General

  • Target

    0ea029ddc6e0fd91a42f87d5313498ab_JaffaCakes118

  • Size

    7.3MB

  • MD5

    0ea029ddc6e0fd91a42f87d5313498ab

  • SHA1

    8562130191ce59575e53bbd6ab39e2c66d82998c

  • SHA256

    b7c782895eab0b5d9609affee7f8eb97812a3fc872ced8d46d904b5280c7a80a

  • SHA512

    55274f33cbed3f55b55a7d86f1380fde627fe7a2429f399a8d0e042a375e558f9848d03bfb56ba6ae326f3e1326b683ce0b0e1281e916260fab076188d8f1ca5

  • SSDEEP

    196608:FGH7x4Ar254tQEOD3YdPlDkpA3yn3MrN1Au:C7zrO4pOTEPlDk6ycxL

Score
3/10

Malware Config

Signatures

  • Unsigned PE 44 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 8 IoCs

Files

  • 0ea029ddc6e0fd91a42f87d5313498ab_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Headers

    Imports

    Sections

  • $PLUGINSDIR/ExecDos.dll
    .dll windows:4 windows x86 arch:x86

    2dfc6a992d004b736e85c64219a88b4a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/iOClean.ini
  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $TEMPImg/Installer.exe
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Headers

    Imports

    Sections

  • $PLUGINSDIR/ExecDos.dll
    .dll windows:4 windows x86 arch:x86

    2dfc6a992d004b736e85c64219a88b4a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $TEMPImg/AskInstallChecker-1.5.0.0.exe
    .exe windows:5 windows x86 arch:x86

    66c8920bc3035d736f66f927d463ca2b


    Code Sign

    Headers

    Imports

    Sections

  • $TEMPImg/FVM.exe
    .exe windows:4 windows x86 arch:x86

    81638d02019c0bfcaaf23a9c69f2f12c


    Code Sign

    Headers

    Imports

    Sections

  • $TEMPImg/PazeraToolbar.exe
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/CABSetup.dll
    .dll windows:4 windows x86 arch:x86

    5070fa13a62547a5beae58004a204cbb


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InetLoad.dll
    .dll windows:4 windows x86 arch:x86

    24a4a671f5cc294ce3543d18a1e873cd


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    57354bdeea3dfae6e948101add87501a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ScrollLicense.dll
    .dll windows:4 windows x86 arch:x86

    674bbf1e72dbf6f2664d8aea288261e0


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    4ec328f99bdd944fc98d8a5cf11f7a62


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UserInfo.dll
    .dll windows:4 windows x86 arch:x86

    48cfa0ea7e353e4a7dd23572da8374ef


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/dca.ini
  • $PLUGINSDIR/frtb_static_files.cab
    .cab
  • Helper.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    34a3df05d2cc08ee3da4457ce628c357


    Headers

    Imports

    Exports

    Sections

  • ImageConversion.dll
    .dll windows:5 windows x86 arch:x86

    44781c6895de7935eaa213d8ae356e35


    Headers

    Imports

    Exports

    Sections

  • RSSReader_plugin.dll
    .dll windows:5 windows x86 arch:x86

    a654a29e2f99af5247506fac6ee4864b


    Headers

    Imports

    Exports

    Sections

  • RadioPlugin.dll
    .dll windows:5 windows x86 arch:x86

    8e37a09dc6394fe8978f45de107c05a9


    Headers

    Imports

    Exports

    Sections

  • SearchComponent.dll
    .dll windows:5 windows x86 arch:x86

    6299116dafc34c4ef19d19e43b8d6694


    Headers

    Imports

    Exports

    Sections

  • Toolbar.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    be7add6560b15c5bc3f7a0b1f583a08e


