Overview

overview

7

Static

static

3

1bc877ccda...18.exe

windows7-x64

7

1bc877ccda...18.exe

windows10-2004-x64

7

background.html

windows7-x64

1

background.html

windows10-2004-x64

1

ci.bg.pack.js

windows7-x64

3

ci.bg.pack.js

windows10-2004-x64

3

ci.browser.helper.js

windows7-x64

3

ci.browser.helper.js

windows10-2004-x64

3

ci.content.pack.js

windows7-x64

3

ci.content.pack.js

windows10-2004-x64

3

content.js

windows7-x64

3

content.js

windows10-2004-x64

3

jquery-1.9.1.min.js

windows7-x64

3

jquery-1.9.1.min.js

windows10-2004-x64

3

jquery.uuid.js

windows7-x64

3

jquery.uuid.js

windows10-2004-x64

3

mz/background.js

windows7-x64

3

mz/background.js

windows10-2004-x64

3

mz/content.js

windows7-x64

3

mz/content.js

windows10-2004-x64

3

popup.js

windows7-x64

3

popup.js

windows10-2004-x64

3

$APPDATA/S...ll.exe

windows7-x64

1

$APPDATA/S...ll.exe

windows10-2004-x64

1

$PLUGINSDI...nz.dll

windows7-x64

3

$PLUGINSDI...nz.dll

windows10-2004-x64

3

chrome/con...d.html

windows7-x64

1

chrome/con...d.html

windows10-2004-x64

1

chrome/con...fig.js

windows7-x64

3

chrome/con...fig.js

windows10-2004-x64

3

chrome/con...ent.js

windows7-x64

3

chrome/con...ent.js

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1bc877ccdae6e341b8a3ef1e3507be67_JaffaCakes118

  • Size

    2.3MB

  • MD5

    1bc877ccdae6e341b8a3ef1e3507be67

  • SHA1

    1ed2c9ee14e3a4192bba9e4d0fe29524108cd23f

  • SHA256

    04a484c01214c519221232364f1b99e4aff0761a6fe9c2cfcbf0c84a246a1689

  • SHA512

    d4a91366ea7a12a1dab839db45a33ebad96324a3c1dccb2b2bd6e6115c9dd5888d44637aae675c64600b73aff30683dac1acd00a16b3da333943b7337c75e97c

  • SSDEEP

    49152:537DPQNxWCWMpiwy1rA91zjbb7aaM429BNgFH2LM:53nPQnW4tyS1zjn7aaM4CrgcLM

Score
3/10

Malware Config

Signatures

  • Unsigned PE 6 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • 1bc877ccdae6e341b8a3ef1e3507be67_JaffaCakes118
    .exe windows:5 windows x86 arch:x86

    be41bf7b8cc010b614bd36bbca606973


    Code Sign

    Headers

    Imports

    Sections

  • $APPDATA/SpecialSavings/SpecialSavings.crx
    .zip
  • background.html
  • ci.bg.pack.js
    .js
  • ci.browser.helper.js
    .js
  • ci.content.pack.js
    .js
  • content.js
  • icon128.png
    .png
  • icon16.png
    .png
  • icon48.png
    .png
  • jquery-1.9.1.min.js
    .js
  • jquery.uuid.js
    .js
  • manifest.json
  • mz/background.js
    .js
  • mz/content.js
    .js
  • popup.js
  • settings.json
  • specialsavings.rdf
    .xml
  • $APPDATA/SpecialSavings/chrome_install.exe
    .exe windows:5 windows x86 arch:x86

    ab6d51b539c85117ff94d0a0d064de07


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/nsisunz.dll
    .dll windows:5 windows x86 arch:x86

    1b37562e8104552588ae892e11fcdff2


    Headers

    Imports

    Exports

    Sections

  • $TEMP/$PROGRAMFILES/SpecialSavings/uninst.exe.nsis
  • $TEMP/SpecialSavings.xpi
    .zip
  • chrome.manifest
  • chrome/content/background.html
    .html
  • chrome/content/button.xml
    .xml
  • chrome/content/config.js
  • chrome/content/content.js
  • chrome/content/framework.js
    .js
  • chrome/content/framework.png
    .png
  • chrome/content/framework.xul
    .js .xml polyglot
  • chrome/content/icon128.png
    .png
  • chrome/content/icon16.png
    .png
  • chrome/content/icon48.png
    .png
  • chrome/content/jquery-1.9.1.min.js
    .js
  • chrome/content/mz/background.js
    .js
  • chrome/content/mz/content.js
    .js
  • chrome/content/options.xul
    .js .xml polyglot
  • chrome/content/settings.json
  • chrome/skin/framework.css
  • install.rdf
    .xml
  • $TEMP/install_helper.exe
    .exe windows:5 windows x86 arch:x86

    694b9d244136a4e2d6e5fc4b5c18dfcb


    Headers

    Imports

    Sections

  • $TEMP/specialsavings.exe
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UAC.dll
    .dll windows:4 windows x86 arch:x86

    ee75cece63794fa22feebed80a358b16


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/help_page.ini
  • $PLUGINSDIR/ie9install.bmp
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/nsDialogs.dll
    .dll windows:4 windows x86 arch:x86

    1e2884056e655f2b7bc5a904e352fc80


    Headers

    Imports

    Exports

    Sections

  • AddonsFramework.Typelib.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    840770e3d4f0dd959779a45e1f36a662


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • BackgroundHost.exe
    .exe windows:5 windows x86 arch:x86

    1c8c3c5249da7d2ccc3fd07a354803d1


    Code Sign

    Headers

    Imports

    Sections

  • BackgroundHost64.exe
    .exe windows:5 windows x64 arch:x64

    ff0cb84b0b999fafe4516e8e5da36703


    Code Sign

    Headers

    Imports

    Sections

  • BackgroundHostPS.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    20d5a18b2d271ffadea9b0347c016e57


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • ButtonSite.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    c7781083fab6265e8f6f166dfd5ce0f0


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • ButtonSite64.dll
    .dll regsvr32 windows:5 windows x64 arch:x64

    bc41371be477c74c95f5ce0cb5458ae6


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • ScriptHost.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    c6d1f7ea900941682121319c13d44a1a


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • background.html
    .html .js polyglot
  • config.xml
    .xml
  • content.js
  • icon128.png
    .png
  • icon16.png
    .png
  • icon48.png
    .png
  • jquery-1.9.1.min.js
    .js
  • json2.min.js
    .js
  • mz/background.js
    .js
  • mz/content.js
    .js
  • uninstall.exe.nsis
  • updater.js
    .js
  • updaterWrapper.js
    .js