D:\pulse\recipes\283718449\base\branches\ci_release_branch\googleclient\ci\build\ship\obj\service\GoogleUpdaterService_not_signed_exe.pdb
Behavioral task
behavioral1
Sample
4437183e70e2327a65f878b16cf9f357_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
4437183e70e2327a65f878b16cf9f357_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
4437183e70e2327a65f878b16cf9f357_JaffaCakes118
-
Size
317KB
-
MD5
4437183e70e2327a65f878b16cf9f357
-
SHA1
7f0333dae94d068f6537ffc20bffcd1ceb4f26f9
-
SHA256
c27790de95a711e3c184f92ed89f69d7a861b635ef71328b3c5933d44cbceffd
-
SHA512
1b776973c0f4d7caf38b731b017ae6a230b7d3710ea516aee8ccc6e2239ff2cb823ffe8e9e783b15049ef64d82311a722a3c2162fc9393856353c16d6adcf0ea
-
SSDEEP
6144:dkbHTjIubE30ZhZxbpvqwowowowowowowowowowowowowowowowowowowowowowY:dkfjIuhZj5p0RUIPIwt9RQ14YPGrmYW
Malware Config
Signatures
-
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4437183e70e2327a65f878b16cf9f357_JaffaCakes118
Files
-
4437183e70e2327a65f878b16cf9f357_JaffaCakes118.exe windows:4 windows x86 arch:x86
4a6aa184f74d3c1d08c3452152cc0d08
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
SystemTimeToTzSpecificLocalTime
lstrcmpW
DuplicateHandle
GetProcAddress
GetCurrentThread
MultiByteToWideChar
GetTempPathW
WaitForSingleObject
SetLastError
OpenProcess
InitializeCriticalSection
lstrcpynW
CloseHandle
lstrlenW
CreateThread
lstrcmpiW
FindResourceExW
CreateEventW
LoadResource
FindResourceW
LoadLibraryExW
LockResource
InterlockedIncrement
SizeofResource
SetEvent
GetLastError
InterlockedDecrement
GetCurrentThreadId
GetModuleHandleW
DeleteCriticalSection
VirtualFree
HeapCreate
RtlUnwind
GetModuleHandleA
VirtualAlloc
LoadLibraryA
GetStartupInfoW
SetUnhandledExceptionFilter
RaiseException
GetModuleFileNameW
FreeLibrary
GetCommandLineW
GetCurrentProcessId
Sleep
GetTempFileNameW
UnhandledExceptionFilter
GetLocaleInfoA
GetACP
InterlockedExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
QueryPerformanceFrequency
QueryPerformanceCounter
ResetEvent
CreateFileW
GetFileAttributesExW
FindFirstFileW
FindNextFileW
GetFileAttributesW
SetFileAttributesW
DeleteFileW
CopyFileW
MoveFileExW
GetTickCount
FlushFileBuffers
SetFilePointer
ReadFile
WriteFile
GetFileSize
GetSystemTimeAsFileTime
FindClose
FileTimeToSystemTime
CreateProcessW
GetCurrentProcess
ReleaseMutex
EnterCriticalSection
LeaveCriticalSection
InterlockedCompareExchange
CreateMutexW
RemoveDirectoryW
GetExitCodeProcess
FileTimeToLocalFileTime
GetVersionExW
WideCharToMultiByte
GetThreadLocale
GetDateFormatW
GetTimeFormatW
IsDebuggerPresent
ExitProcess
TerminateProcess
user32
UnregisterClassA
CharLowerW
CharNextW
LoadStringW
DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
KillTimer
wvsprintfW
SetTimer
ole32
CoRevertToSelf
CoCreateGuid
StringFromGUID2
CoCreateInstance
CoTaskMemRealloc
CoUninitialize
CoRegisterClassObject
CoInitializeSecurity
CoInitialize
CoRevokeClassObject
CoTaskMemAlloc
CoTaskMemFree
CoImpersonateClient
oleaut32
SysFreeString
RegisterTypeLi
SysStringLen
VarUI4FromStr
SysAllocString
LoadTypeLi
UnRegisterTypeLi
advapi32
GetSecurityDescriptorControl
GetSecurityDescriptorLength
GetSidSubAuthority
RegCloseKey
RegDeleteKeyW
MakeSelfRelativeSD
InitializeSid
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
OpenThreadToken
ControlService
SetSecurityDescriptorDacl
StartServiceW
GetSecurityDescriptorDacl
QueryServiceStatus
SetSecurityDescriptorGroup
RegSetValueExW
GetSecurityDescriptorGroup
ChangeServiceConfigW
RegCreateKeyExW
SetSecurityDescriptorOwner
OpenServiceW
GetSecurityDescriptorOwner
DeleteService
OpenSCManagerW
ChangeServiceConfig2W
CreateServiceW
IsValidSid
RegQueryInfoKeyW
SetServiceStatus
GetLengthSid
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegisterServiceCtrlHandlerW
RegEnumKeyExW
GetAclInformation
AddAce
StartServiceCtrlDispatcherW
InitializeAcl
InitializeSecurityDescriptor
MakeAbsoluteSD
SetSecurityDescriptorControl
RegOpenKeyExW
CopySid
CloseServiceHandle
GetSidLengthRequired
GetSecurityDescriptorSacl
RegQueryValueExW
RegDeleteValueW
shlwapi
StrRetToStrW
SHQueryValueExW
PathStripPathW
crypt32
CryptQueryObject
CertEnumCertificatesInStore
CertCloseStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertNameToStrW
shell32
SHGetDesktopFolder
SHCreateDirectoryExW
SHGetFolderLocation
SHFileOperationW
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
wintrust
WinVerifyTrust
Sections
.text Size: 119KB - Virtual size: 119KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 28KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UPX0 Size: 144KB - Virtual size: 380KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE