2593c880a3cc09d_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/avcodec-51.dll
unpack001/libfontconfig-1.dll
unpack001/libfreetype-6.dll
unpack001/vlc.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_2

Files

cfeb69db03998240d2593c880a3cc09d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

28a099a911237a28521d8b7ea250f089

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectA
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileA
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcess
GetDiskFreeSpaceA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersion
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryA
LoadLibraryExA
MoveFileA
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryA
SearchPathA
SetCurrentDirectoryA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WriteFile
WritePrivateProfileStringA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderA
SHFileOperationA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA

user32

AppendMenuA
BeginPaint
CallWindowProcA
CharNextA
CharPrevA
CheckDlgButton
CloseClipboard
CreateDialogParamA
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawTextA
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExA
GetClassInfoA
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextA
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongA
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadImageA
MessageBoxIndirectA
OpenClipboard
PeekMessageA
PostQuitMessage
RegisterClassA
ScreenToClient
SendMessageA
SendMessageTimeoutA
SetClassLongA
SetClipboardData
SetCursor
SetDlgItemTextA
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
SystemParametersInfoA
TrackPopupMenu
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 107KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 1024B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

7458f96eb10904198d988c72ce690084

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

comdlg32

CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA

gdi32

CombineRgn
CreateCompatibleDC
CreateRectRgn
DeleteObject
GetDIBits
GetObjectA
SelectObject
SetTextColor

kernel32

GetCurrentDirectoryA
GetModuleHandleA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
MultiByteToWideChar
SetCurrentDirectoryA
WritePrivateProfileStringA
lstrcatA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

ole32

CoTaskMemFree

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

user32

CallWindowProcA
CharNextA
CloseClipboard
CreateDialogParamA
CreateWindowExA
DestroyIcon
DestroyWindow
DispatchMessageA
DrawFocusRect
DrawTextA
EnableMenuItem
EnableWindow
GetClientRect
GetClipboardData
GetDlgCtrlID
GetDlgItem
GetMessageA
GetSystemMenu
GetWindowLongA
GetWindowRect
GetWindowTextA
IsDialogMessageA
LoadCursorA
LoadIconA
LoadImageA
MapDialogRect
MapWindowPoints
MessageBoxA
OpenClipboard
PostMessageA
PtInRect
SendMessageA
SetCursor
SetWindowLongA
SetWindowPos
SetWindowRgn
SetWindowTextA
ShowWindow
TranslateMessage
wsprintfA

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

8f97009d8efbcc799068d9001799c34c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

gdi32

CreateFontIndirectA
DeleteObject
GetDeviceCaps

kernel32

GetACP
GetModuleHandleA
GlobalAlloc
GlobalFree
MulDiv
lstrcmpA
lstrcpyA
lstrcpynA
lstrlenA

user32

DialogBoxParamA
EndDialog
GetDC
LoadIconA
SendDlgItemMessageA
SendMessageA
SetDlgItemTextA
SetWindowTextA
ShowWindow

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 73B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 748B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
avcodec-51.dll
.dll windows:4 windows x86 arch:x86

9b5a86af906acf12f39d437fe73d9bb9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
InterlockedExchange
LeaveCriticalSection
Sleep

msvcrt

_open
_strdup
_tempnam
__dllonexit
_assert
_errno
_iob
abort
acos
asin
atan
atoi
calloc
ceil
cos
cosh
exit
exp
fflush
floor
fprintf
fread
free
frexp
fseek
ftell
fwrite
isprint
isspace
ldexp
log
log10
malloc
memcpy
memmove
memset
pow
qsort
realloc
sin
sinh
sprintf
sqrt
sscanf
strchr
strcmp
strlen
strncpy
strtod
strtol
tan
tanh
tolower
toupper
vfprintf

libz-1-2

compress
compress2
crc32
deflate
deflateEnd
deflateInit2_
deflateInit_
deflateReset
inflate
inflateEnd
inflateInit_
inflateReset
inflateSync
uncompress

