Overview

overview

7

Static

static

7

73a899b304...18.exe

windows7-x64

7

73a899b304...18.exe

windows10-2004-x64

7

$PLUGINSDI...os.dll

windows7-x64

3

$PLUGINSDI...os.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMPImage...er.exe

windows7-x64

3

$TEMPImage...er.exe

windows10-2004-x64

3

$TEMPImage..._y.exe

windows7-x64

3

$TEMPImage..._y.exe

windows10-2004-x64

3

$TEMPImage...nt.exe

windows7-x64

7

$TEMPImage...nt.exe

windows10-2004-x64

7

$TEMPImage...ct.exe

windows7-x64

7

$TEMPImage...ct.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMPImage...p_.exe

windows7-x64

7

$TEMPImage...p_.exe

windows10-2004-x64

7

content/yt...ipt.js

windows7-x64

3

content/yt...ipt.js

windows10-2004-x64

3

content/yt...log.js

windows7-x64

3

content/yt...log.js

windows10-2004-x64

3

content/yt...ons.js

windows7-x64

3

content/yt...ons.js

windows10-2004-x64

3

content/yt...eio.js

windows7-x64

3

content/yt...eio.js

windows10-2004-x64

3

content/yt...als.js

windows7-x64

3

content/yt...als.js

windows10-2004-x64

3

content/yt...ory.js

windows7-x64

3

content/yt...ory.js

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    73a899b304bdd5ba49d41941793e8e08_JaffaCakes118

  • Size

    2.7MB

  • MD5

    73a899b304bdd5ba49d41941793e8e08

  • SHA1

    a37bb80ff6581be970bd2af3dc80a1f2cc2345fb

  • SHA256

    db095ed9c0740d273fd252bb0a810fe27d775867056fe91b1dd8363c82e2ba3e

  • SHA512

    c69512cc3da9f7c150907e7f5d8f3d478768437867dc71c8b78823ec8509c8cf53b1c0a50fe1e109e444d7ba03b97351ed419151928b26da29efe73e1ae87c7d

  • SSDEEP

    49152:LOFyYGQdbJZvuUtocd/VCyGZniTZCJWKbr1e8sJvYCJyHzn5H:LOXPbzumocdwZnCe1epvY2yF

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 36 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • 73a899b304bdd5ba49d41941793e8e08_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • $PLUGINSDIR/ExecDos.dll
    .dll windows:4 windows x86 arch:x86

    2dfc6a992d004b736e85c64219a88b4a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    4ec328f99bdd944fc98d8a5cf11f7a62


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioC.ini
  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $TEMPImages/ioC.ini
  • $TEMPImages/register.exe
    .exe windows:4 windows x86 arch:x86

    492138ce5716142bee4b8c6ddf19a2c0


    Headers

    Imports

    Sections

  • $TEMPImages/register_y.exe
    .exe windows:4 windows x86 arch:x86

    492138ce5716142bee4b8c6ddf19a2c0


    Headers

    Imports

    Sections

  • $TEMPImages/si1setup-SI1PRT1-silent.exe
    .exe windows:4 windows x86 arch:x86

    21607682c19f7802c7d98afd746dbe9e


    Code Sign

    Headers

    Imports

    Sections

  • $TEMPImages/ydetect.exe
    .exe windows:4 windows x86 arch:x86

    18bc6fa81e19f21156316b1ae696ed6b


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    a75ed4b57a83b633f5cb5d4939d72f27


    Headers

    Imports

    Exports

    Sections

  • $TEMPImages/ytb_7.0.9.0_1.5.1_pub_uber_setup_.exe
    .exe windows:4 windows x86 arch:x86

