3586efc2188538502892f5a097ec3b4e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3586efc2188538502892f5a097ec3b4e_JaffaCakes118
Size

200KB
MD5

3586efc2188538502892f5a097ec3b4e
SHA1

6443d8ef6be6f2a93b666a60a50f243cdb78c3d0
SHA256

d2b36e33d69d4ea0a757174150c4ae2a997e7d3b45ea016ba4b7553235ca2497
SHA512

7633e25abb9e1f27c90dae0e44b0bc9918c0466fca9974feebeeed4dea6b75c6e6ff438a28cec03caa1046d3e5f84d7631583fd70e744d98058383efb7b5654f
SSDEEP

3072:AGTiapwPDCZWLQQ/ye6MqInJM1SVKfeZDY9JKwxls7Jofx6xPIxK3xcu9:A7H/yXRI4eZDY9JO6fxNxK3xB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3586efc2188538502892f5a097ec3b4e_JaffaCakes118

Files

3586efc2188538502892f5a097ec3b4e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

85eeda1139037fe0ba54896b7ad8b977

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\build_server\Ci_v2_Branch\branches\ci_v2_branch\googleclient\ci\build\ship\obj\service\GoogleUpdaterService_not_signed.pdb

Imports

kernel32

GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
SetUnhandledExceptionFilter
GetCPInfo
GetOEMCP
LoadLibraryA
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
DeleteTimerQueueTimer
CreateTimerQueueTimer
lstrcmpW
DuplicateHandle
GetProcAddress
LoadLibraryW
GetCurrentThread
CreateThread
lstrcpyW
GetCurrentProcessId
CloseHandle
GetCurrentThreadId
GetVersionExA
lstrcatW
lstrcmpiW
SetProcessWorkingSetSize
CreateEventW
LockResource
GetThreadLocale
GetLastError
InterlockedExchange
RaiseException
GetTempPathW
lstrlenW
MultiByteToWideChar
GetACP
GetModuleFileNameW
lstrcpynW
GetVersionExW
SizeofResource
Sleep
OpenProcess
InitializeCriticalSection
GetModuleHandleW
SetEvent
WaitForSingleObject
GetCommandLineW
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
FindResourceExW
GetLocaleInfoA
DeleteTimerQueueEx
CreateTimerQueue
GetTempFileNameW
GetStdHandle
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualFree
HeapDestroy
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
DeleteCriticalSection
FreeEnvironmentStringsW
HeapCreate
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
RtlUnwind
GetStartupInfoW
GetModuleHandleA
GetSystemInfo
VirtualAlloc
VirtualProtect
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
SetLastError
FindFirstFileW
DeleteFileW
FindNextFileW
GetFileAttributesW
RemoveDirectoryW
GetTickCount
GetExitCodeProcess
FindClose
ResetEvent
CreateFileW
CreateProcessW
CreateMutexW
ReleaseMutex
EnterCriticalSection
LeaveCriticalSection
InterlockedCompareExchange
QueryPerformanceFrequency
QueryPerformanceCounter
VirtualQuery
GetFileAttributesExW
CopyFileW
MoveFileExW
FlushFileBuffers
SetFilePointer
WriteFile
GetSystemTimeAsFileTime
CompareFileTime
FileTimeToSystemTime
WideCharToMultiByte
GetSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
GetDateFormatW
GetTimeFormatW
ExitProcess
TerminateProcess
HeapAlloc

user32

SetTimer
CharLowerW
GetMessageW
CharNextW
wvsprintfW
KillTimer
TranslateMessage
LoadStringW
PostThreadMessageW
DispatchMessageW

ole32

CoRegisterClassObject
CoRevertToSelf
CoImpersonateClient
CoInitialize
CoRevokeClassObject
CoInitializeSecurity
StringFromGUID2
CoTaskMemRealloc
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
CoCreateInstance

oleaut32

RegisterTypeLi
SysAllocString
LoadTypeLi
UnRegisterTypeLi
SysFreeString
VarUI4FromStr

advapi32

AllocateAndInitializeSid
FreeSid
CheckTokenMembership
OpenThreadToken
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
RegSetValueExW
RegCloseKey
RegEnumKeyExW
ControlService
GetLengthSid
ReportEventW
RegisterServiceCtrlHandlerW
MakeSelfRelativeSD
GetSecurityDescriptorSacl
AddAce
InitializeSid
GetSidLengthRequired
RegOpenKeyExW
IsValidSid
GetSecurityDescriptorOwner
SetSecurityDescriptorOwner
SetServiceStatus
InitializeAcl
ChangeServiceConfigW
MakeAbsoluteSD
RegDeleteValueW
QueryServiceStatus
StartServiceW
ChangeServiceConfig2W
GetSecurityDescriptorLength
SetSecurityDescriptorDacl
RegDeleteKeyW
InitializeSecurityDescriptor
DeregisterEventSource
RegQueryInfoKeyW
RegQueryValueExW
GetSecurityDescriptorControl
RegCreateKeyExW
CopySid
GetAclInformation
OpenServiceW
SetSecurityDescriptorGroup
SetSecurityDescriptorControl
StartServiceCtrlDispatcherW
OpenSCManagerW
DeleteService
GetSidSubAuthority
CloseServiceHandle
RegisterEventSourceW
CreateServiceW

shlwapi

StrRetToStrW
SHQueryValueExW
PathFindExtensionW

crypt32

CertEnumCertificatesInStore
CryptQueryObject
CertNameToStrW
CertFreeCertificateContext
CertDuplicateCertificateContext
CertCloseStore

shell32

SHFileOperationW
SHGetFolderLocation
SHCreateDirectoryExW
SHGetDesktopFolder

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wintrust

WinVerifyTrust

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

85eeda1139037fe0ba54896b7ad8b977

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

oleaut32

advapi32

shlwapi

crypt32

shell32

version

wintrust

Sections

.text Size: 94KB - Virtual size: 93KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 74KB - Virtual size: 76KB

.text
Size: 94KB - Virtual size: 93KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 74KB - Virtual size: 76KB