bfe951c9a05481aae1290e549aaaa7f3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

bfe951c9a05481aae1290e549aaaa7f3_JaffaCakes118
Size

931KB
MD5

bfe951c9a05481aae1290e549aaaa7f3
SHA1

a8cc5f5a1c3d4e34f4966affca2472f7abc474ed
SHA256

d3fbbed563ee74158a5cd5a4320889338738d24aef5443916d184f1286547ae7
SHA512

9671400b5d8f234eced22593d0082e4a9b34970a045f5dc9965caab43f654293559f01a8dc71fa0d0fbb749ecbbf99a612263a1a77fa394b248bcbd5acd4b6d0
SSDEEP

24576:tRRVhAfrCFewJSBvuVSxGsGcp3eEXXraxJDrFGLwBP:TewpSR3/XXrwnXP

Score

1^/10

Malware Config

Signatures

Files

bfe951c9a05481aae1290e549aaaa7f3_JaffaCakes118
.dll windows:5 windows x86 arch:x86

457673f552ed0c2e612b0e2b69184af8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25-02-2016 00:00

Not After

15-10-2018 23:59

Subject

CN=YY Inc.,OU=PM,O=YY Inc.,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25-02-2016 00:00

Not After

15-10-2018 23:59

Subject

CN=YY Inc.,OU=PM,O=YY Inc.,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02-01-2017 00:00

Not After

01-04-2028 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

b7:2d:d0:73:c8:ca:b0:40:6f:a6:2f:a0:b6:1c:b0:f5:7a:e3:98:d4:f5:a3:37:e4:c2:bb:d2:93:8c:85:52:d0
Signer

Actual PE Digest

b7:2d:d0:73:c8:ca:b0:40:6f:a6:2f:a0:b6:1c:b0:f5:7a:e3:98:d4:f5:a3:37:e4:c2:bb:d2:93:8c:85:52:d0

Digest Algorithm

sha256

PE Digest Matches

true

84:88:20:27:ea:54:d2:20:77:f1:91:10:4e:85:cc:2d:2f:54:90:0b
Signer

Actual PE Digest

84:88:20:27:ea:54:d2:20:77:f1:91:10:4e:85:cc:2d:2f:54:90:0b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\DUOWAN_BUILD\build\Build_Src\dwinternal\audioengine_YY40_mb\pdb\release\AudioEngine.pdb

Imports

winmm

waveInClose
mixerClose
waveOutGetDevCapsW
timeKillEvent
waveOutPrepareHeader
waveOutWrite
waveOutReset
waveOutGetPosition
waveOutUnprepareHeader
waveOutPause
waveOutRestart
waveInGetPosition
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveInReset
waveInUnprepareHeader
waveInGetNumDevs
waveInGetDevCapsW
mixerGetLineControlsW
mixerGetControlDetailsW
mixerSetControlDetails
mixerGetNumDevs
timeGetTime
waveOutOpen
waveOutClose
waveInOpen
waveOutGetNumDevs
mixerOpen
mixerGetLineInfoW
timeSetEvent