Exports

Exports

AACQuantize
AACQuantizeEnd
AACQuantizeInit
ABR_iteration_loop
ATHformula
AddVbrFrame
AnalyzeSamples
BitAllocation
BitSearch
BitrateIndex
CBR_iteration_loop
CRC_writeheader
CalcAvgEnrg
CalcBits
CheckVbrTag
CloseBitStream
CopyPredInfo
DCtab_chrom
DCtab_lum
FilterBank
FilterBankEnd
FilterBankInit
FindNearestBitrate
GetAlbumGain
GetChannelInfo
GetMaxPredSfb
GetSRIndex
GetTitleGain
GetVbrTag
HuffmanEnd
HuffmanInit
IFilterBank
InitGainAnalysis
InitVbrTag
L3psycho_anal_ns
L3psycho_anal_vbr
LtpEncode
LtpEnd
LtpInit
LtpReconstruct
LtpUpdate
MPV_common_defaults
MPV_common_end
MPV_common_init
MPV_common_init_mmx
MPV_decode_defaults
MPV_decode_mb
MPV_encode_end
MPV_encode_init
MPV_encode_picture
MPV_frame_end
MPV_frame_start
MSEncode
MSReconstruct
MaxBitrate
MaxBitresSize
MaxPredSfb
MinBitrate
NoiselessBitCount
OpenBitStream
OutputBits
PredCalcPrediction
PredInit
PutBit
PutVbrTag
ResetSampleFrequency
ResvAdjust
ResvFrameBegin
ResvFrameEnd
ResvMaxBits
SmpFrqIndex
SortBookNumbers
SortForGrouping
TnsDecodeFilterOnly
TnsEncode
TnsEncodeFilterOnly
TnsInit
UpdateMusicCRC
VBR_encode_frame
VBR_new_iteration_loop
VBR_old_iteration_loop
WriteBitstream
WriteScalefactors
aac_decoder
aac_parser
aasc_decoder
ac3_common_init
ac3_decoder
ac3_encoder
ac3_parametric_bit_allocation
ac3_parser
add_dummy_byte
add_pixels_clamped_mmx
adj43asm
adpcm_4xm_decoder
adpcm_adx_decoder
adpcm_adx_encoder
adpcm_ct_decoder
adpcm_ea_decoder
adpcm_ea_maxis_xa_decoder
adpcm_ea_r1_decoder
adpcm_ea_r2_decoder
adpcm_ea_r3_decoder
adpcm_ea_xas_decoder
adpcm_g726_decoder
adpcm_g726_encoder
adpcm_ima_amv_decoder
adpcm_ima_dk3_decoder
adpcm_ima_dk4_decoder
adpcm_ima_ea_eacs_decoder
adpcm_ima_ea_sead_decoder
adpcm_ima_qt_decoder
adpcm_ima_qt_encoder
adpcm_ima_smjpeg_decoder
adpcm_ima_wav_decoder
adpcm_ima_wav_encoder
adpcm_ima_ws_decoder
adpcm_ms_decoder
adpcm_ms_encoder
adpcm_sbpro_2_decoder
adpcm_sbpro_3_decoder
adpcm_sbpro_4_decoder
adpcm_swf_decoder
adpcm_swf_encoder
adpcm_thp_decoder
adpcm_xa_decoder
adpcm_yamaha_decoder
adpcm_yamaha_encoder
alac_decoder
alac_encoder
align_put_bits
alloc_picture
amv_decoder
ape_decoder
apply_mdct
apply_preset
asv1_decoder
asv1_encoder
asv2_decoder
asv2_encoder
athAdjust
atrac3_decoder
audio_resample
audio_resample_close
audio_resample_init
av_add_q
av_audio_convert
av_audio_convert_alloc
av_audio_convert_free
av_bitstream_filter_close
av_bitstream_filter_filter
av_bitstream_filter_init
av_bitstream_filter_next
av_build_filter
av_codec_next
av_crc
av_crc_get_table
av_crc_init
av_d2q
av_div_q
av_evaluate_lls
av_fast_realloc
av_find_opt
av_first_parser
av_free
av_freep
av_get_bits_per_sample
av_get_bits_per_sample_format
av_get_double
av_get_int
av_get_pict_type_char
av_get_q
av_get_string
av_init_lls
av_init_random
av_lfg_init
av_log
av_log_default_callback
av_log_get_level
av_log_level
av_log_missing_feature
av_log_set_callback
av_log_set_level
av_malloc
av_mallocz
av_md5_final
av_md5_init
