msi.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3f0f78920b13ce655deb7628eae033ac_JaffaCakes118.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
3f0f78920b13ce655deb7628eae033ac_JaffaCakes118.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
3f0f78920b13ce655deb7628eae033ac_JaffaCakes118
-
Size
2.3MB
-
MD5
3f0f78920b13ce655deb7628eae033ac
-
SHA1
604020461a481fe7e493bb577c948270b0a5687c
-
SHA256
1fd1d607e9be7b5effcbc003f16f0aa95623843a42e92c9acff1c39f03f8f27e
-
SHA512
61f63b0b9e1a966bc0f1cc39b1a9c3fd38d29de88cf16d18a675123ec559bb7ce5425d23ff1b4e467cc53ad5a959f6451fda56aaeb5dcd3a48c5860c4a795f66
-
SSDEEP
49152:JgFyJh43cqSzIqyOMdtLdSxU7e9FH9Ajc6YLvSj:JnycqSkjdO2oH90c6YL
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3f0f78920b13ce655deb7628eae033ac_JaffaCakes118
Files
-
3f0f78920b13ce655deb7628eae033ac_JaffaCakes118.dll regsvr32 windows:6 windows x86 arch:x86
dd1847ce4a81239ceab41512e129cafe
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
msvcrt
??1type_info@@UAE@XZ
_onexit
_lock
__dllonexit
_unlock
_amsg_exit
_initterm
_XcptFilter
free
malloc
time
srand
rand
_CxxThrowException
qsort
wcstoul
_ultow
iswdigit
_itow
isdigit
_itoa
memmove
strtol
_vsnprintf
_wcsicmp
_wtoi
_ui64tow
memset
memcpy
_vsnwprintf
wcsstr
_wtoi64
_i64tow
wcstol
_wcsnicmp
wcsncmp
bsearch
towlower
wcschr
ntdll
EtwTraceMessage
RtlUnwind
NtUnmapViewOfSection
RtlRandomEx
NtQuerySystemInformation
RtlRandom
NtQueryInformationProcess
advapi32
CopySid
DuplicateToken
AddAccessDeniedAce
GetSidLengthRequired
GetSidSubAuthorityCount
GetSidSubAuthority
RegOpenKeyW
RegSetKeySecurity
RegGetKeySecurity
PrivilegeCheck
EqualSid
ImpersonateLoggedOnUser
RevertToSelf
CreateWellKnownSid
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW
MakeAbsoluteSD
GetFileSecurityW
GetUserNameW
RegEnumKeyW
CreateServiceW
ChangeServiceConfigW
SetServiceObjectSecurity
DeleteService
QueryServiceConfigW
ConvertStringSecurityDescriptorToSecurityDescriptorW
IsValidSecurityDescriptor
StartServiceW
QueryServiceObjectSecurity
SetFileSecurityW
EnumDependentServicesW
ControlService
QueryServiceStatus
GetServiceDisplayNameW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
LookupAccountNameW
ConvertSidToStringSidW
GetTokenInformation
SetTokenInformation
CreateProcessAsUserW
SetThreadToken
DuplicateTokenEx
RegCreateKeyExW
RegSetValueExA
RegEnumKeyExA
RegEnumValueA
RegQueryValueExA
RegConnectRegistryW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegFlushKey
InitializeAcl
AddAccessAllowedAce
GetAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetSecurityDescriptorLength
MakeSelfRelativeSD
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegDeleteValueW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken
FreeSid
GetLengthSid
AllocateAndInitializeSid
kernel32
ResetEvent
GetSystemTimeAsFileTime
DosDateTimeToFileTime
SetUnhandledExceptionFilter
EnumResourceNamesW
EnumResourceLanguagesW
SetFileTime
SizeofResource
FileTimeToDosDateTime
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetDriveTypeW
IsValidCodePage
GlobalReAlloc
GlobalLock
UnhandledExceptionFilter
VirtualFree
ReleaseMutex
FlushFileBuffers
GetOverlappedResult
MulDiv
VirtualAlloc
FreeLibraryAndExitThread
WaitForMultipleObjects
TerminateThread
QueryPerformanceCounter
GetLocaleInfoW
GetUserDefaultLangID
WriteProfileStringW
WritePrivateProfileStringW
ReadFile
GetComputerNameW
GlobalMemoryStatus
OutputDebugStringA
GetDateFormatW
GetTimeFormatW
OpenProcess
GetModuleHandleW
OpenMutexW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetSystemDirectoryW
SearchPathW
TlsGetValue
RemoveDirectoryW
SetFileAttributesW
GetVolumeInformationW
GetCurrentDirectoryW
GetFileTime
ExitProcess
GetNumberFormatW
SetEndOfFile
GlobalUnlock
GetTickCount
GetExitCodeThread
InterlockedExchange
CloseHandle
GetCurrentProcess
GetLastError
GetCurrentThread
Sleep
GetEnvironmentVariableW
lstrlenW
lstrcmpiW
OutputDebugStringW
GlobalFree
GlobalAlloc
InterlockedIncrement
GetSystemInfo
CompareStringW
LocalFree
FormatMessageW
SetLastError
DeleteFileW
GetProcAddress
GetModuleHandleExW
GetVersionExW
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
ExpandEnvironmentStringsW
LeaveCriticalSection
EnterCriticalSection
SetEnvironmentVariableW
CreateDirectoryW
GetTempPathW
QueryPerformanceFrequency
InitializeCriticalSection
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
GetSystemDefaultLangID
DeleteCriticalSection
TlsFree
GetCurrentThreadId
DisableThreadLibraryCalls
CreateFileW
InterlockedDecrement
FileTimeToSystemTime
GetFileAttributesW
LocalFileTimeToFileTime
SystemTimeToFileTime
FileTimeToLocalFileTime
GetFileSize
GetFileType
ExpandEnvironmentStringsA
SetErrorMode
LockResource
LoadResource
FindResourceExW
GetLocalTime
CompareStringA
GetModuleFileNameA
lstrcmpiA
SetEvent
WaitForSingleObject
CreateThread
CreateEventW
OpenEventW
LocalAlloc
ResumeThread
GetCurrentProcessId
IsDebuggerPresent
LoadLibraryW
GetExitCodeProcess
TlsSetValue
TlsAlloc
CompareFileTime
TerminateProcess
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
GetShortPathNameW
FindClose
FindFirstFileW
GetPrivateProfileStringW
GetProfileStringW
CreateMutexW
MoveFileExW
WriteFile
MoveFileW
FindNextFileW
GetACP
lstrcmpW
SetFilePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
DebugBreak
OpenThread
GetTempFileNameW
ExitThread
InterlockedCompareExchange
user32
DialogBoxParamW
EnumWindows
GetWindow
GetWindowThreadProcessId
SetUserObjectSecurity
EnableMenuItem
CharUpperBuffW
GetSysColor
RegisterWindowMessageW
GetFocus
GetSystemMenu
RemoveMenu
CopyRect
DrawTextW
GetUserObjectInformationW
GetProcessWindowStation
IsCharLowerW
LoadStringW
EnableWindow
IsWindowEnabled
CharNextW
CharNextA
CharUpperW
PeekMessageW
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjects
PostThreadMessageW
GetActiveWindow
MessageBoxW
PostQuitMessage
ExitWindowsEx
CharPrevW
SendMessageTimeoutW
PostMessageW
DefWindowProcW
CreateWindowExW
RegisterClassW
UnregisterClassW
DestroyWindow
GetSystemMetrics
SystemParametersInfoW
GetWindowRect
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
SetWindowLongW
GetWindowLongW
GetDlgItemTextW
GetDlgItem
InvalidateRect
ReleaseDC
SendMessageW
GetDC
EndDialog
SetCursor
LoadCursorW
IsWindowVisible
LoadIconW
SetForegroundWindow
ShowWindow
SetFocus
MoveWindow
CreateDialogParamW
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
SetWindowPos
CharLowerW
GetClientRect
MapWindowPoints
shell32
CommandLineToArgvW
gdi32
SetTextColor
SetBkColor
CreateSolidBrush
CreateFontW
EnumFontFamiliesExW
GetDeviceCaps
CreateFontIndirectW
GetTextFaceW
DeleteObject
GetTextMetricsW
SelectObject
GetTextExtentPoint32W
AddFontResourceW
RemoveFontResourceW
rpcrt4
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
NdrOleAllocate
NdrClientCall2
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_DebugServerRelease
IUnknown_QueryInterface_Proxy
RpcBindingFree
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcAsyncInitializeHandle
I_RpcExceptionFilter
RpcAsyncCompleteCall
RpcAsyncCancelCall
NdrAsyncClientCall
shlwapi
SHStrDupW
ole32
HWND_UserUnmarshal
HWND_UserMarshal
HWND_UserSize
IIDFromString
PropVariantClear
CoTaskMemFree
CoCreateGuid
HWND_UserFree
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllGetVersion
DllRegisterServer
DllUnregisterServer
Migrate10CachedPackagesA
Migrate10CachedPackagesW
MsiAdvertiseProductA
MsiAdvertiseProductExA
MsiAdvertiseProductExW
MsiAdvertiseProductW
MsiAdvertiseScriptA
MsiAdvertiseScriptW
MsiApplyMultiplePatchesA
MsiApplyMultiplePatchesW
MsiApplyPatchA
MsiApplyPatchW
MsiBeginTransactionA
MsiBeginTransactionW
MsiCloseAllHandles
MsiCloseHandle
MsiCollectUserInfoA
MsiCollectUserInfoW
MsiConfigureFeatureA
MsiConfigureFeatureFromDescriptorA
MsiConfigureFeatureFromDescriptorW
MsiConfigureFeatureW
MsiConfigureProductA
MsiConfigureProductExA
MsiConfigureProductExW
MsiConfigureProductW
MsiCreateAndVerifyInstallerDirectory
MsiCreateRecord
MsiCreateTransformSummaryInfoA
MsiCreateTransformSummaryInfoW
MsiDatabaseApplyTransformA
MsiDatabaseApplyTransformW
MsiDatabaseCommit
MsiDatabaseExportA
MsiDatabaseExportW
MsiDatabaseGenerateTransformA
MsiDatabaseGenerateTransformW
MsiDatabaseGetPrimaryKeysA
MsiDatabaseGetPrimaryKeysW
MsiDatabaseImportA
MsiDatabaseImportW
MsiDatabaseIsTablePersistentA
MsiDatabaseIsTablePersistentW
MsiDatabaseMergeA
MsiDatabaseMergeW
MsiDatabaseOpenViewA
MsiDatabaseOpenViewW
MsiDecomposeDescriptorA
MsiDecomposeDescriptorW
MsiDeleteUserDataA
MsiDeleteUserDataW
MsiDetermineApplicablePatchesA
MsiDetermineApplicablePatchesW
MsiDeterminePatchSequenceA
MsiDeterminePatchSequenceW
MsiDoActionA
MsiDoActionW
MsiEnableLogA
MsiEnableLogW
MsiEnableUIPreview
MsiEndTransaction
MsiEnumClientsA
MsiEnumClientsExA
MsiEnumClientsExW
MsiEnumClientsW
MsiEnumComponentCostsA
MsiEnumComponentCostsW
MsiEnumComponentQualifiersA
MsiEnumComponentQualifiersW
MsiEnumComponentsA
MsiEnumComponentsExA
MsiEnumComponentsExW
MsiEnumComponentsW
MsiEnumFeaturesA
MsiEnumFeaturesW
MsiEnumPatchesA
MsiEnumPatchesExA
MsiEnumPatchesExW
MsiEnumPatchesW
MsiEnumProductsA
MsiEnumProductsExA
MsiEnumProductsExW
MsiEnumProductsW
MsiEnumRelatedProductsA
MsiEnumRelatedProductsW
MsiEvaluateConditionA
MsiEvaluateConditionW
MsiExtractPatchXMLDataA
MsiExtractPatchXMLDataW
MsiFormatRecordA
MsiFormatRecordW
MsiGetActiveDatabase
MsiGetComponentPathA
MsiGetComponentPathExA
MsiGetComponentPathExW
MsiGetComponentPathW
MsiGetComponentStateA
MsiGetComponentStateW
MsiGetDatabaseState
MsiGetFeatureCostA
MsiGetFeatureCostW
MsiGetFeatureInfoA
MsiGetFeatureInfoW
MsiGetFeatureStateA
MsiGetFeatureStateW
MsiGetFeatureUsageA
MsiGetFeatureUsageW
MsiGetFeatureValidStatesA
MsiGetFeatureValidStatesW
MsiGetFileHashA
MsiGetFileHashW
MsiGetFileSignatureInformationA
MsiGetFileSignatureInformationW
MsiGetFileVersionA
MsiGetFileVersionW
MsiGetLanguage
MsiGetLastErrorRecord
MsiGetMode
MsiGetPatchFileListA
MsiGetPatchFileListW
MsiGetPatchInfoA
MsiGetPatchInfoExA
MsiGetPatchInfoExW
MsiGetPatchInfoW
MsiGetProductCodeA
MsiGetProductCodeFromPackageCodeA
MsiGetProductCodeFromPackageCodeW
MsiGetProductCodeW
MsiGetProductInfoA
MsiGetProductInfoExA
MsiGetProductInfoExW
MsiGetProductInfoFromScriptA
MsiGetProductInfoFromScriptW
MsiGetProductInfoW
MsiGetProductPropertyA
MsiGetProductPropertyW
MsiGetPropertyA
MsiGetPropertyW
MsiGetShortcutTargetA
MsiGetShortcutTargetW
MsiGetSourcePathA
MsiGetSourcePathW
MsiGetSummaryInformationA
