Static task
static1
Behavioral task
behavioral1
Sample
089390c7c50163a2313468a9122e1c3a_JaffaCakes118.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral2
Sample
089390c7c50163a2313468a9122e1c3a_JaffaCakes118.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
General
-
Target
089390c7c50163a2313468a9122e1c3a_JaffaCakes118
-
Size
441KB
-
MD5
089390c7c50163a2313468a9122e1c3a
-
SHA1
20870d60dc9f7b5dc19a6f60001bd7b04b60071f
-
SHA256
0412f5ecde40e0e80e52d39c17719593051ce46db6234c7f69d83e6e62fedc73
-
SHA512
4c6c53259be452bc161720f96640b409c7f82b7900c71aff1e29b62df0737573b395565abc0c3661d146f0baf66dbefe049677658a408787e8ddd9c8ff063727
-
SSDEEP
12288:X0zRlOuYbJbdcN7dN/k7NrfoihmfUzmUpP6ZvvW5h6:EzRku8Bcdcmm64r
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 089390c7c50163a2313468a9122e1c3a_JaffaCakes118
Files
-
089390c7c50163a2313468a9122e1c3a_JaffaCakes118.exe windows:4 windows x86 arch:x86
758d7882d060c7132a9ff4fdaad075d5
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
HeapReAlloc
HeapAlloc
HeapFree
VirtualAlloc
DeleteAtom
OpenFileMappingA
EnumDateFormatsExA
GetProcessShutdownParameters
HeapUnlock
EnumDateFormatsW
GetNamedPipeInfo
CompareFileTime
GetConsoleMode
GetStdHandle
VirtualQueryEx
Heap32ListNext
GetLogicalDriveStringsA
GetCompressedFileSizeW
RemoveDirectoryW
GetTempPathA
MoveFileExA
lstrcpynW
MultiByteToWideChar
DeleteFiber
PulseEvent
HeapValidate
CreateMailslotA
EnumResourceTypesA
GetPrivateProfileSectionNamesA
WriteProfileStringW
SetThreadLocale
FreeResource
EnumCalendarInfoExW
EnumResourceLanguagesW
ReadConsoleOutputA
GetCurrentThread
GetStringTypeExW
FileTimeToDosDateTime
GetDiskFreeSpaceA
SetConsoleCP
InterlockedIncrement
LocalFree
ReadConsoleOutputCharacterA
GlobalFree
TlsFree
GetStartupInfoA
GetComputerNameW
WaitForDebugEvent
FreeEnvironmentStringsA
FreeEnvironmentStringsW
InterlockedExchangeAdd
GetDateFormatA
WriteProfileSectionW
SuspendThread
FindFirstChangeNotificationA
GetProfileIntW
ReadConsoleOutputW
SetCurrentDirectoryA
GetShortPathNameA
GetWindowsDirectoryW
OpenProcess
OpenWaitableTimerW
TransactNamedPipe
OpenFile
SetEnvironmentVariableA
FormatMessageW
FindResourceExW
GlobalHandle
GetWriteWatch
GlobalFix
lstrcmpiW
MapViewOfFile
FindFirstFileExW
AddAtomA
GetSystemPowerStatus
GetPrivateProfileIntA
FindNextFileW
FlushFileBuffers
GetLargestConsoleWindowSize
VirtualProtect
FoldStringA
CreateFileW
WaitForSingleObjectEx
WritePrivateProfileSectionA
SearchPathW
OpenFileMappingW
VirtualFree
GetExitCodeProcess
lstrlenA
Toolhelp32ReadProcessMemory
RtlFillMemory
GetSystemDefaultLCID
GetPrivateProfileStructW
TryEnterCriticalSection
ResetEvent
WaitNamedPipeW
WriteFileGather
EnumCalendarInfoW
LoadLibraryExW
SetThreadAffinityMask
DebugActiveProcess
GetCompressedFileSizeA
EnumSystemCodePagesW
GetCurrentDirectoryW
GetFileType
GetEnvironmentVariableA
GetProfileStringA
GetProcessPriorityBoost
GetConsoleCP
SetThreadExecutionState
EnumResourceLanguagesA
GlobalReAlloc
CreateFileA
OutputDebugStringW
ExpandEnvironmentStringsA
SetFileTime
CopyFileA
GetFileAttributesExA
GetPrivateProfileIntW
SetLocaleInfoA
GetProcAddress
Thread32First
GetCalendarInfoW
Heap32Next
ReadFileScatter
GetVersionExA
EnumResourceNamesW
LocalLock
GetExitCodeThread
GlobalAddAtomA
ReadProcessMemory
GetCurrencyFormatW
SetConsoleMode
ResumeThread
WaitForSingleObject
GetTimeFormatW
OpenEventA
SetFileAttributesA
GlobalFlags
GetCurrencyFormatA
WriteConsoleOutputA
lstrcpyA
GetThreadLocale
SetWaitableTimer
ReadConsoleInputA
GetAtomNameW
FindFirstFileA
SetComputerNameW
VirtualLock
SetConsoleCtrlHandler
lstrcmpA
UnhandledExceptionFilter
GetDriveTypeA
GetUserDefaultLCID
GetVolumeInformationA
GetVersion
EnumResourceTypesW
GetConsoleOutputCP
FindFirstFileW
WritePrivateProfileStructW
HeapDestroy
SetPriorityClass
SetThreadPriority
RemoveDirectoryA
CreateSemaphoreW
GetNumberFormatW
TlsSetValue
FlushConsoleInputBuffer
LocalCompact
GetShortPathNameW
WriteProfileStringA
GetConsoleCursorInfo
ContinueDebugEvent
Thread32Next
MapViewOfFileEx
WriteConsoleOutputCharacterW
WriteConsoleOutputAttribute
FreeConsole
SetSystemTimeAdjustment
GetComputerNameA
ConvertDefaultLocale
GetThreadTimes
WriteFileEx
GetSystemInfo
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
CreateNamedPipeW
GetTempFileNameW
GetPrivateProfileStructA
UpdateResourceA
IsValidLocale
CreateDirectoryExW
LoadResource
CreateThread
SetConsoleScreenBufferSize
SystemTimeToTzSpecificLocalTime
lstrcmpiA
FindCloseChangeNotification
Process32Next
LoadLibraryExA
lstrlenW
GetDiskFreeSpaceW
PeekConsoleInputA
GlobalGetAtomNameA
ReleaseSemaphore
SetConsoleCursorPosition
EnumTimeFormatsA
WaitCommEvent
lstrlen
CreateProcessA
SetComputerNameA
DosDateTimeToFileTime
GetSystemTimeAdjustment
CloseHandle
AllocConsole
lstrcpyn
GetCommandLineW
SetConsoleOutputCP
GetNumberFormatA
UpdateResourceW
ReadFile
VirtualFreeEx
OutputDebugStringA
VirtualUnlock
CreateRemoteThread
FreeLibraryAndExitThread
LockFile
HeapLock
GetDateFormatW
GetTempFileNameA
GetProfileSectionW
LocalSize
CreateFileMappingA
EnumSystemLocalesA
lstrcmpi
TlsGetValue
CreateNamedPipeA
EnumTimeFormatsW
GetPrivateProfileSectionA
EnumSystemCodePagesA
GetUserDefaultLangID
CreateSemaphoreA
DebugBreak
GetEnvironmentStrings
GlobalGetAtomNameW
EnumCalendarInfoExA
LoadModule
CreateTapePartition
DuplicateHandle
CreateMutexA
GetAtomNameA
WideCharToMultiByte
CreateProcessW
FindResourceExA
LockResource
LocalAlloc
GetThreadPriority
SetCurrentDirectoryW
GlobalLock
InterlockedDecrement
GetDriveTypeW
LockFileEx
GetPriorityClass
lstrcatA
GetCommandLineA
SetConsoleTitleA
GlobalSize
CreateWaitableTimerW
PeekConsoleInputW
CreateMailslotW
SetCriticalSectionSpinCount
CopyFileExA
GlobalDeleteAtom
SetEnvironmentVariableW
SetEndOfFile
SetThreadPriorityBoost
lstrcat
FlushInstructionCache
EnumSystemLocalesW
WinExec
WriteProfileSectionA
FoldStringW
SetFileAttributesW
LocalShrink
BeginUpdateResourceW
GetPrivateProfileStringW
LocalHandle
FlushViewOfFile
GetPrivateProfileStringA
CreatePipe
GetCalendarInfoA
SystemTimeToFileTime
MoveFileExW
WaitForMultipleObjects
UnlockFile
GetConsoleTitleA
BeginUpdateResourceA
WriteProcessMemory
GetQueuedCompletionStatus
HeapCreate
LoadLibraryW
SetTimeZoneInformation
OpenMutexW
GlobalWire
FillConsoleOutputAttribute
WritePrivateProfileStringW
SetLastError
CreateToolhelp32Snapshot
