Source: ffmpeg.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT |
Source: ffmpeg.exe, 00000000.00000000.2196705480.00007FF6803EE000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://WWW-Authenticate:Proxy-Authenticate:Content-Encoding:gzip1.3.1Content-Length: |
Source: ffmpeg.exe |
String found in binary or memory: http://dashif.org/guidelines/last-segment-number |
Source: ffmpeg.exe |
String found in binary or memory: http://dashif.org/guidelines/trickmode |
Source: ffmpeg.exe, 00000000.00000000.2196705480.00007FF680744000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://lame.sf.net |
Source: ffmpeg.exe, 00000000.00000000.2196705480.00007FF680744000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://lame.sf.net64bits |
Source: ffmpeg.exe, 00000000.00000000.2196705480.00007FF6803EE000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://modplug-xmms.sourceforge.net/ |
Source: ffmpeg.exe, 00000000.00000000.2196705480.00007FF6803EE000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://relaxng.org/ns/structure/1.0 |
Source: ffmpeg.exe, 00000000.00000000.2196705480.00007FF6803EE000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://relaxng.org/ns/structure/1.0datatypeLibrary:/#?includegrammardefinenamestartInternal |
Source: ffmpeg.exe, 00000000.00000000.2196705480.00007FF6803EE000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://schismtracker.org/ |
Source: ffmpeg.exe |
String found in binary or memory: http://standards.iso.org/ittf/PubliclyAvailableStandards/MPEG-DASH_schema_files/DASH-MPD.xsd |
Source: ffmpeg.exe, 00000000.00000000.2196705480.00007FF6803EE000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://www.brynosaurus.com/cachedir/ |
Source: ffmpeg.exe |
String found in binary or memory: http://www.gnu.org/licenses/ |
Source: ffmpeg.exe, 00000000.00000000.2196705480.00007FF6803EE000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd |
Source: ffmpeg.exe, 00000000.00000000.2196705480.00007FF6803EE000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd-//OASIS//DTD |
Source: ffmpeg.exe |
String found in binary or memory: http://www.smpte-ra.org/schemas/2067-3/2013#standard-markers |
Source: ffmpeg.exe |
String found in binary or memory: http://www.smpte-ra.org/schemas/2067-3/2013#standard-markersInvalid |
Source: ffmpeg.exe, 00000000.00000000.2196705480.00007FF680894000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://www.videolan.org/x264.html |
Source: ffmpeg.exe, 00000000.00000000.2196705480.00007FF680894000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://x265.org |
Source: ffmpeg.exe, 00000000.00000000.2196705480.00007FF6803EE000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://xaimus.com/) |
Source: ffmpeg.exe, 00000000.00000000.2196705480.00007FF6803EE000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://bel.fi/alankila/modguide/interpolate.txt |
Source: ffmpeg.exe, 00000000.00000000.2196705480.00007FF6803EE000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://coda.s3m.us/) |
Source: ffmpeg.exe, 00000000.00000000.2196705480.00007FF6803EE000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://github.com/iamgreaser/it2everything/ |
Source: ffmpeg.exe, 00000000.00000000.2196705480.00007FF6803EE000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://github.com/lclevy/unmo3 |
Source: ffmpeg.exe, 00000000.00000000.2196705480.00007FF6803EE000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://github.com/lieff/minimp3/ |
Source: ffmpeg.exe, 00000000.00000000.2196705480.00007FF6803EE000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://github.com/nothings/stb/ |
Source: ffmpeg.exe, 00000000.00000000.2196705480.00007FF6803EE000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://github.com/richgel999/miniz |
Source: ffmpeg.exe, 00000000.00000000.2196705480.00007FF6803EE000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://github.com/ryuhei-mori/tinyfft |
Source: ffmpeg.exe, 00000000.00000000.2196705480.00007FF6803EE000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://github.com/viiri/st2play |
Source: ffmpeg.exe, 00000000.00000000.2196705480.00007FF6803EE000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://joaobapt.com/) |
Source: ffmpeg.exe, 00000000.00000000.2196705480.00007FF6803EE000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://kode54.net/) |
Source: ffmpeg.exe, 00000000.00000000.2196705480.00007FF6803EE000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://revenant1.net/) |
Source: ffmpeg.exe |
String found in binary or memory: https://streams.videolan.org/upload/ |
Source: ffmpeg.exe, 00000000.00000000.2196705480.00007FF6803EE000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://twitter.com/daniel_collin |
Source: ffmpeg.exe, 00000000.00000000.2196705480.00007FF6803EE000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://www.3eality.com/ |
Source: ffmpeg.exe, 00000000.00000000.2199222367.00007FF68244A000.00000008.00000001.01000000.00000003.sdmp |
Binary or memory string: GetRawInputData |
memstr_0a74d6b3-5 |
Source: ffmpeg.exe |
Static PE information: Number of sections : 13 > 10 |
Source: ffmpeg.exe, 00000000.00000000.2196705480.00007FF67FE6B000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: WM/OriginalFilename vs ffmpeg.exe |
Source: ffmpeg.exe, 00000000.00000000.2196705480.00007FF67FE6B000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: commentID3WM/AlbumArtistalbum_artistWM/AlbumTitlealbumAuthorartistDescriptionWM/ComposercomposerWM/EncodedByencoded_byWM/EncodingSettingsencoderWM/GenregenreWM/LanguagelanguageWM/OriginalFilenamefilenameWM/PartOfSetdiscWM/PublisherpublisherWM/ToolWM/TrackNumbertrackWM/MediaStationCallSignservice_providerWM/MediaStationNameservice_name vs ffmpeg.exe |
Source: ffmpeg.exe |
Binary or memory string: WM/OriginalFilename vs ffmpeg.exe |
Source: ffmpeg.exe |
Binary or memory string: commentID3WM/AlbumArtistalbum_artistWM/AlbumTitlealbumAuthorartistDescriptionWM/ComposercomposerWM/EncodedByencoded_byWM/EncodingSettingsencoderWM/GenregenreWM/LanguagelanguageWM/OriginalFilenamefilenameWM/PartOfSetdiscWM/PublisherpublisherWM/ToolWM/TrackNumbertrackWM/MediaStationCallSignservice_providerWM/MediaStationNameservice_name vs ffmpeg.exe |
Source: classification engine |
Classification label: clean3.winEXE@2/0@0/0 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6368:120:WilError_03 |
Source: ffmpeg.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: ffmpeg.exe |
String found in binary or memory: -help |
Source: ffmpeg.exe |
String found in binary or memory: overlap-add |
Source: ffmpeg.exe |
String found in binary or memory: windowset window sizewoverlapset window overlapoarorderset autoregression orderathresholdset thresholdthsizeset histogram sizenmethodset overlap methodmaddoverlap-addsaveoverlap-saves |
Source: ffmpeg.exe |
String found in binary or memory: Apply high order Butterworth band-stop filter. |
Source: ffmpeg.exe |
String found in binary or memory: @asubcutasupercutasuperpassasuperstopApply high order Butterworth band-stop filter.} |
Source: ffmpeg.exe |
String found in binary or memory: #EXT-X-START: |
Source: ffmpeg.exe |
String found in binary or memory: #EXT-X-START value isinvalid, it will be ignored |
Source: ffmpeg.exe |
String found in binary or memory: #EXT-X-PLAYLIST-TYPE:EVENTVOD#EXT-X-MAP:data:#EXT-X-START:TIME-OFFSET=#EXT-X-START value isinvalid, it will be ignored#EXT-X-ENDLIST#EXTINF:#EXT-X-BYTERANGE:#Skip ('%s') |
Source: ffmpeg.exe |
String found in binary or memory: prefer to use #EXT-X-START if it's in playlist instead of live_start_index |
Source: ffmpeg.exe |
String found in binary or memory: ;live_start_indexsegment index to start live streams at (negative values are from the end)prefer_x_startprefer to use #EXT-X-START if it's in playlist instead of live_start_indexallowed_extensionsList of file extensions that hls is allowed to access3gp,aac,avi,ac3,eac3,flac,mkv,m3u8,m4a,m4s,m4v,mpg,mov,mp2,mp3,mp4,mpeg,mpegts,ogg,ogv,oga,ts,vob,wavmax_reloadMaximum number of times a insufficient list is attempted to be reloadedm3u8_hold_countersThe maximum number of times to load m3u8 when it refreshes without new segmentshttp_persistentUse persistent HTTP connectionshttp_multipleUse multiple HTTP connections for fetching segmentshttp_seekableUse HTTP partial requests, 0 = disable, 1 = enable, -1 = autoseg_format_optionsSet options for segment demuxerseg_max_retryMaximum number of times to reload a segment on error.h[KD |
Source: ffmpeg.exe |
String found in binary or memory: start/stop audio |
Source: ffmpeg.exe |
String found in binary or memory: start/stop audio |
Source: unknown |
Process created: C:\Users\user\Desktop\ffmpeg.exe "C:\Users\user\Desktop\ffmpeg.exe" |
Source: C:\Users\user\Desktop\ffmpeg.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Users\user\Desktop\ffmpeg.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\ffmpeg.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\ffmpeg.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\ffmpeg.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\ffmpeg.exe |
Section loaded: avicap32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\ffmpeg.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\ffmpeg.exe |
Section loaded: msvfw32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\ffmpeg.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\ffmpeg.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\ffmpeg.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: ffmpeg.exe |
Static PE information: More than 235 > 100 exports found |
Source: ffmpeg.exe |
Static PE information: Virtual size of .text is bigger than: 0x100000 |
Source: ffmpeg.exe |
Static PE information: Image base 0x140000000 > 0x60000000 |
Source: ffmpeg.exe |
Static file information: File size 85491712 > 1048576 |
Source: ffmpeg.exe |
Static PE information: Raw size of .text is bigger than: 0x100000 < 0x4239a00 |
Source: ffmpeg.exe |
Static PE information: Raw size of .data is bigger than: 0x100000 < 0x12be00 |
Source: ffmpeg.exe |
Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0xb9b200 |
Source: ffmpeg.exe |
Static PE information: Raw size of .xdata is bigger than: 0x100000 < 0x14d200 |
Source: ffmpeg.exe |
Static PE information: More than 200 imports for msvcrt.dll |
Source: ffmpeg.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT |
Source: ffmpeg.exe |
Static PE information: section name: .rodata |
Source: ffmpeg.exe |
Static PE information: section name: .xdata |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: ffmpeg.exe, 00000000.00000000.2196705480.00007FF6800DB000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: vmncVMware Screen Codec / VMware Video |
Source: ffmpeg.exe |
Binary or memory string: VMware Screen Codec / VMware Video |
Source: ffmpeg.exe, 00000000.00000002.2202937339.00000236D150C000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |