General

  • Target

    662d135b8fd1bce690264eec52cc5ea5_JaffaCakes118

  • Size

    6.3MB

  • MD5

    662d135b8fd1bce690264eec52cc5ea5

  • SHA1

    4b3c3ad316b8c1bb5fb91a435513f47db737156c

  • SHA256

    6e058ce4dc4d3a35811341392350c57700c10754e737daecce149f5ad17cf4f6

  • SHA512

    ae870ebd55ddf991f7c146e2dd2445ba63bc3664927e091fb1a4eac1f3f96cb6c92107f5cb35995fb4438f8c8c899dd1c2f5ce4925fac7a9fb2219e4df034a6e

  • SSDEEP

    196608:GzrjCrsnoZ2dMofpaaN6LaELMYxVBkrEoE4ClBlIGNK:GrCsi2takKMYxVBFp4esGN

Score
3/10

Malware Config

Signatures

  • Unsigned PE 15 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 4 IoCs

Files

  • 662d135b8fd1bce690264eec52cc5ea5_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    c1d02edd28ce94e699431ce65bed28ec


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/ConnectionTester.dll
    .dll windows:4 windows x86 arch:x86

    507af696c5079bf615f35c016c8c37b2


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    c4fa86e78b598d87f225e209ba30786f


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    4ec328f99bdd944fc98d8a5cf11f7a62


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/y_toolbar.exe
    .exe windows:4 windows x86 arch:x86

    18bc6fa81e19f21156316b1ae696ed6b


    Code Sign

    Headers

    Imports

    Sections

  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/LICENSE.txt
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/META-INF/manifest.mf
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/META-INF/zigbert.rsa
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/META-INF/zigbert.sf
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/chrome/ytoolbar.jar
    .zip
  • content/ytoolbar/cache/about.xul
    .xml
  • content/ytoolbar/cache/option.xul
    .xml
  • content/ytoolbar/cache/sethomepage.xul
    .js .xml polyglot
  • content/ytoolbar/cache/uninstall.xul
    .js .xml polyglot
  • content/ytoolbar/contents.rdf
  • content/ytoolbar/dialog.js
    .js
  • content/ytoolbar/dialog.xul
    .xml
  • content/ytoolbar/feedFunctions.js
    .js
  • content/ytoolbar/fileio.js
    .js
  • content/ytoolbar/globals.js
    .js
  • content/ytoolbar/history.js
    .js
  • content/ytoolbar/i18n.js
    .js
  • content/ytoolbar/installerVariables.js
    .js
  • content/ytoolbar/network.js
    .js
  • content/ytoolbar/options.js
    .js
  • content/ytoolbar/setHomepage.js
    .js
  • content/ytoolbar/toolbarBuilder.js
    .js
  • content/ytoolbar/trackinginterfaces.js
    .js
  • content/ytoolbar/uninstall.js
    .js
  • content/ytoolbar/yahoo.xml
    .js .xml polyglot
  • content/ytoolbar/ylib.js
    .js
  • content/ytoolbar/yprefs.js
    .js
  • content/ytoolbar/yrss.js
    .js
  • content/ytoolbar/ysearch-history.rdf
    .xml
  • content/ytoolbar/ytoolbarOverlay.js
    .js
  • content/ytoolbar/ytoolbarOverlay.xul
    .js .xml polyglot
  • locale/de/ytoolbar/contents.rdf
  • locale/de/ytoolbar/ytoolbar.dtd
  • locale/de/ytoolbar/ytoolbar.properties
  • locale/en-UK/ytoolbar/contents.rdf
    .xml
  • locale/en-UK/ytoolbar/ytoolbar.dtd
  • locale/en-UK/ytoolbar/ytoolbar.properties
  • locale/en-US/ytoolbar/contents.rdf
    .xml
  • locale/en-US/ytoolbar/ytoolbar.dtd
  • locale/en-US/ytoolbar/ytoolbar.properties
  • locale/es/ytoolbar/contents.rdf
    .xml
  • locale/es/ytoolbar/ytoolbar.dtd
  • locale/es/ytoolbar/ytoolbar.properties
  • locale/fr/ytoolbar/contents.rdf
  • locale/fr/ytoolbar/ytoolbar.dtd
  • locale/fr/ytoolbar/ytoolbar.properties
  • locale/kr/ytoolbar/contents.rdf
  • locale/kr/ytoolbar/ytoolbar.dtd
  • locale/kr/ytoolbar/ytoolbar.properties
  • locale/zh-HK/ytoolbar/contents.rdf
    .xml
  • locale/zh-HK/ytoolbar/ytoolbar.dtd
  • locale/zh-HK/ytoolbar/ytoolbar.properties
  • locale/zt-TW/ytoolbar/contents.rdf
  • locale/zt-TW/ytoolbar/ytoolbar.dtd
  • locale/zt-TW/ytoolbar/ytoolbar.properties
  • skin/classic/ytoolbar/05c.gif
    .gif
  • skin/classic/ytoolbar/07c.gif
    .gif
  • skin/classic/ytoolbar/08c.gif
    .gif
  • skin/classic/ytoolbar/11c.gif
    .gif
  • skin/classic/ytoolbar/18c.gif
    .gif
  • skin/classic/ytoolbar/19c.gif
    .gif
  • skin/classic/ytoolbar/50c.gif
    .gif
  • skin/classic/ytoolbar/52c.gif
    .gif
  • skin/classic/ytoolbar/MY-ff-plus.gif
    .gif
  • skin/classic/ytoolbar/chevron.gif
    .gif
  • skin/classic/ytoolbar/contents.rdf
    .xml
  • skin/classic/ytoolbar/ed.gif
    .gif
  • skin/classic/ytoolbar/logo.gif
    .gif
  • skin/classic/ytoolbar/mno2.gif
    .gif
  • skin/classic/ytoolbar/my.gif
    .gif
  • skin/classic/ytoolbar/new3.gif
    .gif
  • skin/classic/ytoolbar/option.gif
    .gif
  • skin/classic/ytoolbar/slider.gif
    .gif
  • skin/classic/ytoolbar/tot.gif
    .gif
  • skin/classic/ytoolbar/yahooicon.png
    .png
  • skin/classic/ytoolbar/yma1.gif
    .gif
  • skin/classic/ytoolbar/ytoolbar.css
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/components/nsYahooDomBuilder.idl
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/components/nsYahooDomBuilder.js
    .js
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/components/nsYahooDomBuilder.xpt
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/components/nsYahooFeedNode.idl
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/components/nsYahooFeedNode.js
    .js
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/components/nsYahooFeedNode.xpt
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/components/nsYahooFeedProcessor.idl
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/components/nsYahooFeedProcessor.js
    .js
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/components/nsYahooFeedProcessor.xpt
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/components/nsYahooHashtable.idl
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/components/nsYahooHashtable.js
    .js
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/components/nsYahooHashtable.xpt
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/defaults/preferences/yahoo.js
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/install.js
  • $3/extensions/{635abd67-4fe9-1b23-4f01-e679fa7484c1}/install.rdf
    .xml
  • $PLUGINSDIR/InetLoad.dll
    .dll windows:4 windows x86 arch:x86

