Overview

overview

7

Static

static

3

tt3.4setup.exe

windows7-x64

7

tt3.4setup.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

AccProxy.dll

windows7-x64

3

AccProxy.dll

windows10-2004-x64

3

AccProxy.exe

windows7-x64

7

AccProxy.exe

windows10-2004-x64

7

AccTNProxy.dll

windows7-x64

3

AccTNProxy.dll

windows10-2004-x64

3

MaxthonHelper01.dll

windows7-x64

3

MaxthonHelper01.dll

windows10-2004-x64

3

MaxthonHelper02.dll

windows7-x64

3

MaxthonHelper02.dll

windows10-2004-x64

3

Plugins/QQ...T2.dll

windows7-x64

3

Plugins/QQ...T2.dll

windows10-2004-x64

3

Plugins/QQ...ic.dll

windows7-x64

3

Plugins/QQ...ic.dll

windows10-2004-x64

3

Plugins/Sn...ll.dll

windows7-x64

3

Plugins/Sn...ll.dll

windows10-2004-x64

3

Plugins/Sn...ot.exe

windows7-x64

3

Plugins/Sn...ot.exe

windows10-2004-x64

3

Plugins/TR...in.dll

windows7-x64

3

Plugins/TR...in.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    f682a14e8d84f98056e520df7d8c0055_JaffaCakes118

  • Size

    3.7MB

  • MD5

    f682a14e8d84f98056e520df7d8c0055

  • SHA1

    04c942283092641f8121c0087b0b86ecd3a455b4

  • SHA256

    b52b669d0fc4506ff97747a07471ea7fe1aaec2d4b76e96ef6f3ff645e85d4d9

  • SHA512

    015fbef05d927264e814543fd123cbba6394a67285fce9cc7aa156d4ea5a645c7f90281fda35fc9b33b6a24f5f2c273374ddcaaa31ddfffb75dae2d9efd1aaf1

  • SSDEEP

    98304:kOBOPwEsmaUSncDJYjfT9dFueZSxTFI2qzmM9FaSRWI7W:kppp3WvJueOq25ac

Score
3/10

Malware Config

Signatures

  • Unsigned PE 31 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • f682a14e8d84f98056e520df7d8c0055_JaffaCakes118
    .rar
  • tt3.4setup.exe
    .exe windows:4 windows x86 arch:x86

    773e933db287d0293e61a62d958e00ab


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b3d296ff6f7abb1319ee006fcc6c4d98


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ProcDll.dll
    .dll windows:4 windows x86 arch:x86

    a9d69f6048c59249da56d7ec87edebfb


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/QQDownHelper.dll
    .dll windows:4 windows x86 arch:x86

    bbf096edd814884c99e35a46a1cb4e29


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    4ec328f99bdd944fc98d8a5cf11f7a62


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/WAHelper.dll
    .dll windows:4 windows x86 arch:x86

    ff6bbc9d98c5bf172b9a2959c43f0b29


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/iotemp.ini
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • $_12_/Setting/UserConfig.ini
  • $_12_/Setting/host.dat
  • $_7_/plugin/QQDownload/plugin.ini
  • AccProxy.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    05e9cd803e55abf2117268e12107c8a9


    Headers

    Imports

    Exports

    Sections

  • AccProxy.exe
    .exe windows:4 windows x86 arch:x86

    a4ea4c63334a9fc2a7dd572c04e038ac


    Headers

    Imports

    Sections

  • AccTNProxy.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    0b79f592dbeca4d941e3a690c32d27cf


    Headers

    Imports

    Exports

    Sections

  • AnalyseSite.ini
  • CustomSearch/浼ʾ.txt
  • MaxthonHelper01.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    217322ab6d398d61179cb6aac17f4d1e


    Headers

    Imports

    Exports

    Sections

  • MaxthonHelper02.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    217322ab6d398d61179cb6aac17f4d1e


    Headers

    Imports

    Exports

    Sections

  • Plugins/QQFloatBar/QQFloatBar4TT2.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    adcb7556e16991ba362ba8bfd31f62fa


    Headers

    Imports

    Exports

    Sections

  • Plugins/QQFloatBar/TTPlugin.ini
  • Plugins/QQMusic/QQMusic.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    4aa416ebe00a6a09d469b87237b48194


    Headers

    Imports

    Exports

    Sections

  • Plugins/QQMusic/TTPlugin.ini
  • Plugins/SnapShot/CameraDll.dll
    .dll windows:4 windows x86 arch:x86

    bd99b0fa0d5bfc22b9371c7f52daa514


    Headers

    Imports

    Exports

    Sections

  • Plugins/SnapShot/SnapShot.exe
    .exe windows:4 windows x86 arch:x86

    a6991d1def37d075da96a0cb9d0fd771


    Headers

    Imports

    Sections

  • Plugins/SnapShot/TTPlugin.ini
  • Plugins/TRadio/TRadioPlugin.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    acee03c7b7433dc78da457f29895a625


    Headers

    Imports

    Exports

    Sections

  • Plugins/TRadio/TTPlugin.ini
  • Plugins/TWeather/Config.ini
  • Plugins/TWeather/TTPlugin.ini
  • Plugins/TWeather/TWeather.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    df9a3f20ee47fb5bbf901cd70ff03837


    Headers

    Imports

    Exports

    Sections

  • QDAutoUpdate.exe
    .exe windows:4 windows x86 arch:x86

    7b1ed94b5a9e4149d48eeb8f35ab64d9


    Headers

    Imports

    Sections

  • QQDownload.exe
    .exe windows:4 windows x86 arch:x86

    d568c721614a1ccc6b1ea1c0653167d0


    Headers

    Imports

    Sections

  • QQIEHelper01.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    0ae1f0d04d8fd9c039783cb5dd0a83bc


    Headers

    Imports

    Exports

    Sections

  • QQIEHelper02.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    0ae1f0d04d8fd9c039783cb5dd0a83bc


    Headers

    Imports

    Exports

    Sections

  • QQREGISTER.EXE
    .exe windows:4 windows x86 arch:x86

    738700c0335e7dd235f99c06548c0258


    Headers

    Imports

    Sections

  • QQZip.dll
    .dll windows:4 windows x86 arch:x86

    dccd6f2422f3a17169bc24fcc7f2b4c5


    Headers

    Imports

    Exports

    Sections

  • Skins/default/XPBUTTON_FOCUSED.bmp
  • Skins/default/XPBUTTON_FOCUSED1.bmp
  • Skins/default/XPBUTTON_HOT.bmp
  • Skins/default/XPBUTTON_HOT1.bmp
  • Skins/default/XPBUTTON_NORMAL.bmp
  • Skins/default/XPBUTTON_NORMAL1.bmp
  • Skins/default/XPBUTTON_PRESSED.bmp
  • Skins/default/XPBUTTON_PRESSED1.bmp
  • Skins/default/downinfo_button_down.bmp
  • Skins/default/downinfo_button_hover.bmp
  • Skins/default/downinfo_button_normal.bmp
  • Skins/default/downinfo_status.bmp
  • Skins/default/fresh.bmp
  • Skins/default/resouce_mgr_tree_imagelist.bmp
  • Skins/default/tasklist_head_bg.bmp
  • Skins/default/tasklist_task_status.bmp
  • Skins/default/tb_button_down.bmp
  • Skins/default/tb_button_hover.bmp
  • Skins/default/tb_disable.bmp
  • Skins/default/tb_hot.bmp
  • Skins/default/tb_normal.bmp
  • Skins/default/toolbar_back.bmp
  • Skins/default/toolbar_down.bmp
  • TNProxy.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    09da42213d3d9b8af736040adb3959f6


    Headers

    Imports

    Exports

    Sections

  • TTCrashReport.exe
    .exe windows:4 windows x86 arch:x86

    e768e5bfcaa925d8b269a47b286bcdf1


    Headers

    Imports

    Sections

  • TTLiveUpdate.exe
    .exe windows:4 windows x86 arch:x86

    2c301c67ebbb4805c8a391d7f3b26cf7


    Headers

    Imports

    Sections

  • TTNetFavor.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    e8e5d789674e103711722ba0cb1615e6


    Headers

    Imports

    Exports

    Sections

  • TTraveler.exe
    .exe windows:4 windows x86 arch:x86

    4cb0ded7bc2dd6c5f7e42350961a435e


    Headers

    Imports

    Exports

    Sections

  • WhatsNew.txt
  • block.swf
  • getAllurl.htm
    .html .vbs polyglot
  • geturl.htm
    .html .vbs polyglot
  • qqdownload.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    38bcf53b547843c81d19367bc0692ba4


    Headers

    Imports

    Exports

    Sections

  • qqface/1.bmp
  • qqface/10.bmp
  • qqface/100.bmp
  • qqface/101.bmp
  • qqface/102.bmp
  • qqface/103.bmp
  • qqface/104.bmp
  • qqface/105.bmp
  • qqface/106.bmp
  • qqface/107.bmp
  • qqface/108.bmp
  • qqface/109.bmp
  • qqface/11.bmp
  • qqface/110.bmp
  • qqface/111.bmp
  • qqface/112.bmp
  • qqface/113.bmp
  • qqface/114.bmp
  • qqface/115.bmp
  • qqface/116.bmp
  • qqface/117.bmp
  • qqface/12.bmp
  • qqface/13.bmp
  • qqface/14.bmp
  • qqface/15.bmp
  • qqface/16.bmp
  • qqface/17.bmp
  • qqface/18.bmp
  • qqface/19.bmp
  • qqface/2.bmp
  • qqface/20.bmp
  • qqface/21.bmp
  • qqface/22.bmp
  • qqface/23.bmp
  • qqface/24.bmp
  • qqface/25.bmp
  • qqface/26.bmp
  • qqface/27.bmp
  • qqface/28.bmp
  • qqface/29.bmp
  • qqface/3.bmp
  • qqface/30.bmp
  • qqface/31.bmp
  • qqface/32.bmp
  • qqface/33.bmp
  • qqface/34.bmp
  • qqface/35.bmp
  • qqface/36.bmp
  • qqface/37.bmp
  • qqface/38.bmp
  • qqface/39.bmp
  • qqface/4.bmp
  • qqface/40.bmp
  • qqface/41.bmp
  • qqface/42.bmp
  • qqface/43.bmp
  • qqface/44.bmp
  • qqface/45.bmp
  • qqface/46.bmp
  • qqface/47.bmp
  • qqface/48.bmp
  • qqface/49.bmp
  • qqface/5.bmp
  • qqface/50.bmp
  • qqface/51.bmp
  • qqface/52.bmp
  • qqface/53.bmp
  • qqface/54.bmp
  • qqface/55.bmp
  • qqface/56.bmp
  • qqface/57.bmp
  • qqface/58.bmp
  • qqface/59.bmp
  • qqface/6.bmp
  • qqface/60.bmp
  • qqface/61.bmp
  • qqface/62.bmp
  • qqface/63.bmp
  • qqface/64.bmp
  • qqface/65.bmp
  • qqface/66.bmp
  • qqface/67.bmp
  • qqface/68.bmp
  • qqface/69.bmp
  • qqface/7.bmp
  • qqface/70.bmp
  • qqface/71.bmp
  • qqface/72.bmp
  • qqface/73.bmp
  • qqface/74.bmp
  • qqface/75.bmp
  • qqface/76.bmp
  • qqface/77.bmp
  • qqface/78.bmp
  • qqface/79.bmp
  • qqface/8.bmp
  • qqface/80.bmp
  • qqface/81.bmp
  • qqface/82.bmp
  • qqface/83.bmp
  • qqface/84.bmp
  • qqface/85.bmp
  • qqface/86.bmp
  • qqface/87.bmp
  • qqface/88.bmp
  • qqface/89.bmp
  • qqface/9.bmp
  • qqface/90.bmp
  • qqface/91.bmp
  • qqface/92.bmp
  • qqface/93.bmp
  • qqface/94.bmp
  • qqface/95.bmp
  • qqface/96.bmp
  • qqface/97.bmp
  • qqface/98.bmp
  • qqface/99.bmp
  • uninst.exe
    .exe windows:4 windows x86 arch:x86

    bf730599ca246ea6f6df7d7646cab285


    Headers

    Imports

    Sections

  • $PLUGINSDIR/QQDownHelper.dll
    .dll windows:4 windows x86 arch:x86

    b2c9cab029d98869b4f31fad0b22b5da


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/modern-header.bmp
  • version.dat
  • whatsnew.txt
  • 安装说明.url
    .url