Static task
static1
Behavioral task
behavioral1
Sample
hanzify.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
hanzify.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
keygen.exe
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
keygen.exe
Resource
win10v2004-20240802-en
General
-
Target
c09aadaae9e310a49f5ce05a7001e256_JaffaCakes118
-
Size
1.4MB
-
MD5
c09aadaae9e310a49f5ce05a7001e256
-
SHA1
9e946dbab741953cb3a8d18065aa5fc71c04f345
-
SHA256
d07aa37d533220a108fa070a90745f77a07c47095a8d17802b8584f094379f71
-
SHA512
bab2beb3770638bdd46489bd5cda43377a7cab716620a1b64df80ba6accd225a4f79b732fb669901b12f58ae655bf72280d2d611955219cc9771746f303a342c
-
SSDEEP
24576:zuoI+qsfc7/btIZ3yq1kvcPAqFvo7whI/+DnKvoMD4bIUtAr/:OFQc7/btIp2NqVwwusncoMD4x2r/
Malware Config
Signatures
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/hanzify.exe unpack001/keygen.exe
Files
-
c09aadaae9e310a49f5ce05a7001e256_JaffaCakes118.rar
-
hanzify.exe.exe windows:4 windows x86 arch:x86
7f080dbc564308fbfba9ebbb66776c99
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
shlwapi
SHDeleteKeyA
SHSetValueA
SHGetValueA
kernel32
FreeResource
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
GetWindowsDirectoryA
CreateDirectoryA
lstrlenA
FreeLibrary
GetProcAddress
LoadLibraryExA
SetErrorMode
InterlockedDecrement
GetVersionExA
GetModuleFileNameA
GetTempPathA
WinExec
GetStartupInfoA
FindResourceA
LoadResource
SizeofResource
LockResource
DeleteFileA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleHandleA
user32
GetCursorPos
PtInRect
GetParent
PostMessageA
LoadCursorA
SetCursor
TrackMouseEvent
InvalidateRect
RemovePropA
DefWindowProcA
ShowWindow
CopyRect
ClientToScreen
GetDC
DrawTextA
ReleaseDC
SetPropA
SetWindowLongA
UpdateWindow
DialogBoxParamA
EndDialog
IsDlgButtonChecked
SendMessageA
IsWindow
CheckDlgButton
BeginPaint
GetClientRect
FillRect
EndPaint
GetDlgItem
GetWindowRect
ScreenToClient
LoadStringA
GetWindowTextA
GetPropA
gdi32
SetBkMode
SetTextColor
GetStockObject
CreateFontIndirectA
GetObjectA
DeleteObject
SelectObject
GetDeviceCaps
shell32
ShellExecuteA
ole32
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
oleaut32
OleLoadPicture
msvcrt
strrchr
strncpy
_snprintf
fopen
fwrite
fclose
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
??3@YAXPAX@Z
__CxxFrameHandler
strstr
??2@YAPAXI@Z
_acmdln
free
malloc
_except_handler3
__dllonexit
_onexit
_exit
_XcptFilter
exit
__set_app_type
__p__fmode
__p__commode
_controlfp
Sections
.rdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
keygen.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
Size: - Virtual size: 124KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 109KB - Virtual size: 112KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
下载说明.htm.html .js polyglot
-
汉化新世纪.txt
-
汉化说明.txt