Overview

overview

7

Static

static

7

QQ农牧�...te.exe

windows7-x64

7

QQ农牧�...te.exe

windows10-2004-x64

7

QQ农牧�...tf.exe

windows7-x64

7

QQ农牧�...tf.exe

windows10-2004-x64

7

QQ农牧�...��.exe

windows7-x64

7

QQ农牧�...��.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...rl.dll

windows7-x64

3

$PLUGINSDI...rl.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a6bc8bb6102d451567aaf76a2f9318d1_JaffaCakes118

  • Size

    569KB

  • MD5

    a6bc8bb6102d451567aaf76a2f9318d1

  • SHA1

    03976cd65a2316f5889a23506f6724ea66447bc4

  • SHA256

    73f2c60a0d5d97743082e44b1f709aeeeb79f90844be8b514025ebb64e375d57

  • SHA512

    c9cecde7b8ffbba818350d88a26da4c3bc1a0217b813220378a15550cda3d1c320dcc69a3c6425248f79eb5f76fe7ba87df043c470cea776780a82c548c47b4e

  • SSDEEP

    12288:/6agy2LRnbi4d80l+j6bPqx3Yao8KFDf8lQFzpfhrTsPOfF2vi34J:yagyAi4d8M2YPFL8UzpZTz65

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 10 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 1 IoCs
    installer

Files

  • a6bc8bb6102d451567aaf76a2f9318d1_JaffaCakes118
    .rar
  • QQ农牧偷匪(原QQ农牧盗匪) V2.88 去广告 By Loading/Config/AutoUpdate.exe
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • QQ农牧偷匪(原QQ农牧盗匪) V2.88 去广告 By Loading/Config/main.xml
  • QQ农牧偷匪(原QQ农牧盗匪) V2.88 去广告 By Loading/qqnmtf.exe
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • QQ农牧偷匪(原QQ农牧盗匪) V2.88 去广告 By Loading/运行去除弹窗.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • $PLUGINSDIR/ButtonLinker.dll
    .dll windows:4 windows x86 arch:x86

    8466b6530f29387ac28e94fe1e74b98f


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/waterctrl.dll
    .dll windows:4 windows x86 arch:x86

    cd2ffec7e2da8a6dd4a84791a95597a7


    Headers

    Imports

    Exports

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections