DisableKeyBoard
DisableMouse
Justahook
RemoveKBHook
RemoveMSHook
SetKBHook
SetKBHookCn
SetKBHookThreadId
SetMSHook
SetMSHookThreadId
StartMSHook
StopKBHook
StopMSHook
Overview
overview
7Static
static
7安装说明.url
windows7-x64
1安装说明.url
windows10-2004-x64
1键盘记�...ok.dll
windows7-x64
1键盘记�...ok.dll
windows10-2004-x64
1键盘记�...og.exe
windows7-x64
7键盘记�...og.exe
windows10-2004-x64
7键盘记�...or.exe
windows7-x64
7键盘记�...or.exe
windows10-2004-x64
7键盘记�...ok.dll
windows7-x64
1键盘记�...ok.dll
windows10-2004-x64
1键盘记�...og.exe
windows7-x64
7键盘记�...og.exe
windows10-2004-x64
7键盘记�...or.exe
windows7-x64
7键盘记�...or.exe
windows10-2004-x64
7Behavioral task
behavioral1
Sample
安装说明.url
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
安装说明.url
Resource
win10v2004-20240704-en
Behavioral task
behavioral3
Sample
键盘记录器7.1 华军版/keyboardhook.dll
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
键盘记录器7.1 华军版/keyboardhook.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral5
Sample
键盘记录器7.1 华军版/keyboardlog.exe
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
键盘记录器7.1 华军版/keyboardlog.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral7
Sample
键盘记录器7.1 华军版/monitor.exe
Resource
win7-20240705-en
Behavioral task
behavioral8
Sample
键盘记录器7.1 华军版/monitor.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral9
Sample
键盘记录器7.1 华军版/键盘记录器7.1 华军版/keyboardhook.dll
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
键盘记录器7.1 华军版/键盘记录器7.1 华军版/keyboardhook.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral11
Sample
键盘记录器7.1 华军版/键盘记录器7.1 华军版/keyboardlog.exe
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
键盘记录器7.1 华军版/键盘记录器7.1 华军版/keyboardlog.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral13
Sample
键盘记录器7.1 华军版/键盘记录器7.1 华军版/monitor.exe
Resource
win7-20240704-en
Behavioral task
behavioral14
Sample
键盘记录器7.1 华军版/键盘记录器7.1 华军版/monitor.exe
Resource
win10v2004-20240704-en
Target
2e8d0c4a63666416c57ec30f860b5111_JaffaCakes118
Size
285KB
MD5
2e8d0c4a63666416c57ec30f860b5111
SHA1
cfdbcba33493c864d7259f80cf807f185419caeb
SHA256
22cda0ab9267828694f069a68f88caf8a72e8b516e519c0758b1502d9345d884
SHA512
f982b2d1d4840c1ad79da2084932ff946c5ae657887acb11ec6543aed66fd1a1a08e8378e593c2c034b686ff62031e93f58bffa354e0728487977441035486b1
SSDEEP
6144:UmuVBQyMOVZm5yxtpY0F7NqUuVSQyMOVZm5yxtpY0F7NL:UmoBQyMOVg58tOuYUoSQyMOVg58tOuZ
resource | yara_rule |
---|---|
static1/unpack001/键盘记录器7.1 华军版/keyboardlog.exe | upx |
static1/unpack001/键盘记录器7.1 华军版/monitor.exe | upx |
static1/unpack001/键盘记录器7.1 华军版/键盘记录器7.1 华军版/keyboardlog.exe | upx |
static1/unpack001/键盘记录器7.1 华军版/键盘记录器7.1 华军版/monitor.exe | upx |
Checks for missing Authenticode signature.
resource |
---|
unpack001/键盘记录器7.1 华军版/keyboardhook.dll |
unpack001/键盘记录器7.1 华军版/keyboardlog.exe |
unpack002/out.upx |
unpack001/键盘记录器7.1 华军版/monitor.exe |
unpack003/out.upx |
unpack001/键盘记录器7.1 华军版/键盘记录器7.1 华军版/keyboardhook.dll |
unpack001/键盘记录器7.1 华军版/键盘记录器7.1 华军版/keyboardlog.exe |
unpack004/out.upx |
unpack001/键盘记录器7.1 华军版/键盘记录器7.1 华军版/monitor.exe |
unpack005/out.upx |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
CloseHandle
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
PostThreadMessageA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
ImmGetCompositionStringA
ImmReleaseContext
ImmGetContext
DisableKeyBoard
DisableMouse
Justahook
RemoveKBHook
RemoveMSHook
SetKBHook
SetKBHookCn
SetKBHookThreadId
SetMSHook
SetMSHookThreadId
StartMSHook
StopKBHook
StopMSHook
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
CloseHandle
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
PostThreadMessageA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
ImmGetCompositionStringA
ImmReleaseContext
ImmGetContext
DisableKeyBoard
DisableMouse
Justahook
RemoveKBHook
RemoveMSHook
SetKBHook
SetKBHookCn
SetKBHookThreadId
SetMSHook
SetMSHookThreadId
StartMSHook
StopKBHook
StopMSHook
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