av_md5_size
av_md5_sum
av_md5_update
av_memcpy_backptr
av_mul_q
av_next_option
av_opt_set_defaults
av_opt_set_defaults2
av_opt_show
av_parse_video_frame_rate
av_parse_video_frame_size
av_parser_change
av_parser_close
av_parser_init
av_parser_next
av_parser_parse
av_picture_copy
av_picture_crop
av_picture_pad
av_random_generate_untempered_numbers
av_realloc
av_reduce
av_register_bitstream_filter
av_register_codec_parser
av_resample
av_resample_close
av_resample_compensate
av_resample_init
av_rescale
av_rescale_q
av_rescale_rnd
av_set_double
av_set_int
av_set_q
av_set_string
av_set_string2
av_solve_lls
av_strdup
av_sub_q
av_tempfile
av_update_lls
av_vlog
av_xiphlacing
avcodec_align_dimensions
avcodec_alloc_context
avcodec_alloc_context2
avcodec_alloc_frame
avcodec_build
avcodec_check_dimensions
avcodec_close
avcodec_decode_audio
avcodec_decode_audio2
avcodec_decode_subtitle
avcodec_decode_video
avcodec_default_execute
avcodec_default_free_buffers
avcodec_default_get_buffer
avcodec_default_get_format
avcodec_default_reget_buffer
avcodec_default_release_buffer
avcodec_encode_audio
avcodec_encode_subtitle
avcodec_encode_video
avcodec_find_best_pix_fmt
avcodec_find_decoder
avcodec_find_decoder_by_name
avcodec_find_encoder
avcodec_find_encoder_by_name
avcodec_flush_buffers
avcodec_get_chroma_sub_sample
avcodec_get_context_defaults
avcodec_get_context_defaults2
avcodec_get_frame_defaults
avcodec_get_pix_fmt
avcodec_get_pix_fmt_loss
avcodec_get_pix_fmt_name
avcodec_get_sample_fmt
avcodec_get_sample_fmt_name
avcodec_init
avcodec_open
avcodec_pix_fmt_string
avcodec_pix_fmt_to_codec_tag
avcodec_register_all
avcodec_sample_fmt_string
avcodec_set_dimensions
avcodec_string
avcodec_thread_init
avcodec_version
avpicture_alloc
avpicture_deinterlace
avpicture_fill
avpicture_free
avpicture_get_size
avpicture_layout
avs_decoder
best_huffman_divide
best_scalefac_store
bethsoftvid_decoder
bfi_decoder
bitrate_table
bmp_decoder
bmp_encoder
c93_decoder
calc_noise
calc_xmin
cavs_decoder
cavsvideo_parser
cbpy_tab
cinepak_decoder
cljr_decoder
compute_flushbits
cook_decoder
copy_buffer
copy_picture
count_bits
cscd_decoder
cyuv_decoder
dca_decoder
dca_parser
dct_quantize_c
dct_quantize_trellis_c
denoise_dct_c
dirac_parser
disable_FPE
dnxhd_decoder
dnxhd_encoder
dsicinaudio_decoder
dsicinvideo_decoder
dsputil_init
dsputil_init_mmx
dsputil_init_pix_mmx
dsputil_static_init
dsputilenc_init_mmx
dump_extradata_bsf
dvbsub_decoder
dvbsub_encoder
dvbsub_parser
dvdsub_decoder
dvdsub_encoder
dvdsub_parser
dvvideo_decoder
dvvideo_encoder
dxa_decoder
eac3_decoder
eacmv_decoder
eatgv_decoder
eightbps_decoder
eightsvx_exp_decoder
eightsvx_fib_decoder
escape124_decoder
faacEncClose@4
faacEncEncode@20
faacEncGetCurrentConfiguration@4
faacEncGetDecoderSpecificInfo@12
faacEncGetVersion@8
faacEncOpen@16
faacEncSetConfiguration@8
fast_log2
fdct_ifast
fdct_ifast248
ff_aac_ac3_parse
ff_aac_codebook_vectors
ff_aac_kbd_long_1024
ff_aac_kbd_short_128
