Overview

overview

7

Static

static

3

f0394c6194...18.exe

windows7-x64

7

f0394c6194...18.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$_13_/exte...st.dll

windows7-x64

1

$_13_/exte...st.dll

windows10-2004-x64

1

$_13_/exte...PCB.js

windows7-x64

1

$_13_/exte...PCB.js

windows10-2004-x64

1

$_13_/exte...Def.js

windows7-x64

1

$_13_/exte...Def.js

windows10-2004-x64

1

$_13_/exte...Inf.js

windows7-x64

1

$_13_/exte...Inf.js

windows10-2004-x64

1

$_13_/exte...prt.js

windows7-x64

1

$_13_/exte...prt.js

windows10-2004-x64

1

$_13_/exte...plt.js

windows7-x64

1

$_13_/exte...plt.js

windows10-2004-x64

1

$_13_/exte...ref.js

windows7-x64

1

$_13_/exte...ref.js

windows10-2004-x64

1

BabylonToolbarApp.dll

windows7-x64

1

BabylonToolbarApp.dll

windows10-2004-x64

1

BabylonToolbarEng.dll

windows7-x64

1

BabylonToolbarEng.dll

windows10-2004-x64

1

BabylonToo...br.dll

windows7-x64

1

BabylonToo...br.dll

windows10-2004-x64

1

BabylonToolbarsrv.exe

windows7-x64

1

BabylonToolbarsrv.exe

windows10-2004-x64

1

bh/BabylonToolbar.dll

windows7-x64

6

bh/BabylonToolbar.dll

windows10-2004-x64

6

Sharing

Copy URL Twitter E-mail

General

  • Target

    f0394c619492f9ee8cc3ac34dc1454f9_JaffaCakes118

  • Size

    1.0MB

  • MD5

    f0394c619492f9ee8cc3ac34dc1454f9

  • SHA1

    f91de9b2b7733b2f03b48e29c0c97be8f40ca5c4

  • SHA256

    6a9fe92b79c4455d935dd6c226ffa173cbe852c461ae3f5d952a43f10cffa48d

  • SHA512

    47cbec1f0d1acb79122f3824bcf6773bec0ad8e27725a6bfd087440a1f1455e55e4a7c527c54ac1657ac3c5fc1541eefc2f0649d2fa875de2d655b8cfd917315

  • SSDEEP

    24576:avZJR4zjuGj6i7ztCAE0loe6XHe01ub43d:qZJR4rlBbQHe01ubed

Score
3/10

Malware Config

Signatures

  • Unsigned PE 6 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • f0394c619492f9ee8cc3ac34dc1454f9_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UserInfo.dll
    .dll windows:4 windows x86 arch:x86

    afa8e526425f3585465337467d0b5909


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/modern-header.bmp
  • $_13_/extensions/[email protected]/chrome.manifest
  • $_13_/extensions/[email protected]/components/FFHst.dll
    .dll windows:4 windows x86 arch:x86

    c639fa3491f0608cafb5ff2c6fc52ea8


    Headers

    Imports

    Exports

    Sections

  • $_13_/extensions/[email protected]/components/FFHst.xpt
  • $_13_/extensions/[email protected]/content/PPCB.js
    .js
  • $_13_/extensions/[email protected]/content/babylon.css
  • $_13_/extensions/[email protected]/content/babylon.xul
  • $_13_/extensions/[email protected]/content/bbylnDef.js
    .js
  • $_13_/extensions/[email protected]/content/btnInf.js
  • $_13_/extensions/[email protected]/content/imgs/09.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/Chinese Simplified.JPG
    .jpg
  • $_13_/extensions/[email protected]/content/imgs/Chinese Traditional.JPG
    .jpg
  • $_13_/extensions/[email protected]/content/imgs/Croatian.JPG
    .jpg
  • $_13_/extensions/[email protected]/content/imgs/English.JPG
    .jpg
  • $_13_/extensions/[email protected]/content/imgs/French.JPG
    .jpg
  • $_13_/extensions/[email protected]/content/imgs/German.JPG
    .jpg
  • $_13_/extensions/[email protected]/content/imgs/Hebrew.JPG
    .jpg
  • $_13_/extensions/[email protected]/content/imgs/Hindi.JPG
    .jpg
  • $_13_/extensions/[email protected]/content/imgs/Italian.JPG
    .jpg
  • $_13_/extensions/[email protected]/content/imgs/Japanese.JPG
    .jpg
  • $_13_/extensions/[email protected]/content/imgs/Korean.JPG
    .jpg
  • $_13_/extensions/[email protected]/content/imgs/Polish.JPG
    .jpg
  • $_13_/extensions/[email protected]/content/imgs/Portuguese.JPG
    .jpg
  • $_13_/extensions/[email protected]/content/imgs/Russian.JPG
    .jpg
  • $_13_/extensions/[email protected]/content/imgs/Spanish.JPG
    .jpg
  • $_13_/extensions/[email protected]/content/imgs/Swedish.JPG
    .jpg
  • $_13_/extensions/[email protected]/content/imgs/Thumbs.db
  • $_13_/extensions/[email protected]/content/imgs/Turkish.JPG
    .jpg
  • $_13_/extensions/[email protected]/content/imgs/arwDwn.gif
    .gif
  • $_13_/extensions/[email protected]/content/imgs/bbyln.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/buy.gif
    .gif
  • $_13_/extensions/[email protected]/content/imgs/flgs/Thumbs.db
  • $_13_/extensions/[email protected]/content/imgs/flgs/ae.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/flgs/bg.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/flgs/ch.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/flgs/cn.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/flgs/cz.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/flgs/de.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/flgs/eg.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/flgs/en.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/flgs/es.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/flgs/fr.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/flgs/gr.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/flgs/he.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/flgs/il.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/flgs/it.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/flgs/ja.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/flgs/jp.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/flgs/nl.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/flgs/no.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/flgs/pl.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/flgs/pt.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/flgs/ro.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/flgs/ru.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/flgs/sa.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/flgs/se.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/flgs/sv.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/flgs/tr.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/flgs/ua.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/flgs/us.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/games.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/greenCard.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/help_16.gif
    .gif
  • $_13_/extensions/[email protected]/content/imgs/home.gif
    .gif
  • $_13_/extensions/[email protected]/content/imgs/icons.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/languages.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/logo.PNG
    .png
  • $_13_/extensions/[email protected]/content/imgs/lottery.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/mj.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/mnRadio/Thumbs.db
  • $_13_/extensions/[email protected]/content/imgs/mnRadio/bg.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/mnRadio/chooseStation.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/mnRadio/lines.gif
    .gif
  • $_13_/extensions/[email protected]/content/imgs/mnRadio/pauseBtn.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/mnRadio/playBtn.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/mnRadio/rd_strp.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/pbggl.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/privecy_16_hot.gif
    .gif
  • $_13_/extensions/[email protected]/content/imgs/radio.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/search.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/stat.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/tellafriend.gif
    .gif
  • $_13_/extensions/[email protected]/content/imgs/toolbarIcons_casino.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/toolbar_icons_games.png
    .png
  • $_13_/extensions/[email protected]/content/imgs/translate.PNG
    .png
  • $_13_/extensions/[email protected]/content/imgs/vssver.scc
  • $_13_/extensions/[email protected]/content/mtrprt.js
    .js
  • $_13_/extensions/[email protected]/content/rd.htm
    .html .js polyglot
  • $_13_/extensions/[email protected]/content/tmplt.js
    .js
  • $_13_/extensions/[email protected]/content/vssver.scc
  • $_13_/extensions/[email protected]/defaults/preferences/instlPref.js
  • $_13_/extensions/[email protected]/defaults/preferences/vssver.scc
  • $_13_/extensions/[email protected]/install.rdf
    .xml
  • $_13_/extensions/[email protected]/vssver.scc
  • BabylonToolbarApp.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    54c66c30640ceaf09d0e7010ae8bba2a


    Headers

    Imports

    Exports

    Sections

  • BabylonToolbarEng.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    8b24b5fee3a50d84bb40a6cbf9737945


    Headers

    Imports

    Exports

    Sections

  • BabylonToolbarTlbr.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    632de02dcad3a9acb471206decea2e28


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • BabylonToolbarsrv.exe
    .exe windows:4 windows x86 arch:x86

    5bb76c9b862d3d66ddbf9ae1fa74b496


    Headers

    Imports

    Sections

  • bh/BabylonToolbar.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    44f4d3d27a95aa836b9d7cbf6a70fcc2


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • uninstall.exe.nsis