General

  • Target

    c265e61a6eaea75fe9c92d0f7a21fc85_JaffaCakes118

  • Size

    5.0MB

  • MD5

    c265e61a6eaea75fe9c92d0f7a21fc85

  • SHA1

    3df04fefe006c621b0fbb3a2846d446249d7e365

  • SHA256

    8d64b90b5331eadd4ef5adfb7bea163d7f8249a13f0853775a9dc7d9e74eafc8

  • SHA512

    2825356bc835677c16809ebb778a005fd494f6cd80edb684f1818b44d6c56b4fe9a08a7f78976b55db55367020fa9d58be6f0b09b26955303fdf714912cb222e

  • SSDEEP

    98304:9mRP0OQv9L63RrLrmH/5cOub8QdXkbsPSyl0+AQ1UVHOtkFD+yWV:9o0Zv9L8RPrmBctTdUubl+BO6m

Score
3/10

Malware Config

Signatures

  • Unsigned PE 3 IoCs

    Checks for missing Authenticode signature.

Files

  • c265e61a6eaea75fe9c92d0f7a21fc85_JaffaCakes118
    .rar
  • YoudaoDict_crsky.exe
    .exe windows:5 windows x86 arch:x86

    d733325afb1b78a1866016af1f6cd3a8


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:5 windows x86 arch:x86

    daeb419961fa3d87aec2a1a0b184db31


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:5 windows x86 arch:x86

    19d495625761b79bb8b4780e741799e7


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/YNote.bmp
  • $PLUGINSDIR/YNote_title.bmp
  • $PLUGINSDIR/bind_softs.ini
  • $PLUGINSDIR/finish.ini
  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/pagerank.ini
  • $PLUGINSDIR/rank.bmp
  • $PLUGINSDIR/seperator.bmp
  • $PLUGINSDIR/toolbar.bmp
  • $PLUGINSDIR/toolbar.ini
  • Acrobat2Dict.dll
    .dll windows:4 windows x86 arch:x86

    b877d2c587cc21b5ef78cc49b3437765


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • CrashRpt.dll
    .dll windows:4 windows x86 arch:x86

    74f47d16cc068c466ea9ae91a5127220


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • InstallDaemon.exe
    .exe windows:4 windows x86 arch:x86

    c0b52519edc0f9be7227fa6de1d2b97c


    Code Sign

    Headers

    Imports

    Sections

  • Monitor.exe
    .exe windows:4 windows x86 arch:x86

    9268eae40d253bd9a4d344ddb8798c92


    Code Sign

    Headers

    Imports

    Sections

  • RunDict.exe
    .exe windows:4 windows x86 arch:x86

    ba3c57996e62ecc8831a347a3a7f6d8e


    Code Sign

    Headers

    Imports

    Sections

  • TextExtractorImpl32.dll
    .dll windows:4 windows x86 arch:x86

    acc7f8c67a21f11be66b2e67d90d3d83


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • TextExtractorImpl64.dll
    .dll windows:4 windows x64 arch:x64

    0e1bbe5190de624cba33f93f606869e9


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • WordBook.exe
    .exe windows:4 windows x86 arch:x86

    35fb44b624ad6de813aed3379757a719


    Code Sign

    Headers

    Imports

    Sections

  • WordStrokeHelper32.dll
    .dll windows:4 windows x86 arch:x86

    a2d0b7a5781fb0e6326a94438a308b8d


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • WordStrokeHelper64.dll
    .dll windows:4 windows x64 arch:x64

    1a4ade3135f2089c66ba13c070859e4a


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • XDLL.dll
    .dll windows:4 windows x86 arch:x86