ff_aac_num_swb_1024
ff_aac_num_swb_128
ff_aac_pow2sf_tab
ff_aac_scalefactor_bits
ff_aac_scalefactor_code
ff_aac_spectral_bits
ff_aac_spectral_codes
ff_aac_spectral_sizes
ff_ac3_bap_tab
ff_ac3_bit_alloc_calc_bap
ff_ac3_bit_alloc_calc_mask
ff_ac3_bit_alloc_calc_psd
ff_ac3_bitrate_tab
ff_ac3_channels_tab
ff_ac3_critical_band_size_tab
ff_ac3_db_per_bit_tab
ff_ac3_downmix_c
ff_ac3_fast_decay_tab
ff_ac3_fast_gain_tab
ff_ac3_floor_tab
ff_ac3_frame_size_tab
ff_ac3_hearing_threshold_tab
ff_ac3_log_add_tab
ff_ac3_parse_header
ff_ac3_parse_header_full
ff_ac3_rematrix_band_tab
ff_ac3_sample_rate_tab
ff_ac3_slow_decay_tab
ff_ac3_slow_gain_tab
ff_ac3_ungroup_3_in_5_bits_tab
ff_ac3_window
ff_acelp_convolve_circ
ff_acelp_high_pass_filter
ff_acelp_interp_filter
ff_acelp_interpolate
ff_acelp_lp_synthesis_filter
ff_add_png_paeth_prediction
ff_aic_dc_scale_table
ff_alternate_horizontal_scan
ff_alternate_vertical_scan
ff_apply_motion_4x4
ff_apply_motion_8x8
ff_apply_vector_2x2
ff_apply_vector_4x4
ff_avg_cavs_qpel16_mc00_c
ff_avg_cavs_qpel16_mc00_mmx2
ff_avg_cavs_qpel8_mc00_c
ff_avg_cavs_qpel8_mc00_mmx2
ff_avg_qpel16_mc11_old_c
ff_avg_qpel16_mc12_old_c
ff_avg_qpel16_mc13_old_c
ff_avg_qpel16_mc31_old_c
ff_avg_qpel16_mc32_old_c
ff_avg_qpel16_mc33_old_c
ff_avg_qpel8_mc11_old_c
ff_avg_qpel8_mc12_old_c
ff_avg_qpel8_mc13_old_c
ff_avg_qpel8_mc31_old_c
ff_avg_qpel8_mc32_old_c
ff_avg_qpel8_mc33_old_c
ff_block_permute
ff_bone
ff_build_rac_states
ff_cavs_chroma_dec
ff_cavs_chroma_qp
ff_cavs_dequant_mul
ff_cavs_dequant_shift
ff_cavs_dir_mv
ff_cavs_end
ff_cavs_filter
ff_cavs_init
ff_cavs_init_mb
ff_cavs_init_pic
ff_cavs_init_top_lines
ff_cavs_inter
ff_cavs_inter_dec
ff_cavs_intra_dec
ff_cavs_intra_mv
ff_cavs_load_intra_pred_chroma
ff_cavs_load_intra_pred_luma
ff_cavs_modify_mb_i
ff_cavs_mv
ff_cavs_next_mb
ff_cavs_partition_flags
ff_cavs_scan3x3
ff_cavs_un_mv
ff_cavsdsp_init
ff_cavsdsp_init_3dnow
ff_cavsdsp_init_mmx2
ff_check_alignment
ff_clean_h263_qscales
ff_clean_intra_table_entries
ff_clean_mpeg4_qscales
ff_combine_frame
ff_compute_band_indexes
ff_convert_matrix
ff_copy_bits
ff_cos_1024
ff_cos_128
ff_cos_16
ff_cos_16384
ff_cos_2048
ff_cos_256
ff_cos_32
ff_cos_32768
ff_cos_4096
ff_cos_512
ff_cos_64
ff_cos_65536
ff_cos_8192
ff_cropTbl
ff_dct_common_init
ff_decode_dxt1
ff_decode_dxt3
ff_div6
ff_dnxhd_cid_table
ff_dnxhd_find_cid
ff_dnxhd_get_cid_table
ff_do_elbg
ff_draw_horiz_band
ff_eac3_bits_vs_hebap
ff_eac3_decode_transform_coeffs_aht_ch
ff_eac3_default_chmap
ff_eac3_default_cpl_band_struct
ff_eac3_frm_expstr
ff_eac3_gaq_remap_1
ff_eac3_gaq_remap_2_4_a
ff_eac3_gaq_remap_2_4_b
ff_eac3_hebap_tab
ff_eac3_mantissa_vq
ff_eac3_parse_header
ff_emulated_edge_mc
ff_epzs_motion_search
ff_er_add_slice
ff_er_frame_end
ff_er_frame_start
ff_estimate_b_frame_motion
ff_estimate_p_frame_motion
ff_eval
ff_eval2
ff_eval_free
ff_faandct
ff_faandct248
ff_faanidct
ff_faanidct_add
ff_faanidct_put
ff_fdct248_islow
ff_fdct_mmx
ff_fdct_mmx2

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 691KB - Virtual size: 691KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libfontconfig-1.dll
.dll windows:4 windows x86 arch:x86

092a146f31d74d5f9217aae4b877e814

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

libfreetype-6

FT_Done_Face
FT_Done_FreeType
FT_Get_BDF_Property
FT_Get_Char_Index
FT_Get_First_Char
FT_Get_Glyph_Name
FT_Get_Next_Char
FT_Get_PS_Font_Info
FT_Get_Sfnt_Name
FT_Get_Sfnt_Name_Count
FT_Get_Sfnt_Table
FT_Get_X11_Font_Format
FT_Has_PS_Glyph_Names
FT_Init_FreeType
FT_Load_Glyph
FT_Load_Sfnt_Table
FT_New_Face
FT_Select_Charmap
FT_Select_Size

libxml2-2

xmlCreatePushParserCtxt
xmlCtxtGetLastError
xmlFreeParserCtxt
xmlParseChunk
xmlSAX2GetLineNumber

kernel32

CloseHandle
CreateFileMappingA
GetFileAttributesA
GetFileAttributesExA
GetFullPathNameA
GetLastError
GetLongPathNameA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetTempPathA
GetWindowsDirectoryA
MapViewOfFile
UnmapViewOfFile

msvcrt

_access
_close
_open
_read
_rmdir
_stat
_unlink
_write
__dllonexit
__mb_cur_max
_assert
_errno
_findclose
_findfirst
_findnext
_fullpath
_get_osfhandle
_iob
_isctype
_mkdir
_pctype
atoi
calloc
fflush
fprintf
fputc
free
fwrite
getenv
localeconv
malloc
memcpy
memmove
memset
perror
printf
putchar
puts
qsort
rand
realloc
rename
setlocale
sprintf
sscanf
strcat
strchr
strcmp
strcpy
strlen
strncpy
strrchr
strstr
strtod
strtol
time
vfprintf

