Submission Summary:

What's been foundSeverity Level
Registers a 32-bit in-process server DLL.

 

Technical Details:

 

File System Modifications

#Filename(s)File SizeFile Hash
1 %Temp%\nsv3.tmp\System.dll 10,240 bytes MD5: 0x7E3C808299AA2C405DFFA864471DDB7F
SHA-1: 0xB5DE7804DD35ED7AFD0C3B59D866F1A0749495E0
2 %Programs%\Haali Media Splitter\GDSMux.lnk 1,712 bytes MD5: 0xEFD52B0D294B8FC993EC597C6757893E
SHA-1: 0xF3D73447A7670D1C9C63786D4C2F0C6D702D4EFB
3 %Programs%\Haali Media Splitter\Media Splitter Settings.lnk 1,626 bytes MD5: 0xBA7CF1F9141903D8621A619E9CF2F542
SHA-1: 0xDEEAE4456D01BC5E54E0D3D445A5CFFF026772EF
4 %Programs%\Haali Media Splitter\Uninstall.lnk 1,735 bytes MD5: 0x5B1137F1902F9FFAEBA4FD4117B70D6C
SHA-1: 0x9C9A8181CAD7A4241B18F48E8294061953B681CD
5 %ProgramFiles%\Haali\MatroskaSplitter\avi.dll 108,032 bytes MD5: 0x99C6577248EA73079CA526B9CD455332
SHA-1: 0xC86C142EA370F65C5B30F8F7761C0762CB2E4308
6 %ProgramFiles%\Haali\MatroskaSplitter\avs.dll 97,280 bytes MD5: 0xDD1D15C0EA5A093D6F3AF433F8DDB414
SHA-1: 0xEAE24F935868611558F317D0BDA875C6F16B364F
7 %ProgramFiles%\Haali\MatroskaSplitter\avss.dll 102,400 bytes MD5: 0x7A8659CEE27D8F30D5F2534B3DA99956
SHA-1: 0xF62DA030BB8B6BEA029C67893E5199077F71F1C9
8 %ProgramFiles%\Haali\MatroskaSplitter\cue2xml.js 4,835 bytes MD5: 0x3C3838E598E2DBC295311FB1B36989DB
SHA-1: 0xA30C332C0203CC60C6BEFE1773F515BE1DC71A49
9 %ProgramFiles%\Haali\MatroskaSplitter\dsmux.exe 103,424 bytes MD5: 0x52D39BB6F45469C614061157F1670AF0
SHA-1: 0xC2D1AC819E07C3F7ADAB967797512F658065BD4A
10 %ProgramFiles%\Haali\MatroskaSplitter\dxr.dll 246,784 bytes MD5: 0x656A5C612E0F259CF0B06B67465646CD
SHA-1: 0x7338FBA1ED3DD90C7D71353778ACAA27A236478F
11 %ProgramFiles%\Haali\MatroskaSplitter\gdsmux.exe 335,872 bytes MD5: 0xD26D10C0413A54BCAEDAB2A19F8BA70D
SHA-1: 0x7622D9B023F0A8A3EA920D81F76732A886223AFF
12 %ProgramFiles%\Haali\MatroskaSplitter\mkunicode.dll 23,552 bytes MD5: 0x4A93524B0DFEEA362DE46B441C7667DC
SHA-1: 0xA82FDF2420865433CF1507A3F2AE92D85C90AF42
13 %ProgramFiles%\Haali\MatroskaSplitter\mkv2vfr.exe 135,168 bytes MD5: 0xB0B199F57CB3FE4E28306E6AF5034082
SHA-1: 0x91827FF88C4F20AE1CA1E9E6FC0DB2BD458E4AC2
14 %ProgramFiles%\Haali\MatroskaSplitter\mkx.dll 148,480 bytes MD5: 0x2E7E0761C302C9A05BE7BF8395A430A8
SHA-1: 0x94080BEA8F1B64113087CA71C3647530119D880D
15 %ProgramFiles%\Haali\MatroskaSplitter\mkzlib.dll 79,360 bytes MD5: 0xA5EE4284DFF89D897AA08898AFC0DEC8
SHA-1: 0xF4158FEF2FDFBE116E92DF1C6F993A6789475F66
16 %ProgramFiles%\Haali\MatroskaSplitter\mmfinfo.dll 159,744 bytes MD5: 0x9BF1A8AF22AADC7727F4E395C5C09B1B
SHA-1: 0x3ED44BDDDD77D4B25F8D6D6094494D2A61874290
17 %ProgramFiles%\Haali\MatroskaSplitter\mp4.dll 141,312 bytes MD5: 0x54CA2551E1AB62154C118C7864116A4A
SHA-1: 0x04302CD7B671E699F49EF52AB0960E85BFF88221
18 %ProgramFiles%\Haali\MatroskaSplitter\ogm.dll 120,832 bytes MD5: 0x0E911D30E2154C498C9FB775661A15FD
SHA-1: 0xDF528A490386519F1ECB02CC8C6036394BC4494F
19 %ProgramFiles%\Haali\MatroskaSplitter\splitter.ax 536,576 bytes MD5: 0x674FB3D19EC45ABDB40F03659C781F7C
SHA-1: 0x9A9E00CB31673F2D7363136DF11E89836CA042A3
20 %ProgramFiles%\Haali\MatroskaSplitter\ts.dll 163,840 bytes MD5: 0x2FB2EF4D4E8868F9DF665A78A4268ABE
SHA-1: 0xCD36BB732D5ECF122749D3B2CACF04E34D9211CF
21 %ProgramFiles%\Haali\MatroskaSplitter\uninstall.exe 41,418 bytes MD5: 0x2BD897D875FF6951BDD651AC671082ED
SHA-1: 0xDA608D8AA2A8017379A866D514F04A29C2914645
22 [file and pathname of the sample #1] 719,192 bytes MD5: 0xA2CD0C3ED9D3DA3A32E05A49931F0DE6
SHA-1: 0x9C1FFB139214AA9815DE8972473D0D0DA93A0A97

 

Memory Modifications

Process NameProcess FilenameMain Module Size
mkv2vfr.exe%ProgramFiles%\haali\matroskasplitter\mkv2vfr.exe143,360 bytes
dsmux.exe%ProgramFiles%\haali\matroskasplitter\dsmux.exe118,784 bytes
[filename of the sample #1][file and pathname of the sample #1]188,416 bytes

 

Registry Modifications

 

Other details

Russian Federation

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.