Download Link: hxxp://hot-pornotube2008.com/hardcore/1/1/1a4f28/0/0/$ File Name: MediaTubeCodec.exe VirusTotal Result: 2/32 (6.25%) Ikarus T3.1.1.26 2008.04.23 Win32.SuspectCrc Sunbelt 3.0.1056.0 2008.04.17 Trojan.NewMediaCodec File Info: File size: 115200 bytes MD5...: e9cc8c20b0e682c77b97e6787de16e5d SHA1..: 8be674dec4fcf14ae853a5c20a9288bff3e0520a SHA256: ef854d21cbf297ee267f22049b773ffeb4c1ff1a3e55227cc2a260754699d644 SHA512: 1a3b9b2d16a4404b29675ab1132ad542840058fd356e0f145afe5d0c1d9e1653 de28314cd24406b85f09a9ec874c4339967d9e7acb327065448096c5734502c7 ***** PE Structure ************************************************* entrypointaddress.: 0x1012475 timedatestamp.....: 0x3b7d8410 (Fri Aug 17 20:52:32 2001) machinetype.......: 0x14c (I386) ***** PE Header **************************************************** Signature: 00004550 Machine: 014C - Intel 386 Number of sections: 0003 Time/Date stamp: 3B7D8410 Pointer to symbol table: 00000000 Number of symbols: 00000000 Size of optional header: 00E0 Characteristics: 010F Magic: 010B Linker version (major): 07 Linker version (minor): 00 Size of code: 00012800 Size of initialized data: 00009600 Size of uninitialized data: 00000000 Address of entry point: 00012475 Base of code: 00001000 Base of data: 00014000 Image base: 01000000 Section alignment: 00001000 File alignment: 00000200 OS version (major): 0005 OS version (minor): 0001 Image version (major): 0005 Image version (minor): 0001 Sub system version (major): 0004 Sub system version (minor): 0000 Win32 version: 00000000 Size of image: 0001F000 Size of headers: 00000400 Checksum: 0002317D Sub system: 0002 - Windows graphical user interface (GUI) subsystem DLL characteristics: 8000 Size of stack reserve: 00040000 Size of stack commit: 00001000 Size of heap reserve: 00100000 Size of heap commit: 00001000 Loader flags: 00000000 Number of RVA: 00000010 ***** PE Sections ************************************************** Section VirtSize VirtAddr PhysSize PhysAddr Flags .text 000126B0 00001000 00012800 00000400 60000020 .data 0000101C 00014000 00000A00 00012C00 C0000040 .rsrc 00008A70 00016000 00008C00 00013600 40000040 ***** Import/Export table ****************************************** --- Import table (libraries: 6) ------------------------------------ > SHELL32.dll: ShellAboutW > msvcrt.dll: __CxxFrameHandler, _CxxThrowException, wcstoul, toupper, wcschr, memmove, wcslen, _wcsrev, _c_exit, _exit, _XcptFilter, _cexit, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, __3@YAXPAX@Z, __1type_info@@UAE@XZ, _controlfp, _except_handler3, _terminate@@YAXXZ > ADVAPI32.dll: RegOpenKeyExA, RegQueryValueExA, RegCloseKey > KERNEL32.dll: GetModuleHandleA, LoadLibraryA, GetProcAddress, GlobalCompact, GlobalAlloc, GlobalFree, GlobalReAlloc, lstrcmpW, Sleep, WriteProfileStringW, GetStartupInfoA, GlobalSize, GlobalUnlock, CreateEventW, CreateThread, ResetEvent, lstrcpynW, SetEvent, WaitForSingleObject, CloseHandle, lstrcatW, lstrlenW, LocalReAlloc, LocalFree, LocalAlloc, GetProfileStringW, GlobalLock, GetCommandLineW, lstrcpyW, GetProfileIntW > GDI32.dll: SetBkColor, SetTextColor, SetBkMode > USER32.dll: GetMenu, SetDlgItemInt, GetWindowTextW, CheckDlgButton, HideCaret, CallWindowProcW, DrawTextW, WinHelpW, PostQuitMessage, GetDlgCtrlID, ScreenToClient, ChildWindowFromPoint, DefWindowProcW, IsClipboardFormatAvailable, EnableMenuItem, TrackPopupMenuEx, GetDesktopWindow, OpenClipboard, GetClipboardData, CharNextA, CloseClipboard, GetSysColor, DialogBoxParamW, EndDialog, MessageBeep, GetSubMenu, CheckRadioButton, SetWindowTextW, SetFocus, SetCursor, CharNextW, RegisterClassExW, GetSysColorBrush, LoadCursorW, LoadIconW, InvalidateRect, UpdateWindow, ShowWindow, SendMessageW, SetDlgItemTextW, CheckMenuItem, CheckMenuRadioItem, SetWindowPos, OffsetRect, MapWindowPoints, GetClientRect, EnableWindow, LoadMenuW, SetWindowLongW, GetWindowLongW, CreateDialogParamW, GetDlgItem, DestroyMenu, DestroyWindow, SetMenu, GetWindowRect, SystemParametersInfoW, DispatchMessageW, TranslateMessage, TranslateAcceleratorW, IsChild, IsDialogMessageW, GetMessageW, LoadAcceleratorsW, CreateWindowExW, MessageBoxW, LoadStringW, SetProcessDefaultLayout, GetProcessDefaultLayout Process Details: Process ID 664 Filename c:\temp\MediaTubeCodec.exe Filesize 115200 bytes MD5 e9cc8c20b0e682c77b97e6787de16e5d Start Reason AnalysisTarget Loaded DLL: Loaded DLLs c:\temp\MediaTubeCodec.exe C:\WINDOWS\System32\ntdll.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1612_x-ww_7c379b08\ C:\WINDOWS\system32\oleaut32.dll C:\WINDOWS\system32\OLE32.DLL C:\WINDOWS\System32\wsock32.dll C:\WINDOWS\System32\WS2_32.dll C:\WINDOWS\System32\WS2HELP.dll C:\WINDOWS\System32\Wship6.dll C:\WINDOWS\System32\iphlpapi.dll C:\WINDOWS\System32\pstorec.dll C:\WINDOWS\System32\ATL.DLL C:\WINDOWS\System32\mswsock.dll C:\WINDOWS\System32\DNSAPI.dll C:\WINDOWS\System32\winrnr.dll C:\WINDOWS\system32\WLDAP32.dll C:\WINDOWS\System32\Secur32.dll .\UxTheme.dll UxTheme.dll USER32.dll Read INI File: WIN.INI [SciCalc] layout = WIN.INI [SciCalc] UseSep = WIN.INI [intl] sDecimal = WIN.INI [intl] sThousand = WIN.INI [intl] sGrouping = Registry Reads: Software\Microsoft\Windows\CurrentVersion\ThemeManager "Compositing" Control Panel\Desktop "LameButtonText"