Static task
static1
Behavioral task
behavioral1
Sample
ed66ee2898d97ee9eb17847f81542808_JaffaCakes118.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
ed66ee2898d97ee9eb17847f81542808_JaffaCakes118.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
General
-
Target
ed66ee2898d97ee9eb17847f81542808_JaffaCakes118
-
Size
129KB
-
MD5
ed66ee2898d97ee9eb17847f81542808
-
SHA1
6764dc44748c5837b5c9177ad00ae550a0683df2
-
SHA256
8f72d7252046463b8ecd4b895ff96226544ae66ec0cfd3617cb4fde134a430d8
-
SHA512
ae7b7beb600ad811d076855a8b11970aa74cc85c6b77649c0e5ac9ce14803020df2cb70ff4aa8b6c05817f7e3354c8a64f6bbf08c4809ed5688256021e52fc8f
-
SSDEEP
3072:QNS4eCd5q6E0WyLVlP2PP/jWVwkz5i/IrG9Xgu5XEh4PgoyPo9eop3sg02E:QNZeCd5TzWQ7PsPSz5wKmgu5Q4PgoX0R
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ed66ee2898d97ee9eb17847f81542808_JaffaCakes118
Files
-
ed66ee2898d97ee9eb17847f81542808_JaffaCakes118.exe windows:5 windows x86 arch:x86
037557694dc69c53871536d7dd8c2e1d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
RegEnumKeyW
CopySid
RegOpenKeyExW
DuplicateTokenEx
GetLengthSid
ChangeServiceConfigW
GetSecurityDescriptorLength
RegOpenKeyExA
GetTokenInformation
RegEnumValueA
RegQueryValueExW
DeleteService
GetTraceEnableFlags
SetSecurityDescriptorDacl
LsaQueryInformationPolicy
ConvertSidToStringSidW
RegSetValueExA
IsValidSid
QueryServiceStatus
EqualSid
RegEnumKeyA
RegDeleteKeyW
RegCloseKey
LsaFreeMemory
RegConnectRegistryW
GetSecurityDescriptorDacl
DeregisterEventSource
CryptReleaseContext
RegQueryInfoKeyW
RegOpenKeyA
IsValidSecurityDescriptor
RegisterTraceGuidsW
LsaClose
CryptDestroyHash
GetAce
QueryServiceConfigW
SetThreadToken
RegCreateKeyA
GetTraceLoggerHandle
AdjustTokenPrivileges
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumKeyExA
GetSecurityDescriptorControl
SetSecurityDescriptorGroup
OpenServiceW
RegSetValueW
InitializeSecurityDescriptor
SetFileSecurityW
AddAccessAllowedAce
GetSecurityDescriptorOwner
ImpersonateLoggedOnUser
RegQueryValueExA
CheckTokenMembership
SetNamedSecurityInfoW
SetSecurityDescriptorOwner
RegEnumValueW
LookupAccountNameW
InitializeAcl
RegCreateKeyExW
OpenSCManagerW
UnregisterTraceGuids
LsaOpenPolicy
GetSidSubAuthority
ConvertStringSidToSidW
SetServiceStatus
StartServiceW
RegDeleteKeyA
GetUserNameA
RegisterEventSourceW
LockServiceDatabase
RevertToSelf
ControlService
GetAclInformation
LookupPrivilegeValueA
CryptHashData
GetSidSubAuthorityCount
RegCreateKeyExA
CloseServiceHandle
ReportEventW
UnlockServiceDatabase
RegQueryInfoKeyA
CryptGenRandom
LookupPrivilegeValueW
OpenProcessToken
CryptDestroyKey
CryptCreateHash
FreeSid
RegDeleteValueW
RegNotifyChangeKeyValue
RegQueryValueA
AddAce