dsound

ord1
ord6
ord3
ord8

psapi

GetModuleFileNameExW

audioutil

?ConvertRightChunkToMono@@YAXPAVIAudioChunk@@@Z
?ConvertStereoChunkToStereoUseLeft@@YAXPAVIAudioChunk@@@Z
?ConvertStereoChunkToStereoUseRight@@YAXPAVIAudioChunk@@@Z
?ConvertLeftChunkToMono@@YAXPAVIAudioChunk@@@Z
?GetBufferSize@CCycBuffer@@QAEIXZ
?ConvertStereoChunkToMono@@YAXPAVIAudioChunk@@@Z
?SetDwordValue@CSharedMem@@QAEHPB_WK@Z
?WaitForValueChange@CSharedMem@@QAEKPB_WK@Z
?GetValue@CSharedMem@@QAEHPB_WPAXPAK@Z
?SetValue@CSharedMem@@QAEHPB_WPAXK@Z
??0CSharedMem@@QAE@PB_WKP6AXPAV0@@ZPAU_SECURITY_ATTRIBUTES@@@Z
?GetDwordValue@CSharedMem@@QAEKPB_WK@Z
??1CSharedMem@@QAE@XZ
?Read@CCycBuffer@@QAE_NPAXI@Z
CreateXXX
?ConvertMonoChunkToStereo@@YAXPAVIAudioChunk@@@Z
CreateAEC
?GetFreeSize@CCycBuffer@@QAEIXZ
?Resize@CCycBuffer@@QAE_NI@Z
?Write@CCycBuffer@@QAEIPBXI@Z
?Flush@CCycBuffer@@QAEXXZ
?Read@CCycBuffer@@QAEHPAXIPAI@Z
?GetUsedSize@CCycBuffer@@QAEIXZ
??1CCycBuffer@@QAE@XZ
CreateAudioConverter
?PrePull@CPcmBuffer@@QAEXIII@Z
?SizeByte@CPcmBuffer@@QAEIXZ
?Pull@CPcmBuffer@@QAEHPADI@Z
??0CPcmBuffer@@QAE@I@Z
?DoTerminate@CThread@@MAEXXZ
??0CThread@@QAE@_N@Z
??1CThread@@UAE@XZ
??0CCycBuffer@@QAE@I@Z
?SetData@CAudioChunk@@UAE_NPAXIIII_N@Z
?AppendData@CAudioChunk@@UAE_NPAXIIII_N@Z
?GetData@CAudioChunk@@UAEPAMXZ
?GetDataSize@CAudioChunk@@UAEIXZ
?SetDataSize@CAudioChunk@@UAEXI@Z
?GetDataLength@CAudioChunk@@UAEIXZ
?CheckDataSize@CAudioChunk@@UAEXI@Z
?GetSampleRate@CAudioChunk@@UAEIXZ
?SetSampleRate@CAudioChunk@@UAEXI@Z
?SetChannels@CAudioChunk@@UAEXI@Z
?SetSampleCount@CAudioChunk@@UAEXI@Z
?IsEmpty@CAudioChunk@@UAE_NXZ
?Reset@CAudioChunk@@UAEXXZ
?Flush@CAudioChunk@@UAEXXZ
?Copy@CAudioChunk@@UAEXPAVIAudioChunk@@@Z
?ConvertRightToStereo@@YAXPADI@Z
?ConvertLeftToStereo@@YAXPADI@Z
?Resume@CThread@@QAEXXZ
?SetPriority@CThread@@QAEXH@Z
?Quit@CThread@@QAEXXZ
?Suspend@CThread@@QAEXXZ
CreateAudioResampler
?ConvertMonoToStereo@@YAXPBDIPADI@Z
?ConvertStereoToMono@@YAHPADI@Z
SetLogFuncForAudioUtil
??1CAudioChunk@@QAE@XZ
??0CAudioChunk@@QAE@XZ
CreateResampler
?ConvertFloatToLinear@@YAHPAMIH@Z
??1CPcmBuffer@@QAE@XZ
CreateVAD
CreateImproveVAD
CreateCommonDSP
CreateZZZ
?Flush@CPcmBuffer@@QAEXXZ
?ConvertFloatTo16Bit@@YAHPADI@Z
?SizeMs@CPcmBuffer@@QAEIXZ
?Push@CPcmBuffer@@QAE_NPADIII@Z

kernel32

WriteFile
ReadFile
SetEndOfFile
SetEvent
LocalAlloc
InterlockedCompareExchange
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
SetFilePointer
EnterCriticalSection
OutputDebugStringA
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetVersionExW
CreateEventW
CloseHandle
WaitForSingleObject
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
GetProcAddress
LoadLibraryW
MultiByteToWideChar
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
Sleep
GetModuleHandleW
InterlockedExchangeAdd
InterlockedExchange
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
SetLastError
RaiseException
FreeLibrary
GetFileAttributesW
GetModuleFileNameW
GetEnvironmentVariableW
LocalFree
FormatMessageA
GetLastError
GetFileSize
CreateFileW
InterlockedIncrement
InterlockedDecrement
GetSystemInfo
FileTimeToSystemTime
GetFileTime
CreateProcessW
Process32NextW
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
GetExitCodeProcess
GetFullPathNameW
FindFirstFileW
lstrlenW
FindNextFileW
FindClose

user32

DestroyWindow
DefWindowProcW
UnregisterClassA
GetDesktopWindow
KillTimer
SetTimer
RegisterDeviceNotificationW
UnregisterDeviceNotification
RegisterClassExW
LoadCursorW
GetClassInfoExW
CreateWindowExW
CallWindowProcW
GetWindowLongW
SetWindowLongW
PostMessageW

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey

shell32

ShellExecuteW

ole32

CoCreateInstance
CoTaskMemFree
CoInitialize
CoUninitialize

msvcp90

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHABV12@@Z
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIPB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

msvcr90

fprintf
abort
sscanf
_strnicmp
strncpy
atof
strerror
_errno
_CIsqrt
_CIsin
_CIcos
_CItan
_CIpow
_lseek
_read
_CIlog
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_strdup
realloc
_wopen
calloc
_open
_close
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_except_handler4_common
_malloc_crt
_encoded_null
_crt_debugger_hook
_stricmp
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
__CxxFrameHandler3
??3@YAXPAX@Z
_purecall
??2@YAPAXI@Z
memcpy
_vsnprintf_s
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
memmove_s
malloc
free
memset
??_V@YAXPAX@Z
fabs
_snwprintf_s
strlen
memcpy_s
wcslen
_wtoi64
swprintf_s
_recalloc
sprintf
wcsncmp
strncmp
towlower
memcmp
fread
_wfopen_s
fclose
feof
fwrite
fseek
pow
abs
__RTDynamicCast
_wcsicmp
wcsstr
_wcslwr_s
tolower
log10
ftell
wcsrchr
wcscpy_s
_wcsupr_s
_local_unwind4
exp
cos
sin
sqrt
rand
log
memmove
printf
__iob_func

