Behavioral task
behavioral1
Sample
789917e7dc562708ca02e72df1c4ec6c_JaffaCakes118.exe
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral2
Sample
789917e7dc562708ca02e72df1c4ec6c_JaffaCakes118.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
General
-
Target
789917e7dc562708ca02e72df1c4ec6c_JaffaCakes118
-
Size
4.6MB
-
MD5
789917e7dc562708ca02e72df1c4ec6c
-
SHA1
8cac6d88be2ee9e3254fc16ce2b32b37ad1d4f7f
-
SHA256
da8a27b198d0dc4d3e53b97a7098728312c3e1a9feadd3e86da67ccccdc3f154
-
SHA512
59a2854974563b960b9bae37c8b6e906344ebf312845e6a8bca52687747e528ac3580fd720dc9253be87ee885898b8e76f46ad2ae907c0081019d7b933ae5cdd
-
SSDEEP
98304:EI54P5nnPn4MdP6iBFtQJXLUPbFf3AccjvxWFYnFLGwKpO:EdP1fryQFeJ7wbOc2rn9G
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 789917e7dc562708ca02e72df1c4ec6c_JaffaCakes118
Files
-
789917e7dc562708ca02e72df1c4ec6c_JaffaCakes118.exe windows:5 windows x86 arch:x86
bdf39effd56515e9f2cea28835166c8d
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
d3dx9_26
D3DXSaveSurfaceToFileA
D3DXCreateTextureFromFileInMemoryEx
D3DXCreateTextureFromFileExA
D3DXLoadMeshHierarchyFromXA
D3DXQuaternionNormalize
D3DXQuaternionSlerp
D3DXLoadSurfaceFromSurface
D3DXCreateFontIndirectA
D3DXMatrixRotationYawPitchRoll
D3DXMatrixRotationX
D3DXMatrixScaling
D3DXQuaternionRotationYawPitchRoll
D3DXPlaneTransform
D3DXQuaternionSquad
D3DXQuaternionSquadSetup
D3DXVec3Normalize
D3DXMatrixInverse
D3DXMatrixTranslation
D3DXMatrixRotationQuaternion
D3DXQuaternionMultiply
D3DXMatrixMultiply
D3DXPlaneFromPoints
D3DXCreateMeshFVF
D3DXGetFVFVertexSize
D3DXMatrixLookAtLH
D3DXFrameCalculateBoundingSphere
D3DXFrameDestroy
D3DXCreateCubeTextureFromFileInMemoryEx
D3DXCreateSprite
D3DXVec3Project
D3DXVec3TransformNormal
D3DXMatrixTranspose
D3DXCreateEffectFromFileA
D3DXVec4Normalize
D3DXLoadMeshFromXA
D3DXMatrixRotationY
D3DXMatrixRotationZ
D3DXCreateTexture
D3DXSaveTextureToFileA
D3DXVec2Normalize
D3DXMatrixRotationAxis
D3DXPlaneFromPointNormal
D3DXVec3CatmullRom
D3DXQuaternionInverse
D3DXComputeNormals
D3DXQuaternionRotationAxis
D3DXPlaneIntersectLine
D3DXGeneratePMesh
D3DXValidMesh
D3DXWeldVertices
D3DXCleanMesh
D3DXMatrixPerspectiveFovLH
D3DXCreateCubeTextureFromFileExA
D3DXVec3TransformCoord
dsound
ord11
dinput8
DirectInput8Create
d3d9
Direct3DCreate9
d3dxof
DirectXFileCreate
mfc71
ord4185
ord5214
ord3403
ord4722
ord4282
ord1600
ord5960
ord923
ord928
ord932
ord930
ord934
ord2410
ord2394
ord2413
ord2408
ord2385
ord2387
ord2405
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5175
ord1964
ord1656
ord1655
ord1599
ord5200
ord2862
ord6275
ord3337
ord760
ord572
ord5073
ord1439
ord6288
ord629
ord266
ord5089
ord384
ord3397
ord2902
ord265
ord1263
ord911
ord5491
ord876
ord6167
ord2131
ord1489
ord299
ord2933
ord5490
ord2292
ord6006
ord5715
ord908
ord6090
ord5613
ord4125
ord865
ord4109
ord6138
ord5403
ord2468
ord4081
ord3605
ord3596
ord2991
ord3908
ord3210
ord1934
ord3161
ord1193
ord631
ord2280
ord386
ord5833
ord2372
ord3934
ord1440
ord2748
ord2751
ord3931
ord2288
ord1554
ord3195
ord620
ord2368
ord589
ord330
ord709
ord4001
ord5641
ord502
ord4123
ord501
ord907
ord6118
ord6099
ord6166
ord298
ord6168
ord6173
ord4085
ord2271
ord5446
ord4067
ord870
ord664
ord5431
ord427
ord1916
ord6179
ord3850
ord5710
ord5716
ord5235
ord5233
ord2390
ord2400
ord2398
ord2396
ord2392
ord2415
ord2403
ord1614
ord577
ord3996
ord283
ord1908
ord4244
ord1402
ord3946
ord1617
ord1620
ord5915
ord5152
ord2322
ord2469
ord4104
ord1161
ord1123
ord6067
ord1063
ord1903
ord3684
ord1054
ord304
ord557
ord297
ord2272
ord745
ord784
ord5529
ord3997
ord781
ord2451
ord5563
ord1482
ord2248
ord566
ord310
ord757
ord578
ord3333
ord4261
ord4481
ord3949
ord1207
ord2644
ord3709
ord3719
ord3718
ord2533
ord2646
ord2540
ord2838
ord2714
ord4307
ord2835
ord2731
ord2537
ord5213
ord5230
ord4568
ord3948
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord1084
ord762
ord764
ord1185
ord1187
ord1191
ord3683
ord4541
ord3849
ord4486
msvcr71
_setmbcp
free
_except_handler3
__CxxFrameHandler
??0exception@@QAE@ABV0@@Z
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@PBD@Z
_CxxThrowException
fclose
fread
malloc
fopen
fprintf
atoi
atof
_beginthreadex
_vsnprintf
tolower
memmove
??1exception@@UAE@XZ
??0exception@@QAE@XZ
strrchr
_strlwr
_stricmp
qsort
sprintf
realloc
wcslen
rand
_localtime64
_time64
_CIacos
_CIasin
_CIpow
_purecall
_splitpath
srand
strncpy
fseek
fwrite
strtok
ftell
_close
_creat
_errno
_mktime64
printf
perror
getc
_mbscmp
strftime
localtime
time
_CIfmod
_snprintf
floor
toupper
_snwprintf
ceil
_controlfp
_atoi64
memchr
strstr
_ismbcdigit
isalpha
isspace
isalnum
strncmp
strchr
calloc
_ftol
ldexp
exit
frexp
__security_error_handler
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
memset
_strrev
kernel32
GetACP
WaitForMultipleObjects
ResetEvent
SleepEx
LockResource
SizeofResource
LoadResource
FindResourceA
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
GetVersion
lstrlenA
GetCurrentThread
GetThreadContext
GetModuleFileNameA
LoadLibraryA
CloseHandle
CreateProcessA
Process32Next
OpenProcess
TerminateProcess
Process32First
CreateToolhelp32Snapshot
WaitForSingleObject
CreateThread
GetExitCodeThread
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateEventA
SetEvent
DeleteCriticalSection
Sleep
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
lstrcpyA
FreeLibrary
CreateDirectoryA
DeleteFileA
IsDBCSLeadByteEx
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount
SetCurrentDirectoryA
GetCurrentDirectoryA
MulDiv
GetCurrentProcess
GlobalMemoryStatus
GetStartupInfoA
ExitProcess
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
GetMessageA
MessageBoxA
wsprintfA
UpdateWindow
LoadIconA
LoadCursorA
AdjustWindowRectEx
TranslateMessage
DispatchMessageA
PostMessageA
PeekMessageA
SendMessageA
FindWindowA
DestroyCursor
SetCursor
UnregisterClassA
EnableWindow
GetClientRect
FindWindowExA
MsgWaitForMultipleObjects
ReleaseDC
GetDC
GetIconInfo
ClipCursor
GetWindowRect
GetClassLongA
SetWindowPos
SetWindowLongA
DefWindowProcA
ScreenToClient
GetCursorPos
PostQuitMessage
DestroyWindow
DestroyMenu
GetMenu
GetWindowLongA
CreateWindowExA
LoadCursorFromFileA
ShowCursor
keybd_event
GetKeyState
MoveWindow
GetKeyboardLayout
ShowCaret
HideCaret
SetCaretPos
GetCaretPos
CreateCaret
InvalidateRect
InvertRect
FillRect
GetFocus
LoadImageA
GetDlgItem
ClientToScreen
SetCursorPos
SetFocus
MessageBoxW
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
SystemParametersInfoA
GetSystemMetrics
RegisterClassA
SetRect
AdjustWindowRect
GetProcessWindowStation
GetUserObjectInformationW
gdi32
CreateDIBSection
SetBkMode
ExtTextOutA
SetDeviceGammaRamp
SetMapMode
GetDeviceGammaRamp
GetBitmapBits
GetStockObject
GetObjectA
CreateCompatibleDC
GetDeviceCaps
CreateFontA
GetTextExtentPoint32A
SetTextColor
SelectObject
GetDIBits
DeleteObject
SetBkColor
CreateFontW
TextOutW
GetTextMetricsA
CreateSolidBrush
CreateFontIndirectA
GetTextExtentPoint32W
ExtTextOutW
DeleteDC
advapi32
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
RegCloseKey
shell32
SHGetSpecialFolderPathA
shlwapi
PathFileExistsA
msvcp71
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?flags@ios_base@std@@QBEHXZ
?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEABGI@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??7ios_base@std@@QBE_NXZ
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
?setf@ios_base@std@@QAEHHH@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?fail@ios_base@std@@QBE_NXZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?unsetf@ios_base@std@@QAEXH@Z
?precision@ios_base@std@@QAEHH@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?flags@ios_base@std@@QAEHH@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@II@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?_Xran@_String_base@std@@QBEXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AVconst_iterator@12@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AVconst_iterator@12@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AViterator@12@XZ
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AViterator@12@XZ
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIABV12@@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
ole32
CoUninitialize
CoInitialize
CoCreateInstance
oleaut32
VariantClear
VariantInit
SysStringLen
ijl15
ord3
ord5
ord2
psapi
GetProcessMemoryInfo
winmm
timeGetTime
timeSetEvent
mmioDescend
mmioOpenA
mmioClose
mmioWrite
mmioAdvance
mmioSetInfo
mmioSeek
mmioCreateChunk
mmioGetInfo
timeKillEvent
mmioRead
mmioAscend
imm32
ImmSetConversionStatus
ImmGetConversionStatus
ImmGetContext
ImmNotifyIME
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmGetCompositionStringW
ImmGetProperty
ImmReleaseContext
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
bugtrap
BT_SetFlags
BT_SetSupportURL
BT_SetSupportServer
BT_InstallSehFilter
BT_SetAppName
BT_SetSupportEMail
ws2_32
WSAGetLastError
send
closesocket
recv
WSAEventSelect
WSAEnumNetworkEvents
WSACloseEvent
WSACleanup
WSAStartup
htons
inet_addr
WSACreateEvent
WSAWaitForMultipleEvents
connect
ioctlsocket
socket
Sections
.text Size: - Virtual size: 4.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 566KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 106.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 1.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 4.5MB - Virtual size: 4.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 18KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