Overview

overview

7

Static

static

3

QQLive3.5.exe

windows7-x64

7

QQLive3.5.exe

windows10-2004-x64

7

$PLUGINSDI...ne.dll

windows7-x64

3

$PLUGINSDI...ne.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

ADManage.dll

windows7-x64

3

ADManage.dll

windows10-2004-x64

3

BalloonTip.dll

windows7-x64

3

BalloonTip.dll

windows10-2004-x64

3

COMToolKit.dll

windows7-x64

3

COMToolKit.dll

windows10-2004-x64

3

CacheFile/...ds.htm

windows7-x64

3

CacheFile/...ds.htm

windows10-2004-x64

3

CacheFile/ShowPay.htm

windows7-x64

3

CacheFile/ShowPay.htm

windows10-2004-x64

3

CacheFile/...ex.htm

windows7-x64

3

CacheFile/...ex.htm

windows10-2004-x64

ExceptCatch.dll

windows7-x64

3

ExceptCatch.dll

windows10-2004-x64

3

GdiPlus.dll

windows7-x64

3

GdiPlus.dll

windows10-2004-x64

3

LiveAPI.dll

windows7-x64

3

LiveAPI.dll

windows10-2004-x64

3

LiveStream.dll

windows7-x64

3

LiveStream.dll

windows10-2004-x64

3

MagicFlash.exe

windows7-x64

3

MagicFlash.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c11525ae7776cbc8be18d014e5d54107_JaffaCakes118

  • Size

    4.4MB

  • MD5

    c11525ae7776cbc8be18d014e5d54107

  • SHA1

    a0b399135a4df1acf0dd8605124676621d26b5ba

  • SHA256

    1e88af7a351ca27eaa87253d1537b8a4d2ead0e03f9d33f2f4edcf00c00e0cb6

  • SHA512

    638ea8d7ab09072494042bc0a40fbd2ad38959784734718700d2f4c438677a7986f86227fabe8480f3f63f3347b184f6f822757cff92d4b8551dc416ebc861a7

  • SSDEEP

    98304:77LNwGjHgEGBuaZEqERxdVpr7H4TR7EHO+tn9gRY5eQSSz:uag9VERHVlbaWv9V

Score
3/10

Malware Config

Signatures

  • Unsigned PE 44 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 3 IoCs
    installer

Files

  • c11525ae7776cbc8be18d014e5d54107_JaffaCakes118
    .rar
  • QQLive3.5.exe
    .exe windows:4 windows x86 arch:x86

    c6ec2286dd1d610e91f6cf961129a7e3


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/CmdLine.dll
    .dll windows:4 windows x86 arch:x86

    8d610adb5aa8fa0c852540818b19e77e


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    9d433976e02d79532f0d635ee81d0b20


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/KillProcDLL.dll
    .dll windows:4 windows x86 arch:x86

    97c84efb92e9e74c911abc996572ac5e


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/procdll.dll
    .dll windows:4 windows x86 arch:x86

    b081680a6bacb63fdf5fe18c7672c75a


    Headers

    Imports

    Exports

    Sections

  • ADManage.dll
    .dll windows:4 windows x86 arch:x86

    33734e19fbf5db772bca817ce999f5ca


    Headers

    Imports

    Exports

    Sections

  • BalloonTip.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    e0defd03e4267167a7cfe1ccd2e0942e


    Headers

    Imports

    Exports

    Sections

  • COMToolKit.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    6985333188035b9eefda31f1cc3b4191


    Headers

    Imports

    Exports

    Sections

  • CacheFile/AD/fail.xml
    .xml
  • CacheFile/AD/origin.swf
  • CacheFile/LogeAd.htm
    .html .js polyglot
  • CacheFile/ScrWords.htm
    .html
  • CacheFile/ShowPay.htm
    .html
  • CacheFile/ShowPayBg.bmp
  • CacheFile/index_loge_normal/images/web_qqlivepic.jpg
    .jpg
  • CacheFile/index_loge_normal/index.htm
    .html
  • CacheFile/loading.gif
    .gif
  • CacheFile/player_smleft.bmp
  • CacheFile/player_smmid.bmp
  • CacheFile/player_smright.bmp
  • Config.xml
    .xml
  • Emoticons/emote.xml
    .xml
  • Emoticons/gif/0.gif
    .gif
  • Emoticons/gif/1.gif
    .gif
  • Emoticons/gif/10.gif
    .gif
  • Emoticons/gif/11.gif
    .gif
  • Emoticons/gif/12.gif
    .gif
  • Emoticons/gif/13.gif
    .gif
  • Emoticons/gif/14.gif
    .gif
  • Emoticons/gif/15.gif
    .gif
  • Emoticons/gif/16.gif
    .gif
  • Emoticons/gif/17.gif
    .gif
  • Emoticons/gif/18.gif
    .gif
  • Emoticons/gif/19.gif
    .gif
  • Emoticons/gif/2.gif
    .gif
  • Emoticons/gif/20.gif
    .gif
  • Emoticons/gif/21.gif
    .gif
  • Emoticons/gif/22.gif
    .gif
  • Emoticons/gif/23.gif
    .gif
  • Emoticons/gif/24.gif
    .gif
  • Emoticons/gif/25.gif
    .gif
  • Emoticons/gif/26.gif
    .gif
  • Emoticons/gif/27.gif
    .gif
  • Emoticons/gif/28.gif
    .gif
  • Emoticons/gif/29.gif
    .gif
  • Emoticons/gif/3.gif
    .gif
  • Emoticons/gif/30.gif
    .gif
  • Emoticons/gif/31.gif
    .gif
  • Emoticons/gif/32.gif
    .gif
  • Emoticons/gif/33.gif
    .gif
  • Emoticons/gif/34.gif
    .gif
  • Emoticons/gif/35.gif
    .gif
  • Emoticons/gif/36.gif
    .gif
  • Emoticons/gif/37.gif
    .gif
  • Emoticons/gif/38.gif
    .gif
  • Emoticons/gif/39.gif
    .gif
  • Emoticons/gif/4.gif
    .gif
  • Emoticons/gif/40.gif
    .gif
  • Emoticons/gif/41.gif
    .gif
  • Emoticons/gif/42.gif
    .gif
  • Emoticons/gif/43.gif
    .gif
  • Emoticons/gif/44.gif
    .gif
  • Emoticons/gif/45.gif
    .gif
  • Emoticons/gif/46.gif
    .gif
  • Emoticons/gif/47.gif
    .gif
  • Emoticons/gif/48.gif
    .gif
  • Emoticons/gif/49.gif
    .gif
  • Emoticons/gif/5.gif
    .gif
  • Emoticons/gif/50.gif
    .gif
  • Emoticons/gif/51.gif
    .gif
  • Emoticons/gif/52.gif
    .gif
  • Emoticons/gif/53.gif
    .gif
  • Emoticons/gif/54.gif
    .gif
  • Emoticons/gif/55.gif
    .gif
  • Emoticons/gif/56.gif
    .gif
  • Emoticons/gif/57.gif
    .gif
  • Emoticons/gif/58.gif
    .gif
  • Emoticons/gif/59.gif
    .gif
  • Emoticons/gif/6.gif
    .gif
  • Emoticons/gif/60.gif
    .gif
  • Emoticons/gif/61.gif
    .gif
  • Emoticons/gif/62.gif
    .gif
  • Emoticons/gif/63.gif
    .gif
  • Emoticons/gif/64.gif
    .gif
  • Emoticons/gif/65.gif
    .gif
  • Emoticons/gif/66.gif
    .gif
  • Emoticons/gif/67.gif
    .gif
  • Emoticons/gif/68.gif
    .gif
  • Emoticons/gif/69.gif
    .gif
  • Emoticons/gif/7.gif
    .gif
  • Emoticons/gif/70.gif
    .gif
  • Emoticons/gif/71.gif
    .gif
  • Emoticons/gif/72.gif
    .gif
  • Emoticons/gif/73.gif
    .gif
  • Emoticons/gif/74.gif
    .gif
  • Emoticons/gif/75.gif
    .gif
  • Emoticons/gif/76.gif
    .gif
  • Emoticons/gif/77.gif
    .gif
  • Emoticons/gif/78.gif
    .gif
  • Emoticons/gif/79.gif
    .gif
  • Emoticons/gif/8.gif
    .gif
  • Emoticons/gif/80.gif
    .gif
  • Emoticons/gif/81.gif
    .gif
  • Emoticons/gif/82.gif
    .gif
  • Emoticons/gif/83.gif
    .gif
  • Emoticons/gif/84.gif
    .gif
  • Emoticons/gif/85.gif
    .gif
  • Emoticons/gif/86.gif
    .gif
  • Emoticons/gif/87.gif
    .gif
  • Emoticons/gif/88.gif
    .gif
  • Emoticons/gif/89.gif
    .gif
  • Emoticons/gif/9.gif
    .gif
  • Emoticons/gif/90.gif
    .gif
  • Emoticons/gif/91.gif
    .gif
  • Emoticons/gif/92.gif
    .gif
  • Emoticons/gif/93.gif
    .gif
  • Emoticons/gif/94.gif
    .gif
  • Emoticons/gif/95.gif
    .gif
  • Emoticons/gif/vssver2.scc
  • ExceptCatch.dll
    .dll windows:4 windows x86 arch:x86

    be7c85b01a7f02b69af6639cefc29326


    Headers

    Imports

    Exports

    Sections

  • GdiPlus.dll
    .dll windows:5 windows x86 arch:x86

    2a1ab6b72adad6b03d0746b0a5fa55d6


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • LiveAPI.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    5f84065564417d631425d9a41f9ae6d6


    Headers

    Imports

    Exports

    Sections

  • LiveStream.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    868231155733b4029ffc42a105b3dce1


    Headers

    Imports

    Exports

    Sections

  • MagicFlash.exe
    .exe windows:4 windows x86 arch:x86

    8d4bd6d63bcda9fa1ac550dc3b225236


    Headers

    Imports

    Sections

  • MiniQQLive.exe
    .exe windows:4 windows x86 arch:x86

    142f644c538f82686146c2f295588034


    Headers

    Imports

    Sections

  • P2PDownload.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    dc000189564e7150735b44366ee97b7a


    Headers

    Imports

    Exports

    Sections

  • Picture.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    e45ec9d08f84fb24f2f1e4acdf3ffef3


    Headers

    Imports

    Exports

    Sections

  • Proxy.dll
    .dll windows:4 windows x86 arch:x86

    9147eb3dd539cff63d05273258db1b9b


    Headers

    Imports

    Exports

    Sections

  • QQLive.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    362c6ef535f7393374f7ee567c3159da


    Headers

    Imports

    Exports

    Sections

  • QQLive.exe
    .exe windows:4 windows x86 arch:x86

    6461a5a6c2bbfed9efee04191dc123d8


    Headers

    Imports

    Sections

  • QQLive.ini
  • QQLive.ocx
    .dll regsvr32 windows:4 windows x86 arch:x86

    f886fa555ca66107be70be96afc26abb


    Headers

    Imports

    Exports

    Sections

  • QQLiveInstaller.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    c1da6ce35b2f0fbe17b3cb0455edcb31


    Headers

    Imports

    Exports

    Sections

  • QQLiveOneClick.exe
    .exe windows:4 windows x86 arch:x86

    ef655d3ec7c9ddd16f25e3ec3b315530


    Headers

    Imports

    Sections

  • QQLivePlayer.exe
    .exe windows:4 windows x86 arch:x86

    97c3dfaae95017840cbc2859b758264e


    Headers

    Imports

    Sections

  • QQLiveSrcDec.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    2eb4f7046a577b1ce2ecff21f5ea5685


    Headers

    Imports

    Exports

    Sections

  • QQLiveUp.exe
    .exe windows:4 windows x86 arch:x86

    9a267616eeb98f0c116191292aa60e96


    Headers

    Imports

    Sections

  • SetupShell.dll
    .dll windows:4 windows x86 arch:x86

    2fcafa70638e6f86c65cdcf9ffd2bf00


    Headers

    Imports

    Exports

    Sections

  • Skin/AllInOne.bmp
  • Skin/Hand.cur
  • Skin/playing.gif
    .gif
  • Skin/radio.gif
    .gif
  • Skin/skin.ini
  • Skin/skin.xml
    .xml
  • Skin/xsplitter.cur
  • Skin/ysplitter.cur
  • SoundCtrl.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    c6731ffe55ee72834391e1148386bc4d


    Headers

    Imports

    Exports

    Sections

  • TNProxy.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    0b79f592dbeca4d941e3a690c32d27cf


    Headers

    Imports

    Exports

    Sections

  • TVLoge.exe
    .exe windows:4 windows x86 arch:x86

    aff6560722027cbab31caa02bf955dc1


    Headers

    Imports

    Sections

  • User.ini
  • VCodec.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    7bb281f2034c5cb2d33ce586943ce4e6


    Headers

    Imports

    Exports

    Sections

  • VideoAdjust.dll
    .dll windows:4 windows x86 arch:x86

    84c1b427ab0ddc69d588f4a31fc8827a


    Headers

    Imports

    Exports

    Sections

  • VideoDsp.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    0bf63c267984efe24b803e198e32c0eb