    Headers

    Imports

    Exports

    Sections

  • TroubleShooter.exe
    .exe windows:5 windows x86 arch:x86

    7e560e1cf79aa015363d94a640ecdbbb


    Headers

    Imports

    Sections

  • aboutTabs.7.js
    .js
  • aboutTabs.8.js
    .js
  • audio.bmp
  • banner_container.html
    .html .js polyglot
  • blockcursor.cur
  • blocksound.wav
  • bookmark_off.bmp
  • bookmark_on.bmp
  • bookmarksplugin.dll
    .dll windows:5 windows x86 arch:x86

    e563b5e0ac42ca459ba9f51cfd361743


    Headers

    Imports

    Exports

    Sections

  • bubble_permissions.html
  • build
  • caching_banner.html
    .html .js polyglot
  • chevron.bmp
  • component.xsl
  • efolder.bmp
  • email.bmp
  • email2.bmp
  • emailchecker_plugin.dll
    .dll windows:5 windows x86 arch:x86

    12417e76af468159503b8e5ed44b08c9


    Headers

    Imports

    Exports

    Sections

  • facebook.feature
  • fbrss.xsl
  • ff.xsl
  • folder.bmp
  • gedit.exe
    .exe windows:5 windows x86 arch:x86

    a795589b34089fa942ee977fd356efd0


    Headers

    Imports

    Sections

  • iefavelem.bmp
  • images/msgbox/down.gif
    .gif
  • images/msgbox/hr.bmp
  • images/msgbox/mark.png
    .png
  • images/msgbox/mark_do.png
    .png
  • images/msgbox/mark_na.png
    .png
  • images/msgbox/navbg.bmp
  • images/msgbox/refresh.png
    .png
  • images/msgbox/refresh_do.png
    .png
  • images/msgbox/refresh_na.png
    .png
  • images/msgbox/trash.png
    .png
  • images/msgbox/trash_do.png
    .png
  • images/msgbox/trash_na.png
    .png
  • images/msgbox/unmark.png
    .png
  • images/msgbox/unmark_do.png
    .png
  • images/msgbox/unmark_na.png
    .png
  • images/msgbox/up.gif
    .gif
  • images/ticker/left.gif
  • images/ticker/right.gif
  • images/weather/0.bmp
  • images/weather/1.bmp
  • images/weather/10.bmp
  • images/weather/11.bmp
  • images/weather/12.bmp
  • images/weather/13.bmp
  • images/weather/14.bmp
  • images/weather/15.bmp
  • images/weather/16.bmp
  • images/weather/17.bmp
  • images/weather/18.bmp
  • images/weather/19.bmp
  • images/weather/2.bmp
  • images/weather/20.bmp
  • images/weather/21.bmp
  • images/weather/22.bmp
  • images/weather/23.bmp
  • images/weather/24.bmp
  • images/weather/25.bmp
  • images/weather/26.bmp
  • images/weather/27.bmp
  • images/weather/28.bmp
  • images/weather/29.bmp
  • images/weather/3.bmp
  • images/weather/30.bmp
  • images/weather/31.bmp
  • images/weather/32.bmp
  • images/weather/33.bmp
  • images/weather/34.bmp
  • images/weather/35.bmp
  • images/weather/36.bmp
  • images/weather/37.bmp
  • images/weather/38.bmp
  • images/weather/39.bmp
  • images/weather/4.bmp
  • images/weather/40.bmp
  • images/weather/41.bmp
  • images/weather/42.bmp
  • images/weather/43.bmp
  • images/weather/44.bmp
  • images/weather/45.bmp
  • images/weather/46.bmp
  • images/weather/47.bmp
  • images/weather/5.bmp
  • images/weather/6.bmp
  • images/weather/7.bmp
  • images/weather/8.bmp
  • images/weather/9.bmp
  • images/weather/hr.bmp
  • images/weather/na.bmp
  • images/weather/png/0.png
    .png
  • images/weather/png/1.png
    .png
  • images/weather/png/10.png
    .png
  • images/weather/png/11.png
    .png
  • images/weather/png/12.png
    .png
  • images/weather/png/13.png
    .png
  • images/weather/png/14.png
    .png
  • images/weather/png/15.png
    .png
  • images/weather/png/16.png
    .png
  • images/weather/png/17.png
    .png
  • images/weather/png/18.png
    .png
  • images/weather/png/19.png
    .png
  • images/weather/png/2.png
    .png
  • images/weather/png/20.png
    .png
  • images/weather/png/21.png
    .png
  • images/weather/png/22.png
    .png
  • images/weather/png/23.png
    .png
  • images/weather/png/24.png
    .png
  • images/weather/png/25.png
    .png
  • images/weather/png/26.png
    .png
  • images/weather/png/27.png
    .png
  • images/weather/png/28.png
    .png
  • images/weather/png/29.png
    .png
  • images/weather/png/3.png
    .png
  • images/weather/png/30.png
    .png
  • images/weather/png/31.png
    .png
  • images/weather/png/32.png
    .png
  • images/weather/png/33.png
    .png
  • images/weather/png/34.png
    .png
  • images/weather/png/35.png
    .png
  • images/weather/png/36.png
    .png
  • images/weather/png/37.png
    .png
  • images/weather/png/38.png
    .png
  • images/weather/png/39.png
    .png
  • images/weather/png/4.png
    .png
  • images/weather/png/40.png
    .png
  • images/weather/png/41.png
    .png
  • images/weather/png/42.png
    .png
  • images/weather/png/43.png
    .png
  • images/weather/png/44.png
    .png
  • images/weather/png/45.png
    .png
  • images/weather/png/46.png
    .png
  • images/weather/png/47.png
    .png
  • images/weather/png/5.png
    .png
  • images/weather/png/6.png
    .png
  • images/weather/png/7.png
    .png
  • images/weather/png/8.png
    .png
  • images/weather/png/9.png
    .png
  • images/weather/png/na.png
    .png
  • location.xsl
  • magglass.ico
  • manage_bookmarks.html
    .html .js polyglot
  • marquee.html
  • marquee_permissions.html
  • messaging.bmp
  • minus.bmp
  • msgbox_bubble.tmpl
    .html .js polyglot
  • msgbox_openmsg.tmpl
    .html
  • msgboxplugin.dll
    .dll windows:5 windows x86 arch:x86

    f5bf42725c49d4c113e19d01bba98d36


    Headers

    Imports

    Exports

    Sections

  • offline.html
    .html .js polyglot
  • plus.bmp
  • podcast.bmp
  • podcast.xsl
  • radio.bmp
  • resize.bmp
  • rssfeed.bmp
  • search.xsl
  • skins/radio/gray03/Equalizer1.bmp
  • skins/radio/gray03/Equalizer2.bmp
  • skins/radio/gray03/Equalizer3.bmp
  • skins/radio/gray03/Equalizer4.bmp
  • skins/radio/gray03/Equalizer5.bmp
  • skins/radio/gray03/Equalizer6.bmp
  • skins/radio/gray03/btn_dropdwn_down.bmp
  • skins/radio/gray03/btn_dropdwn_over.bmp
  • skins/radio/gray03/btn_dropdwn_up.bmp
  • skins/radio/gray03/btn_max_down.bmp
  • skins/radio/gray03/btn_max_over.bmp
  • skins/radio/gray03/btn_max_up.bmp
  • skins/radio/gray03/btn_min_down.bmp
  • skins/radio/gray03/btn_min_over.bmp
  • skins/radio/gray03/btn_min_up.bmp
  • skins/radio/gray03/btn_pause_down.bmp
  • skins/radio/gray03/btn_pause_over.bmp
  • skins/radio/gray03/btn_pause_up.bmp
  • skins/radio/gray03/btn_play_down.bmp
  • skins/radio/gray03/btn_play_over.bmp
  • skins/radio/gray03/btn_play_up.bmp
  • skins/radio/gray03/btn_playcntrl_over.bmp
  • skins/radio/gray03/btn_playcntrl_up.bmp
  • skins/radio/gray03/btn_stop_down.bmp
  • skins/radio/gray03/btn_stop_over.bmp
  • skins/radio/gray03/btn_stop_up.bmp
  • skins/radio/gray03/btn_volcntrl_over.bmp
  • skins/radio/gray03/btn_volcntrl_up.bmp
  • skins/radio/gray03/playcntrl_bg.bmp
  • skins/radio/gray03/radio.bmp
  • skins/radio/gray03/radio_mask.bmp
  • skins/radio/gray03/radio_minimalized.bmp
  • skins/radio/gray03/radio_minimalized_mask.bmp
  • skins/radio/gray03/station.bmp
  • skins/radio/gray03/vol_01.bmp
  • skins/radio/gray03/vol_02.bmp
  • skins/radio/gray03/vol_03.bmp
  • skins/radio/gray03/volslide_bg.bmp
  • skins/radio/gray03/volslide_track.bmp
  • star_on.gif
    .gif
  • update_progress.html
    .html .js polyglot
  • version.txt
  • version.xsl
  • weather_bubble.tmpl
    .html .js polyglot
  • weatherplugin.dll
    .dll windows:5 windows x86 arch:x86

