bc7c26c2d868eea596681aec5249a3f0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bc7c26c2d868eea596681aec5249a3f0_JaffaCakes118
Size

144KB
MD5

bc7c26c2d868eea596681aec5249a3f0
SHA1

a882aac1b9bfda6c6faf6e6c7ae61320892a4795
SHA256

d34a3f2696f3d7e867825968bf2f083105e342b830f324dd91529f0919ff574e
SHA512

00531fdf683ad46f105ddedbd26ea5edcca274c721b6332c085bd9be3485df917a09d688951a12c4d743b15f0fa95b9830e19b4594ac5d14f059df61b96af104
SSDEEP

3072:12uQy5qSaZZYXAtI6jPYTzHnfb2vnBj4tsBL5a+2jfp9DR9:1tqSaZZUb6LYzHnfb2vd3avp9D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc7c26c2d868eea596681aec5249a3f0_JaffaCakes118

Files

bc7c26c2d868eea596681aec5249a3f0_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

fc62a6efa3cf9f8cf2fada09099913a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\pulse\recipes\420414592\base\googleclient\total_recall\build\release\obj\server\ssd\GoogleDesktopSSD.pdb

Imports

oleaut32

SysAllocStringLen
RegisterTypeLi
UnRegisterTypeLi
VarUI4FromStr
SafeArrayCopy
SafeArrayRedim
SafeArrayDestroy
SafeArrayCreate
VariantCopyInd
SafeArrayUnlock
SafeArrayLock
SafeArrayGetDim
SafeArrayGetUBound
SafeArrayGetLBound
VarBstrCat
SafeArrayGetVartype
LoadTypeLi
LoadRegTypeLi
SysAllocString
VariantChangeType
VariantCopy
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
SysStringLen
VariantClear
VariantInit
SysFreeString

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
StgCreateStorageEx
StgOpenStorageEx
CoTaskMemFree
StringFromGUID2
CoTaskMemRealloc
CreateStreamOnHGlobal
GetHGlobalFromStream
OleSaveToStream
WriteClassStm
OleLoadFromStream
CoTaskMemAlloc

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
OpenProcessToken
SetFileSecurityW
AddAce
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
SetNamedSecurityInfoW
GetTokenInformation
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
InitializeAcl
LookupAccountSidW
RegQueryValueExW
ConvertSidToStringSidW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey

wininet

InternetOpenA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetSetOptionW
InternetQueryOptionW
HttpSendRequestA
HttpOpenRequestA
InternetConnectA

googledesktopcommon

?CreateFingerprint@@YG_KPBEI@Z
?Qsort@@YGXPAXIIP6GHPBX1@Z@Z
?CreateFastFingerprint32@@YGIPB_W@Z
?IsBoolOptionSet@group_policy@@YG_NABV?$Setting@_N@1@@Z
?IsMachineConnected@@YGJ_N@Z
?CreateJavaFPFingerprint@@YG_KPBEII@Z
?GetExtraInfo@Url@@QBEPB_WXZ
?GetUrlPath@Url@@QBEPB_WXZ
?GetPortNumber@Url@@QBEGXZ
?GetHostName@Url@@QBEPB_WXZ
?GetScheme@Url@@QBE?AW4UrlScheme@1@XZ
??1Url@@QAE@XZ
?CrackUrl@Url@@QAE_NPB_W@Z
??0Url@@QAE@XZ
?IsPolicyControlled@SettingBase@group_policy@@QBE_NXZ
?GetIntFlag@shared_data@@YGHW4IntSharedFlags@1@@Z
?GetSetting@SettingBase@group_policy@@IBEJPAKPA_N@Z
?GetSetting@SettingBase@group_policy@@IBEJPAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@PA_N@Z
?InetGetSimpleNoResponse@@YGJPB_WG0PAXI0@Z
?AppendInformationToUrl@@YGXPAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsOS@_W@ATL@@@ATL@@@ATL@@K@Z
?IsPopAccountAllowed@group_policy@@YG_NPB_W@Z
?CheckAcceptedCn@@YGHPAXPBD@Z
?SetIntFlag@shared_data@@YGXW4IntSharedFlags@1@H@Z

kernel32

GetSystemInfo
RtlUnwind
GetACP
GetLocaleInfoA
GetVersionExA
LoadLibraryA
IsProcessorFeaturePresent
HeapDestroy
RaiseException
lstrcpynW
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrlenW
EnterCriticalSection
LeaveCriticalSection
GlobalUnlock
GlobalSize
GlobalLock
GetModuleFileNameW
lstrcmpW
FlushInstructionCache
GetCurrentProcess
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetLastError
lstrcmpiW
SetLastError
GetCurrentThreadId
GetCurrentProcessId
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
GetModuleHandleW
Sleep
WaitForSingleObject
WaitForMultipleObjects
CloseHandle
UnmapViewOfFile
SetEvent
MapViewOfFile
CreateFileMappingW
CreateFileW
CreateEventW
SetThreadLocale
GetThreadLocale
LocalFree
WideCharToMultiByte
FormatMessageW
lstrlenA
VirtualFree
VirtualProtect
VirtualAlloc
GetProcAddress
CreateThread
MoveFileExW
SetFileAttributesW
DeleteFileW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
GetStringTypeExW
SetFilePointer
RemoveDirectoryW
FindClose
FindFirstFileW
GetTickCount
ResumeThread
OpenProcess
CreateProcessW
CreateDirectoryW
GetFileAttributesExW
GetCommandLineW
ExitProcess
InterlockedCompareExchange
ReadFile
GetFileSize
FlushFileBuffers
LoadLibraryW
ReadProcessMemory
SetErrorMode
TerminateThread
HeapSize
CreateMutexW
ReleaseMutex
TryEnterCriticalSection
ResetEvent
GetSystemTimeAsFileTime
lstrcmpA
GetStringTypeExA
VirtualQuery
DeviceIoControl
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDriveStringsW
GetLongPathNameW
GetComputerNameW
GetTempPathW
InterlockedExchange
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
GetExitCodeThread

user32

CharUpperBuffW
CharLowerBuffW
PostThreadMessageW
MessageBoxW
SendMessageTimeoutW
SendMessageW
CharLowerW
CharNextA
UnregisterClassA
FindWindowW
SetWindowLongW
SetTimer
KillTimer
IsWindow
wvsprintfW
GetClassInfoExW
wsprintfW
LoadCursorW
DestroyWindow
DefWindowProcW
MsgWaitForMultipleObjects
PeekMessageW
PostMessageW
CallWindowProcW
GetWindowLongW
CreateWindowExW
RegisterClassExW
CharNextW

Exports

Exports

?SetFlagUnittest@StatusStore@@QAEX_N@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc62a6efa3cf9f8cf2fada09099913a1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

oleaut32

ole32

advapi32

wininet

googledesktopcommon

kernel32

user32

Exports

Exports

Sections

.text Size: 109KB - Virtual size: 108KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 109KB - Virtual size: 108KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 5KB - Virtual size: 5KB