3bbb7095a387f15230ac072d9088fe20_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3bbb7095a387f15230ac072d9088fe20_JaffaCakes118
Size

241KB
MD5

3bbb7095a387f15230ac072d9088fe20
SHA1

1540317cb04dbcb2babe49ae8e63d3ed762badfa
SHA256

02d36a5627ee5a371e93cab289c58752460b3bb16a412300cc022dd4a7f4d7df
SHA512

96ac32b2b903746522b69c5899bc47324e473426e435759269e192bdbfb0096e3bf64af83dc35ad378791be82ede6545b174b8da25b0e09bcb13db3749b2b92e
SSDEEP

3072:CYIebOfrUk4qzD1YbADATsc00X5ou7oRDTEwVDxIwMKsaCnyORM0bRIYv:Tkj6bsiscN2zDIw1zsaUyORM0NIYv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3bbb7095a387f15230ac072d9088fe20_JaffaCakes118

Files

3bbb7095a387f15230ac072d9088fe20_JaffaCakes118
.exe windows:4 windows x86 arch:x86

80d5b60968553c777bb55f86951d1a35

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\pulse\recipes\420423894\base\branches\ci_release_branch\googleclient\ci\build\ship\obj\install\GoogleUpdaterInstallMgr_not_signed_exe.pdb

Imports

kernel32

SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCPInfo
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
LoadLibraryA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
FindResourceExW
LockResource
lstrlenA
GetProcAddress
LoadLibraryW
GetCurrentProcessId
InitializeCriticalSection
RaiseException
MultiByteToWideChar
GetModuleHandleW
CreateThread
LoadLibraryExW
GetCurrentThreadId
CreateEventW
Sleep
EnterCriticalSection
CloseHandle
GetLastError
WaitForSingleObject
GetModuleFileNameW
LocalFree
FindResourceW
InterlockedIncrement
FreeLibrary
lstrcpynW
lstrlenW
lstrcmpiW
GetCommandLineW
LoadResource
SetEvent
DeleteCriticalSection
SizeofResource
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
TlsFree
GetModuleFileNameA
GetStdHandle
VirtualFree
HeapCreate
RtlUnwind
GetModuleHandleA
VirtualAlloc
UnhandledExceptionFilter
GetStartupInfoW
SetUnhandledExceptionFilter
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetLocaleInfoA
GetACP
GetVersionExA
LeaveCriticalSection
InterlockedDecrement
InterlockedExchange
TlsAlloc
TlsGetValue
TlsSetValue
ResetEvent
VirtualQuery
SetLastError
GetVersionExW
GetNativeSystemInfo
GetTickCount
GetCurrentProcess
CreateFileW
ReleaseMutex
InterlockedCompareExchange
GetFileAttributesExW
WideCharToMultiByte
DeleteFileW
FlushFileBuffers
SetFilePointer
ReadFile
WriteFile
SetEndOfFile
GetFileSize
GetSystemTimeAsFileTime
GetThreadLocale
GetTempPathW
ExitProcess
IsDebuggerPresent
TerminateProcess
GlobalFree

user32

GetMessageW
CharNextW
PostThreadMessageW
DispatchMessageW
TranslateMessage
UnregisterClassA
CharUpperW
wvsprintfW
MessageBoxW

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CoResumeClassObjects
CoTaskMemAlloc
CoRevokeClassObject
CoTaskMemFree
CoTaskMemRealloc
CoRegisterClassObject
CoSuspendClassObjects
StringFromGUID2

oleaut32

SysAllocString
SysFreeString
RegisterTypeLi
UnRegisterTypeLi
SysStringLen
VarUI4FromStr
LoadTypeLi

advapi32

RegQueryInfoKeyW
MakeSelfRelativeSD
RevertToSelf
ImpersonateLoggedOnUser
RegQueryValueExW
RegOpenKeyExW
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
RegCloseKey
RegDeleteValueW
GetSecurityDescriptorGroup
RegDeleteKeyW
GetSecurityDescriptorOwner
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
GetSecurityDescriptorControl
GetSecurityDescriptorLength

shlwapi

PathAppendW
PathStripPathW
SHQueryValueExW
PathRemoveFileSpecW

iphlpapi

GetIfTable

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

80d5b60968553c777bb55f86951d1a35

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

oleaut32

advapi32

shlwapi

iphlpapi

Sections

.text Size: 88KB - Virtual size: 87KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 104KB - Virtual size: 104KB

.text
Size: 88KB - Virtual size: 87KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 104KB - Virtual size: 104KB