Overview

overview

7

Static

static

3

360cc68d8a...18.exe

windows7-x64

7

360cc68d8a...18.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

1

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ar.exe

windows7-x64

7

$PLUGINSDI...ar.exe

windows10-2004-x64

7

content/yt...log.js

windows7-x64

3

content/yt...log.js

windows10-2004-x64

3

content/yt...ons.js

windows7-x64

3

content/yt...ons.js

windows10-2004-x64

3

content/yt...eio.js

windows7-x64

3

content/yt...eio.js

windows10-2004-x64

3

content/yt...als.js

windows7-x64

3

content/yt...als.js

windows10-2004-x64

3

content/yt...ory.js

windows7-x64

3

content/yt...ory.js

windows10-2004-x64

3

content/yt...18n.js

windows7-x64

3

content/yt...18n.js

windows10-2004-x64

3

content/yt...les.js

windows7-x64

3

content/yt...les.js

windows10-2004-x64

3

content/yt...ork.js

windows7-x64

3

content/yt...ork.js

windows10-2004-x64

3

content/yt...ons.js

windows7-x64

3

content/yt...ons.js

windows10-2004-x64

3

content/yt...age.js

windows7-x64

3

content/yt...age.js

windows10-2004-x64

3

content/yt...der.js

windows7-x64

3

content/yt...der.js

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    360cc68d8a720bf34ff115641f81183f_JaffaCakes118

  • Size

    5.9MB

  • MD5

    360cc68d8a720bf34ff115641f81183f

  • SHA1

    5c891d74cd0f18259c2eecb7d6746b3692cab706

  • SHA256

    d904d3353369f5f193f5258b5e49d677fe63fc85c392c1b1a16d00b5bfdf1a23

  • SHA512

    251633d928d706dcd15df94f866694f15ad2958e7d2049b8607d8a84389fe0f4c0a8fc62faa0fe900ef9790570a0b579605333bed35d7d1fa32d96a792e38636

  • SSDEEP

    98304:F2BW+Dg6zdAfEZSqf6e/HP/emUtlg5c0DPMOFruaq/gfpvNqg2/03w5mvUbevwX:cg6zNZJv/emn5cIU4rvq+pNZkAwSU0w

Score
3/10

Malware Config

Signatures

  • Unsigned PE 17 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 5 IoCs
    installer

Files

  • 360cc68d8a720bf34ff115641f81183f_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    c1d02edd28ce94e699431ce65bed28ec


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/ConnectionTester.dll
    .dll windows:4 windows x86 arch:x86

    507af696c5079bf615f35c016c8c37b2


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    c4fa86e78b598d87f225e209ba30786f


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    4ec328f99bdd944fc98d8a5cf11f7a62


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/y_toolbar.exe
    .exe windows:4 windows x86 arch:x86

    18bc6fa81e19f21156316b1ae696ed6b


    Code Sign

    Headers

    Imports

    Sections

  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/LICENSE.txt
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/META-INF/manifest.mf
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/META-INF/zigbert.rsa
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/META-INF/zigbert.sf
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/chrome/ytoolbar.jar
    .zip
  • content/ytoolbar/cache/about.xul
    .xml
  • content/ytoolbar/cache/option.xul
    .xml
  • content/ytoolbar/cache/sethomepage.xul
    .js .xml polyglot
  • content/ytoolbar/cache/uninstall.xul
    .js .xml polyglot
  • content/ytoolbar/contents.rdf
  • content/ytoolbar/dialog.js
    .js
  • content/ytoolbar/dialog.xul
    .xml
  • content/ytoolbar/feedFunctions.js
    .js
  • content/ytoolbar/fileio.js
    .js
  • content/ytoolbar/globals.js
    .js
  • content/ytoolbar/history.js
    .js
  • content/ytoolbar/i18n.js
    .js
  • content/ytoolbar/installerVariables.js
    .js
  • content/ytoolbar/network.js
    .js
  • content/ytoolbar/options.js
    .js
  • content/ytoolbar/setHomepage.js
    .js
  • content/ytoolbar/toolbarBuilder.js
    .js
  • content/ytoolbar/trackinginterfaces.js
    .js
  • content/ytoolbar/uninstall.js
    .js
  • content/ytoolbar/yahoo.xml
    .js .xml polyglot
  • content/ytoolbar/ylib.js
    .js
  • content/ytoolbar/yprefs.js
    .js
  • content/ytoolbar/yrss.js
    .js
  • content/ytoolbar/ysearch-history.rdf
    .xml
  • content/ytoolbar/ytoolbarOverlay.js
    .js
  • content/ytoolbar/ytoolbarOverlay.xul
    .js .xml polyglot
  • locale/de/ytoolbar/contents.rdf
  • locale/de/ytoolbar/ytoolbar.dtd
  • locale/de/ytoolbar/ytoolbar.properties
  • locale/en-UK/ytoolbar/contents.rdf
    .xml
  • locale/en-UK/ytoolbar/ytoolbar.dtd
  • locale/en-UK/ytoolbar/ytoolbar.properties
  • locale/en-US/ytoolbar/contents.rdf
    .xml
  • locale/en-US/ytoolbar/ytoolbar.dtd
  • locale/en-US/ytoolbar/ytoolbar.properties
  • locale/es/ytoolbar/contents.rdf
    .xml
  • locale/es/ytoolbar/ytoolbar.dtd
  • locale/es/ytoolbar/ytoolbar.properties
  • locale/fr/ytoolbar/contents.rdf
  • locale/fr/ytoolbar/ytoolbar.dtd
  • locale/fr/ytoolbar/ytoolbar.properties
  • locale/kr/ytoolbar/contents.rdf
  • locale/kr/ytoolbar/ytoolbar.dtd
  • locale/kr/ytoolbar/ytoolbar.properties
  • locale/zh-HK/ytoolbar/contents.rdf
    .xml
  • locale/zh-HK/ytoolbar/ytoolbar.dtd
  • locale/zh-HK/ytoolbar/ytoolbar.properties
  • locale/zt-TW/ytoolbar/contents.rdf
  • locale/zt-TW/ytoolbar/ytoolbar.dtd
  • locale/zt-TW/ytoolbar/ytoolbar.properties
  • skin/classic/ytoolbar/05c.gif
    .gif
  • skin/classic/ytoolbar/07c.gif
    .gif
  • skin/classic/ytoolbar/08c.gif
    .gif
  • skin/classic/ytoolbar/11c.gif
    .gif
  • skin/classic/ytoolbar/18c.gif
    .gif
  • skin/classic/ytoolbar/19c.gif
    .gif
  • skin/classic/ytoolbar/50c.gif
    .gif
  • skin/classic/ytoolbar/52c.gif
    .gif
  • skin/classic/ytoolbar/MY-ff-plus.gif
    .gif
  • skin/classic/ytoolbar/chevron.gif
    .gif
  • skin/classic/ytoolbar/contents.rdf
    .xml
  • skin/classic/ytoolbar/ed.gif
    .gif
  • skin/classic/ytoolbar/logo.gif
    .gif
  • skin/classic/ytoolbar/mno2.gif
    .gif
  • skin/classic/ytoolbar/my.gif
    .gif
  • skin/classic/ytoolbar/new3.gif
    .gif
  • skin/classic/ytoolbar/option.gif
    .gif
  • skin/classic/ytoolbar/slider.gif
    .gif
  • skin/classic/ytoolbar/tot.gif
    .gif
  • skin/classic/ytoolbar/yahooicon.png
    .png
  • skin/classic/ytoolbar/yma1.gif
    .gif
  • skin/classic/ytoolbar/ytoolbar.css
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/components/nsYahooDomBuilder.idl
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/components/nsYahooDomBuilder.js
    .js
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/components/nsYahooDomBuilder.xpt
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/components/nsYahooFeedNode.idl
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/components/nsYahooFeedNode.js
    .js
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/components/nsYahooFeedNode.xpt
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/components/nsYahooFeedProcessor.idl
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/components/nsYahooFeedProcessor.js
    .js
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/components/nsYahooFeedProcessor.xpt
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/components/nsYahooHashtable.idl
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/components/nsYahooHashtable.js
    .js
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/components/nsYahooHashtable.xpt
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/defaults/preferences/yahoo.js
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/install.js
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/install.rdf
    .xml
  • $PLUGINSDIR/InetLoad.dll
    .dll windows:4 windows x86 arch:x86

    d8be1bce66a8b91950a8519f256400c0


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    57354bdeea3dfae6e948101add87501a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/MoreInfo.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    a75ed4b57a83b633f5cb5d4939d72f27


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/YDefUser.dll
    .dll windows:4 windows x86 arch:x86

    eb9b12f933fc102c731bc4f747f068e1


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/finish.ini
  • $PLUGINSDIR/fudogs_setup.exe
    .exe windows:4 windows x86 arch:x86

    18bc6fa81e19f21156316b1ae696ed6b


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    a75ed4b57a83b633f5cb5d4939d72f27


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/fudogs_sub_setup.exe
    .exe windows:4 windows x86 arch:x86

    18bc6fa81e19f21156316b1ae696ed6b


    Code Sign

    Headers

    Imports

    Sections

  • $2
    .dll windows:4 windows x86 arch:x86

    0b86d102054617ee3bef35af3d856f86


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InetLoad.dll
    .dll windows:4 windows x86 arch:x86

    d8be1bce66a8b91950a8519f256400c0


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    a75ed4b57a83b633f5cb5d4939d72f27


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsisProcMgr.dll
    .dll windows:4 windows x86 arch:x86

    c9fc7f6df8fedf8f8f1f9f820c072664


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/timet.dll
    .dll windows:4 windows x86 arch:x86

