c82f72349576b9287869e235b7cdbcba_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c82f72349576b9287869e235b7cdbcba_JaffaCakes118
Size

193KB
MD5

c82f72349576b9287869e235b7cdbcba
SHA1

8a81759c2b5bc7a24277b0663066f02fb5e31789
SHA256

ea43cd6009a05cbcc10188e5ea3217fc5c51376d8143d2c5efe911fd010cd8a5
SHA512

51ff6cec03ff82706ebb201028052fe46508d1356ffcac5dd696cca1f56f21974997277f11d04997f4a05120098e40a9a630afb2f20b31bf6b72ee37d52b8477
SSDEEP

3072:HOnJJrTv8wD/eEAKQsZNpwFVEelJ+DXN1Q3Oxk1dABtFKk7Aaqf5A9U011u7:unJ9wsFAKnZN6V1J+DNxkKXLW16s

Score

3^/10

Malware Config

Signatures

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
unpack001/HTScreen/Driver/mymr.dll
unpack001/HTScreen/Driver/mymr.sys
unpack001/HTScreen/Driver/setup.exe
unpack001/HTScreen/HTCAPI.dll
unpack001/HTScreen/HTClient.exe
unpack001/HTScreen/HTSAPI.dll
unpack001/HTScreen/HTServer.exe
unpack001/HTScreen/HTSound.dll
unpack001/HTScreen/IJL15.DLL
unpack001/HTScreen/Mirror.dll
unpack001/HTScreen/Pointer.dll
unpack001/HTScreen/QHSock.dll
unpack001/HTScreen/mykbfilt.sys

Files

c82f72349576b9287869e235b7cdbcba_JaffaCakes118
.rar
HTScreen/Driver/mymr.dll
.dll windows:5 windows x86 arch:x86

811c7f3e811d011dbdf720dfae9bccf1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

win32k.sys

EngDebugPrint
EngFreeMem
EngDebugBreak
EngAllocMem
EngDeletePalette
EngDeleteSurface
EngAssociateSurface
EngCreateBitmap
EngCopyBits
EngBitBlt
EngTextOut
EngStrokePath
EngLineTo
EngStretchBlt
EngGradientFill
EngAlphaBlend
EngTransparentBlt
EngCreatePalette

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 480B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 448B - Virtual size: 426B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 160B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HTScreen/Driver/mymr.inf
HTScreen/Driver/mymr.sys
.sys windows:5 windows x86 arch:x86

715c39fe5bec009735221ebe60c90a5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\Code\bc\bin\i386\mymr.pdb

Imports

videoprt.sys

VideoPortZeroMemory
VideoPortInitialize

Sections

.text
Size: 256B - Virtual size: 164B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 97B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 128B - Virtual size: 110B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 128B - Virtual size: 34B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HTScreen/Driver/setup.exe
.exe windows:4 windows x86 arch:x86

17fce5da980403a0dd3ae30bd89a542a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiGetINFClassA
SetupDiCallClassInstaller
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiSetDeviceRegistryPropertyA
SetupDiCreateDeviceInfoA
SetupDiCreateDeviceInfoList
SetupDiDestroyDeviceInfoList

mfc42

ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord800
ord641
ord2514
ord6283
ord6282
ord860
ord5300
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord1576
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord1146
ord1168
ord324
ord4234
ord4710
ord2379
ord755
ord470
ord1200
ord2818
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord540
ord2055

msvcrt

__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
__CxxFrameHandler
__p___argv
_mbsicmp
_mbscmp
_setmbcp

kernel32

lstrlenA
GetStartupInfoA
CopyFileA
GetModuleFileNameA
CreateDirectoryA
GetWindowsDirectoryA
DeleteFileA
GetSystemDirectoryA
LocalAlloc
LocalFree
FindFirstFileA
OutputDebugStringA
GetVersionExA
GetModuleHandleA
GetLastError

user32

EnableWindow
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
LoadIconA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegSetValueExA
RegCloseKey

newdev

UpdateDriverForPlugAndPlayDevicesA

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HTScreen/HTCAPI.dll
.dll windows:4 windows x86 arch:x86

27c7ddc349cb9663828fead54e9cd77d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord5302
ord4080
ord4622
ord3922
ord3738
ord561
ord815
ord823
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1116
ord1255
ord5300
ord3346
ord2396
ord5199
ord3079
ord1089
ord6467
ord1578
ord600
ord826
ord269
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4424
ord825

msvcrt

??1type_info@@UAE@XZ
__CxxFrameHandler
_EH_prolog
_except_handler3
free
_initterm
malloc
_adjust_fdiv
__dllonexit
?terminate@@YAXXZ
_onexit

kernel32

LocalFree
OutputDebugStringA
GetVersionExA
GetCurrentProcess
LocalAlloc

user32

SetTimer
KillTimer
ExitWindowsEx
PostMessageA

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

ijl15

ord2
ord3
ord4

htsound

ord3
ord5
ord4

qhsock

?Create@CQHSock@@QAEKAAUtagNET_PARAM@@@Z
?GetLocalAddress@CQHSock@@QAEKXZ
??1CQHSock@@UAE@XZ
??0CQHSock@@QAE@XZ
?SendData@CQHSock@@QAEKPAXKKG@Z
?Close@CQHSock@@QAEXXZ
?GetHostName@CQHSock@@QAEHPADK@Z

iphlpapi

GetAdaptersInfo

Exports

Exports

??0CQHSock@@QAE@ABV0@@Z
??4CQHSock@@QAEAAV0@ABV0@@Z
??_7CQHSock@@6B@
?HTCLIENT_GetScreenBuffer@@YAKPAPAX0@Z
?HTCLIENT_Init@@YAKPAUtagCLIENT_INFO@@@Z
?HTCLIENT_RequestReceiveScreen@@YAKXZ
?HTCLIENT_StopReceiveScreen@@YAKXZ
?HTCLIENT_Uninit@@YAKXZ

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HTScreen/HTClient.exe
.exe windows:4 windows x86 arch:x86

6f62d73f0f79eb9b5ba7904184dfaede

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord800
ord641
ord860
ord540
ord324
ord825
ord2370
ord4234
ord6334
ord4710
ord3619
ord1641
ord3663
ord3626
ord2414
ord755
ord6172
ord5789
ord2754
ord470
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3136
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord3738
ord561
ord815
ord2621
ord1134
ord1200
ord941
ord1146
ord1168
ord6215
ord6129
ord5768
ord5981
ord6197
ord6380
ord4284
ord4220
ord2584
ord3654
ord2438
ord2379
ord6270
ord2863
ord1644
ord4694
ord3754
ord5148
ord6128
ord2086
ord6199
ord1768
ord2864
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord3346
ord5265
ord1576

msvcrt

_setmbcp
_stricmp
__CxxFrameHandler
sscanf
strrchr
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

kernel32

CreateMutexA
GetCurrentThreadId
GetSystemDirectoryA
GetPrivateProfileStringA
GetModuleHandleA
GetStartupInfoA
CopyFileA
CreateFileA
GetLastError
DeviceIoControl
GetModuleFileNameA
CloseHandle

user32

ShowCursor
GetDesktopWindow
GetCursorPos
LoadMenuA
EnableMenuItem
CheckMenuItem
ClientToScreen
GetSystemMetrics
GetForegroundWindow
GetSubMenu
EnableWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
InvalidateRect
SendMessageA
PostMessageA
LoadIconA
GetClientRect
DrawTextA

gdi32

CreateFontA
PatBlt
StretchDIBits
SetDIBitsToDevice

advapi32

RegCreateKeyA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegOpenKeyA

shell32

Shell_NotifyIconA

htcapi

?HTCLIENT_Init@@YAKPAUtagCLIENT_INFO@@@Z
?HTCLIENT_GetScreenBuffer@@YAKPAPAX0@Z
?HTCLIENT_Uninit@@YAKXZ
?HTCLIENT_StopReceiveScreen@@YAKXZ
?HTCLIENT_RequestReceiveScreen@@YAKXZ

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HTScreen/HTSAPI.dll
.dll windows:4 windows x86 arch:x86

70bc88ed169d948b6eba91b988c94f5a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord2396
ord4080
ord6375
ord4424
ord3738
ord561
ord815
ord1200
ord823
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1116
ord1255
ord6467
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord3079
ord4486
ord1578
ord600
ord826
ord269
ord4274
ord4622
ord825

msvcrt

_adjust_fdiv
??1type_info@@UAE@XZ
malloc
_initterm
__CxxFrameHandler
sprintf
_EH_prolog
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
free

kernel32

LocalFree
CreateThread
Sleep
OutputDebugStringA
WaitForSingleObject
CloseHandle
LocalAlloc

user32

KillTimer
PostMessageA
GetCursorPos
GetSystemMetrics
SetTimer

mirror

ord4
ord3
ord2
ord1

ijl15

ord2
ord5
ord3

htsound

ord2
ord1

qhsock

??0CQHSock@@QAE@XZ
??1CQHSock@@UAE@XZ
?SendData@CQHSock@@QAEKPAXKKG@Z
?SendBroadcast@CQHSock@@QAEKPAXK@Z
?Create@CQHSock@@QAEKAAUtagNET_PARAM@@@Z
?Close@CQHSock@@QAEXXZ

Exports

Exports

??0CQHSock@@QAE@ABV0@@Z
??4CQHSock@@QAEAAV0@ABV0@@Z
??_7CQHSock@@6B@
?HTSERVER_ChangeNetAddress@@YAKK@Z
?HTSERVER_ChangeNetSpeed@@YAKK@Z
?HTSERVER_Init@@YAKPAUtagSERVER_INFO@@@Z
?HTSERVER_PowerOn@@YAKPAE@Z
?HTSERVER_SendCommandToClient@@YAKPAKK@Z
?HTSERVER_SendTextMessage@@YAKPAKPBD@Z
?HTSERVER_StartScreenBroadcast@@YAKPAKPAUtagSTART_INFO@@@Z
?HTSERVER_StopAllFunction@@YAKPAK@Z
?HTSERVER_Uninit@@YAKXZ

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HTScreen/HTServer.exe
.exe windows:4 windows x86 arch:x86

dcf6b306667f9ef64660cf6c2a1705cd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord800
ord641
ord860
ord540
ord324
ord825
ord2370
ord4234
ord6334
ord4710
ord941
ord858
ord4129
ord5683
ord537
ord3619
ord3398
ord3733
ord2582
ord6055
ord1776
ord4402
ord5290
ord3370
ord4424
ord3640
ord796
ord686
ord693
ord810
ord1641
ord529
ord384
ord567
ord3626
ord3663
ord2414
ord2302
ord2379
ord6069
ord3092
ord6067
ord6000
ord2117
ord6008
ord2862
ord2096
ord1146
ord1168
ord5277
ord6215
ord1200
ord6515
ord2642
ord2818
ord3286
ord4299
ord5655
ord4220
ord2584
ord3654
ord2438
ord6270
ord2863
ord1644
ord6007
ord3998
ord6453
ord5442
ord1979
ord3318
ord665
ord5186
ord354
ord6385
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord2621
ord6197
ord6380
ord2086
ord2864
ord755
ord470
ord2289
ord6283
ord6282
ord3402
ord6743
ord6907
ord3996
ord2298
ord2301
ord4287
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord6199
ord5265
ord1576

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_setmbcp
__CxxFrameHandler
sprintf
strrchr
atoi
sscanf
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_controlfp

kernel32

GetStartupInfoA
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
WritePrivateProfileStringA
GetModuleFileNameA
OutputDebugStringA
CreateDirectoryA
GetLastError
CreateMutexA
GetPrivateProfileStringA
GetVolumeInformationA

user32

GetSystemMetrics
DrawIcon
EnableMenuItem
IsIconic
GetDesktopWindow
LoadMenuA
GetSubMenu
GetCursorPos
SetForegroundWindow
GetClientRect
PostMessageA
LoadIconA
SendMessageA
GetWindowRect
EnableWindow
BringWindowToTop

gdi32

CreateFontA

shell32

ShellExecuteA
Shell_NotifyIconA

comctl32

ImageList_ReplaceIcon

pointer

?QH_PointerStart@@YAKXZ

htsapi

?HTSERVER_ChangeNetSpeed@@YAKK@Z
?HTSERVER_ChangeNetAddress@@YAKK@Z
?HTSERVER_Init@@YAKPAUtagSERVER_INFO@@@Z
?HTSERVER_StartScreenBroadcast@@YAKPAKPAUtagSTART_INFO@@@Z
?HTSERVER_SendCommandToClient@@YAKPAKK@Z
?HTSERVER_StopAllFunction@@YAKPAK@Z
?HTSERVER_Uninit@@YAKXZ
?HTSERVER_PowerOn@@YAKPAE@Z
?HTSERVER_SendTextMessage@@YAKPAKPBD@Z

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HTScreen/HTSound.dll
.dll windows:4 windows x86 arch:x86

1706f4d03923fcb6037096d928fc9f5e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
VirtualAlloc
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind

winmm

waveOutUnprepareHeader
waveOutReset
waveOutClose
waveOutOpen
waveInOpen
waveInPrepareHeader
waveInStart
waveInUnprepareHeader
waveInReset
waveInClose
waveOutPrepareHeader
waveOutWrite
waveInAddBuffer

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HTScreen/IJL15.DLL
.dll windows:4 windows x86 arch:x86

43fd8fd13d2d05654de14de52b9d512d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeEnvironmentStringsA
CloseHandle
ReadFile
WriteFile
SetFilePointer
LoadLibraryA
GetProcAddress
FreeLibrary
OutputDebugStringA
GetCurrentThreadId
GetModuleFileNameA
lstrlenA
RtlUnwind
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
GetModuleHandleA
HeapAlloc
HeapFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
CreateFileA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
InterlockedDecrement
InterlockedIncrement
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
FlushFileBuffers

Exports

Exports

ijlErrorStr
ijlFree
ijlGetLibVersion
ijlInit
ijlRead
ijlWrite

Sections

.text
Size: 312KB - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HTScreen/Mirror.dll
.dll windows:4 windows x86 arch:x86

1862b1ab20bfd45b23e2c3e842dcdefe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
GetStringTypeW
LoadLibraryA
GetProcAddress
FreeLibrary
Sleep
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA

user32

ReleaseDC
EnumDisplaySettingsA
ChangeDisplaySettingsExA
GetDC

gdi32

ExtEscape

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyA

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HTScreen/Pointer.dll
.dll windows:4 windows x86 arch:x86

d962e1d926c3b50014b117675195299d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3402
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3610
ord3571
ord3573
ord3693
ord640
ord656
ord641
ord323
ord567
ord324
ord825
ord3663
ord3626
ord2414
ord4234
ord5875
ord5785
ord1641
ord1640
ord2859
ord6215
ord6199
ord1146
ord1168
ord4710
ord2379
ord2385
ord4299
ord3597
ord800
ord3874
ord540
ord4133
ord4297
ord5788
ord2405
ord6453
ord2753
ord755
ord470
ord808
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord4622
ord3738
ord561
ord815
ord5981
ord2086
ord2864
ord6467
ord3396
ord3731
ord4287
ord6197
ord981
ord2121
ord860
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord5241
ord4407
ord1776
ord4078
ord5787
ord6055
ord600
ord826
ord269
ord4425
ord5280
ord1775
ord6052
ord2514
ord4998
ord4853
ord4376
ord2089
ord5265
ord1116

msvcrt

_EH_prolog
??2@YAPAXI@Z
__dllonexit
_onexit
free
_initterm
malloc
_adjust_fdiv
??1type_info@@UAE@XZ
__CxxFrameHandler

kernel32

LocalFree
LoadLibraryA
GetProcAddress
FreeLibrary
LocalAlloc

user32

GetSystemMetrics
SendMessageA
LoadIconA
InvalidateRect
GetWindowRect
FillRect
EnableWindow
BringWindowToTop
GetDesktopWindow
PostMessageA
GetParent
GetDC

gdi32

BitBlt
CreateCompatibleDC
ExtFloodFill
GetPixel
Ellipse
Rectangle
CreatePen
CreateSolidBrush
CreateCompatibleBitmap

Exports

Exports

?QH_PointerStart@@YAKXZ
?QH_PointerStop@@YAKXZ

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HTScreen/QHSock.dll
.dll windows:4 windows x86 arch:x86

c99c7d81f9d2da86915acd7a12052adc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringA
CloseHandle
GetLastError
CreateThread
WaitForSingleObject
Sleep
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCommandLineA
GetVersion
HeapFree
RtlUnwind
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetStringTypeW

user32

GetMessageA
PeekMessageA
PostThreadMessageA
MessageBoxA

ws2_32

WSACloseEvent
shutdown
closesocket
htons
htonl
socket
WSAGetLastError
bind
WSACreateEvent
listen
inet_ntoa
connect
setsockopt
gethostname
gethostbyname
ntohl
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAResetEvent
recvfrom
WSAStartup
WSACleanup
sendto
send
ntohs
accept
WSAEventSelect

Exports

Exports

??0CQHSock@@QAE@ABV0@@Z
??0CQHSock@@QAE@XZ
??1CQHSock@@UAE@XZ
??4CQHSock@@QAEAAV0@ABV0@@Z
??_7CQHSock@@6B@
?Accept@CQHSock@@QAEKAAV1@@Z
?Close@CQHSock@@QAEXXZ
?Create@CQHSock@@QAEKAAUtagNET_PARAM@@@Z
?GetHostName@CQHSock@@QAEHPADK@Z
?GetLocalAddress@CQHSock@@QAEKXZ
?GetLocalAddress@CQHSock@@SAKPADK@Z
?SendBroadcast@CQHSock@@QAEKPAXK@Z
?SendData@CQHSock@@QAEKPAXKKG@Z

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HTScreen/htserver.exe.manifest
.xml
HTScreen/mykbfilt.sys
.sys windows:5 windows x86 arch:x86

028e4ef5c45aee02be1517db0cf29ee6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\Code\lockkb\bin\i386\mykbfilt.pdb

Imports

ntoskrnl.exe

IoAttachDeviceToDeviceStack
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
IoDeleteDevice
IoDetachDevice
IofCallDriver
PoCallDriver
PoStartNextPowerIrp
IoDeleteSymbolicLink

Sections

.text
Size: 128B - Virtual size: 107B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 137B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 640B - Virtual size: 541B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 384B - Virtual size: 376B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 128B - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HTScreen/readme.txt
HTScreen/下载说明.htm
.html .js polyglot
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

811c7f3e811d011dbdf720dfae9bccf1

Headers

File Characteristics

Imports

win32k.sys

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 480B - Virtual size: 468B

.data Size: 4KB - Virtual size: 4KB

INIT Size: 448B - Virtual size: 426B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 160B - Virtual size: 144B

715c39fe5bec009735221ebe60c90a5c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

videoprt.sys

Sections

.text Size: 256B - Virtual size: 164B

.rdata Size: 128B - Virtual size: 97B

INIT Size: 128B - Virtual size: 110B

.rsrc Size: 1024B - Virtual size: 952B

.reloc Size: 128B - Virtual size: 34B

17fce5da980403a0dd3ae30bd89a542a

Headers

File Characteristics

Imports

setupapi

mfc42

msvcrt

kernel32

user32

advapi32

newdev

Sections

.text Size: 8KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 648B

.rsrc Size: 4KB - Virtual size: 2KB

27c7ddc349cb9663828fead54e9cd77d

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

ijl15

htsound

qhsock

iphlpapi

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 5KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 139KB

.rsrc Size: 4KB - Virtual size: 832B

.reloc Size: 4KB - Virtual size: 1KB

6f62d73f0f79eb9b5ba7904184dfaede

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

htcapi

Sections

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 480B - Virtual size: 468B

.data
Size: 4KB - Virtual size: 4KB

INIT
Size: 448B - Virtual size: 426B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 160B - Virtual size: 144B

.text
Size: 256B - Virtual size: 164B

.rdata
Size: 128B - Virtual size: 97B

INIT
Size: 128B - Virtual size: 110B

.rsrc
Size: 1024B - Virtual size: 952B

.reloc
Size: 128B - Virtual size: 34B

.text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 648B

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 8KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 139KB

.rsrc
Size: 4KB - Virtual size: 832B

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 8KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 141KB

.rsrc
Size: 4KB - Virtual size: 832B

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 147KB

.rsrc
Size: 8KB - Virtual size: 7KB

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 312KB - Virtual size: 309KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 21KB

.data1
Size: 12KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 904B

.reloc
Size: 12KB - Virtual size: 10KB