27627cbaacb0f6f0dc16cd5d0ff11b30_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

27627cbaacb0f6f0dc16cd5d0ff11b30_JaffaCakes118
Size

209KB
MD5

27627cbaacb0f6f0dc16cd5d0ff11b30
SHA1

4a24af6d33ed981c1058c760b7aa43e81483bcaa
SHA256

c1604e80a270b51b2ae3f3af5a1712a58411c7490930f1e4d5e0c7fd1f59f42d
SHA512

39e1042132122e0bb0bbfb4f6b87b26f0bdf985314ac38535237dcc858c13ee5d9bf6442fb3eb226ed1a6e2cdf044192500539acb97a09e3ec5e7c03bcfa1317
SSDEEP

3072:WCB3vQ0/a1wjvkgvVliGH+IVvVKrulFZ9wlla9VpsYscPibx+WAa6IMcntjk1j5n:WiaovOGbBFZR6YsZx+WAabbnK1j5sRb4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27627cbaacb0f6f0dc16cd5d0ff11b30_JaffaCakes118

Files

27627cbaacb0f6f0dc16cd5d0ff11b30_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7ddf6f4a2b6300f4588393946905dd78

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\pulse\recipes\186386002\base\googleclient\ci\build\ship\obj\service\GoogleUpdaterService_not_signed_exe.pdb

Imports

kernel32

IsBadWritePtr
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
SetUnhandledExceptionFilter
GetCPInfo
GetOEMCP
LoadLibraryA
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CreateTimerQueueTimer
DeleteTimerQueueTimer
lstrcmpW
DuplicateHandle
GetProcAddress
LoadLibraryW
GetCurrentThread
InitializeCriticalSection
CreateThread
CreateEventW
InterlockedIncrement
DeleteCriticalSection
MultiByteToWideChar
TlsAlloc
LoadResource
LockResource
SizeofResource
FindResourceW
lstrcpyW
lstrcatW
GetModuleFileNameW
SetEvent
InterlockedDecrement
RaiseException
GetCommandLineW
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
GetLastError
InterlockedExchange
lstrcmpiW
SetProcessWorkingSetSize
GetCurrentProcessId
GetTempFileNameW
GetTempPathW
WaitForSingleObject
OpenProcess
DeleteTimerQueueEx
GetCurrentThreadId
CreateTimerQueue
Sleep
GetModuleHandleW
LoadLibraryExW
FreeLibrary
lstrcpynW
lstrlenW
GetCurrentProcess
CloseHandle
VirtualFree
HeapCreate
RtlUnwind
GetStartupInfoW
GetModuleHandleA
GetSystemInfo
VirtualAlloc
VirtualProtect
GetProcessHeap
TlsFree
TlsSetValue
TlsGetValue
GetStringTypeA
GetStringTypeW
FindResourceExW
GetStdHandle
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
ExitProcess
TerminateProcess
CreateMutexW
ReleaseMutex
EnterCriticalSection
LeaveCriticalSection
ResetEvent
InterlockedCompareExchange
QueryPerformanceFrequency
QueryPerformanceCounter
CreateFileW
GetFileAttributesExW
FindFirstFileW
FindNextFileW
DeleteFileW
CopyFileW
MoveFileExW
GetTickCount
FlushFileBuffers
SetFilePointer
ReadFile
WriteFile
GetFileSize
GetSystemTimeAsFileTime
FindClose
CompareFileTime
FileTimeToSystemTime
SetLastError
GetFileAttributesW
RemoveDirectoryW
GetExitCodeProcess
VirtualQuery
CreateProcessW
GetSystemTime
SystemTimeToFileTime
WideCharToMultiByte
FileTimeToLocalFileTime
GetDateFormatW
GetTimeFormatW

user32

SetTimer
CharLowerW
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
wvsprintfW
CharNextW
PostThreadMessageW
LoadStringW

ole32

CoImpersonateClient
CoCreateGuid
CoRevertToSelf
CoCreateInstance
CoInitialize
CoRevokeClassObject
CoInitializeSecurity
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoRegisterClassObject

oleaut32

SysFreeString
RegisterTypeLi
UnRegisterTypeLi
SysAllocString
LoadTypeLi
VarUI4FromStr

advapi32

FreeSid
CheckTokenMembership
AllocateAndInitializeSid
OpenThreadToken
SetServiceStatus
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
CloseServiceHandle
ChangeServiceConfig2W
DeleteService
CreateServiceW
ControlService
StartServiceW
QueryServiceStatus
ChangeServiceConfigW
OpenServiceW
OpenSCManagerW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
SetSecurityDescriptorControl
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
MakeAbsoluteSD
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
MakeSelfRelativeSD
GetSecurityDescriptorControl
GetSecurityDescriptorLength
GetAclInformation
AddAce
InitializeAcl
CopySid
InitializeSid
GetSidLengthRequired
GetSidSubAuthority
IsValidSid
GetLengthSid

shlwapi

SHQueryValueExW
PathStripPathW
PathFindExtensionW
StrRetToStrW

crypt32

CertEnumCertificatesInStore
CryptQueryObject
CertNameToStrW
CertFreeCertificateContext
CertDuplicateCertificateContext
CertCloseStore

shell32

SHGetFolderLocation
SHGetDesktopFolder
SHCreateDirectoryExW
SHFileOperationW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wintrust

WinVerifyTrust

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.erdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7ddf6f4a2b6300f4588393946905dd78

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

oleaut32

advapi32

shlwapi

crypt32

shell32

version

wintrust

Sections

.text Size: 96KB - Virtual size: 96KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 6KB - Virtual size: 5KB

.erdata Size: 76KB - Virtual size: 76KB

.text
Size: 96KB - Virtual size: 96KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 6KB - Virtual size: 5KB

.erdata
Size: 76KB - Virtual size: 76KB