60705266b6a77da87fb389e0707f3931_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

60705266b6a77da87fb389e0707f3931_JaffaCakes118
Size

1.3MB
MD5

60705266b6a77da87fb389e0707f3931
SHA1

c32198d1ee3c5079ec87d3ad895a35d962a5ccca
SHA256

b7a8eb94b10be84cc563b2d2b38bc5e8f2b0f23d2dd749caf9c33eedb89573fa
SHA512

b52326e11044142d479a67e1d49815ebe7800d72871acc6396d8d6a6899b0cbabec2fb3954dacba427f9a42fa09416834dfb992bc87e68175bbd8f84b0b615fa
SSDEEP

24576:TIyebVG5nrzwKmQ8xZYqp891NDSGbXRx27g4WYKEA:QqfzmSqp89HDdOg4yEA

Score

1^/10

Malware Config

Signatures

Files

60705266b6a77da87fb389e0707f3931_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f28caae55a338c3f0b03d8b870573791

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/02/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d7:88:a7:1f:db:79:e9:d4:d1:f6:c3:1e:d7:f3:63:e3:30:8a:c0:46:9a:05:1d:ed:13:3f:97:fa:38:16:67:ac
Signer

Actual PE Digest

d7:88:a7:1f:db:79:e9:d4:d1:f6:c3:1e:d7:f3:63:e3:30:8a:c0:46:9a:05:1d:ed:13:3f:97:fa:38:16:67:ac

Digest Algorithm

sha256

PE Digest Matches

true

0e:f6:30:28:e3:3e:82:20:39:db:55:97:70:45:4c:77:b2:88:f5:5b
Signer

Actual PE Digest

0e:f6:30:28:e3:3e:82:20:39:db:55:97:70:45:4c:77:b2:88:f5:5b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\rdm\projects\57294\chrome\src\out\Release_x86\initialexe\QQBrowser.exe.pdb

Imports

chrome_elf

GetInstallDetailsPayload
SignalChromeElf
SignalInitializeCrashReporting

advapi32

GetSecurityInfo
SetEntriesInAclW
SetThreadToken
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
TraceEvent
ConvertSidToStringSidW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
GetTokenInformation
RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
CreateProcessAsUserW
SystemFunction036
EventUnregister
EventRegister
EventWrite
GetAce
GetKernelObjectSecurity
GetLengthSid
GetSecurityDescriptorSacl
SetKernelObjectSecurity
SetTokenInformation
SetSecurityInfo
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RevertToSelf
RegDisablePredefinedCache
CopySid
CreateWellKnownSid
CreateRestrictedToken
DuplicateToken
DuplicateTokenEx
EqualSid
LookupPrivilegeValueW

kernel32

GetThreadId
IsDebuggerPresent
GetCurrentProcess
TerminateProcess
GetVersionExW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryW
GetLastError
SetLastError
CreateEventW
WaitForMultipleObjects
GetCurrentThreadId
DuplicateHandle
WaitForSingleObject
GetProcessId
SetCurrentDirectoryW
FindClose
FindFirstFileW
InitializeCriticalSectionAndSpinCount
FreeLibrary
LoadLibraryExW
LocalAlloc
LocalFree
VirtualAlloc
VirtualFree
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
ReadFile
CloseHandle
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateDirectoryW
WriteFile
GetTempPathW
DecodePointer
RaiseException
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
DeleteCriticalSection
GetModuleHandleExW
GetTickCount
LoadResource
LockResource
SizeofResource
FindResourceW
ResumeThread
CreateProcessW
VirtualAllocEx
VirtualProtectEx
VirtualQueryEx
ReadProcessMemory
WriteProcessMemory
GetCurrentThread
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualProtect
VirtualQuery
ReleaseSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
Sleep
SetEvent
SetFilePointerEx
lstrlenW
GetSystemInfo
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetProcessTimes
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlCaptureContext
SetUnhandledExceptionFilter
OpenThread
InitializeCriticalSection
HeapCreate
GetLocalTime
GetCurrentDirectoryW
FormatMessageA
SetThreadPriority
QueryThreadCycleTime
QueryPerformanceFrequency
GetThreadPriority
QueryPerformanceCounter
GetCommandLineW
GetModuleHandleA
FindFirstFileExW
FindNextFileW
GetFileAttributesW
FlushFileBuffers
GetUserDefaultLangID
AcquireSRWLockExclusive
QueryDosDeviceW
GetLongPathNameW
GetNativeSystemInfo
RtlUnwind
CreateThread
GetWindowsDirectoryW
RegisterWaitForSingleObject
UnregisterWaitEx
TlsGetValue
SetEnvironmentVariableW
GetEnvironmentVariableW
RtlCaptureStackBackTrace
TlsSetValue
TlsAlloc
TlsFree
HeapSetInformation
WakeAllConditionVariable
WakeConditionVariable
SleepConditionVariableSRW
ResetEvent
SetInformationJobObject
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
OutputDebugStringW
TerminateJobObject
GetUserDefaultLCID
AssignProcessToJobObject
GetFileType
SetHandleInformation
ProcessIdToSessionId
GetProcessHandleCount
GetProcessHeaps
SignalObjectAndWait
CreateMutexW
VirtualFreeEx
CreateJobObjectW
CreateNamedPipeW
CreateRemoteThread
DebugBreak
SearchPathW
LoadLibraryExA
GetCPInfo
GetLocaleInfoW
LCMapStringW
EncodePointer
GetStringTypeW
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
WaitForSingleObjectEx
GetDriveTypeW
GetConsoleCP
GetConsoleMode
GetFullPathNameW
SetStdHandle
GetStdHandle
GetACP
ReadConsoleW
IsValidLocale
EnumSystemLocalesW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
ExitProcess

psapi

QueryWorkingSetEx
GetMappedFileNameW

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW
SHGetKnownFolderPath
SHGetFolderPathW

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathFindFileNameW
PathMatchSpecW
PathCombineW

user32

SetProcessDPIAware
PostMessageW
KillTimer
SetWindowLongW
SetProcessWindowStation
CreateWindowExW
RegisterClassExW
UnregisterClassW
PostQuitMessage
TranslateMessage
GetQueueStatus
MsgWaitForMultipleObjectsEx
PeekMessageW
GetUserObjectInformationW
GetProcessWindowStation
CreateWindowStationW
GetThreadDesktop
CreateDesktopW
CloseWindowStation
DestroyWindow
CloseDesktop
GetWindowLongW
DefWindowProcW
DispatchMessageW
SetTimer

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod

Exports

Exports

GetHandleVerifier
GetProcessScope
IsOurCrashExit
IsSandboxedProcess
QBRtLoggerRW
SetCustomInfo
SetUnexpectedExit
ZombieReport

Sections

.text
Size: 530KB - Virtual size: 529KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 535KB - Virtual size: 535KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f28caae55a338c3f0b03d8b870573791

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

d7:88:a7:1f:db:79:e9:d4:d1:f6:c3:1e:d7:f3:63:e3:30:8a:c0:46:9a:05:1d:ed:13:3f:97:fa:38:16:67:acSigner

0e:f6:30:28:e3:3e:82:20:39:db:55:97:70:45:4c:77:b2:88:f5:5bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

chrome_elf

advapi32

kernel32

psapi

shell32

shlwapi

user32

version

winmm

Exports

Exports

Sections

.text Size: 530KB - Virtual size: 529KB

.rdata Size: 173KB - Virtual size: 173KB

.data Size: 6KB - Virtual size: 30KB

.didat Size: 512B - Virtual size: 16B

.rsrc Size: 535KB - Virtual size: 535KB

.reloc Size: 24KB - Virtual size: 23KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

d7:88:a7:1f:db:79:e9:d4:d1:f6:c3:1e:d7:f3:63:e3:30:8a:c0:46:9a:05:1d:ed:13:3f:97:fa:38:16:67:ac
Signer

0e:f6:30:28:e3:3e:82:20:39:db:55:97:70:45:4c:77:b2:88:f5:5b
Signer

.text
Size: 530KB - Virtual size: 529KB

.rdata
Size: 173KB - Virtual size: 173KB

.data
Size: 6KB - Virtual size: 30KB

.didat
Size: 512B - Virtual size: 16B

.rsrc
Size: 535KB - Virtual size: 535KB

.reloc
Size: 24KB - Virtual size: 23KB