Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fc238d56038e9e5094038122ab07f016_JaffaCakes118
-
Size
3.2MB
-
Sample
240928-mwyafsthna
-
MD5
fc238d56038e9e5094038122ab07f016
-
SHA1
a6eb33748cf13f597e58f6d54e07dde03f5d041f
-
SHA256
15be226231ee990233f181c74ad81a71205dcad0d212f33acf6c997f2867462f
-
SHA512
76cad4bae7cb4c54c3b6ccbba6fc0e2d6511c8dbca07ae15738f4216c0e37be15e3a73b0b9a2fa4fd4be38d088694f2528a3f7fc3a313b4eb2c87a462a6b49a1
-
SSDEEP
98304:zvtgs39n1t0udUbvSIzHqxrweXZFhmU5j3sY:zvSs39nT7ivPKVtmd
Malware Config
Targets
-
-
Target
fc238d56038e9e5094038122ab07f016_JaffaCakes118
-
Size
3.2MB
-
MD5
fc238d56038e9e5094038122ab07f016
-
SHA1
a6eb33748cf13f597e58f6d54e07dde03f5d041f
-
SHA256
15be226231ee990233f181c74ad81a71205dcad0d212f33acf6c997f2867462f
-
SHA512
76cad4bae7cb4c54c3b6ccbba6fc0e2d6511c8dbca07ae15738f4216c0e37be15e3a73b0b9a2fa4fd4be38d088694f2528a3f7fc3a313b4eb2c87a462a6b49a1
-
SSDEEP
98304:zvtgs39n1t0udUbvSIzHqxrweXZFhmU5j3sY:zvSs39nT7ivPKVtmd
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/GoogleInstAppTB_EN.exe
-
Size
1.3MB
-
MD5
e22a6a12fbe5a753ce515ce74c26c3c3
-
SHA1
dda14333432a3adcee9991e836f4c7c72823285d
-
SHA256
9ce297d2bed855b4a2c78c2d1c729ef7770cee68fdbde9396ed2f0097ea09427
-
SHA512
aedf1333e8662bb16475304159af3f4b12a5b1c0c341139e540981ffe89537e45b40ca558916c53deac95be0cb51d1c9592988de4b301fd6513b041be284735e
-
SSDEEP
24576:bwYoI6EZ8OyxkG95wU1S+qQCC5Z2kqdvPGOXgr/w6QJdXNMfGGJIYzNr:yI6aFQkGEU1jqQCgZ2kqp2CjMOGJI
Score3/10 -
-
-
Target
$PLUGINSDIR/InstGameInfoHelper.exe
-
Size
98KB
-
MD5
ec08c1c867ded8f5221aefb969b161c1
-
SHA1
839866cc28b401d1d3f0f07aa8f13803f56b496a
-
SHA256
f3bd166834e626631abe30c2353dd1c015d8b9cf6b63cf94164478e6cbf3c0be
-
SHA512
34c35aab50e9207bdb50cb619c0882b585577b46cdd23710663dcfeceaca8b7c4248e082ad28c2718201225c42d0ad559ebd0ebe904a588d324d50d44774a7a7
-
SSDEEP
1536:DCeRALYkcf6IZQDHnvfr67+MC1s5gxA/yCAPkWyi5N0QNt8aW+:2hYkcyI8r0D+lPkWyi5N05E
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
10KB
-
MD5
7d85b1f619a3023cc693a88f040826d2
-
SHA1
09f5d32f8143e7e0d9270430708db1b9fc8871a8
-
SHA256
dc198967b0fb2bc7aaab0886a700c7f4d8cb346c4f9d48b9b220487b0dfe8a18
-
SHA512
5465804c56d6251bf369609e1b44207b717228a8ac36c7992470b9daf4a231256c0ce95e0b027c4164e62d9656742a56e2b51e9347c8b17ab51ff40f32928c85
-
SSDEEP
192:IDO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1afgMO:TKAFERdlxhGRYUzqZaf
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
907db8118c510976d58a75dd9cf7d0e3
-
SHA1
90446f992946000038807d2966fd71e30e61b1c8
-
SHA256
d166786a2091215ab6360853bc591e7045dd9bc697f45f0b19332b8d629af32e
-
SHA512
f2afc42f03d95ef68c113cb13b47f3b027e5cf8ce7b492a4c15867d72bcd81122d2c70786c52146ac65d5b9e137ed15324b7515f089be3b3efc6711dc0c6e146
-
SSDEEP
96:xbX1XJX7MVnIPDmdpClMdqXHFI3eg1XGtXGlriUTMaVXmj8L4:dx1IVnIadpClyqVIRXQXwriUTMaVXA
Score3/10 -
-
-
Target
AdminWorker.exe
-
Size
196KB
-
MD5
c79625fba5ed4d2684e8c1dfc0fbbd7e
-
SHA1
d9417d17c57feb0c862ac0bbd084a2a90b74453c
-
SHA256
63421b6d23e5f5393f4e0d599509fdae7b9a1abc338f9129c61551977ec696db
-
SHA512
10f4948bd104212af0fe78b3390d4759ef84aeecad70645cf247830ab1b750275584197e9ae9e4f9814381594befe5b2c3bd1a4b63e67c151d0d4333dd6aeb40
-
SSDEEP
6144:fQYTQ2opU25V8E8I/ou9jFQ2Ds6IoOOXK7pN:flTQ2opU25V8c1j+Ms9DOq
Score3/10 -
-
-
Target
WebInstaller.exe
-
Size
108KB
-
MD5
db20f37a66a9965cdfc0249f01a699a8
-
SHA1
1117b061882336964f9b921faee804a2aa1e9509
-
SHA256
2c7ec87217554f0b347a9df877a929df0856c8d03cf4e0a782a35e3bb06e4be1
-
SHA512
e94540f3cb83d631c6ca2dd181f53dc9cc6ddc1f81ecba82a981a01071e02fb17846a225730f9f2ac1a72f2744714f107904b98fc9b3317572824dd4c5a0cd1a
-
SSDEEP
1536:QXEXqN2cYIu/GAILDXC4aTnpaqUeH8RskSyGyARLPbKh9uYpb5qfmbeOKFs:QXEe2c3uBsXCxU1D86TuYpb5qfmy8
Score6/10-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
-
-
Target
WebUpdater.exe
-
Size
80KB
-
MD5
5b790f9f8497e37c40dac4c452f1aeb8
-
SHA1
ebfe0425296ea2b040e894f6b7dd669233b8cf8b
-
SHA256
edd83e3356d83bf3d2012e335857d6271dda26443aeaf52114f40c9811899a74
-
SHA512
7b18f3eb69abbd51218084a83578f81b7d2fa1c7809bca76cfe9c44a3b71a9f18e303d66dfe120144b1a7736a3d821b2bea108db5ae0c176653a2339386c70ee
-
SSDEEP
1536:fiGelBaBW/PxqRcxn+52AuD5cSn0f1KxSmiwhpqVrB48:fiXE8xqRcx+07D5PBx5iwIFF
Score3/10 -
-
-
Target
content/iwa-ovr.js
-
Size
3KB
-
MD5
7baed316496dc9601d5321eec53c0949
-
SHA1
c24e3149384f3062c569e8cde6eba34403dc705f
-
SHA256
1c79854b56279d344efca824630177abdb04b8dfa4cab5b979c7bd1822be4f46
-
SHA512
a294143376ae5b2613127fffd7b412554d55bf5cd1b0ba22d28024c2f1d7a8426b5cae812cc824b9919a6ae0ba258eb53f0d32a44ecc6020802a8277e7d2a7b1
Score3/10 -
-
-
Target
firefox/iWinArcadeLauncher.exe
-
Size
45KB
-
MD5
28bd5ae31c863f05f5398b7668208435
-
SHA1
28fc30b5eae707b86d2c3efc307dceb790a5fdcd
-
SHA256
724c52bb6b902942e7d90264e5ed9ff258ba18bff5feccb47b7c5d31e8a3c975
-
SHA512
067673947e650e3d46ed93ce5f79931ecee05f03b39ec0f2eb26d500a3e816a23ef6b3bd50fe3febb4961508bd9af10c269b75c27e7493bf726bf166f62c5908
-
SSDEEP
768:+f3VmVhsRI26KR+gO3iWn+Cyb9+6otVhyL3UF:Q3AkKBznexot3y4F
Score3/10 -
-
-
Target
iWinGames.exe
-
Size
1.5MB
-
MD5
539b79ac401aea626de589496f8c1949
-
SHA1
a61e438e457942bbf78f15134ff19dfd668104df
-
SHA256
88aafe944255537affcd740f81f5205cc67eec0286d71e6763f78e1accebc4e0
-
SHA512
2293540726908e096b0fd4e852b987b98f46666d5eca1696ddb5a6f9d0d3cfb2b0d311936be288eb0f2e272bd4e574fb5450a8b38accf0f80a3973f554a4ad1f
-
SSDEEP
24576:02Bp/zFlusl8t2eDOkNXu+rMvIcBHoWt48nZ1XoiTVIsVZe+Ju6Bi:Fzzf8NQ+rclD48noihIiZ66Bi
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
iWinGamesHookIE.dll
-
Size
77KB
-
MD5
d4879ae06e89a0720c68f9dd8a9259ca
-
SHA1
e8af7180dd6d8dfc2e281ed59c471f2af686f4ba
-
SHA256
2dba9eb0387a70eceb64ce33db042828bfd3db2cac13c83e1fb8244391f576e9
-
SHA512
5462d495a128ecf0a1bf0b8196f421488e45936290fa2d8236bd3b56ab609572df79b950ebb34ee2ba86d4ed9bdf3b1e44cead1ba196efc281b21218eda43c81
-
SSDEEP
768:kYBGh/ZNwnxbESRB99TaicwmbT9LMG/2mjZ3da5NRQDsHXFosKwAonL3d:k0G1mi66bT9QfmjZ3dWpVosKwrp
Score6/10-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
-
-
Target
iWinGamesInstaller.exe
-
Size
76KB
-
MD5
10008988480308ebbaa5676adfe0f8e9
-
SHA1
1147916d73a56211b6defbdc102b3a9918325081
-
SHA256
c98cd0604e960a3f4a53744647e55eca1ab9e79f3ef3d7e296da247bf55b931e
-
SHA512
da26a6048deea5659be7749a798c4e88823c7bfb2276dad024a4cb9ae3e57683bd33121d58327f475eac098ded99419d620ee2678f4d12b30cceda18bac4a404
-
SSDEEP
1536:n04OD0OMB61x0jrhVB9O8AdMWw5D0kAVw9I1uABSU2Mlla:044nM8urOtM7D3AVwlABh2p
Score3/10 -
-
-
Target
pages/blank.html
-
Size
251B
-
MD5
f8ab4f67022399715ff3e862f59bd27e
-
SHA1
2606eca361d217990708bb1714e6de2d0bb21584
-
SHA256
3db213886c1a831f8c1867c367cf46ffc84065ce5831b04eb398837abcfd6965
-
SHA512
9bd33cd117228af88aef403472edf669a12aa4ec68fdc4cd168e1c6ad8aaa63e12278475583268aeff37609eef5b3118747f8be9792ca6cc59ded647dac86ad5
Score3/10 -
-
-
Target
pages/blank2.html
-
Size
74B
-
MD5
90b42fd8e93203218847a3c0a646d377
-
SHA1
0d485e2de867448e4853031d5714942128d92983
-
SHA256
aec450600b1ea9c5cd12a92ff9764092434c2cca7e56c10c7b11a63a13209c5f
-
SHA512
de8ab5192fbb9e1df4f1baa7436f2d21cbb94f921931d502aed87049b46affe2dba1929ef48b528f114722cff7c797d381070b35884f7bea18813df355b0ffab
Score3/10 -
-
-
Target
pages/error.html
-
Size
2KB
-
MD5
bc70b229c6e24d9e88b22029ad92167b
-
SHA1
1e4a963a52c745bebbbc875b857cdb2de200ada3
-
SHA256
83ff63c010b0a5da11f174b12a32042e774719b7a08f4776c3e1cd45da7e18b8
-
SHA512
7cb8ee1ad23ad1bded3d1faf955306704a5c76497c46363645aad819122d75c75dfaa012fcf5a0664faf2e5b8bb346d4ee6477841bb4459d2e7df092515ad7da
Score3/10 -