IsDebuggerPresent
GetThreadContext
GetFileAttributesW
OpenMutexA
ReadConsoleW
FindClose
SignalObjectAndWait
GetLongPathNameA
GetFileAttributesA
CreateDirectoryW
WriteConsoleOutputCharacterA
GetProcessAffinityMask
gdi32
StrokePath
DeleteEnhMetaFile
CreateFontA
GetPaletteEntries
GetTextColor
CreateHatchBrush
GdiPlayScript
GetBitmapDimensionEx
PolyTextOutW
GetEnhMetaFileBits
GetTextExtentPointA
SetTextAlign
SetICMProfileW
CopyMetaFileA
SetTextJustification
Rectangle
SetDeviceGammaRamp
CreateBrushIndirect
AngleArc
LineTo
CloseEnhMetaFile
RectInRegion
ResetDCA
SetDIBits
GetEnhMetaFileHeader
CreateICA
EnumFontFamiliesA
CreatePenIndirect
GetObjectType
DeleteObject
GetLayout
GetCharWidthFloatA
SetMapperFlags
GetGraphicsMode
GetTextCharsetInfo
OffsetRgn
AbortDoc
ChoosePixelFormat
SetEnhMetaFileBits
ScaleWindowExtEx
GetMetaRgn
CreatePalette
PatBlt
GetCurrentObject
GetKerningPairsW
GdiPlayDCScript
GetDIBits
SetICMMode
GetTextFaceW
GetGlyphOutlineW
GetClipRgn
GetOutlineTextMetricsW
GetObjectA
AddFontResourceA
user32
SetWindowsHookA
GetWindowPlacement
DdeQueryStringA
UnpackDDElParam
MapWindowPoints
ScrollWindow
CharNextW
SetWindowsHookExA
GetClipboardViewer
DdeFreeStringHandle
IsMenu
SetActiveWindow
EmptyClipboard
CopyImage
GetNextDlgTabItem
GetMessageW
CascadeChildWindows
CreateDialogIndirectParamW
GetKeyboardLayoutList
SetClassWord
SetMenuItemInfoA
SetMenuItemBitmaps
GetSysColorBrush
DestroyCursor
AppendMenuW
RegisterDeviceNotificationA
WaitMessage
IntersectRect
SetCapture
GetDlgItemTextA
BeginDeferWindowPos
SetForegroundWindow
GetSubMenu
InsertMenuA
IsWindowUnicode
RegisterDeviceNotificationW
SetDlgItemTextA
DdeCmpStringHandles
GetDoubleClickTime
SetMessageExtraInfo
RemoveMenu
WINNLSEnableIME
EnumDesktopWindows
GetAncestor
ReleaseDC
SetClipboardViewer
TabbedTextOutA
SetDlgItemInt
DrawTextA
SetLastErrorEx
EnumPropsExA
DrawFrameControl
CreateWindowStationA
RegisterClassA
MessageBoxIndirectW
CallMsgFilterW
SwapMouseButton
GetKeyNameTextA
GetListBoxInfo
CallMsgFilter
LoadKeyboardLayoutA
GetUpdateRect
CreateIconIndirect
DestroyWindow
LookupIconIdFromDirectoryEx
GetClipboardOwner
MenuItemFromPoint
MonitorFromRect
EndMenu
HideCaret
shell32
DragFinish
ShellExecuteExW
ExtractIconEx
ExtractAssociatedIconExW
SHLoadInProc
DragQueryFileW
ExtractIconExW
SHGetPathFromIDListW
ShellExecuteExA
SHQueryRecycleBinW
DuplicateIcon
DoEnvironmentSubstA
SheChangeDirA
SHFormatDrive
SHGetDataFromIDListA
FindExecutableW
SHEmptyRecycleBinA
SHUpdateRecycleBinIcon
ExtractAssociatedIconA
DragQueryFileAorW
SHGetInstanceExplorer
ShellExecuteW
RealShellExecuteA
SHAppBarMessage
SHGetSpecialFolderPathA
ExtractIconExA
SHGetSpecialFolderLocation
SHFreeNameMappings
DragAcceptFiles
SHGetFileInfo
wininet
RetrieveUrlCacheEntryStreamA
InternetGetCertByURL
SetUrlCacheHeaderData
UnlockUrlCacheEntryStream
GopherOpenFileW
RetrieveUrlCacheEntryFileW
IsHostInProxyBypassList
InternetGetLastResponseInfoA
FtpCreateDirectoryW
InternetGoOnline
InternetInitializeAutoProxyDll
DeleteIE3Cache
SetUrlCacheConfigInfoW
InternetConfirmZoneCrossing
FtpCommandA
InternetGetConnectedStateExW
FtpPutFileEx
InternetOpenA
InternetSetOptionW
FtpGetFileW