OpenServiceA
RegSetValueA
AllocateAndInitializeSid
RegDeleteValueA
oleaut32
CreateErrorInfo
RegisterTypeLib
SetErrorInfo
SafeArrayGetElement
VariantCopyInd
SafeArrayGetLBound
SafeArrayCreate
SafeArrayPtrOfIndex
SysAllocStringLen
SysStringLen
VariantChangeType
SafeArrayGetUBound
GetErrorInfo
VariantChangeTypeEx
SafeArrayAccessData
VariantClear
SysFreeString
SysReAllocStringLen
GetActiveObject
OleLoadPicture
SafeArrayPutElement
SysAllocStringByteLen
LoadTypeLib
SafeArrayUnaccessData
VariantInit
VariantCopy
SysStringByteLen
user32
SetCursor
UnhookWindowsHookEx
CharUpperW
DestroyMenu
CreateWindowExW
DrawFocusRect
CreateDialogParamW
SetDlgItemTextA
RegisterClassExW
RegisterClassW
IsRectEmpty
SetWindowLongA
SendDlgItemMessageW
SystemParametersInfoA
GetWindowRect
GetSysColorBrush
LoadCursorA
UnregisterClassA
TrackPopupMenu
GetWindowDC
ShowWindow
LoadImageW
GetAsyncKeyState
CharNextW
GetWindow
PostMessageA
GetWindowLongW
SystemParametersInfoW
PeekMessageA
CharNextA
SetForegroundWindow
GetMenu
CheckMenuItem
DispatchMessageW
GetClassNameW
CallNextHookEx
IsWindow
IsDlgButtonChecked
GetSysColor
KillTimer
LoadStringW
RedrawWindow
RegisterClassExA
IsWindowEnabled
TranslateMessage
GetWindowTextW
DispatchMessageA
PostQuitMessage
GetDlgItem
CreateWindowExA
MessageBoxW
EndDialog
LoadBitmapA
LoadIconW
GetMessagePos
IsChild
CreatePopupMenu
DialogBoxParamA
GetDC
FindWindowW
GetMenuItemCount
MsgWaitForMultipleObjects
MessageBeep
ScreenToClient
CallWindowProcA
wsprintfW
EnableMenuItem
PostMessageW
GetClientRect
GetWindowLongA
ClientToScreen
GetMessageW
SetTimer
SendMessageA
RegisterClassA
DialogBoxParamW
GetDesktopWindow
EqualRect
GetMessageA
GetCursorPos
GetDlgCtrlID
SetMenu
UpdateWindow
GetWindowPlacement
LoadStringA
GetCapture
EnableWindow
GetSystemMenu
PtInRect
GetDlgItemTextA
SetWindowPos
IntersectRect
SetWindowLongW
BeginPaint
MapWindowPoints
GetForegroundWindow
SetFocus
SetDlgItemTextW
MoveWindow
EnumChildWindows
InflateRect
GetSubMenu
DestroyIcon
ExitWindowsEx
SendDlgItemMessageA
FillRect
RegisterWindowMessageW
DrawTextW
MessageBoxA
GetParent
DrawTextA
SetCapture
SendMessageW
ole32
CreateBindCtx
StringFromIID
OleRegEnumVerbs
CoInitializeEx
CoImpersonateClient
CLSIDFromString
CoTaskMemAlloc
CoSetProxyBlanket
StgCreateDocfile
GetRunningObjectTable
OleLoadFromStream
CoCreateInstance
WriteClassStm
StringFromGUID2
ReleaseStgMedium
CoCreateFreeThreadedMarshaler
StgCreateDocfileOnILockBytes
CoMarshalInterface
StgOpenStorage
CoGetMalloc
CoInitialize
CoGetClassObject
PropVariantCopy
IIDFromString
CoUnmarshalInterface
CoCreateGuid
CoTaskMemRealloc
CoReleaseMarshalData
CoRevertToSelf
CoDisconnectObject
CreateStreamOnHGlobal
CoRevokeClassObject
CoRegisterClassObject
CoFreeUnusedLibraries
StgIsStorageFile
MkParseDisplayName
StringFromCLSID
OleRegGetMiscStatus
CoMarshalInterThreadInterfaceInStream
CoUninitialize
CreateDataAdviseHolder
CreateOleAdviseHolder
OleUninitialize
CreateILockBytesOnHGlobal
CreateItemMoniker
CoCreateInstanceEx
CoInitializeSecurity
OleRegGetUserType
OleRun
CoTaskMemFree
CLSIDFromProgID
CoGetInterfaceAndReleaseStream
OleSaveToStream
OleInitialize
ProgIDFromCLSID
CoGetObjectContext
GetHGlobalFromStream
PropVariantClear
shlwapi
SHDeleteValueA
PathIsURLW
SHRegGetBoolUSValueW
UrlUnescapeW
StrStrIW
PathStripToRootA
SHSetValueW
StrCpyNW
StrCmpNIA
StrCmpNIW
PathCreateFromUrlW
StrCpyW
PathFindExtensionW
StrCmpNW
PathRemoveFileSpecW
PathFindFileNameA
StrCmpW
StrChrIW
PathFindExtensionA
wnsprintfW
StrChrW
StrToIntW
SHDeleteValueW
PathIsDirectoryW
wnsprintfA
PathAppendW
PathGetDriveNumberW
PathIsRelativeW
StrCatBuffW
SHGetValueW
PathSkipRootW
PathCombineW
StrRetToBufW
PathStripToRootW
SHStrDupW
PathRemoveExtensionW
PathFileExistsW
StrDupW
StrCmpIW
PathFindFileNameW
AssocQueryStringW
UrlIsW
StrCatW
StrRChrW
SHDeleteKeyA
PathIsRootW
PathRemoveBackslashW
PathRemoveFileSpecA
PathRemoveBlanksW
StrStrIA
StrToIntExW
SHDeleteKeyW
StrTrimW
UrlCanonicalizeW
PathIsUNCW
PathAddBackslashW
StrStrW
version
VerLanguageNameA
VerFindFileW
GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoSizeA
comdlg32
FindTextW
FindTextA
GetFileTitleA
ChooseFontW
PageSetupDlgA
PrintDlgExW
GetFileTitleW
PrintDlgW
CommDlgExtendedError
GetSaveFileNameA
GetSaveFileNameW
PrintDlgA
ChooseColorA
PageSetupDlgW
GetOpenFileNameW
GetOpenFileNameA
ChooseColorW
ChooseFontA
kernel32
GetThreadLocale
GetStringTypeW
SetEvent
FreeEnvironmentStringsW
GetCurrentThread
lstrcpyW
TerminateProcess
FlushFileBuffers
SizeofResource
SetFileAttributesW
FindFirstFileA
OpenEventA
ReadFile
RaiseException
GetVersionExA
GetSystemTimeAsFileTime
DeleteFileA
HeapFree
GetLocaleInfoA
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
InterlockedExchange
LoadLibraryExA
FindClose
GetProcessHeap
GetEnvironmentStrings
GetModuleHandleA
GetTempPathA
GetFileAttributesA
CreateThread
GetCommandLineA
GlobalFree
DisableThreadLibraryCalls
LCMapStringW
lstrlenA
LCMapStringA
GetSystemDirectoryW
GetFileAttributesW
GlobalLock
CreateProcessW
QueryPerformanceCounter
GetACP
GetLocalTime
VirtualAlloc
SetLastError
TlsAlloc
GetCommandLineW
LocalFree
GetStdHandle
GetFileType
GetStartupInfoA
MulDiv
ExitProcess
GetModuleFileNameW
IsBadWritePtr
IsBadReadPtr
GetTickCount
GetVersionExW
GetSystemDirectoryA
lstrcpynA
GetWindowsDirectoryW
GetFileSize
CreateEventW
ResumeThread
FormatMessageA
CreateFileMappingA