    36574711ddac880ec666c66830955202


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/gplunger.dll
    .dll windows:5 windows x86 arch:x86

    bb24ab9fddb167f7754f91e378a2b052


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x86 arch:x86

    053c8c5da7b5f6a2513024b82859e1b0


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsisFirewall.dll
    .dll windows:4 windows x86 arch:x86

    1a4c99175e8891c64634680f4f238d51


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/options.ini
  • $PLUGINSDIR/textreplace.dll
    .dll windows:4 windows x86 arch:x86

    c9b875d3f7604775d782afcb308d92df


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/unicode.dll
    .dll windows:4 windows x86 arch:x86

    05f29a3dc3b7096bfdca7ddbd6b47dd0


    Headers

    Imports

    Exports

    Sections

  • ToolbarUpdate.exe
    .exe windows:4 windows x86 arch:x86

    b4785ab5f09590fd79c781ce7cb4fba2


    Code Sign

    Headers

    Imports

    Sections

  • Uninst.exe.nsis
  • default.xml
    .xml
  • icons.bmp
  • images/amazon.bmp
  • images/ebay.bmp
  • images/email.bmp
  • images/email2.bmp
  • images/wikipedia.bmp
  • images/yahoo.bmp
  • localization.xml
  • patch.bat
  • settings
  • ticker.html
    .html .js polyglot
  • $TEMPImg/VerControl.exe
    .exe windows:4 windows x86 arch:x86

    514a9a1e5bae119ec76c5ca238859d46


    Headers

    Imports

    Sections

  • $TEMPImg/askToolbarInstaller-1.9.1.0.exe
    .exe windows:5 windows x86 arch:x86

    206513a2c97fa61166fe9ae13d91d955


    Code Sign

    Headers

    Imports

    Sections

  • $TEMPImg/chk.exe
    .exe windows:4 windows x86 arch:x86

    514a9a1e5bae119ec76c5ca238859d46


    Headers

    Imports

    Sections

  • $TEMPImg/vcheck.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • Uninst.exe
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Headers

    Imports

    Sections

  • $PLUGINSDIR/Processes.dll
    .dll windows:4 windows x86 arch:x86

    f5edecae12589e705677a6e272ad0394


    Headers

    Imports

    Exports

    Sections

  • $TEMPImg/ioClean.ini
  • DesktopSwitcher.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • DesktopSwitcher.url
  • Process.exe
    .exe windows:4 windows x86 arch:x86

    674ead00063f238494b4725620612b42


    Headers

    Imports

    Sections

  • Uninst.exe
    .exe windows:4 windows x86 arch:x86

    a23455b2d570c1e80b11b92360e41c00


    Headers

    Imports

    Sections

  • $PLUGINSDIR/Processes.dll
    .dll windows:4 windows x86 arch:x86

    f5edecae12589e705677a6e272ad0394


    Headers

    Imports

    Exports

    Sections

  • ds.exe
    .exe windows:4 windows x86 arch:x86

    647a88d643462b50eb88074083fd945a


    Headers

    Imports

    Sections

  • help.chm
    .chm
  • hook.dll
    .dll windows:4 windows x86 arch:x86

    6481ad9aa47e618068a4af31dfedfa6a


    Headers

    Imports

    Exports

    Sections

  • license.txt
  • manager.exe
    .exe windows:4 windows x86 arch:x86

    f4341ef38d8855c3ec2cf5aea41a445a


    Headers

    Imports

    Sections

  • tools/register.exe
    .exe windows:4 windows x86 arch:x86

    492138ce5716142bee4b8c6ddf19a2c0


    Headers

    Imports

    Sections

  • tools/register_y.exe
    .exe windows:4 windows x86 arch:x86

    492138ce5716142bee4b8c6ddf19a2c0


    Headers

    Imports

    Sections