c21585e334aa5b6bc7f6b4b3717e0b1c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c21585e334aa5b6bc7f6b4b3717e0b1c_JaffaCakes118
Size

260KB
MD5

c21585e334aa5b6bc7f6b4b3717e0b1c
SHA1

b7a9a518a9dbfd8186073297d59a909c0c5ea9ed
SHA256

583ae9565745d497889c04d969d082c44eed83462bc4bb8f86ed5b752e0f4892
SHA512

108b6b2f657941b2a5c0c576e7dffd4ef777e308258857640f7972608260fe368d2e1a5420383a2cb99e6de7fc10efc15c22c660099a26bb646f8dbc548f9b9f
SSDEEP

6144:OjRQ/mt6Bl/WiK2xQYLkt/t0bfLEuo01BAMaLPPqIuD:ONsmtal/q2/q0cgBAMa3qI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c21585e334aa5b6bc7f6b4b3717e0b1c_JaffaCakes118

Files

c21585e334aa5b6bc7f6b4b3717e0b1c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4fef0081a882ef983e81a765a1964b81

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\pulse\recipes\320444953\base\branches\goopy_release_branch\googleclient\ime\goopy\build\opt\obj\options\options_unsigned_exe.pdb

Imports

kernel32

LeaveCriticalSection
LoadLibraryExW
SetEvent
MultiByteToWideChar
GetCurrentThreadId
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
ReleaseMutex
GetFileAttributesW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
SetEndOfFile
CreateFileW
GetFileSize
SetFilePointer
LocalFree
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetCommandLineW
CreateMutexW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ReadFile
WriteFile
TlsFree
TlsSetValue
SizeofResource
TlsGetValue
IsValidCodePage
GetOEMCP
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapCreate
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
GetSystemTimeAsFileTime
ExitProcess
GetModuleHandleA
GetStartupInfoW
UnhandledExceptionFilter
Sleep
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
InterlockedDecrement
SetLastError
GetModuleFileNameW
FreeLibrary
WideCharToMultiByte
InitializeCriticalSection
FindResourceW
GetCommandLineA
CreateEventW
lstrcpyW
CreateThread
GetLastError
CompareStringW
RaiseException
DeleteCriticalSection
FindResourceExW
FlushInstructionCache
GetVersionExW
GetModuleHandleW
SystemTimeToTzSpecificLocalTime
LockResource
lstrcmpiW
lstrlenW
CloseHandle
EnterCriticalSection
InterlockedIncrement
WaitForSingleObject
TerminateProcess
GetTempPathA
IsDebuggerPresent
DebugBreak
GetModuleFileNameA
GetTickCount
OutputDebugStringA
GetCurrentProcessId
SetUnhandledExceptionFilter
CreateSemaphoreW
ReleaseSemaphore
GetCurrentThread
VirtualQuery
GetSystemTime
CreateProcessW
WaitForMultipleObjects
GetExitCodeProcess
LoadResource
GetCurrentProcess
TlsAlloc

user32

BeginPaint
GetParent
GetWindowTextW
SetRectEmpty
DrawFocusRect
GetWindowTextLengthW
IsDlgButtonChecked
GetCapture
EndDialog
SetCursor
SetWindowTextW
GetClassNameW
SetForegroundWindow
InvalidateRect
GetDlgItem
ReleaseDC
IsWindow
MapWindowPoints
FindWindowW
SystemParametersInfoW
PtInRect
GetWindow
MessageBeep
SetDlgItemInt
LoadCursorW
GetClientRect
GetWindowLongW
GetCursorPos
UpdateWindow
DrawTextW
MessageBoxW
EnableWindow
GetActiveWindow
CreateWindowExW
SetWindowLongW
CharNextW
GetSysColor
GetFocus
SetCapture
EndPaint
FillRect
ReleaseCapture
ScreenToClient
SetDlgItemTextW
GetWindowRect
IsWindowEnabled
GetDlgItemInt
DialogBoxParamW
SetFocus
GetDlgCtrlID
SetWindowPos
CallWindowProcW
DestroyWindow
GetDC
SendMessageW
DefWindowProcW
LoadStringW
OffsetRect
CheckDlgButton
UnregisterClassA

shell32

ShellExecuteW
SHCreateDirectoryExW
SHGetFolderPathW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

gdi32

SetTextColor
GetStockObject
SelectObject
SetBkMode
GetObjectW
DeleteObject
CreateFontIndirectW

advapi32

RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
GetSecurityDescriptorSacl
FreeSid
SetEntriesInAclW
ConvertStringSecurityDescriptorToSecurityDescriptorW
AllocateAndInitializeSid
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueExW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoCreateGuid
CoCreateInstance
CoInitialize
CoTaskMemFree

oleaut32

VarUI4FromStr

shlwapi

PathAppendW
StrToIntW
SHSetValueW
PathRemoveFileSpecW
SHDeleteValueW
SHGetValueW
PathCombineW

comctl32

CreatePropertySheetPageW
DestroyPropertySheetPage
_TrackMouseEvent
InitCommonControlsEx
PropertySheetW

dbghelp

SymGetModuleBase64
StackWalk64
SymFunctionTableAccess64

Sections

.text
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4fef0081a882ef983e81a765a1964b81

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

comdlg32

gdi32

advapi32

ole32

oleaut32

shlwapi

comctl32

dbghelp

Sections

.text Size: 168KB - Virtual size: 164KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 12KB - Virtual size: 19KB

.rsrc Size: 44KB - Virtual size: 42KB

.text
Size: 168KB - Virtual size: 164KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 12KB - Virtual size: 19KB

.rsrc
Size: 44KB - Virtual size: 42KB