    d8be1bce66a8b91950a8519f256400c0


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    57354bdeea3dfae6e948101add87501a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/MoreInfo.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    a75ed4b57a83b633f5cb5d4939d72f27


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/YDefUser.dll
    .dll windows:4 windows x86 arch:x86

    eb9b12f933fc102c731bc4f747f068e1


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/finish.ini
  • $PLUGINSDIR/fudogs_setup.exe
    .exe windows:4 windows x86 arch:x86

    18bc6fa81e19f21156316b1ae696ed6b


    Code Sign

    Headers

    Imports

    Sections

  • $2
    .dll windows:4 windows x86 arch:x86

    1efb34319c288cfb32e710058952853d


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InetLoad.dll
    .dll windows:4 windows x86 arch:x86

    d8be1bce66a8b91950a8519f256400c0


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    a75ed4b57a83b633f5cb5d4939d72f27


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsisProcMgr.dll
    .dll windows:4 windows x86 arch:x86

    c9fc7f6df8fedf8f8f1f9f820c072664


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/timet.dll
    .dll windows:4 windows x86 arch:x86

    651bc9f5d0db795bf404d577647568d4


    Headers

    Imports

    Exports

    Sections

  • Content/logoUS.png
    .png
  • Content/resourceAR.bin
  • Content/resourceAU.bin
  • Content/resourceBR.bin
  • Content/resourceCA.bin
  • Content/resourceCF.bin
  • Content/resourceDE.bin
  • Content/resourceE1.bin
  • Content/resourceES.bin
  • Content/resourceFR.bin
  • Content/resourceIN.bin
  • Content/resourceKR.bin
  • Content/resourceMX.bin
  • Content/resourcePH.bin
  • Content/resourceSG.bin
  • Content/resourceTW.bin
  • Content/resourceUK.bin
  • Content/resourceUS.bin
  • Content/resourceVN.bin
  • SearchProtection.exe
    .exe windows:4 windows x86 arch:x86