Exports

Exports

FcAtomicCreate
FcAtomicDeleteNew
FcAtomicDestroy
FcAtomicLock
FcAtomicNewFile
FcAtomicOrigFile
FcAtomicReplaceOrig
FcAtomicUnlock
FcBlanksAdd
FcBlanksCreate
FcBlanksDestroy
FcBlanksIsMember
FcCacheCopySet
FcCacheDir
FcCacheNumFont
FcCacheNumSubdir
FcCacheSubdir
FcCharSetAddChar
FcCharSetCopy
FcCharSetCount
FcCharSetCoverage
FcCharSetCreate
FcCharSetDestroy
FcCharSetEqual
FcCharSetFirstPage
FcCharSetHasChar
FcCharSetIntersect
FcCharSetIntersectCount
FcCharSetIsSubset
FcCharSetNew
FcCharSetNextPage
FcCharSetSubtract
FcCharSetSubtractCount
FcCharSetUnion
FcConfigAppFontAddDir
FcConfigAppFontAddFile
FcConfigAppFontClear
FcConfigBuildFonts
FcConfigCreate
FcConfigDestroy
FcConfigEnableHome
FcConfigFilename
FcConfigGetBlanks
FcConfigGetCache
FcConfigGetCacheDirs
FcConfigGetConfigDirs
FcConfigGetConfigFiles
FcConfigGetCurrent
FcConfigGetFontDirs
FcConfigGetFonts
FcConfigGetRescanInterval
FcConfigGetRescanInverval
FcConfigHome
FcConfigParseAndLoad
FcConfigSetCurrent
FcConfigSetRescanInterval
FcConfigSetRescanInverval
FcConfigSubstitute
FcConfigSubstituteWithPat
FcConfigUptoDate
FcDefaultSubstitute
FcDirCacheLoad
FcDirCacheLoadFile
FcDirCacheRead
FcDirCacheUnlink
FcDirCacheUnload
FcDirCacheValid
FcDirSave
FcDirScan
FcFileIsDir
FcFileScan
FcFini
FcFontList
FcFontMatch
FcFontRenderPrepare
FcFontSetAdd
FcFontSetCreate
FcFontSetDestroy
FcFontSetList
FcFontSetMatch
FcFontSetPrint
FcFontSetSort
FcFontSetSortDestroy
FcFontSort
FcFreeTypeCharIndex
FcFreeTypeCharSet
FcFreeTypeCharSetAndSpacing
FcFreeTypeQuery
FcFreeTypeQueryFace
FcGetLangs
FcGetVersion
FcInit
FcInitBringUptoDate
FcInitLoadConfig
FcInitLoadConfigAndFonts
FcInitReinitialize
FcLangGetCharSet
FcLangSetAdd
FcLangSetCompare
FcLangSetContains
FcLangSetCopy
FcLangSetCreate
FcLangSetDestroy
FcLangSetEqual
FcLangSetHasLang
FcLangSetHash
FcMatrixCopy
FcMatrixEqual
FcMatrixMultiply
FcMatrixRotate
FcMatrixScale
FcMatrixShear
FcNameConstant
FcNameGetConstant
FcNameGetObjectType
FcNameParse
FcNameRegisterConstants
FcNameRegisterObjectTypes
FcNameUnparse
FcNameUnregisterConstants
FcNameUnregisterObjectTypes
FcObjectSetAdd
FcObjectSetBuild
FcObjectSetCreate
FcObjectSetDestroy
FcObjectSetVaBuild
FcPatternAdd
FcPatternAddBool
FcPatternAddCharSet
FcPatternAddDouble
FcPatternAddFTFace
FcPatternAddInteger
FcPatternAddLangSet
FcPatternAddMatrix
FcPatternAddString
FcPatternAddWeak
FcPatternBuild
FcPatternCreate
FcPatternDel
FcPatternDestroy
FcPatternDuplicate
FcPatternEqual
FcPatternEqualSubset
FcPatternGet
FcPatternGetBool
FcPatternGetCharSet
FcPatternGetDouble
FcPatternGetFTFace
FcPatternGetInteger
FcPatternGetLangSet
FcPatternGetMatrix
FcPatternGetString
FcPatternHash
FcPatternPrint
FcPatternReference
FcPatternRemove
FcPatternVaBuild
FcStrBasename
FcStrCmp
FcStrCmpIgnoreCase
FcStrCopy
FcStrCopyFilename
FcStrDirname
FcStrDowncase
FcStrFree
FcStrListCreate
FcStrListDone
FcStrListNext
FcStrPlus
FcStrSetAdd
FcStrSetAddFilename
FcStrSetCreate
FcStrSetDel
FcStrSetDestroy
FcStrSetEqual
FcStrSetMember
FcStrStr
FcStrStrIgnoreCase
FcUcs4ToUtf8
FcUtf16Len
FcUtf16ToUcs4
FcUtf8Len
FcUtf8ToUcs4
FcValueDestroy
FcValueEqual
FcValuePrint
FcValueSave

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 768B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libfreetype-6.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Sections

.text
Size: 415KB - Virtual size: 415KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 80B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vlc.exe
.exe windows:4 windows x86 arch:x86

1a8b0c8dd0a1f941c05d3ddfa67632bc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

libvlc

libvlc_add_intf
libvlc_exception_clear
libvlc_exception_init
libvlc_exception_raised
libvlc_new
libvlc_playlist_play
libvlc_release
libvlc_wait

kernel32

ExitProcess
GetCommandLineA
GetCommandLineW
GetModuleHandleA
GetProcAddress
GetStartupInfoA
LocalFree
SetUnhandledExceptionFilter
WideCharToMultiByte

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
atexit
free
malloc
signal

shell32

CommandLineToArgvW

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 96B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE

/19
Size: 512B - Virtual size: 102B

IMAGE_SCN_MEM_DISCARDABLE

/35
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_MEM_DISCARDABLE

/47
Size: 1024B - Virtual size: 556B

IMAGE_SCN_MEM_DISCARDABLE

/61
Size: 1024B - Virtual size: 580B

IMAGE_SCN_MEM_DISCARDABLE

/73
Size: 512B - Virtual size: 220B

IMAGE_SCN_MEM_DISCARDABLE

/86
Size: 512B - Virtual size: 16B

IMAGE_SCN_MEM_DISCARDABLE

/97
Size: 1024B - Virtual size: 548B

IMAGE_SCN_MEM_DISCARDABLE

/108
Size: 512B - Virtual size: 24B

IMAGE_SCN_MEM_DISCARDABLE
vlc.exe.manifest

Sharing

General

Malware Config

Signatures

Files

28a099a911237a28521d8b7ea250f089

Headers

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

ole32

shell32

user32

version

Sections

.text Size: 29KB - Virtual size: 29KB

.data Size: 512B - Virtual size: 136B

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: - Virtual size: 107KB

.idata Size: 5KB - Virtual size: 4KB

.ndata Size: 1024B - Virtual size: 72KB

.rsrc Size: 101KB - Virtual size: 100KB

7458f96eb10904198d988c72ce690084

Headers

File Characteristics

Imports

comdlg32

gdi32

kernel32

ole32

shell32

user32

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 364B

.rdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 8KB

.edata Size: 512B - Virtual size: 112B

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 144B

.reloc Size: 1024B - Virtual size: 860B

8f97009d8efbcc799068d9001799c34c

Headers

File Characteristics

Imports

gdi32

kernel32

user32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 512B - Virtual size: 24B

.bss Size: - Virtual size: 3KB

.edata Size: 512B - Virtual size: 73B

.idata Size: 1024B - Virtual size: 748B

.rsrc Size: 512B - Virtual size: 340B

.reloc Size: 512B - Virtual size: 232B

9b5a86af906acf12f39d437fe73d9bb9

Headers

File Characteristics

Imports

kernel32

msvcrt

libz-1-2

Exports

Exports

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.data Size: 35KB - Virtual size: 34KB

.rdata Size: 691KB - Virtual size: 691KB

.bss Size: - Virtual size: 2.7MB

.edata Size: 44KB - Virtual size: 43KB

.idata Size: 2KB - Virtual size: 2KB

.reloc Size: 75KB - Virtual size: 74KB

.text
Size: 29KB - Virtual size: 29KB

.data
Size: 512B - Virtual size: 136B

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 107KB

.idata
Size: 5KB - Virtual size: 4KB

.ndata
Size: 1024B - Virtual size: 72KB

.rsrc
Size: 101KB - Virtual size: 100KB

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 364B

.rdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 112B

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 144B

.reloc
Size: 1024B - Virtual size: 860B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 512B - Virtual size: 24B

.bss
Size: - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 73B

.idata
Size: 1024B - Virtual size: 748B

.rsrc
Size: 512B - Virtual size: 340B

.reloc
Size: 512B - Virtual size: 232B

.text
Size: 3.6MB - Virtual size: 3.6MB

.data
Size: 35KB - Virtual size: 34KB

.rdata
Size: 691KB - Virtual size: 691KB

.bss
Size: - Virtual size: 2.7MB

.edata
Size: 44KB - Virtual size: 43KB

.idata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 75KB - Virtual size: 74KB

.text
Size: 90KB - Virtual size: 90KB

.data
Size: 2KB - Virtual size: 2KB

.rdata
Size: 50KB - Virtual size: 50KB

.bss
Size: - Virtual size: 768B

.edata
Size: 5KB - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 415KB - Virtual size: 415KB

.data
Size: 512B - Virtual size: 20B

.rdata
Size: 98KB - Virtual size: 97KB

.bss
Size: - Virtual size: 80B

.edata
Size: 10KB - Virtual size: 10KB

.idata
Size: 1024B - Virtual size: 808B

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 52B

.rdata
Size: 512B - Virtual size: 48B

.bss
Size: - Virtual size: 96B

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 85KB - Virtual size: 85KB

/4
Size: 512B - Virtual size: 32B

/19
Size: 512B - Virtual size: 102B

/35
Size: 2KB - Virtual size: 2KB

/47
Size: 1024B - Virtual size: 556B

/61
Size: 1024B - Virtual size: 580B

/73
Size: 512B - Virtual size: 220B

/86
Size: 512B - Virtual size: 16B

/97
Size: 1024B - Virtual size: 548B

/108
Size: 512B - Virtual size: 24B