Extended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
8Static
static
7BH2002/BH2002.exe
windows7-x64
8BH2002/BH2002.exe
windows10-2004-x64
1BH2002/BH2...H2.exe
windows7-x64
3BH2002/BH2...H2.exe
windows10-2004-x64
1BH2002/PlayGame.exe
windows7-x64
7BH2002/PlayGame.exe
windows10-2004-x64
7BH2002/RegSetup.exe
windows7-x64
1BH2002/RegSetup.exe
windows10-2004-x64
1BH2002/bh2.exe
windows7-x64
3BH2002/bh2.exe
windows10-2004-x64
1安装程序.exe
windows7-x64
7安装程序.exe
windows10-2004-x64
7Behavioral task
behavioral1
Sample
BH2002/BH2002.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
BH2002/BH2002.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
BH2002/BH2Game/BH2.exe
Resource
win7-20240419-en
Behavioral task
behavioral4
Sample
BH2002/BH2Game/BH2.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
BH2002/PlayGame.exe
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
BH2002/PlayGame.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
BH2002/RegSetup.exe
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
BH2002/RegSetup.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
BH2002/bh2.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
BH2002/bh2.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
安装程序.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
安装程序.exe
Resource
win10v2004-20240426-en
Target
2a01d36ca6a333b9eb0cbce7386cd85c_JaffaCakes118
Size
22.2MB
MD5
2a01d36ca6a333b9eb0cbce7386cd85c
SHA1
ddac2c499b42f4c73d21c230ca4738e36ac5ad1b
SHA256
47a983035cbe36a957034b8f8e5cd7dd56752b6b510a9a1c7e1eaa6c6116d57f
SHA512
9e44437c468e32a759f6ce3d365dbe56da8883877bb6df7e0e2cac54942fa138276838ff40d0290b8e4291f9a8d6023e90a88137c94daa715a3be7f51f6f3083
SSDEEP
393216:Uv+3bu39rCVq5CttH+MdFGveVU09aI0gDhYH42JU+RY34KQy/:U0bQCVkCPndFvVB9aI/h04EtQ4KV/
| resource | yara_rule |
|---|---|
| static1/unpack001/BH2002/PlayGame.exe | aspack_v212_v242 |
| resource | yara_rule |
|---|---|
| static1/unpack001/安装程序.exe | upx |
Checks for missing Authenticode signature.
| resource |
|---|
| unpack001/BH2002/BH2002.exe |
| unpack001/BH2002/BH2Game/BH2.exe |
| unpack001/BH2002/RegSetup.exe |
| unpack001/BH2002/bh2.ews |
| unpack002/out.upx |
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
ExitProcess
Sleep
GetExitCodeProcess
GetCurrentProcess
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
HeapReAlloc
VirtualAlloc
HeapAlloc
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
TerminateProcess
CreateProcessA
UnhandledExceptionFilter
GetModuleFileNameA
HeapFree
WriteFile
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
MessageBoxA
ChangeDisplaySettingsA
DefWindowProcA
PostMessageA
PostQuitMessage
SystemParametersInfoA
LoadIconA
LoadCursorA
RegisterClassA
GetSystemMetrics
CreateWindowExA
ShowCursor
PeekMessageA
DispatchMessageA
TranslateMessage
GetStockObject
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
lstrlenA
CloseHandle
ExitProcess
VirtualAlloc
SetEndOfFile
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
LoadLibraryA
CreateFileA
FlushFileBuffers
SetStdHandle
SetFilePointer
WriteFile
RtlUnwind
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
RaiseException
GetProcAddress
HeapFree
GetLastError
GetTickCount
ReadFile
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
GetFileType
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
DefWindowProcA
GetMessageA
TranslateMessage
PeekMessageA
SetCursorPos
ShowCursor
GetCursorPos
GetDC
UpdateWindow
LoadCursorA
RegisterClassA
CreateWindowExA
ShowWindow
SetTextColor
GetStockObject
TextOutA
SetBkMode
DirectDrawCreateEx
ord1
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
GetTempFileNameA
WriteFile
GetWindowsDirectoryA
GetCurrentDirectoryA
DeleteFileA
CreateFileA
GetFileSize
SetFilePointer
ReadFile
GetCommandLineA
GetTempPathA
GetStartupInfoA
UnhandledExceptionFilter
GetModuleFileNameA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
LCMapStringA
MultiByteToWideChar
LCMapStringW
LoadLibraryA
GetProcAddress
SetStdHandle
GetACP
GetCPInfo
HeapFree
HeapAlloc
GetModuleHandleA
CloseHandle
GetVersion
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
GetStdHandle
GetOEMCP
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
RtlUnwind
GetLastError
GetFileAttributesA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
SetWindowPos
EndDialog
GetSystemMetrics
GetWindowRect
DialogBoxParamA
GetDlgItem
SendMessageA
MessageBoxA
KillTimer
EnableWindow
SetWindowTextA
SetTimer
RegCloseKey
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
ord17
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
GetProcAddress
LoadLibraryA
CloseHandle
CreateFileA
WritePrivateProfileStringA
ReadFile
FindNextFileA
GetCommandLineA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateThread
MulDiv
ReleaseMutex
WaitForSingleObject
ResetEvent
Sleep
InitializeCriticalSection
CreateMutexA
TerminateThread
MultiByteToWideChar
SetFilePointer
VirtualProtect
RtlUnwind
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA
GetVersion
ExitProcess
SetThreadPriority
HeapReAlloc
HeapFree
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
CreateEventA
GetPrivateProfileStringA
WideCharToMultiByte
LCMapStringA
LCMapStringW
GetPrivateProfileIntA
WriteFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
HeapDestroy
HeapCreate
VirtualFree
SetStdHandle
SetEndOfFile
RaiseException
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
FlushFileBuffers
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
FindFirstFileA
SetFileAttributesA
TlsGetValue
GetLastError
GetFileType
PostMessageA
GetCursorPos
CreateWindowExA
GetSystemMetrics
RegisterClassA
LoadCursorA
LoadIconA
SystemParametersInfoA
ShowCursor
PostQuitMessage
DefWindowProcA
TranslateMessage
DispatchMessageA
WaitMessage
PeekMessageA
IsIconic
MessageBoxA
GetTextExtentPoint32A
SetBkMode
SetTextColor
SetBkColor
TextOutA
GetStockObject
CreateFontA
SelectObject
GetDeviceCaps
SetMapMode
DeleteObject
DirectDrawCreateEx
ord1
DirectInputCreateA
timeGetTime
CoInitialize
CoCreateInstance
CoUninitialize
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ExtKeyUsageTimeStamping
KeyUsageCertSign
KeyUsageCRLSign
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