IsDBCSLeadByte
HeapCreate
SetStdHandle
LoadLibraryExW
SystemTimeToFileTime
GetExitCodeProcess
Sleep
FindNextFileW
LocalAlloc
WriteConsoleW
FindResourceW
CreateFileW
GetCPInfo
GetExitCodeThread
GetCurrentProcess
DeleteFileW
DeleteCriticalSection
GetLastError
SetFilePointer
UnhandledExceptionFilter
HeapAlloc
CreateDirectoryA
GetSystemTime
CompareStringA
InterlockedDecrement
TlsFree
UnmapViewOfFile
SetFileAttributesA
WaitForMultipleObjects
LoadResource
GlobalUnlock
GetConsoleMode
EnterCriticalSection
HeapReAlloc
FormatMessageW
FreeEnvironmentStringsA
FindNextFileA
ReleaseMutex
GetComputerNameW
GetLocaleInfoW
VirtualQuery
WriteFile
WaitForSingleObject
FindFirstFileW
MultiByteToWideChar
GlobalAlloc
GetCurrentThreadId
shell32
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHFileOperationW
CommandLineToArgvW
SHBrowseForFolderA
SHGetMalloc
SHGetDesktopFolder
ShellExecuteA
SHGetFolderPathW
DragQueryFileW
SHGetFileInfoW
SHGetPathFromIDListA
ShellExecuteExW
SHChangeNotify
SHBindToParent
DragQueryFileA
ShellExecuteW
SHGetSpecialFolderPathW
SHBrowseForFolderW
comctl32
InitCommonControls
ImageList_ReplaceIcon
PropertySheetA
ImageList_Destroy
PropertySheetW
ImageList_Draw
ImageList_Create
InitCommonControlsEx
CreatePropertySheetPageW
ntdll
RtlInsertElementGenericTable
RtlCreateEnvironment
RtlUnicodeStringToInteger
RtlLeaveCriticalSection
RtlSetEnvironmentVariable
NtClose
RtlValidSecurityDescriptor
RtlRunEncodeUnicodeString
RtlCompareUnicodeString
RtlCreateTimer
RtlxUnicodeStringToOemSize
NtSetInformationProcess
RtlMultiByteToUnicodeN
RtlClearBits
RtlMakeSelfRelativeSD
NtQueryAttributesFile
RtlTimeFieldsToTime
NtDeviceIoControlFile
NtTerminateThread
NtQueryVolumeInformationFile
RtlxAnsiStringToUnicodeSize
NtSetValueKey
RtlCreateTimerQueue
NtDelayExecution
wcscpy
RtlWriteRegistryValue
RtlLengthSecurityDescriptor
RtlIntegerToUnicodeString
wcscmp
RtlValidSid
RtlInitUnicodeString
RtlDeleteResource
RtlCreateUserThread
RtlDestroyEnvironment
_wcsnicmp
_snwprintf
RtlCopyUnicodeString
RtlImageNtHeader
RtlInitializeCriticalSectionAndSpinCount
RtlAdjustPrivilege
RtlxUnicodeStringToAnsiSize
NtTerminateProcess
RtlFreeHeap
atol
NtWaitForMultipleObjects
RtlOemToUnicodeN
NtDuplicateToken
RtlAddAccessAllowedAce
NtCreateFile
NtCreateEvent
wcsncat
RtlGetDaclSecurityDescriptor
sprintf
_vsnprintf
_wcsupr
RtlReAllocateHeap
RtlUpcaseUnicodeString
RtlDestroyHeap
NtOpenProcess
atoi
NtSetSecurityObject
RtlUpcaseUnicodeStringToOemString
RtlConvertSidToUnicodeString
NtDeleteKey
RtlDosPathNameToNtPathName_U
wcsstr
wcsncpy
RtlSubAuthoritySid
RtlDeleteElementGenericTable
RtlRunDecodeUnicodeString
NtQueryValueKey
NtAllocateVirtualMemory