SetUrlCacheEntryGroup
InternetConfirmZoneCrossingA
ShowCertificate
InternetGoOnlineW
HttpSendRequestExA
FtpFindFirstFileW
FtpSetCurrentDirectoryW
InternetOpenUrlA
InternetCombineUrlA
InternetCombineUrlW
FindCloseUrlCache
SetUrlCacheGroupAttributeW
FindFirstUrlCacheEntryA
FtpDeleteFileW
HttpOpenRequestW
FindNextUrlCacheEntryExA
SetUrlCacheEntryInfoW
RetrieveUrlCacheEntryFileA
GetUrlCacheGroupAttributeA
GetUrlCacheEntryInfoExA
SetUrlCacheGroupAttributeA
FindNextUrlCacheEntryExW
InternetCrackUrlA
ReadUrlCacheEntryStream
RunOnceUrlCache
FtpCreateDirectoryA
InternetShowSecurityInfoByURLW
HttpQueryInfoW
InternetCheckConnectionW
InternetQueryFortezzaStatus
UnlockUrlCacheEntryFileA
InternetGetCookieW
HttpAddRequestHeadersA
ShowSecurityInfo
InternetGetLastResponseInfoW
InternetAlgIdToStringA
GopherFindFirstFileA
InternetDialW
FindFirstUrlCacheGroup
InternetGetConnectedStateExA
IsUrlCacheEntryExpiredA
CreateUrlCacheContainerW
GetUrlCacheConfigInfoA
InternetSetCookieA
InternetWriteFileExA
InternetTimeFromSystemTimeA
InternetGetConnectedStateEx
GopherCreateLocatorA
GopherFindFirstFileW
GopherGetLocatorTypeW
UnlockUrlCacheEntryFileW
FtpSetCurrentDirectoryA
SetUrlCacheEntryGroupW
GetUrlCacheEntryInfoExW
InternetTimeToSystemTimeW
InternetFortezzaCommand
InternetTimeFromSystemTimeW
FindFirstUrlCacheEntryW
ShowX509EncodedCertificate
InternetTimeToSystemTime
IncrementUrlCacheHeaderData
GetUrlCacheEntryInfoW
DeleteUrlCacheEntryA
InternetLockRequestFile
InternetCrackUrlW
HttpSendRequestA
FtpRemoveDirectoryW
InternetAutodialHangup
CreateUrlCacheGroup
FindNextUrlCacheContainerW
InternetGetCookieA
InternetOpenUrlW
FindFirstUrlCacheEntryExW
RegisterUrlCacheNotification
FtpDeleteFileA
FtpOpenFileW
InternetConnectW
InternetGoOnlineA
SetUrlCacheEntryGroupA
FtpGetCurrentDirectoryA
LoadUrlCacheContent
HttpQueryInfoA
ShowClientAuthCerts
FreeUrlCacheSpaceW
CommitUrlCacheEntryW
InternetSetFilePointer
InternetShowSecurityInfoByURLA
InternetOpenW
GopherOpenFileA
HttpSendRequestW
HttpAddRequestHeadersW
IsUrlCacheEntryExpiredW
InternetGetConnectedState
FtpPutFileA
FindNextUrlCacheGroup
GopherGetAttributeW
InternetConnectA
InternetCheckConnectionA
InternetUnlockRequestFile
DeleteUrlCacheEntry
FindFirstUrlCacheContainerW
InternetQueryOptionA
FtpRenameFileA
InternetWriteFile
InternetCreateUrlW
FtpPutFileW
InternetSetOptionExW
FreeUrlCacheSpaceA
GopherGetAttributeA
HttpCheckDavCompliance
FindNextUrlCacheEntryW
InternetHangUp
DeleteUrlCacheContainerW
InternetReadFileExA
FtpGetCurrentDirectoryW
InternetQueryOptionW
FindFirstUrlCacheEntryExA
FindNextUrlCacheContainerA
InternetSetDialStateW
CreateUrlCacheEntryA
InternetReadFileExW
InternetShowSecurityInfoByURL
InternetReadFile
InternetAttemptConnect
InternetSetOptionExA
InternetFindNextFileA
SetUrlCacheConfigInfoA
InternetSecurityProtocolToStringA
DeleteUrlCacheGroup
InternetQueryDataAvailable
UpdateUrlCacheContentPath
FtpOpenFileA
Sections
.text Size: 126KB - Virtual size: 125KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 291KB - Virtual size: 291KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 17KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE