Overview

overview

7

Static

static

3

SSTap-beta....1.exe

windows7-x64

7

SSTap-beta....1.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDIR/w7tbp.dll

windows7-x64

3

$PLUGINSDIR/w7tbp.dll

windows10-2004-x64

3

LibPrivoxy.dll

windows7-x64

3

LibPrivoxy.dll

windows10-2004-x64

3

LiveUpdate.dll

windows7-x64

3

LiveUpdate.dll

windows10-2004-x64

3

SSTap.exe

windows7-x64

7

SSTap.exe

windows10-2004-x64

7

TAP.exe

windows7-x64

3

TAP.exe

windows10-2004-x64

3

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

bin/plink.exe

windows7-x64

3

bin/plink.exe

windows10-2004-x64

3

libcurl.dll

windows7-x64

3

libcurl.dll

windows10-2004-x64

3

libiconv2.dll

windows7-x64

3

libiconv2.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    SSTap-beta-setup-1.1.0.1.exe

  • Size

    7.0MB

  • MD5

    3a22361e0a94db8c42dfedb25a890688

  • SHA1

    4c82004b53ed569ab45078cdcc55da7b50feda8c

  • SHA256

    abbbda621f4f4bd407ff018f0c25b440caceff27f9aadaf9fc6508e7a7b760ee

  • SHA512

    6049ed7c8a323be1beaf6d9b36efbecc1752f7712b821670d35fe68f5ae030da1ef5de87125758e8441c8184e69cc0b277c5096ec6dc3f48a3f1469945e24ba9

  • SSDEEP

    196608:agvsdav0bxIyOMWS9EfeTkutM44omyYi/:xYeHtut9CyYq

Score
3/10

Malware Config

Signatures

  • Unsigned PE 22 IoCs

    Checks for missing Authenticode signature.

Files

  • SSTap-beta-setup-1.1.0.1.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    1f23f452093b5c1ff091a2f9fb4fa3e9


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    Password: infected

    4b45b7e00344a87332fbd12653854d1a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/LangDLL.dll
    .dll windows:4 windows x86 arch:x86

    Password: infected

    3e8d18bb71c7ebbda2ddc2a4bb03547b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/StdUtils.dll
    .dll windows:5 windows x86 arch:x86

    Password: infected

    7035627be7a5272ca489a452cd4d9951


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    Password: infected

    fc0224e99e736751432961db63a41b76


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/killer.dll
    .dll windows:6 windows x86 arch:x86

    Password: infected

    d1e7cac091c2e57d89d4bb643ace96f4


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x86 arch:x86

    Password: infected

    d31c5eb927119d00232e4d4b0e32fcdb


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/w7tbp.dll
    .dll windows:4 windows x86 arch:x86

    Password: infected

    fdb9d529772752ac356e92b3e3221b71


    Headers

    Imports

    Exports

    Sections

  • Changelog.txt
  • LibPrivoxy.dll
    .dll windows:5 windows x86 arch:x86

    Password: infected

    d22d0791d52912dd4c038de1d99cd9e0


    Headers

    Imports

    Exports

    Sections

  • LiveUpdate.dll
    .dll windows:5 windows x86 arch:x86

    b2c4288249de8427d73476df2ecd4448


    Headers

    Imports

    Exports

    Sections

  • SSTap.exe
    .exe windows:5 windows x86 arch:x86

    1a65480eff7fd007b88f41d7f102ea57


    Headers

    Imports

    Sections

  • TAP.exe
    .exe windows:5 windows x86 arch:x86

    8678954090831925d3414ae7dfe9f0b5


    Headers

    Imports

    Sections

  • Uninstall.exe
    .exe windows:4 windows x86 arch:x86

    1f23f452093b5c1ff091a2f9fb4fa3e9


    Headers

    Imports

    Sections

  • bin/plink.exe
    .exe windows:5 windows x86 arch:x86

    21f44884dc2fc90f29b358dbc6a9cb74


    Headers

    Imports

    Sections

  • lang/sstap.po
  • lang/zh_CN.po
  • lang/zh_CN/LC_MESSAGES/scap.mo
  • lang/zh_TW.po
  • lang/zh_TW/LC_MESSAGES/scap.mo
  • libcurl.dll
    .dll windows:5 windows x86 arch:x86

    c00e99520ed4012222aebd3f26382e7a


    Headers

    Imports

    Exports

    Sections

  • libiconv2.dll
    .dll .ps1 windows:4 windows x86 arch:x86 polyglot

    e1835b7f4804244b03fffd302baaf1d8


    Headers

    Imports

    Exports

    Sections

  • libintl3.dll
    .dll windows:4 windows x86 arch:x86

    11d4cea984db7aee4eb18d2031242a3e


    Headers

    Imports

    Exports

    Sections

  • libsodiumR.dll
    .dll windows:5 windows x86 arch:x86

    dd1fdd2850ed70f36f4d9d9239752fd7


    Headers

    Imports

    Exports

    Sections

  • readme.txt
  • rules/Battle-field-1.rules
  • rules/Battle-field-3.rules
  • rules/CS-GO.rules
  • rules/Call-of-Duty-WW-II.rules
  • rules/China-IP-only.rules
  • rules/Destiny-2.rules
  • rules/GTA-V.rules
  • rules/H1Z1-Asia.rules
  • rules/Hearth-stone.rules
  • rules/Heroes-of-the-Storm.rules
  • rules/Overwatch.rules
  • rules/Playerunknown's-Battlegrounds.rules
  • rules/Skip-all-China-IP.rules
  • rules/StarCraft-II.rules
  • rules/Tom-Clancy's-Rainbow-Six-Siege.rules
  • rules/World-of-warcraft.rules
  • skins/default/bottom-border.bmp
  • skins/default/button.bmp
  • skins/default/checkbox.bmp
  • skins/default/dialog-sysbutton.bmp
  • skins/default/dialog-title.bmp
  • skins/default/left-right-border.bmp
  • skins/default/res.ini
  • tap-driver/x64/OemVista.inf
  • tap-driver/x64/OemWin2k.inf
  • tap-driver/x64/install.bat
  • tap-driver/x64/tap0901.cat
  • tap-driver/x64/tap0901.sys
    .sys windows:6 windows x64 arch:x64

    a13cebc938af36dab20cc614c6fb7e94


    Headers

    Imports

    Sections

  • tap-driver/x64/tapinstall.exe
    .exe windows:6 windows x64 arch:x64

    4dedaf984510c806d325f29e45ab7ae3


    Headers

    Imports

    Sections

  • tap-driver/x86/OemWin2k.inf
  • tap-driver/x86/install.bat
  • tap-driver/x86/tap0901.cat
  • tap-driver/x86/tap0901.sys
    .sys windows:6 windows x86 arch:x86

    7bc0e747b3ccfdebdacc897735028b04


    Code Sign

    Headers

    Imports

    Sections

  • tap-driver/x86/tapinstall.exe
    .exe windows:5 windows x86 arch:x86

    85b7d4dcb4b574dd1bbe4544947006ed


    Headers

    Imports

    Sections

  • unbound/forward-zone/template.china-list.conf
  • unbound/template-service.conf
  • unbound/unbound.exe
    .exe windows:4 windows x64 arch:x64

    3e9d878cd04a3bdc401c1f095362c644


    Headers

    Imports

    Sections