Overview

overview

7

Static

static

3

452aa37e10...18.exe

windows7-x64

7

452aa37e10...18.exe

windows10-2004-x64

7

$1/extensi...b.html

windows7-x64

1

$1/extensi...b.html

windows10-2004-x64

1

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$_13_/exte...nal.js

windows7-x64

3

$_13_/exte...nal.js

windows10-2004-x64

3

$_13_/exte...r.html

windows7-x64

1

$_13_/exte...r.html

windows10-2004-x64

1

$_13_/exte...w.html

windows7-x64

1

$_13_/exte...w.html

windows10-2004-x64

1

$_13_/exte...ode.js

windows7-x64

3

$_13_/exte...ode.js

windows10-2004-x64

3

$_13_/exte...r.html

windows7-x64

1

$_13_/exte...r.html

windows10-2004-x64

1

$_13_/exte...ore.js

windows7-x64

3

$_13_/exte...ore.js

windows10-2004-x64

3

$_13_/exte...rop.js

windows7-x64

3

$_13_/exte...rop.js

windows10-2004-x64

3

$_13_/exte...b.html

windows7-x64

1

$_13_/exte...b.html

windows10-2004-x64

1

$_13_/exte...t.html

windows7-x64

1

$_13_/exte...t.html

windows10-2004-x64

1

$_13_/exte...o.html

windows7-x64

1

$_13_/exte...o.html

windows10-2004-x64

1

$_13_/exte...ar.htm

windows7-x64

1

$_13_/exte...ar.htm

windows10-2004-x64

1

$_13_/exte...ode.js

windows7-x64

3

$_13_/exte...ode.js

windows10-2004-x64

3

$_13_/exte...tor.js

windows7-x64

3

$_13_/exte...tor.js

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    452aa37e10ffa6c4419daed18b0f7e73_JaffaCakes118

  • Size

    1019KB

  • MD5

    452aa37e10ffa6c4419daed18b0f7e73

  • SHA1

    4b7a392e76a9241106e68cebf7854ad5c11749f8

  • SHA256

    94e0401976ab127bcbc97b95d3eb5f13d2c4a728580552efa0f74e8528a1a829

  • SHA512

    1d9358437bd9896be7b071eda7ae3277ae5ede6de10cd323e19d883d4d36dce5b76dda720c681cdb514353c64c8a1aa7a6d7920ac0fabd8829abd34132675b17

  • SSDEEP

    24576:95fyjnHOSRVWgNw3Yvsrv6reHjr1OnZNY9bdrLkBM0Ofr:DfyjnHt9Ovs61uSbdMBhOfr

Score
3/10

Malware Config

Signatures

  • Unsigned PE 3 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • 452aa37e10ffa6c4419daed18b0f7e73_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    099c0646ea7282d232219f8807883be0


    Code Sign

    Headers

    Imports

    Sections

  • $1/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/content/newtab/newtab.html
  • $1/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/data/search/engines.xml
    .xml
  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.ini
  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $TEMP/bflixtoolbar-manifest.xml
    .xml
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/content/lib/about.xml
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/content/lib/dtxpanel.xul
    .xml
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/content/lib/dtxpaneltransparent.xul
    .xml
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/content/lib/dtxpanelwin.xul
    .xml
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/content/lib/dtxprefwin.xul
    .xml
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/content/lib/dtxtransparentwin.xul
    .xml
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/content/lib/dtxwin.xul
    .xml
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/content/lib/emailnotifierproviders.xml
    .xml
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/content/lib/external.js
    .js
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/content/lib/neterror.xhtml
    .html
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/content/lib/rsspreview.html
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/content/lib/rsswin.xml
    .xml
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/content/lib/rsswin.xsl
    .xml
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/content/lib/vmncode.js
    .js
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/content/lib/wmpstreamer.html
    .html
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/content/modules/datastore.jsm
    .js
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/content/modules/nsDragAndDrop.js
    .js
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/content/neterror.xhtml
    .html .js polyglot
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/content/newtab/images/btn_search.gif
    .gif
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/content/newtab/images/bullet.gif
    .gif
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/content/newtab/images/field_bg.gif
    .gif
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/content/newtab/images/powered_by_yahoo.gif
    .gif
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/content/newtab/newtab.html
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/content/newtab/newtab_mystart.html
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/content/newtab/newtab_yahoo.html
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/content/preferences.xml
    .xml
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/content/template.xml
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/content/toolbar.htm
    .html
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/content/toolbar.xul
    .js .xml polyglot
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/content/vmncode.js
    .js
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/content/vmnrsswin.xml
    .xml
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/data/dynamicElements/vmntoolbar.xsl
    .xml
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/data/rss/rss.xml
    .xml
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/chrome/data/search/engines.xml
    .xml
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/components/windowmediator.js
    .js
  • $_13_/extensions/{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}/manifest.xml
    .xml
  • $_2_/chrome/content/lib/about.xml
  • $_2_/chrome/content/lib/dtxpanel.xul
    .xml
  • $_2_/chrome/content/lib/dtxpaneltransparent.xul
    .xml
  • $_2_/chrome/content/lib/dtxpanelwin.xul
    .xml
  • $_2_/chrome/content/lib/dtxprefwin.xul
    .xml
  • $_2_/chrome/content/lib/dtxtransparentwin.xul
    .xml
  • $_2_/chrome/content/lib/dtxwin.xul
    .xml
  • $_2_/chrome/content/lib/emailnotifierproviders.xml
    .xml
  • $_2_/chrome/content/lib/external.js
    .js
  • $_2_/chrome/content/lib/neterror.xhtml
    .html
  • $_2_/chrome/content/lib/rsspreview.html
  • $_2_/chrome/content/lib/rsswin.xml
    .xml
  • $_2_/chrome/content/lib/rsswin.xsl
    .xml
  • $_2_/chrome/content/lib/vmncode.js
    .js
  • $_2_/chrome/content/lib/wmpstreamer.html
    .html
  • $_2_/chrome/content/modules/datastore.jsm
    .js
  • $_2_/chrome/content/modules/nsDragAndDrop.js
    .js
  • $_2_/chrome/content/neterror.xhtml
    .html .js polyglot
  • $_2_/chrome/content/newtab/images/btn_search.gif
    .gif
  • $_2_/chrome/content/newtab/images/bullet.gif
    .gif
  • $_2_/chrome/content/newtab/images/field_bg.gif
    .gif
  • $_2_/chrome/content/newtab/images/powered_by_yahoo.gif
    .gif
  • $_2_/chrome/content/newtab/newtab.html
  • $_2_/chrome/content/newtab/newtab_mystart.html
  • $_2_/chrome/content/newtab/newtab_yahoo.html
  • $_2_/chrome/content/preferences.xml
    .xml
  • $_2_/chrome/content/template.xml
  • $_2_/chrome/content/toolbar.htm
    .html
  • $_2_/chrome/content/toolbar.xul
    .js .xml polyglot
  • $_2_/chrome/content/vmncode.js
    .js
  • $_2_/chrome/content/vmnrsswin.xml
    .xml
  • $_2_/chrome/data/dynamicElements/vmntoolbar.xsl
    .xml
  • $_2_/chrome/data/rss/rss.xml
    .xml
  • $_2_/chrome/data/search/engines.xml
    .xml
  • $_2_/components/windowmediator.js
    .js
  • $_2_/manifest.xml
    .xml
  • $_2_/partner.xml
    .xml
  • $_2_/toolbar.xml
    .xml
  • $_2_/vmntemplate.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    33c60b6f13631b5fa9dd808f30bda776


    Headers

    Imports

    Exports

    Sections

  • $_2_/vmntemplateX.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    20b876b2c9bc1b292242ea421dc836e7


    Headers

    Imports

    Exports

    Sections