    Headers

    Imports

    Exports

    Sections

  • bmp/1.bmp
  • bmp/ArrowDown.gif
  • bmp/ArrowLeft.gif
  • bmp/ArrowRight.gif
  • bmp/ArrowUp.gif
  • bmp/BlackFriendFace.bmp
  • bmp/LogeMaster.bmp
  • bmp/MagicLoading.gif
    .gif
  • bmp/NotFound.gif
    .gif
  • bmp/VideoAdjust/video_slider_head.bmp
  • bmp/VideoAdjust/video_slider_middle.bmp
  • bmp/VideoAdjust/video_slider_saturation_channel.bmp
  • bmp/VideoAdjust/video_slider_tag.bmp
  • bmp/VideoAdjust/video_slider_thumb.bmp
  • bmp/VideoAdjust/video_slider_thumb_disable.bmp
  • bmp/default.bmp
  • bmp/default2.bmp
  • bmp/empty.bmp
  • bmp/hot.bmp
  • bmp/hot.gif
    .gif
  • bmp/image_service_flag_1.bmp
  • bmp/infomation.bmp
  • bmp/main.bmp
  • bmp/man.bmp
  • bmp/moon.bmp
  • bmp/moon1.bmp
  • bmp/moon2.bmp
  • bmp/moon3.bmp
  • bmp/player_badge_card_badgeicon.bmp
  • bmp/player_ctrl_sound_slide_disable.bmp
  • bmp/player_ctrl_sound_slide_down.bmp
  • bmp/player_ctrl_sound_slide_hover.bmp
  • bmp/player_ctrl_sound_slide_normal.bmp
  • bmp/player_slider_bg.bmp
  • bmp/qqlive.bmp
  • bmp/radio.bmp
  • bmp/room.bmp
  • bmp/sendingBmp.gif
    .gif
  • bmp/slider_channel_high.bmp
  • bmp/slider_channel_left.bmp
  • bmp/slider_channel_low.bmp
  • bmp/slider_channel_right.bmp
  • bmp/star.bmp
  • bmp/star1.bmp
  • bmp/star2.bmp
  • bmp/star3.bmp
  • bmp/sun.bmp
  • bmp/sun1.bmp
  • bmp/sun2.bmp
  • bmp/sun3.bmp
  • bmp/system.bmp
  • bmp/tvs.bmp
  • bmp/woman.bmp
  • bmp/woman_man.bmp
  • mfc42.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    1557eebc6134cee9eb9d0583a2b40341


    Headers

    Imports

    Exports

    Sections

  • miniqqlivesetup.exe
    .exe windows:4 windows x86 arch:x86

    c6ec2286dd1d610e91f6cf961129a7e3


    Headers

    Imports

    Sections

  • $PLUGINSDIR/CmdLine.dll
    .dll windows:4 windows x86 arch:x86

    8d610adb5aa8fa0c852540818b19e77e


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    9d433976e02d79532f0d635ee81d0b20


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/KillProcDLL.dll
    .dll windows:4 windows x86 arch:x86

    97c84efb92e9e74c911abc996572ac5e


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • MiniQQLive.exe
    .exe windows:4 windows x86 arch:x86

    142f644c538f82686146c2f295588034


    Headers

    Imports

    Sections

  • MiniQQLiveUninstall.exe
    .exe windows:4 windows x86 arch:x86

    c6ec2286dd1d610e91f6cf961129a7e3


    Headers

    Imports

    Sections

  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/procdll.dll
    .dll windows:4 windows x86 arch:x86

    b081680a6bacb63fdf5fe18c7672c75a


    Headers

    Imports

    Exports

    Sections

  • miniSkin/AllInOne.bmp
  • miniSkin/Hand.cur
  • miniSkin/miniclient.ico
  • miniSkin/skin.ini
  • miniSkin/skin.xml
    .xml
  • msvcp60.dll
    .dll windows:4 windows x86 arch:x86

    1b1839992700df52b049b87961a724e3


    Headers

    Imports

    Exports

    Sections

  • msvcr71.dll
    .dll windows:4 windows x86 arch:x86

    7acc8c379c768a1ecd81ec502ff5f33e


    Headers

    Imports

    Exports

    Sections

  • msvcrt.dll
    .dll windows:4 windows x86 arch:x86

    799e28bcbf4e94ca50e4b0a2c283ab7d


    Headers

    Imports

    Exports

    Sections

  • multiLogin.dll
    .dll windows:4 windows x86 arch:x86

    89a362f12e2a437f06df39f716f2e703


    Headers

    Imports

    Exports

    Sections

  • qqface/1.bmp
  • qqface/QQFace20.dat
  • riched20.dll
    .dll windows:5 windows x86 arch:x86

    b273fadc4482676e5c978e88480e0b9e


    Headers

    Imports

    Exports

    Sections

  • uninstall.exe.nsis
  • vqqsdl.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    08bd2e4a0f0db180d31c3ff0bd25eeea


    Headers

    Imports

    Exports

    Sections

  • whatsnew.txt
  • 下载说明.htm
    .html .js polyglot