MsiGetSummaryInformationW
MsiGetTargetPathA
MsiGetTargetPathW
MsiGetUserInfoA
MsiGetUserInfoW
MsiInstallMissingComponentA
MsiInstallMissingComponentW
MsiInstallMissingFileA
MsiInstallMissingFileW
MsiInstallProductA
MsiInstallProductW
MsiInvalidateFeatureCache
MsiIsProductElevatedA
MsiIsProductElevatedW
MsiJoinTransaction
MsiLoadStringA
MsiLoadStringW
MsiLocateComponentA
MsiLocateComponentW
MsiMessageBoxA
MsiMessageBoxExA
MsiMessageBoxExW
MsiMessageBoxW
MsiNotifySidChangeA
MsiNotifySidChangeW
MsiOpenDatabaseA
MsiOpenDatabaseW
MsiOpenPackageA
MsiOpenPackageExA
MsiOpenPackageExW
MsiOpenPackageW
MsiOpenProductA
MsiOpenProductW
MsiPreviewBillboardA
MsiPreviewBillboardW
MsiPreviewDialogA
MsiPreviewDialogW
MsiProcessAdvertiseScriptA
MsiProcessAdvertiseScriptW
MsiProcessMessage
MsiProvideAssemblyA
MsiProvideAssemblyW
MsiProvideComponentA
MsiProvideComponentFromDescriptorA
MsiProvideComponentFromDescriptorW
MsiProvideComponentW
MsiProvideQualifiedComponentA
MsiProvideQualifiedComponentExA
MsiProvideQualifiedComponentExW
MsiProvideQualifiedComponentW
MsiQueryComponentStateA
MsiQueryComponentStateW
MsiQueryFeatureStateA
MsiQueryFeatureStateExA
MsiQueryFeatureStateExW
MsiQueryFeatureStateFromDescriptorA
MsiQueryFeatureStateFromDescriptorW
MsiQueryFeatureStateW
MsiQueryProductStateA
MsiQueryProductStateW
MsiRecordClearData
MsiRecordDataSize
MsiRecordGetFieldCount
MsiRecordGetInteger
MsiRecordGetStringA
MsiRecordGetStringW
MsiRecordIsNull
MsiRecordReadStream
MsiRecordSetInteger
MsiRecordSetStreamA
MsiRecordSetStreamW
MsiRecordSetStringA
MsiRecordSetStringW
MsiReinstallFeatureA
MsiReinstallFeatureFromDescriptorA
MsiReinstallFeatureFromDescriptorW
MsiReinstallFeatureW
MsiReinstallProductA
MsiReinstallProductW
MsiRemovePatchesA
MsiRemovePatchesW
MsiSequenceA
MsiSequenceW
MsiSetComponentStateA
MsiSetComponentStateW
MsiSetExternalUIA
MsiSetExternalUIRecord
MsiSetExternalUIW
MsiSetFeatureAttributesA
MsiSetFeatureAttributesW
MsiSetFeatureStateA
MsiSetFeatureStateW
MsiSetInstallLevel
MsiSetInternalUI
MsiSetMode
MsiSetOfflineContextW
MsiSetPropertyA
MsiSetPropertyW
MsiSetTargetPathA
MsiSetTargetPathW
MsiSourceListAddMediaDiskA
MsiSourceListAddMediaDiskW
MsiSourceListAddSourceA
MsiSourceListAddSourceExA
MsiSourceListAddSourceExW
MsiSourceListAddSourceW
MsiSourceListClearAllA
MsiSourceListClearAllExA
MsiSourceListClearAllExW
MsiSourceListClearAllW
MsiSourceListClearMediaDiskA
MsiSourceListClearMediaDiskW
MsiSourceListClearSourceA
MsiSourceListClearSourceW
MsiSourceListEnumMediaDisksA
MsiSourceListEnumMediaDisksW
MsiSourceListEnumSourcesA
MsiSourceListEnumSourcesW
MsiSourceListForceResolutionA
MsiSourceListForceResolutionExA
MsiSourceListForceResolutionExW
MsiSourceListForceResolutionW
MsiSourceListGetInfoA
MsiSourceListGetInfoW
MsiSourceListSetInfoA
MsiSourceListSetInfoW
MsiSummaryInfoGetPropertyA
MsiSummaryInfoGetPropertyCount
MsiSummaryInfoGetPropertyW
MsiSummaryInfoPersist
MsiSummaryInfoSetPropertyA
MsiSummaryInfoSetPropertyW
MsiUseFeatureA
MsiUseFeatureExA
MsiUseFeatureExW
MsiUseFeatureW
MsiVerifyDiskSpace
MsiVerifyPackageA
MsiVerifyPackageW
MsiViewClose
MsiViewExecute
MsiViewFetch
MsiViewGetColumnInfo
MsiViewGetErrorA
MsiViewGetErrorW
MsiViewModify
QueryInstanceCount
Sections
.text Size: 2.1MB - Virtual size: 2.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.orpc Size: 512B - Virtual size: 237B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 25KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