    ddd81a2c4db4daa349e5ff0b58ee136c


    Code Sign

    Headers

    Imports

    Sections

  • fdLoad.dll
    .dll windows:4 windows x86 arch:x86

    1efb34319c288cfb32e710058952853d


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • uninst_ysp.exe.nsis
  • $PLUGINSDIR/nsisProcMgr.dll
    .dll windows:4 windows x86 arch:x86

    c9fc7f6df8fedf8f8f1f9f820c072664


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/privacy.ini
  • $PLUGINSDIR/timet.dll
    .dll windows:4 windows x86 arch:x86

    651bc9f5d0db795bf404d577647568d4


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/toolbar.bmp
  • $PLUGINSDIR/welcome.ini
  • $PROGRAM_FILES/Yahoo!/Common/$PROGRAM_FILES/Yahoo!/Common/unyt.exe.nsis
  • $_31_/Data/dlg_atb.html
    .html .js polyglot
  • $_31_/Data/dlg_catb.html
    .html .js polyglot
  • $_31_/Data/dlg_cnf.html
    .html .js polyglot
  • $_31_/Data/dlg_cotb.html
    .html .js polyglot
  • $_31_/Data/dlg_ctb.html
    .html .js polyglot
  • $_31_/Data/dlg_fantip.html
    .html .js polyglot
  • $_31_/Data/dlg_fantipg.html
    .html .js polyglot
  • $_31_/Data/dlg_fintip.html
    .html .js polyglot
  • $_31_/Data/dlg_fintipg.html
    .html .js polyglot
  • $_31_/Data/dlg_grptip.html
    .html .js polyglot
  • $_31_/Data/dlg_grptipg.html
    .html .js polyglot
  • $_31_/Data/dlg_logtip.html
    .html .js polyglot
  • $_31_/Data/dlg_mailatip.html
    .html .js polyglot
  • $_31_/Data/dlg_mailtip.html
    .html .js polyglot
  • $_31_/Data/dlg_map.html
    .html
  • $_31_/Data/dlg_mlbtip.html
    .html .js polyglot
  • $_31_/Data/dlg_mlbtipg.html
    .html .js polyglot
  • $_31_/Data/dlg_msgratip.html
    .html .js polyglot
  • $_31_/Data/dlg_msgrtip.html
    .html .js polyglot
  • $_31_/Data/dlg_nbatip.html
    .html
  • $_31_/Data/dlg_nbatipg.html
    .html
  • $_31_/Data/dlg_newstip.html
    .html .js polyglot
  • $_31_/Data/dlg_newstipg.html
    .html .js polyglot
  • $_31_/Data/dlg_nfltip.html
    .html
  • $_31_/Data/dlg_nfltipg.html
    .html
  • $_31_/Data/dlg_opt.html
    .html .js polyglot
  • $_31_/Data/dlg_pub.html
    .html .js polyglot
  • $_31_/Data/dlg_srchtip.html
    .html .js polyglot
  • $_31_/Data/dlg_upg.html
    .html .js polyglot
  • $_31_/Data/dlg_wp.html
    .html .js polyglot
  • YMERemote.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    60fc59d11639941018b6f0547a2767a1


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • YPUBC.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    f063b20f8606a0032283d06ba86aaa26


    Headers

    Imports

    Exports

    Sections

  • YTAntiSpy.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    b9926d7ffd0efba81ed49dd7de4fdb2d


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • YTBM.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    387e62e2fbfe685904999456824c2bdc


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • YTMsgr.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    5fdd7a2fa0538db5d8fc3db799e8a758


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • YTabBar.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    43a74f471c917b4f8b795e72305cff53


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • inyt.exe
    .exe windows:4 windows x86 arch:x86

    1ee0c47671c74b65bc79dddfdfface52


    Code Sign

    Headers

    Imports

    Sections

  • inyt.exe.manifest
    .xml
  • pubmod.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    00b621b6342f7ef7fc3bfa73a2cdeddc


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • yt.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    5ddf08cdd83e6433fc7ac662c0f9997e


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/yset.exe
    .exe windows:4 windows x86 arch:x86

    18bc6fa81e19f21156316b1ae696ed6b


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    a75ed4b57a83b633f5cb5d4939d72f27


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/YDefUser.dll
    .dll windows:4 windows x86 arch:x86

    eb9b12f933fc102c731bc4f747f068e1


    Code Sign

    Headers

    Imports

    Exports

    Sections