NtQueryVirtualMemory
RtlCopySid
RtlAppendUnicodeStringToString
NtQueryInformationProcess
RtlAcquireResourceShared
RtlUnicodeStringToAnsiString
RtlxOemStringToUnicodeSize
RtlEnterCriticalSection
RtlReleaseResource
NtOpenSymbolicLinkObject
NtAllocateLocallyUniqueId
RtlCompareMemory
swprintf
RtlCreateHeap
NtQueryDirectoryObject
RtlExtendedLargeIntegerDivide
DbgPrint
RtlInitializeGenericTable
RtlAllocateHeap
NtCreateSection
NlsMbOemCodePageTag
NtQueryKey
RtlDetermineDosPathNameType_U
RtlUnicodeStringToOemString
RtlGetFullPathName_U
RtlGetSaclSecurityDescriptor
wcsrchr
NlsMbCodePageTag
RtlQueueWorkItem
NtRequestWaitReplyPort
RtlEqualUnicodeString
_chkstk
RtlEqualSid
NtImpersonateAnonymousToken
RtlInitString
RtlInitAnsiString
NtQueryInformationToken
NtOpenThreadToken
NtQuerySystemTime
RtlFreeUnicodeString
NtOpenDirectoryObject
NtCancelIoFile
RtlGetOwnerSecurityDescriptor
strncpy
RtlRegisterWait
_stricmp
NtOpenKey
NtQueryInformationFile
RtlCreateSecurityDescriptor
RtlSetSaclSecurityDescriptor
VerSetConditionMask
RtlFreeAnsiString
RtlSetDaclSecurityDescriptor
NtDeleteValueKey
wcschr
NtQuerySymbolicLinkObject
RtlLengthRequiredSid
RtlGetNtProductType
RtlStringFromGUID
RtlGUIDFromString
RtlUnicodeToMultiByteSize
RtlUpcaseUnicodeChar
RtlDeleteSecurityObject
NtWaitForSingleObject
RtlCreateAcl
RtlQueryInformationAcl
NtPowerInformation
NtOpenProcessToken
NtOpenThread
NtFsControlFile
RtlOpenCurrentUser
memmove
RtlQueryRegistryValues
NtQuerySecurityObject
qsort
wcslen
RtlUnwind
wcscat
RtlValidRelativeSecurityDescriptor
RtlCreateUnicodeStringFromAsciiz
RtlUnicodeToMultiByteN
RtlSizeHeap
RtlSystemTimeToLocalTime
NtDuplicateObject
NtMapViewOfSection
NtReadFile
_wcsicmp
NtQueryInformationThread
_allmul
RtlGetAce
RtlOemStringToUnicodeString
NtSetVolumeInformationFile
wcstol
RtlCopyLuid
NtQueryPerformanceCounter
rpcrt4
RpcBindingVectorFree
NdrServerCall2
RpcServerUnregisterIf
CStdStubBuffer_AddRef
RpcImpersonateClient
CStdStubBuffer_IsIIDSupported
RpcServerUseProtseqEpW
NdrDllGetClassObject
CStdStubBuffer_DebugServerQueryInterface
RpcBindingSetAuthInfoExW
RpcStringBindingComposeW
RpcStringBindingParseW
RpcEpResolveBinding
RpcBindingSetAuthInfoW
CStdStubBuffer_Invoke
NdrOleFree
CStdStubBuffer_Disconnect
UuidToStringW
CStdStubBuffer_CountRefs
RpcBindingToStringBindingW
RpcServerInqBindings
RpcBindingFree
RpcServerRegisterIfEx
RpcStringFreeW
UuidToStringA
RpcRevertToSelf
NdrDllUnregisterProxy
NdrCStdStubBuffer2_Release
CStdStubBuffer_Connect
NdrStubCall2
RpcServerRegisterAuthInfoW
UuidCreate
RpcBindingFromStringBindingW
NdrClientCall2
CStdStubBuffer_QueryInterface
UuidFromStringW
NdrDllRegisterProxy
NdrOleAllocate