Exports

Exports

??0CAudioChunk@@QAE@ABV0@@Z
??0CAudioMixer@@QAE@XZ
??0CLock@@QAE@_N@Z
??0CPcmBuffer@@QAE@ABV0@@Z
??0CSharedMem@@QAE@ABV0@@Z
??0CThread@@QAE@ABV0@@Z
??1CAudioMixer@@QAE@XZ
??1CLock@@QAE@XZ
??4CAudioChunk@@QAEAAV0@ABV0@@Z
??4CAudioMixer@@QAEAAV0@ABV0@@Z
??4CCycBuffer@@QAEAAV0@ABV0@@Z
??4CLock@@QAEAAV0@ABV0@@Z
??4CPcmBuffer@@QAEAAV0@ABV0@@Z
??4CSharedMem@@QAEAAV0@ABV0@@Z
??4CThread@@QAEAAV0@ABV0@@Z
??_7CAudioChunk@@6B@
??_7CThread@@6B@
??_FCCycBuffer@@QAEXXZ
??_FCLock@@QAEXXZ
??_FCThread@@QAEXXZ
?AssertLocked@CLock@@QAEXXZ
?AssertNotLocked@CLock@@QAEXXZ
?Clear@CAudioMixer@@AAEXXZ
?Enter@CLock@@QAEHPBD@Z
?Execute@CThread@@MAEXXZ
?GetChannels@CAudioChunk@@UAEIXZ
?GetHandle@CThread@@QAEPAXXZ
?GetLockCount@CLock@@QAEHXZ
?GetLockCountCheck@CLock@@QAEHXZ
?GetLocker@CCycBuffer@@QAEPAVCLock@@XZ
?GetSampleCount@CAudioChunk@@UAEIXZ
?GetTerminated@CThread@@QAE_NXZ
?GetThreadId@CThread@@QAEIXZ
?Leave@CLock@@QAEHPBD@Z
?MixAdjustChunk@CAudioMixer@@AAEXPAMII@Z
?MixToChunk@CAudioMixer@@AAEXAAVCAudioChunk@@@Z
?Process@CAudioMixer@@QAE_NABV?$vector@PAVCAudioChunk@@V?$allocator@PAVCAudioChunk@@@std@@@std@@AAVCAudioChunk@@@Z
ConvertFlvAudioObjectType
GetAudioEngine
SetLogFunc
mpg123_add_string
mpg123_add_substring
mpg123_chomp_string
mpg123_clip
mpg123_close
mpg123_copy_string
mpg123_current_decoder
mpg123_decode
mpg123_decode_frame
mpg123_decoder
mpg123_decoders
mpg123_delete
mpg123_delete_pars
mpg123_enc_from_id3
mpg123_encodings
mpg123_encsize
mpg123_eq
mpg123_errcode
mpg123_exit
mpg123_feed
mpg123_feedseek
mpg123_fmt
mpg123_fmt_all
mpg123_fmt_none
mpg123_fmt_support
mpg123_format
mpg123_format_all
mpg123_format_none
mpg123_format_support
mpg123_framebyframe_decode
mpg123_framebyframe_next
mpg123_framedata
mpg123_framepos
mpg123_free_string
mpg123_geteq
mpg123_getformat
mpg123_getpar
mpg123_getparam
mpg123_getstate
mpg123_getvolume
mpg123_grow_string
mpg123_icy
mpg123_icy2utf8
mpg123_id3
mpg123_index
mpg123_info
mpg123_init
mpg123_init_string
mpg123_length
mpg123_meta_check
mpg123_meta_free
mpg123_new
mpg123_new_pars
mpg123_open
mpg123_open_fd
mpg123_open_feed
mpg123_open_handle
mpg123_outblock
mpg123_par
mpg123_param
mpg123_parnew
mpg123_plain_strerror
mpg123_position
mpg123_rates
mpg123_read
mpg123_replace_buffer
mpg123_replace_reader
mpg123_replace_reader_handle
mpg123_reset_eq
mpg123_resize_string
mpg123_safe_buffer
mpg123_scan
mpg123_seek
mpg123_seek_frame
mpg123_set_filesize
mpg123_set_index
mpg123_set_string
mpg123_set_substring
mpg123_spf
mpg123_store_utf8
mpg123_strerror
mpg123_strlen
mpg123_supported_decoders
mpg123_tell
mpg123_tell_stream
mpg123_tellframe
mpg123_timeframe
mpg123_tpf
mpg123_volume
mpg123_volume_change

Sections

.text
Size: 690KB - Virtual size: 690KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

457673f552ed0c2e612b0e2b69184af8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2dCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2dCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

b7:2d:d0:73:c8:ca:b0:40:6f:a6:2f:a0:b6:1c:b0:f5:7a:e3:98:d4:f5:a3:37:e4:c2:bb:d2:93:8c:85:52:d0Signer

84:88:20:27:ea:54:d2:20:77:f1:91:10:4e:85:cc:2d:2f:54:90:0bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

dsound

psapi

audioutil

kernel32

user32

advapi32

shell32

ole32

msvcp90

msvcr90

Exports

Exports

Sections

.text Size: 690KB - Virtual size: 690KB

.rdata Size: 167KB - Virtual size: 166KB

.data Size: 13KB - Virtual size: 1.2MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 46KB - Virtual size: 45KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

b7:2d:d0:73:c8:ca:b0:40:6f:a6:2f:a0:b6:1c:b0:f5:7a:e3:98:d4:f5:a3:37:e4:c2:bb:d2:93:8c:85:52:d0
Signer

84:88:20:27:ea:54:d2:20:77:f1:91:10:4e:85:cc:2d:2f:54:90:0b
Signer

.text
Size: 690KB - Virtual size: 690KB

.rdata
Size: 167KB - Virtual size: 166KB

.data
Size: 13KB - Virtual size: 1.2MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 46KB - Virtual size: 45KB