    9e8058925874b5895a5f32a10766448c


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • YDChromeTextExtractor.crx
    .zip
  • background.html
    .html .js polyglot
  • flg.txt
  • lookup.js
    .js
  • manifest.json
  • YodaoDict.api
    .dll windows:4 windows x86 arch:x86

    ec28fc66dbc45c1019bb4d0323b57017


    Headers

    Imports

    Exports

    Sections

  • YodaoDict.exe
    .exe windows:4 windows x86 arch:x86

    57051d1bacf0fdfd2f8bd43807b54972


    Code Sign

    Headers

    Imports

    Sections

  • YoudaoEH.exe
    .exe windows:4 windows x64 arch:x64

    ca38dce91b10117426098a1567acc843


    Code Sign

    Headers

    Imports

    Sections

  • YoudaoGetWord32.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    37c2ae7d9c47c90441fd867b1fb5b4ec


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • YoudaoGetWord64.dll
    .dll regsvr32 windows:4 windows x64 arch:x64

    efcd6f518c1f9842fe7bfdead3ea3c4c


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • YoudaoToolbar.exe
    .exe windows:4 windows x86 arch:x86

    d41f6916c67deb6700bca7b213657b0b


    Code Sign

    Headers

    Imports

    Sections

  • YoudaoWSH.exe
    .exe windows:4 windows x64 arch:x64

    f879bd5cee2f6202714e70d004c67c08


    Code Sign

    Headers

    Imports

    Sections

  • default_config.ini
  • dictcn.db
  • dicten.db
  • intro/images/arrow.png
    .png
  • intro/images/dot.gif
    .gif
  • intro/images/sprite.jpg
    .jpg
  • intro/images/topbar_step_arrow.png
    .png
  • intro/images/topbar_step_bg.png
    .png
  • intro/page_01_1.swf
  • intro/pre.html
    .html .js polyglot
  • intro/step1.html
    .js
  • intro/step2.html
    .js
  • intro/step3.html
    .html .js polyglot
  • intro/style.css
  • res/extensions/firefox/chrome.manifest
  • res/extensions/firefox/chrome/content/getword.js
    .js
  • res/extensions/firefox/chrome/content/test.xul
    .xml
  • res/extensions/firefox/components/FF4GetWordHelper.dll
    .dll windows:5 windows x86 arch:x86