    651bc9f5d0db795bf404d577647568d4


    Headers

    Imports

    Exports

    Sections

  • Content/logoUS.png
    .png
  • Content/resourceDE.bin
  • Content/resourcePH.bin
  • Content/resourceTW.bin
  • Content/resourceUS.bin
  • Content/resourceVN.bin
  • SearchProtection.exe
    .exe windows:4 windows x86 arch:x86

    ddd81a2c4db4daa349e5ff0b58ee136c


    Code Sign

    Headers

    Imports

    Sections

  • fdLoad.dll
    .dll windows:4 windows x86 arch:x86

    0b86d102054617ee3bef35af3d856f86


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • uninst_ysp.exe.nsis
  • $PLUGINSDIR/nsisProcMgr.dll
    .dll windows:4 windows x86 arch:x86

    c9fc7f6df8fedf8f8f1f9f820c072664


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsisProcMgr.dll
    .dll windows:4 windows x86 arch:x86

    c9fc7f6df8fedf8f8f1f9f820c072664


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/privacy.ini
  • $PLUGINSDIR/timet.dll
    .dll windows:4 windows x86 arch:x86

    651bc9f5d0db795bf404d577647568d4


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/toolbar.bmp
  • $PLUGINSDIR/welcome.ini
  • $PROGRAM_FILES/Yahoo!/Common/$PROGRAM_FILES/Yahoo!/Common/unyt.exe.nsis
  • $_31_/Data/dlg_atb.html
    .html .js polyglot
  • $_31_/Data/dlg_catb.html
    .html .js polyglot
  • $_31_/Data/dlg_cnf.html
    .html .js polyglot
  • $_31_/Data/dlg_cotb.html
    .html .js polyglot
  • $_31_/Data/dlg_ctb.html
    .html .js polyglot
  • $_31_/Data/dlg_fantip.html
    .html .js polyglot
  • $_31_/Data/dlg_fantipg.html
    .html .js polyglot
  • $_31_/Data/dlg_fintip.html
    .html .js polyglot
  • $_31_/Data/dlg_fintipg.html
    .html .js polyglot
  • $_31_/Data/dlg_grptip.html
    .html .js polyglot
  • $_31_/Data/dlg_grptipg.html
    .html .js polyglot
  • $_31_/Data/dlg_logtip.html
    .html .js polyglot
  • $_31_/Data/dlg_mailatip.html
    .html .js polyglot
  • $_31_/Data/dlg_mailtip.html
    .html .js polyglot
  • $_31_/Data/dlg_map.html
    .html
  • $_31_/Data/dlg_mlbtip.html
    .html .js polyglot
  • $_31_/Data/dlg_mlbtipg.html
    .html .js polyglot
  • $_31_/Data/dlg_msgratip.html
    .html .js polyglot
  • $_31_/Data/dlg_msgrtip.html
    .html .js polyglot
  • $_31_/Data/dlg_nbatip.html
    .html
  • $_31_/Data/dlg_nbatipg.html
    .html
  • $_31_/Data/dlg_newstip.html
    .html .js polyglot
  • $_31_/Data/dlg_newstipg.html
    .html .js polyglot
  • $_31_/Data/dlg_nfltip.html
    .html
  • $_31_/Data/dlg_nfltipg.html
    .html
  • $_31_/Data/dlg_opt.html
    .html .js polyglot
  • $_31_/Data/dlg_pub.html
    .html .js polyglot
  • $_31_/Data/dlg_srchtip.html
    .html .js polyglot
  • $_31_/Data/dlg_upg.html
    .html .js polyglot
  • $_31_/Data/dlg_wp.html
    .html .js polyglot
  • YMERemote.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    60fc59d11639941018b6f0547a2767a1


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • YPUBC.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    f063b20f8606a0032283d06ba86aaa26


    Headers

    Imports

    Exports

    Sections

  • YTAntiSpy.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    b9926d7ffd0efba81ed49dd7de4fdb2d


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • YTBM.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    387e62e2fbfe685904999456824c2bdc


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • YTMsgr.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    5fdd7a2fa0538db5d8fc3db799e8a758


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • YTabBar.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    43a74f471c917b4f8b795e72305cff53


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • inyt.exe
    .exe windows:4 windows x86 arch:x86

    1ee0c47671c74b65bc79dddfdfface52


    Code Sign

    Headers

    Imports

    Sections

  • inyt.exe.manifest
    .xml
  • pubmod.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    00b621b6342f7ef7fc3bfa73a2cdeddc


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • yt.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    494bcbc11fbe3a40f24dbdc81bd35d6f


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/yset.exe
    .exe windows:4 windows x86 arch:x86

    18bc6fa81e19f21156316b1ae696ed6b


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    a75ed4b57a83b633f5cb5d4939d72f27


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/YDefUser.dll
    .dll windows:4 windows x86 arch:x86

    eb9b12f933fc102c731bc4f747f068e1


    Code Sign

    Headers

    Imports

    Exports

    Sections