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
RpcRaiseException
NdrStubForwardingFunction
NdrDllCanUnloadNow
RpcStringFreeA
CStdStubBuffer_DebugServerRelease
IUnknown_QueryInterface_Proxy
NdrCStdStubBuffer_Release
msvcrt
isalpha
_ltoa
fopen
_amsg_exit
_CIacos
towupper
sprintf
isalnum
_commit
wcsncmp
__pioinfo
__p__osver
memset
_write
_initterm
_wtol
_CIpow
bsearch
strtoul
__CxxFrameHandler
fread
wcschr
_local_unwind2
iswdigit
__initenv
srand
isspace
_c_exit
_rotr
_CIsqrt
__badioinfo
wcscat
realloc
??0exception@@QAE@ABV0@@Z
atol
_ultoa
isxdigit
__p__commode
iswalpha
_isatty
_cexit
_wcslwr
free
atoi
swprintf
_snwprintf
__setusermatherr
_stat
rand
calloc
setlocale
strtok
wcsrchr
_wcsicmp
ceil
_strnicmp
__p__fmode
iswspace
_adjust_fdiv
toupper
wcsncpy
_ltow
strchr
tolower
__set_app_type
_controlfp
_lock
_access
__p__iob
_purecall
wcsncat
printf
iswctype
_strdup
wcslen
_exit
wcstol
exit
_wcsnicmp
wcspbrk
malloc
__getmainargs
towlower
_unlock
isleadbyte
_ftol
_fileno
wcscspn
fflush
__dllonexit
_wsplitpath
_acmdln
_wcsdup
memmove
fseek
_wcsupr
gdi32
DeleteObject
CreateBitmap
FillRgn
MoveToEx
GetClipRgn
EndDoc
SetStretchBltMode
SetPixel
Escape
RealizePalette
DeleteMetaFile
SelectObject
CreateFontIndirectW
GetBkColor
SelectPalette
GetRgnBox
SetBrushOrgEx
BitBlt
DeleteDC
GetTextExtentPointW
GetTextExtentPoint32A
SelectClipRgn
GetClipBox
TranslateCharsetInfo
GetTextExtentPointA
GetStockObject
CreateDIBitmap
GetObjectW
CloseMetaFile
PtVisible
CreateHalftonePalette
GetDeviceCaps
ExtTextOutA
GetObjectA
CombineRgn
GetNearestColor
SetBkColor
SetViewportOrgEx
LPtoDP
PlayMetaFile
SetWindowOrgEx
Rectangle
GetBitmapBits
CreateRectRgnIndirect
UnrealizeObject
ScaleViewportExtEx
Ellipse
ExcludeClipRect
GetPaletteEntries
GetTextExtentPoint32W
CreatePatternBrush
GetCurrentObject
LineTo
CreateFontA
CreatePen
Polyline
SetROP2
GetTextAlign
GetWindowExtEx
EnumFontFamiliesExW
OffsetRgn
GetTextMetricsW
SetBkMode
OffsetViewportOrgEx
EndPage
GetTextMetricsA
TextOutA
GetGlyphOutlineA
GetBkMode
IntersectClipRect
DPtoLP
SetMapMode
ScaleWindowExtEx
ExtSelectClipRgn
GetSystemPaletteEntries
TextOutW
CreateDCW
GetPixel
StretchBlt
PatBlt
CreateRectRgn
SetTextColor
RectVisible
GetDIBits
CreateBrushIndirect
StretchDIBits
CreateSolidBrush
SetTextAlign
CreateMetaFileA
StartPage
Sections
DATA Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.text Size: 117KB - Virtual size: 116KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.edata Size: 512B - Virtual size: 114KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 1024B - Virtual size: 1003B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 1005B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