    e029131a975903b058c446dd0acc1411


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • res/extensions/firefox/components/comp.xpt
  • res/extensions/firefox/install.rdf
    .xml
  • res/faq.html
  • res/images/image-q1-2.gif
  • res/images/image-q3-11.gif
  • res/images/image-q3-21.gif
    .gif
  • res/images/laba1.gif
    .gif
  • res/images/title_back.gif
    .gif
  • res/style/global.css
    .ps1
  • res/style/updater.css
  • res/updater.xsl
    .xml
  • resultui/adv.html
    .html .js polyglot
  • resultui/commonfile.xsl
  • resultui/css/base.css
  • resultui/css/default.css
  • resultui/css/loading.gif
    .gif
  • resultui/css/mini.css
  • resultui/css/new-sprite.png
    .png
  • resultui/css/play.png
    .png
  • resultui/css/stroke.css
  • resultui/exampleresult.xsl
  • resultui/images/NowWaiting/IMG00000.bmp
  • resultui/images/NowWaiting/IMG00001.bmp
  • resultui/images/NowWaiting/IMG00002.bmp
  • resultui/images/NowWaiting/IMG00003.bmp
  • resultui/images/NowWaiting/IMG00004.bmp
  • resultui/images/NowWaiting/IMG00005.bmp
  • resultui/images/NowWaiting/IMG00006.bmp
  • resultui/images/NowWaiting/IMG00007.bmp
  • resultui/images/OffLine.jpg
    .jpg
  • resultui/images/back.png
    .png
  • resultui/images/background.png
    .png
  • resultui/images/baike.jpg
    .jpg
  • resultui/images/cidian_aqurebutton_close.gif
    .gif
  • resultui/images/cidian_aqurebutton_open.gif
    .gif
  • resultui/images/cidian_point_empty.gif
    .gif
  • resultui/images/cidian_point_solid.gif
    .gif
  • resultui/images/confirm.png
    .png
  • resultui/images/displaypoint.gif
    .gif
  • resultui/images/dont-remember.png
    .png
  • resultui/images/earthpic.jpg
    .jpg
  • resultui/images/examples.jpg
    .jpg
  • resultui/images/forget-disable.png
    .png
  • resultui/images/forget.png
    .png
  • resultui/images/forget2.png
    .png
  • resultui/images/graypoint.gif
    .gif
  • resultui/images/graypointpoint.gif
    .gif
  • resultui/images/loading.gif
    .gif
  • resultui/images/logo.gif
    .gif
  • resultui/images/logo.png
    .png
  • resultui/images/mask.png
    .png
  • resultui/images/newfeaturepic.gif
    .gif
  • resultui/images/next.png
    .png
  • resultui/images/next2.png
    .png
  • resultui/images/nomemtime.png
    .png
  • resultui/images/nomemword.png
    .png
  • resultui/images/nosound.GIF
    .gif
  • resultui/images/notebook-bg.png
    .png
  • resultui/images/noword.png
    .png
  • resultui/images/outlink.gif
    .gif
  • resultui/images/phonetic-down.png
    .png
  • resultui/images/phonetic-hover.png
    .png
  • resultui/images/phonetic.png
    .png
  • resultui/images/pre.png
    .png
  • resultui/images/pre2.png
    .png
  • resultui/images/prev.png
    .png
  • resultui/images/remember-disable.png
    .png
  • resultui/images/remember.png
    .png
  • resultui/images/remember2.png
    .png
  • resultui/images/right-top-sprite.png
    .png
  • resultui/images/sound.png
    .png
  • resultui/images/submitbutton.gif
    .gif
  • resultui/images/voice.png
    .png
  • resultui/images/voice.swf
  • resultui/images/welcome-down.png
    .png
  • resultui/images/welcome-hover.png
    .png
  • resultui/images/welcome.png
    .png
  • resultui/index.html
    .html
  • resultui/index/css/index.css
  • resultui/index/css/index/Thumbs.db
  • resultui/index/css/index/button.png
    .png
  • resultui/index/css/index/button_down.png
    .png
  • resultui/index/css/index/button_hover.png
    .png
  • resultui/index/css/index/down.png
    .png
  • resultui/index/css/index/hover.png
    .png
  • resultui/index/css/index/index.png
    .png
  • resultui/index/css/index/index_split.png
    .png
  • resultui/index/css/index/new.png
    .png
  • resultui/index/css/index/original_sound.png
    .png
  • resultui/index/css/index/right.png
    .png
  • resultui/index/css/index/wrong.png
    .png
  • resultui/index/images/baike.jpg
    .jpg
  • resultui/index/images/examples.jpg
    .jpg
  • resultui/index/index4.html
    .js
  • resultui/index/js/index.js
    .js
  • resultui/index/js/jquery.min.js
    .js
  • resultui/index/js/jquery.pngFix.js
    .js
  • resultui/index/js/loadEveryDayEnglish.js
    .js
  • resultui/index/lj.html
    .html
  • resultui/index/wiki.html
    .html
  • resultui/index3.html
    .html .js polyglot
  • resultui/instantresult.xsl
  • resultui/js/J.js
    .js
  • resultui/js/default.js
    .js
  • resultui/js/jquery.min.js
    .js
  • resultui/js/jquery.pngFix.js
    .js
  • resultui/js/swfobject.js
    .js
  • resultui/js/tipArrows.js
    .js
  • resultui/js/ugc.js
    .js
  • resultui/js/ui.js
    .js
  • resultui/lj.html
    .html
  • resultui/miniresult.html
    .js
  • resultui/miniresult.xsl
    .xml
  • resultui/property.ini
  • resultui/queryresult.html
    .js
  • resultui/result.xsl
  • resultui/scripts/J.js
    .js
  • resultui/scripts/main.js
    .js
  • resultui/smartresult.html
    .html
  • resultui/smartresult.xsl
  • resultui/ss_dict.xsl
  • resultui/strksrchresult.html
    .html .js polyglot
  • resultui/verifycode.html
    .js
  • resultui/wbblank.html
  • resultui/wbbrowser.html
  • resultui/wbfinish.html
  • resultui/wbreview.html
  • resultui/wbwelcome.html
    .html
  • resultui/wiki.html
    .html
  • resultui/wikiresult.xsl
  • skins/Loading/IMG00000.bmp
  • skins/Loading/IMG00001.bmp
  • skins/Loading/IMG00002.bmp
  • skins/Loading/IMG00003.bmp
  • skins/Loading/IMG00004.bmp
  • skins/Loading/IMG00005.bmp
  • skins/Loading/IMG00006.bmp
  • skins/Loading/IMG00007.bmp
  • skins/Loading/IMG00008.bmp
  • skins/Loading/IMG00009.bmp
  • skins/Loading/IMG00010.bmp
  • skins/Loading/IMG00011.bmp
  • skins/default.css
  • skins/default.png
    .png
  • skins/new-year/Loading/IMG00000.bmp
  • skins/new-year/Loading/IMG00001.bmp
  • skins/new-year/Loading/IMG00002.bmp
  • skins/new-year/Loading/IMG00003.bmp
  • skins/new-year/Loading/IMG00004.bmp
  • skins/new-year/Loading/IMG00005.bmp
  • skins/new-year/Loading/IMG00006.bmp
  • skins/new-year/Loading/IMG00007.bmp
  • skins/new-year/Loading/IMG00008.bmp
  • skins/new-year/Loading/IMG00009.bmp
  • skins/new-year/Loading/IMG00010.bmp
  • skins/new-year/Loading/IMG00011.bmp
  • skins/new-year/new-year-index/button.png
    .png
  • skins/new-year/new-year-index/button_down.png
    .png
  • skins/new-year/new-year-index/button_hover.png
    .png
  • skins/new-year/new-year-index/down.png
    .png
  • skins/new-year/new-year-index/hover.png
    .png
  • skins/new-year/new-year-index/index.css
  • skins/new-year/new-year-index/index.png
    .png
  • skins/new-year/new-year-index/index_split.png
    .png
  • skins/new-year/new-year-index/new.png
    .png
  • skins/new-year/new-year-index/original_sound.png
    .png
  • skins/new-year/new-year-index/right.png
    .png
  • skins/new-year/new-year-index/wrong.png
    .png
  • skins/new-year/new-year.bmp
  • skins/new-year/new-year.css
  • skins/new-year/new-year.png
    .png
  • skins/new-year/new-year.xml
  • skins/wb.bmp
  • skins/win7-default.bmp
  • skins/win7-default.xml
  • skins/xinchun/Loading/IMG00000.bmp
  • skins/xinchun/Loading/IMG00001.bmp
  • skins/xinchun/Loading/IMG00002.bmp
  • skins/xinchun/Loading/IMG00003.bmp
  • skins/xinchun/Loading/IMG00004.bmp