    18bc6fa81e19f21156316b1ae696ed6b


    Code Sign

    Headers

    Imports

    Sections

  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/LICENSE.txt
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/META-INF/manifest.mf
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/META-INF/zigbert.rsa
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/META-INF/zigbert.sf
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/chrome/ytoolbar.jar
    .zip
  • content/ytoolbar/JScript.js
  • content/ytoolbar/cache/about.xul
    .xml
  • content/ytoolbar/cache/option.xul
    .xml
  • content/ytoolbar/cache/sethp.xul
    .js .xml polyglot
  • content/ytoolbar/cache/uninstall.xul
    .js .xml polyglot
  • content/ytoolbar/contents.rdf
  • content/ytoolbar/dialog.js
    .js
  • content/ytoolbar/dialog.xul
    .xml
  • content/ytoolbar/dropmaker.xml
    .js .xml polyglot
  • content/ytoolbar/feedFunctions.js
    .js
  • content/ytoolbar/fileio.js
    .js
  • content/ytoolbar/globals.js
    .js
  • content/ytoolbar/history.js
    .js
  • content/ytoolbar/i18n.js
    .js
  • content/ytoolbar/installerVariables.js
    .js
  • content/ytoolbar/network.js
    .js
  • content/ytoolbar/options.js
    .js
  • content/ytoolbar/setHomepage.js
    .js
  • content/ytoolbar/toolbarBuilder.js
    .js
  • content/ytoolbar/trackinginterfaces.js
    .js
  • content/ytoolbar/uninstall.js
    .js
  • content/ytoolbar/yahoo.xml
    .js .xml polyglot
  • content/ytoolbar/ylib.js
    .js
  • content/ytoolbar/yprefs.js
    .js
  • content/ytoolbar/yrss.js
    .js
  • content/ytoolbar/ysearch-history.rdf
    .xml
  • content/ytoolbar/ytoolbarOverlay.js
    .js
  • content/ytoolbar/ytoolbarOverlay.xul
    .js .xml polyglot
  • locale/de/ytoolbar/contents.rdf
  • locale/de/ytoolbar/ytoolbar.dtd
  • locale/de/ytoolbar/ytoolbar.properties
  • locale/en-UK/ytoolbar/contents.rdf
    .xml
  • locale/en-UK/ytoolbar/ytoolbar.dtd
  • locale/en-UK/ytoolbar/ytoolbar.properties
  • locale/en-US/ytoolbar/contents.rdf
    .xml
  • locale/en-US/ytoolbar/ytoolbar.dtd
  • locale/en-US/ytoolbar/ytoolbar.properties
  • locale/es/ytoolbar/contents.rdf
    .xml
  • locale/es/ytoolbar/ytoolbar.dtd
  • locale/es/ytoolbar/ytoolbar.properties
  • locale/fr/ytoolbar/contents.rdf
  • locale/fr/ytoolbar/ytoolbar.dtd
  • locale/fr/ytoolbar/ytoolbar.properties
  • locale/kr/ytoolbar/contents.rdf
  • locale/kr/ytoolbar/ytoolbar.dtd
  • locale/kr/ytoolbar/ytoolbar.properties
  • locale/zh-HK/ytoolbar/contents.rdf
    .xml
  • locale/zh-HK/ytoolbar/ytoolbar.dtd
  • locale/zh-HK/ytoolbar/ytoolbar.properties
  • locale/zt-TW/ytoolbar/contents.rdf
  • locale/zt-TW/ytoolbar/ytoolbar.dtd
  • locale/zt-TW/ytoolbar/ytoolbar.properties
  • skin/classic/ytoolbar/05c.gif
    .gif
  • skin/classic/ytoolbar/07c.gif
    .gif
  • skin/classic/ytoolbar/08c.gif
    .gif
  • skin/classic/ytoolbar/11c.gif
    .gif
  • skin/classic/ytoolbar/18c.gif
    .gif
  • skin/classic/ytoolbar/19c.gif
    .gif
  • skin/classic/ytoolbar/50c.gif
    .gif
  • skin/classic/ytoolbar/52c.gif
    .gif
  • skin/classic/ytoolbar/MY-ff-plus.gif
    .gif
  • skin/classic/ytoolbar/chevron.gif
    .gif
  • skin/classic/ytoolbar/contents.rdf
    .xml
  • skin/classic/ytoolbar/ed.gif
    .gif
  • skin/classic/ytoolbar/logo.gif
    .gif
  • skin/classic/ytoolbar/mno2.gif
    .gif
  • skin/classic/ytoolbar/my.gif
    .gif
  • skin/classic/ytoolbar/new3.gif
    .gif
  • skin/classic/ytoolbar/option.gif
    .gif
  • skin/classic/ytoolbar/slider.gif
    .gif
  • skin/classic/ytoolbar/tot.gif
    .gif
  • skin/classic/ytoolbar/yahooicon.png
    .png
  • skin/classic/ytoolbar/yma1.gif
    .gif
  • skin/classic/ytoolbar/ytoolbar.css
  • skin/classic/ytoolbar/ytoolbar.properties-de
  • skin/classic/ytoolbar/ytoolbar.properties-es
  • skin/classic/ytoolbar/ytoolbar.properties-fr
  • skin/classic/ytoolbar/ytoolbar.properties-hk
  • skin/classic/ytoolbar/ytoolbar.properties-kr
  • skin/classic/ytoolbar/ytoolbar.properties-tw
  • skin/classic/ytoolbar/ytoolbar.properties-uk
  • skin/classic/ytoolbar/ytoolbar.properties-us
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/components/nsYahooDomBuilder.js
    .js
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/components/nsYahooDomBuilder.xpt
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/components/nsYahooFeedNode.js
    .js
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/components/nsYahooFeedNode.xpt
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/components/nsYahooFeedProcessor.js
    .js
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/components/nsYahooFeedProcessor.xpt
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/defaults/preferences/yahoo.js
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/install.js
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/install.rdf
    .xml
  • $PLUGINSDIR/InetLoad.dll
    .dll windows:4 windows x86 arch:x86

    d8be1bce66a8b91950a8519f256400c0


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    57354bdeea3dfae6e948101add87501a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/MoreInfo.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    a75ed4b57a83b633f5cb5d4939d72f27


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/YDefUser.dll
    .dll windows:4 windows x86 arch:x86

    eb9b12f933fc102c731bc4f747f068e1


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/finish.ini
  • $PLUGINSDIR/nsisProcMgr.dll
    .dll windows:4 windows x86 arch:x86

    c9fc7f6df8fedf8f8f1f9f820c072664


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/privacy.ini
  • $PLUGINSDIR/timet.dll
    .dll windows:4 windows x86 arch:x86

    651bc9f5d0db795bf404d577647568d4


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/toolbar.bmp
  • $PLUGINSDIR/welcome.ini
  • $PROGRAM_FILES/Yahoo!/Common/$PROGRAM_FILES/Yahoo!/Common/unyt.exe.nsis
  • $_30_/Data/dlg_atb.html
    .html .js polyglot
  • $_30_/Data/dlg_catb.html
    .html .js polyglot
  • $_30_/Data/dlg_cnf.html
    .html .js polyglot
  • $_30_/Data/dlg_cotb.html
    .html .js polyglot
  • $_30_/Data/dlg_ctb.html
    .html .js polyglot
  • $_30_/Data/dlg_fantip.html
    .html .js polyglot
  • $_30_/Data/dlg_fantipg.html
    .html .js polyglot
  • $_30_/Data/dlg_fintip.html
    .html .js polyglot
  • $_30_/Data/dlg_fintipg.html
    .html .js polyglot
  • $_30_/Data/dlg_grptip.html
    .html .js polyglot
  • $_30_/Data/dlg_grptipg.html
    .html .js polyglot
  • $_30_/Data/dlg_logtip.html
    .html .js polyglot
  • $_30_/Data/dlg_mailatip.html
    .html .js polyglot
  • $_30_/Data/dlg_mailtip.html
    .html .js polyglot
  • $_30_/Data/dlg_map.html
    .html
  • $_30_/Data/dlg_mlbtip.html
    .html .js polyglot
  • $_30_/Data/dlg_mlbtipg.html
    .html .js polyglot
  • $_30_/Data/dlg_msgratip.html
    .html .js polyglot
  • $_30_/Data/dlg_msgrtip.html
    .html .js polyglot
  • $_30_/Data/dlg_nbatip.html
    .html
  • $_30_/Data/dlg_nbatipg.html
    .html
  • $_30_/Data/dlg_newstip.html
    .html .js polyglot
  • $_30_/Data/dlg_newstipg.html
    .html .js polyglot
  • $_30_/Data/dlg_nfltip.html
    .html
  • $_30_/Data/dlg_nfltipg.html
    .html
  • $_30_/Data/dlg_opt.html
    .html .js polyglot
  • $_30_/Data/dlg_pub.html
    .html .js polyglot
  • $_30_/Data/dlg_srchtip.html
    .html .js polyglot
  • $_30_/Data/dlg_upg.html
    .html .js polyglot
  • $_30_/Data/dlg_wp.html
    .html .js polyglot
  • YMERemote.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    60fc59d11639941018b6f0547a2767a1


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • YPUBC.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    f063b20f8606a0032283d06ba86aaa26


    Headers

    Imports

    Exports

    Sections

  • YTAntiSpy.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    b9926d7ffd0efba81ed49dd7de4fdb2d


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • YTBM.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    387e62e2fbfe685904999456824c2bdc


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • YTMsgr.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    5fdd7a2fa0538db5d8fc3db799e8a758


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • YTabBar.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    43a74f471c917b4f8b795e72305cff53


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • inyt.exe
    .exe windows:4 windows x86 arch:x86

    1ee0c47671c74b65bc79dddfdfface52


    Code Sign

    Headers

    Imports

    Sections

  • inyt.exe.manifest
    .xml
  • pubmod.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    00b621b6342f7ef7fc3bfa73a2cdeddc


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • yt.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    5ddf08cdd83e6433fc7ac662c0f9997e


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Acknowledgements.txt
  • AsyncOps.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • AxInterop.WMPLib.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Bass.Net.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • FLVmovie.DLL
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Interop.QuartzTypeLib.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Interop.WMPLib.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • IrisSkin2.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Lang/English.lang
  • Settings.xml
  • SteelBlue.ssk
  • Translator.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Uninst.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • $PLUGINSDIR/Processes.dll
    .dll windows:4 windows x86 arch:x86

    f5edecae12589e705677a6e272ad0394


    Headers

    Imports

    Exports

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • VideoEditorMaster.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • VideoEditorMaster.xml
  • asfbin.exe
    .exe windows:4 windows x86 arch:x86

    8b42065943351bb7e7ec08899b0bfa64


    Headers

    Imports

    Sections

  • asfcut.exe
    .exe windows:4 windows x86 arch:x86

    357612c96da940893e10c5238d2d0ea6


    Headers

    Imports

    Sections

  • bass.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • bass_fx.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • basswma.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • license.txt
  • mpgtx.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • tools/register.exe
    .exe windows:4 windows x86 arch:x86

    492138ce5716142bee4b8c6ddf19a2c0


    Headers

    Imports

    Sections

  • tools/register_y.exe
    .exe windows:4 windows x86 arch:x86

    492138ce5716142bee4b8c6ddf19a2c0


    Headers

    Imports

    Sections