f032a90e62388e8ed3cb4e0416c6fe9a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f032a90e62388e8ed3cb4e0416c6fe9a_JaffaCakes118
Size

244KB
MD5

f032a90e62388e8ed3cb4e0416c6fe9a
SHA1

dab51aee525ac8e6751b2ab8e453316e83ead261
SHA256

59c6d2064d21196fe644a86e6e4efa41ff1c1a8d2504c1b06170d03afb756085
SHA512

03ca65856e7bde4361f46fc95b46a5bb8d847ac29aa0a19e87204563ec462092eada8e12562bfc5a39b1df19e0f97d7408269e1ba082ca9f14c29412310b5b26
SSDEEP

3072:GlTSr+vbmJD+JIWBYv4SpAd+aE1oLgG9lG7SPpkoY/9/cz65QlQt4d+P0pCemd1I:GkwYZoMHSh2QluP/ld3khg0y7y7

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
f032a90e62388e8ed3cb4e0416c6fe9a_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/UserInfo.dll
unpack001/prism3d.exe
unpack001/sndshared.dll
unpack001/vorbisfile.dll
unpack001/zlib1.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

f032a90e62388e8ed3cb4e0416c6fe9a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

97318da386948415d08cef4a9006d669

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

6bc108eed3ca99f68adee56e9c99fac6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynA
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 741B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 657B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 85B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
prism3d.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

_cmd_execute
_cmd_execute_block
_cmd_register_command
_cvar_register_variable
_gfx_sprite
_inp_bind_command
_inp_bind_impulse
_inp_get_impulse_code
_inp_get_impulse_name
_inp_get_trigger_code
_inp_get_trigger_name
_inp_joy_set_dead_zone
_inp_name_impulse
_inp_restore_bindings
_inp_search_trigger_command
_inp_search_trigger_impulse
_inp_unbind_impulse
_mm_hw_free_all
_mm_hw_free_unreferenced
_mm_mem_free_all
_mm_mem_free_unreferenced
_mm_obtain_resource
_mm_remove_unreferenced
_snd_create
_snd_create_oneshot
cmd_get
cmd_get_list
cmd_process_queue
cmd_register_queue
cmd_unregister_command
cmd_unregister_queue
cvar_get
cvar_get_list
cvar_link
cvar_unlink
cvar_unregister_variable
dll_handle
dll_lookup_code
dll_lookup_data
dll_ready_to_unload
dll_register
dll_register_and_execute
get_engine_ubank
get_engine_usystem
gfx_alloc_buffer
gfx_alloc_packet
gfx_alloc_proto
gfx_available_path
gfx_available_path_count
gfx_begin_frame
gfx_bitmap
gfx_cache_alloc
gfx_cache_data
gfx_cache_pop
gfx_cache_push
gfx_cache_sweep
gfx_device_count
gfx_device_enum
gfx_device_get
gfx_device_get_hw_state
gfx_device_init
gfx_device_shutdown
gfx_drawable_begin_update
gfx_drawable_context
gfx_drawable_create
gfx_drawable_destroy
gfx_drawable_end_update
gfx_drawable_get_size
gfx_drawable_surface_begin_update
gfx_drawable_surface_end_update
gfx_driver_count
gfx_driver_enum
gfx_driver_get
gfx_driver_name
gfx_driver_register
gfx_driver_unregister
gfx_end_frame
gfx_fbuffer_create
gfx_fbuffer_destroy
gfx_free_buffer
gfx_free_packet
gfx_free_proto
gfx_get_anisotropy_factor
gfx_get_default_buffer
gfx_get_desktop_mode
gfx_get_image
gfx_get_texture_detail
gfx_hw_flush
gfx_hw_free
gfx_hw_load
gfx_init_devices
gfx_is_active
gfx_is_path_available
gfx_line_plain
gfx_line_strip
gfx_mode_count
gfx_mode_current
gfx_mode_get
gfx_mode_init
gfx_mode_shutdown
gfx_pixelformat_choose
gfx_quirks_enabled
gfx_reset_stats
gfx_screen_capture
gfx_set_active
gfx_set_gamma
gfx_set_rendering_device
gfx_set_win_properties
gfx_shutdown_devices
gfx_sub_bitmap
gfx_swapbuffers
gfx_texel_offset
gfx_try_capture
hw_device_count
hw_device_get
hw_device_insert
hw_device_remove
hw_init
hw_revive
hw_shutdown
hw_suspend
inp_cursor_info
inp_cursor_info_set
inp_event
inp_fetch_keycode
inp_force_change
inp_force_create
inp_force_destroy
inp_force_play
inp_force_stop
inp_freeze_input
inp_get_mouse_sensitivity
inp_handle_impulses
inp_impulse_is_activated
inp_impulse_value
inp_init_devices
inp_init_input
inp_is_active
inp_joy_get_axis_name
inp_joy_get_count
inp_joy_get_dead_zone
inp_joy_get_name
inp_joy_switch
inp_mouse_reports_delta
inp_reset_impulses
inp_reset_keycode_queue
inp_set_active
inp_set_mouse_reports_delta
inp_set_mouse_sensitivity
inp_shutdown_devices
inp_store_bindings
inp_thaw_input
inp_trackir_disable
inp_trackir_enable
inp_trackir_get_axis_data
inp_trackir_init
inp_trackir_is_active
inp_trackir_is_present
inp_unbind_command
mem_sys_alloc
mem_sys_calloc
mem_sys_free
mem_sys_realloc
message_history_count
message_history_get
mm_alloc_mem
mm_free_mem
mm_refresh_resource
mm_register_loader
mm_unregister_loader
mm_warn_refresh
oswindow_activate_main_window
oswindow_attach
oswindow_create
oswindow_destroy
oswindow_detach
oswindow_get_properties
oswindow_get_window
oswindow_hide
oswindow_hold_reactions
oswindow_init
oswindow_is_application_active
oswindow_is_monitor_active
oswindow_move_to
oswindow_process_message_queue
oswindow_set_properties
oswindow_set_title
oswindow_show
oswindow_shutdown
process_add
process_get
process_hw_lock
process_hw_unlock
process_mm_lock
process_mm_unlock
process_pid_get
process_register_message_loop
process_sleep
process_store_cfg
process_terminate_all
process_wakeup
snd_def_mm_distances
snd_device_count
snd_device_current
snd_device_get
snd_device_info
snd_device_revive
snd_device_shutdown
snd_device_suspend
snd_distance_factor
snd_enforce_attributes
snd_eval_devicestring
snd_finish
snd_get_length
snd_get_music_volume
snd_get_sfx_volume
snd_init_devices
snd_is_accelerated
snd_is_stereo_reversed
snd_listener
snd_restart
snd_rolloff_factor
snd_set_current_tag
snd_shutdown_devices
snd_update_state
sys_frame
sys_get_lastdelta
sys_get_random_seed
sys_get_statistics_time_delta
sys_get_system_string
sys_get_time
sys_pause
sys_rand
sys_version
ui_get_parameter_packet_array

Sections

.text
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 30KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 198KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 308KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 181KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 680KB - Virtual size: 679KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 162KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
sndshared.dll
.dll windows:4 windows x86 arch:x86

046fd707442de1d25a45f0467b6ae7d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

vorbisfile

ov_raw_seek
ov_read
ov_open_callbacks
ov_info
ov_pcm_total
ov_clear

kernel32

DisableThreadLibraryCalls
GetProcAddress

p3core

?copy@mstring_t@prism@@QAE_NABVstring@2@III@Z
p3core_system_new_vector
?fs_open@prism@@YA?AVret_t@?$auto_ptr_t@Vfile_t@prism@@@1@ABVstring@1@W4fs_realm_t@1@@Z
?NUL_CHAR@string@prism@@2PBDB
?is_completed@worklet_t@prism@@UAE_NXZ
?cancel@worklet_t@prism@@UAEXXZ
?start@worklet_t@prism@@UAEXXZ
?file_error@prism@@YAXQAVfile_t@1@QBDZZ
?printf@mstring_t@prism@@QAA_NPBDZZ
?read@file_t@prism@@QAE_NQAXI@Z
?get_size@file_t@prism@@QAE_KXZ
?on_tick@worklet_t@prism@@UAEXXZ
?finish@worklet_t@prism@@UAEXXZ
??0worklet_t@prism@@QAE@XZ
??1worklet_t@prism@@UAE@XZ
?v_abort_fail@prism@@YAXQBD0I0@Z
p3core_system_delete_vector
p3core_system_delete
p3core_system_new
?seek@file_t@prism@@QAE_NJW4fs_whence_t@2@@Z

p3shared

?system@vprocess_t@prism@@UAEXXZ
??1vprocess_t@prism@@UAE@XZ
?shutdown@hw_device_t@prism@@UAEXXZ
?revive@hw_device_t@prism@@UAEXXZ
?suspend@hw_device_t@prism@@UAEXXZ
?detect@hw_device_t@prism@@UAE_NXZ
??0hw_device_t@prism@@QAE@XZ
??1hw_device_t@prism@@UAE@XZ
??0vprocess_t@prism@@QAE@H@Z
?set_name@vprocess_t@prism@@QAEXPBD@Z
?shutdown@vprocess_t@prism@@UAEX_N@Z

msvcr71

__dllonexit
__CppXcptFilter
_adjust_fdiv
_onexit
_except_handler3
free
_initterm
malloc
_purecall

Exports

Exports

??0buffer_t@sound@prism@@QAE@I@Z
??0channel_t@sound@prism@@QAE@I@Z
??0device_t@sound@prism@@QAE@XZ
??0listener_t@sound@prism@@QAE@XZ
??1buffer_t@sound@prism@@UAE@XZ
??1channel_t@sound@prism@@UAE@XZ
??1device_t@sound@prism@@UAE@XZ
?bind@buffer_t@sound@prism@@MAE_NABVstring@3@I@Z
?bind@channel_t@sound@prism@@UAE_NQAVbuffer_t@23@@Z
?cleanup_request@streamer_t@sound@prism@@IAEXXZ
?close_channel@device_t@sound@prism@@QAEXQAVchannel_t@23@@Z
?distance_volume_factor@channel_t@sound@prism@@IAEMABVlistener_t@23@@Z
?distance_volume_start@channel_t@sound@prism@@IAEMABVlistener_t@23@@Z
?enable_playback@channel_t@sound@prism@@QAEX_N@Z
?generate_silence@buffer_t@sound@prism@@IAEXQAXI@Z
?get_file_name@buffer_t@sound@prism@@QBEABVstring@3@XZ
?get_playback_state@channel_t@sound@prism@@QAE_NXZ
?handler@device_t@sound@prism@@UAEXXZ
?init@device_t@sound@prism@@UAE_NXZ
?init_metadata@buffer_t@sound@prism@@QAE_NQAVfile_t@3@@Z
?linear_gain_to_millibells@channel_t@sound@prism@@KAHM@Z
?on_tick@device_t@sound@prism@@UAEXXZ
?open_channel@device_t@sound@prism@@QAEPAVchannel_t@23@ABVstring@3@I@Z
?register_channel@buffer_t@sound@prism@@IAEXQAVchannel_t@23@@Z
?request_data@streamer_t@sound@prism@@QAEXQAX_KI@Z
?restart@device_t@sound@prism@@UAE_NXZ
?set_listener@device_t@sound@prism@@QAEXABVlistener_t@23@@Z
?shutdown@device_t@sound@prism@@UAEXXZ
?snd_proc_init@prism@@YAXXZ
?snd_shared_init@prism@@YAXPAX@Z
?snd_shared_shutdown@prism@@YAXXZ
?unregister_channel@buffer_t@sound@prism@@IAEXQAVchannel_t@23@@Z
?update@buffer_t@sound@prism@@UAEXABVlistener_t@23@@Z
?update@channel_t@sound@prism@@UAEXABVlistener_t@23@@Z
?update_attributes@channel_t@sound@prism@@QAEXABVattributes_t@23@@Z
?update_request@streamer_t@sound@prism@@IAEXI@Z

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vorbisfile.dll
.dll windows:4 windows x86 arch:x86

0d0fd05e9b22677fe6bc45863906c40d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ogg

ogg_sync_wrote
ogg_sync_reset
ogg_sync_pageseek
ogg_page_serialno
ogg_stream_packetout
ogg_stream_pagein
ogg_stream_reset_serialno
ogg_page_granulepos
ogg_sync_clear
ogg_stream_clear
ogg_page_eos
ogg_stream_reset
ogg_stream_init
ogg_page_continued
ogg_stream_packetpeek
ogg_sync_init
ogg_sync_buffer

vorbis

vorbis_info_init
vorbis_comment_init
vorbis_packet_blocksize
vorbis_info_clear
vorbis_comment_clear
vorbis_block_init
vorbis_synthesis_init
vorbis_block_clear
vorbis_dsp_clear
vorbis_synthesis_blockin
vorbis_synthesis_pcmout
vorbis_synthesis
vorbis_synthesis_halfrate
vorbis_synthesis_halfrate_p
vorbis_synthesis_restart
vorbis_synthesis_read
vorbis_synthesis_trackonly
vorbis_info_blocksize
vorbis_synthesis_lapout
_analysis_output_always
vorbis_window
vorbis_synthesis_headerin

kernel32

HeapDestroy
GetSystemInfo
VirtualProtect
HeapSize
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
LoadLibraryA
RaiseException
FlushFileBuffers
SetStdHandle
VirtualQuery
InterlockedExchange
RtlUnwind
InitializeCriticalSection
GetCPInfo
GetOEMCP
GetACP
WriteFile
UnhandledExceptionFilter
GetEnvironmentStringsW
WideCharToMultiByte
HeapAlloc
HeapReAlloc
HeapFree
GetCurrentThreadId
GetCommandLineA
GetVersionExA
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapCreate
VirtualFree
VirtualAlloc
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
CloseHandle
ReadFile
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW

Exports

Exports

ov_bitrate
ov_bitrate_instant
ov_clear
ov_comment
ov_crosslap
ov_halfrate
ov_halfrate_p
ov_info
ov_open
ov_open_callbacks
ov_pcm_seek
ov_pcm_seek_lap
ov_pcm_seek_page
ov_pcm_seek_page_lap
ov_pcm_tell
ov_pcm_total
ov_raw_seek
ov_raw_seek_lap
ov_raw_tell
ov_raw_total
ov_read
ov_read_float
ov_seekable
ov_serialnumber
ov_streams
ov_test
ov_test_callbacks
ov_test_open
ov_time_seek
ov_time_seek_lap
ov_time_seek_page
ov_time_seek_page_lap
ov_time_tell
ov_time_total

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
zlib1.dll
.dll windows:4 windows x86 arch:x86

b614dbf39645d570f35b2c1defc40f37

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr71

_errno
fclose
free
_vsnprintf
fflush
fseek
fputc
malloc
clearerr
ftell
fread
_fdopen
fopen
sprintf
_initterm
_adjust_fdiv
__CppXcptFilter
_except_handler3
__dllonexit
_onexit
fprintf
fwrite

kernel32

DisableThreadLibraryCalls

Exports

Exports

adler32
compress
compress2
compressBound
crc32
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePrime
deflateReset
deflateSetDictionary
get_crc_table
gzclearerr
gzclose
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzungetc
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateInit2_
inflateInit_
inflateReset
inflateSetDictionary
inflateSync
inflateSyncPoint
uncompress
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97318da386948415d08cef4a9006d669

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 16KB - Virtual size: 15KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

6bc108eed3ca99f68adee56e9c99fac6

Headers

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 741B

.rdata Size: 1024B - Virtual size: 657B

.data Size: 512B - Virtual size: 85B

.reloc Size: 512B - Virtual size: 154B

Headers

File Characteristics

Exports

Exports

Sections

.text Size: - Virtual size: 64KB

.rdata Size: - Virtual size: 30KB

.data Size: - Virtual size: 198KB

.rsrc Size: - Virtual size: 10KB

.text Size: - Virtual size: 1.0MB

.data Size: - Virtual size: 25KB

.rdata Size: - Virtual size: 308KB

.bss Size: - Virtual size: 181KB

.idata Size: - Virtual size: 21KB

.rsrc Size: - Virtual size: 13KB

.text Size: 680KB - Virtual size: 679KB

.idata Size: 4KB - Virtual size: 1KB

.rsrc Size: 12KB - Virtual size: 11KB

.text Size: 162KB - Virtual size: 164KB

.bss Size: - Virtual size: 52KB

.data Size: 35KB - Virtual size: 36KB

.idata Size: 1024B - Virtual size: 572B

046fd707442de1d25a45f0467b6ae7d6

Headers

File Characteristics

Imports

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 16KB - Virtual size: 15KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 1024B - Virtual size: 741B

.rdata
Size: 1024B - Virtual size: 657B

.data
Size: 512B - Virtual size: 85B

.reloc
Size: 512B - Virtual size: 154B

.text
Size: - Virtual size: 64KB

.rdata
Size: - Virtual size: 30KB

.data
Size: - Virtual size: 198KB

.rsrc
Size: - Virtual size: 10KB

.text
Size: - Virtual size: 1.0MB

.data
Size: - Virtual size: 25KB

.rdata
Size: - Virtual size: 308KB

.bss
Size: - Virtual size: 181KB

.idata
Size: - Virtual size: 21KB

.rsrc
Size: - Virtual size: 13KB

.text
Size: 680KB - Virtual size: 679KB

.idata
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 12KB - Virtual size: 11KB

.text
Size: 162KB - Virtual size: 164KB

.bss
Size: - Virtual size: 52KB

.data
Size: 35KB - Virtual size: 36KB

.idata
Size: 1024B - Virtual size: 572B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 508B

.reloc
Size: 1024B - Virtual size: 992B

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 512B - Virtual size: 116B

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 1024B - Virtual size: 904B