  • skins/xinchun/Loading/IMG00005.bmp
  • skins/xinchun/Loading/IMG00006.bmp
  • skins/xinchun/Loading/IMG00007.bmp
  • skins/xinchun/Loading/IMG00008.bmp
  • skins/xinchun/Loading/IMG00009.bmp
  • skins/xinchun/Loading/IMG00010.bmp
  • skins/xinchun/Loading/IMG00011.bmp
  • skins/xinchun/xinchun-index/Thumbs.db
  • skins/xinchun/xinchun-index/button.png
    .png
  • skins/xinchun/xinchun-index/button_down.png
    .png
  • skins/xinchun/xinchun-index/button_hover.png
    .png
  • skins/xinchun/xinchun-index/down.png
    .png
  • skins/xinchun/xinchun-index/hover.png
    .png
  • skins/xinchun/xinchun-index/index.css
  • skins/xinchun/xinchun-index/index.png
    .png
  • skins/xinchun/xinchun-index/index_split.png
    .png
  • skins/xinchun/xinchun-index/new.png
    .png
  • skins/xinchun/xinchun-index/original_sound.png
    .png
  • skins/xinchun/xinchun-index/right.png
    .png
  • skins/xinchun/xinchun-index/wrong.png
    .png
  • skins/xinchun/xinchun.bmp
  • skins/xinchun/xinchun.css
  • skins/xinchun/xinchun.png
    .png
  • skins/xinchun/xinchun.xml
  • skins/xp-blue/Loading/IMG00000.bmp
  • skins/xp-blue/Loading/IMG00001.bmp
  • skins/xp-blue/Loading/IMG00002.bmp
  • skins/xp-blue/Loading/IMG00003.bmp
  • skins/xp-blue/Loading/IMG00004.bmp
  • skins/xp-blue/Loading/IMG00005.bmp
  • skins/xp-blue/Loading/IMG00006.bmp
  • skins/xp-blue/Loading/IMG00007.bmp
  • skins/xp-blue/Loading/IMG00008.bmp
  • skins/xp-blue/Loading/IMG00009.bmp
  • skins/xp-blue/Loading/IMG00010.bmp
  • skins/xp-blue/Loading/IMG00011.bmp
  • skins/xp-blue/xp-blue-index/button.png
    .png
  • skins/xp-blue/xp-blue-index/button_down.png
    .png
  • skins/xp-blue/xp-blue-index/button_hover.png
    .png
  • skins/xp-blue/xp-blue-index/down.png
    .png
  • skins/xp-blue/xp-blue-index/hover.png
    .png
  • skins/xp-blue/xp-blue-index/index.css
  • skins/xp-blue/xp-blue-index/index.png
    .png
  • skins/xp-blue/xp-blue-index/index_split.png
    .png
  • skins/xp-blue/xp-blue-index/new.png
    .png
  • skins/xp-blue/xp-blue-index/original_sound.png
    .png
  • skins/xp-blue/xp-blue-index/right.png
    .png
  • skins/xp-blue/xp-blue-index/wrong.png
    .png
  • skins/xp-blue/xp-blue.bmp
  • skins/xp-blue/xp-blue.css
  • skins/xp-blue/xp-blue.png
    .png
  • skins/xp-blue/xp-blue.xml
  • skins/xp-cute/Loading/IMG00000.bmp
  • skins/xp-cute/Loading/IMG00001.bmp
  • skins/xp-cute/Loading/IMG00002.bmp
  • skins/xp-cute/Loading/IMG00003.bmp
  • skins/xp-cute/Loading/IMG00004.bmp
  • skins/xp-cute/Loading/IMG00005.bmp
  • skins/xp-cute/Loading/IMG00006.bmp
  • skins/xp-cute/Loading/IMG00007.bmp
  • skins/xp-cute/Loading/IMG00008.bmp
  • skins/xp-cute/Loading/IMG00009.bmp
  • skins/xp-cute/Loading/IMG00010.bmp
  • skins/xp-cute/Loading/IMG00011.bmp
  • skins/xp-cute/xp-cute-index/button.png
    .png
  • skins/xp-cute/xp-cute-index/button_down.png
    .png
  • skins/xp-cute/xp-cute-index/button_hover.png
    .png
  • skins/xp-cute/xp-cute-index/down.png
    .png
  • skins/xp-cute/xp-cute-index/hover.png
    .png
  • skins/xp-cute/xp-cute-index/index.css
  • skins/xp-cute/xp-cute-index/index.png
    .png
  • skins/xp-cute/xp-cute-index/index_split.png
    .png
  • skins/xp-cute/xp-cute-index/new.png
    .png
  • skins/xp-cute/xp-cute-index/original_sound.png
    .png
  • skins/xp-cute/xp-cute-index/right.png
    .png
  • skins/xp-cute/xp-cute-index/wrong.png
    .png
  • skins/xp-cute/xp-cute.bmp
  • skins/xp-cute/xp-cute.css
  • skins/xp-cute/xp-cute.png
    .png
  • skins/xp-cute/xp-cute.xml
  • skins/xp-default.bmp
  • skins/xp-default.xml
  • uninst.exe.nsis
  • versions.xml
  • 新云软件.url
    .url