9cfac95c9f6d483333fbcf4e181b673a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9cfac95c9f6d483333fbcf4e181b673a_JaffaCakes118
Size

615KB
MD5

9cfac95c9f6d483333fbcf4e181b673a
SHA1

46301698fa50f47fb68cd258c01c7109a4501cfc
SHA256

cae1eeb8899305c6ae619a5dfe4cc3f48d72fa814900c7228f248db94ed33408
SHA512

5555e7781d52ba3d785f37dec841d3399048ecfda3fd6b1b37b13b73fc55ba84c1c5dbc68d4128f79ff7fac74d40cd0d1c306d682c9c5f8c31cb98cb23711e8e
SSDEEP

12288:kU/Ni6wt/sqxHwPtnHBKHrDN7ApBEjJXhaeu9L8N/CEgZBFOww7:k+EDkqmErF8J997lOV

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/HanStar1.74/HanStar.dll
unpack001/HanStar1.74/HanStar.exe

Files

9cfac95c9f6d483333fbcf4e181b673a_JaffaCakes118
.rar
HanStar1.74/BNet.han
HanStar1.74/HanStar.dll
.dll windows:4 windows x86 arch:x86

974bbd803b88937bb8b0b7559c017478

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

advapi32

RegQueryValueExA

gdi32

UnrealizeObject

imm32

ImmSetConversionStatus

oleaut32

SafeArrayPtrOfIndex

user32

UnhookWindowsHookEx

version

VerQueryValueA

Exports

Exports

GetFileMapping
GetMsgProc
StartGetMsgHook
StopGetMsgHook

Sections

CODE
Size: 89KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HanStar1.74/HanStar.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 234KB - Virtual size: 664KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

XH
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HanStar1.74/HanStar.ini
HanStar1.74/HanStar.ver
HanStar1.74/IFU8F.inf
HanStar1.74/Text.han
HanStar1.74/单机游戏下载基地.url
.url
HanStar1.74/完整剧情.han
HanStar1.74/游戏说明.txt
HanStar1.74/说明.txt

Sharing

General

Malware Config

Signatures

Files

974bbd803b88937bb8b0b7559c017478

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

imm32

oleaut32

user32

version

Exports

Exports

Sections

CODE Size: 89KB - Virtual size: 240KB

.rsrc Size: 5KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 512B

Headers

File Characteristics

Sections

CODE Size: 234KB - Virtual size: 664KB

.rsrc Size: 12KB - Virtual size: 16KB

XH Size: 3KB - Virtual size: 8KB

CODE
Size: 89KB - Virtual size: 240KB

.rsrc
Size: 5KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 512B

CODE
Size: 234KB - Virtual size: 664KB

.rsrc
Size: 12KB - Virtual size: 16KB

XH
Size: 3KB - Virtual size: 8KB