Overview

overview

7

Static

static

7

chdwg1.5b/...on.dll

windows7-x64

7

chdwg1.5b/...on.dll

windows10-2004-x64

7

chdwg1.5b/...ch.dll

windows7-x64

3

chdwg1.5b/...ch.dll

windows10-2004-x64

3

chdwg1.5b/WinIo.dll

windows7-x64

3

chdwg1.5b/WinIo.dll

windows10-2004-x64

3

chdwg1.5b/WinIo.dll

windows7-x64

3

chdwg1.5b/WinIo.dll

windows10-2004-x64

3

chdwg1.5b/cfgdll.dll

windows7-x64

3

chdwg1.5b/cfgdll.dll

windows10-2004-x64

3

chdwg1.5b/helper.dll

windows7-x64

3

chdwg1.5b/helper.dll

windows10-2004-x64

3

chdwg1.5b/hiammcl.dll

windows7-x64

3

chdwg1.5b/hiammcl.dll

windows10-2004-x64

3

chdwg1.5b/hknm.sys

windows7-x64

1

chdwg1.5b/hknm.sys

windows10-2004-x64

1

chdwg1.5b/mymacro.htm

windows7-x64

3

chdwg1.5b/mymacro.htm

windows10-2004-x64

3

chdwg1.5b/...le.dll

windows7-x64

3

chdwg1.5b/...le.dll

windows10-2004-x64

3

File/QMPlugin.html

windows7-x64

3

File/QMPlugin.html

windows10-2004-x64

3

chdwg1.5b/...fo.dll

windows7-x64

3

chdwg1.5b/...fo.dll

windows10-2004-x64

3

chdwg1.5b/...in.dll

windows7-x64

3

chdwg1.5b/...in.dll

windows10-2004-x64

3

QMPlugin.html

windows7-x64

3

QMPlugin.html

windows10-2004-x64

3

chdwg1.5b/...ow.dll

windows7-x64

3

chdwg1.5b/...ow.dll

windows10-2004-x64

3

chdwg1.5b/stdlib.vbs

windows7-x64

1

chdwg1.5b/stdlib.vbs

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    e1054991cc315dceb39fe985ffff4c34_JaffaCakes118

  • Size

    294KB

  • MD5

    e1054991cc315dceb39fe985ffff4c34

  • SHA1

    808353988ad25fd78ca70f1330b2a1b43b4773fd

  • SHA256

    3b0282d9c274c5cea69c4eb1c2d7a45b24719995fee31075aa1621719313f4b3

  • SHA512

    7c2b5a0225e84e2f76627f8452d42dcc3d0f50eec00cb97deec042e19bdd7cefe9040e3c0a35330d6617d95cc2b9fc65cd9997f4da095939377365edb5378714

  • SSDEEP

    6144:Mw3TYORfYnzmsUyhE9Xxf3QyaVdp6hdH3xPXg1z67sqPwpq/7Eep:FTYMwKyif3QdVn63hY1zsT4k

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 8 IoCs

    Detects file using ACProtect software.

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 13 IoCs

    Checks for missing Authenticode signature.

Files

  • e1054991cc315dceb39fe985ffff4c34_JaffaCakes118
    .rar
  • chdwg1.5b/1.5b更新注意!.txt
  • chdwg1.5b/BException.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • chdwg1.5b/QMDispatch.dll
    .dll regsvr32 windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • chdwg1.5b/WINIO.VXD
  • chdwg1.5b/WinIo.dll
    .dll windows:4 windows x86 arch:x86

    158dcab1fb37b4f6f25a277f8037fe32


    Headers

    Imports

    Exports

    Sections

  • chdwg1.5b/WinIo.sys
    .dll windows:4 windows x86 arch:x86

    e40ab4e3711680c284ac081de048b353


    Headers

    Imports

    Sections

  • chdwg1.5b/cfgdll.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • chdwg1.5b/helper.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • chdwg1.5b/hiammcl.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • chdwg1.5b/hknm.sys
    .sys windows:4 windows x86 arch:x86

    c2231da77998b13b38444f61c0719e31


    Headers

    Imports

    Sections

  • chdwg1.5b/mymacro.gif
    .gif
  • chdwg1.5b/mymacro.htm
    .html
  • chdwg1.5b/plugin/File.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • chdwg1.5b/plugin/File插件源代码(VC 6.0).rar
    .rar
  • File/BasFunc.cpp
  • File/CmdInfo.h
  • File/ExtFunc.cpp
  • File/QMPlugin.cpp
  • File/QMPlugin.dsp
  • File/QMPlugin.dsw
  • File/QMPlugin.h
  • File/QMPlugin.plg
    .html
  • File/QMPlugin.sln
  • File/QMPlugin.suo
  • File/QMPlugin.vcproj
    .xml
  • File/ReadMe.txt
  • File/StdAfx.cpp
  • File/StdAfx.h
  • chdwg1.5b/plugin/GetSysInfo.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • chdwg1.5b/plugin/QMPlugin.dll
    .dll windows:4 windows x86 arch:x86

    19d31a9076081b95a452d02ef725ad2d


    Headers

    Imports

    Exports

    Sections

  • chdwg1.5b/plugin/QMPlugin插件制作模版(VC 6.0).rar
    .rar
  • BasFunc.cpp
  • CmdInfo.h
  • ExtFunc.cpp
  • QMPlugin.cpp
  • QMPlugin.dsp
  • QMPlugin.dsw
  • QMPlugin.h
  • QMPlugin.plg
    .html
  • StdAfx.cpp
  • StdAfx.h
  • chdwg1.5b/plugin/Window.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • chdwg1.5b/rename.ini
  • chdwg1.5b/stdlib.vbs
    .vbs
  • chdwg1.5b/使用说明.htm
    .html
  • chdwg1.5b/使用说明.txt
  • chdwg1.5b/更多外挂,游戏下载.txt
  • chdwg1.5b/灭灭使用详细方法(必看)/按键设置详解.bmp
    .jpg
  • chdwg1.5b/灭灭使用详细方法(必看)/挖矿功能详解.bmp
    .jpg
  • chdwg1.5b/灭灭使用详细方法(必看)/挖矿喊话详解.bmp
    .jpg
  • chdwg1.5b/灭灭使用详细方法(必看)/神盾功能详解.bmp
  • chdwg1.5b/灭灭使用详细方法(必看)/设置好后的操作详解.bmp
    .jpg