Static task
static1
Behavioral task
behavioral1
Sample
32728f46cb0ae65b43b1790a8cd7ebf6_JaffaCakes118.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral2
Sample
32728f46cb0ae65b43b1790a8cd7ebf6_JaffaCakes118.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
General
-
Target
32728f46cb0ae65b43b1790a8cd7ebf6_JaffaCakes118
-
Size
39KB
-
MD5
32728f46cb0ae65b43b1790a8cd7ebf6
-
SHA1
d95b46121b61e859592e7028058ed4a5924c397d
-
SHA256
fec0080ccd783f9c811e84be5303c8816d5e3f860038479e649f5bb2d62a14ca
-
SHA512
7603dda4e2d1c43c92cab5cc6962db2493a33073921a8f0f2f0c30846c7551f97bc9de9503f7555ea78625d836ef35801aa56c496e8280ba009cb10fda4b6a25
-
SSDEEP
768:DzXHx1EIfzNsgTz5xbmy4Jqli0guFysdPKAlIKTMq0:DzBDaS5xblRi0DFB8AlIKs
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 32728f46cb0ae65b43b1790a8cd7ebf6_JaffaCakes118
Files
-
32728f46cb0ae65b43b1790a8cd7ebf6_JaffaCakes118.exe windows:5 windows x86 arch:x86
a7ba7e215b4a285e42ff3e33ae2923eb
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
cfgmgr32
CM_Register_Device_InterfaceW
CM_Set_DevNode_Registry_Property_ExA
CMP_UnregisterNotification
CM_Enumerate_Enumerators_ExA
CM_Get_Device_ID_Size_Ex
CM_Get_Version_Ex
CM_Get_Device_Interface_List_SizeA
CM_Register_Device_Interface_ExA
CM_Locate_DevNode_ExA
CM_Get_HW_Prof_Flags_ExW
CM_Set_DevNode_Registry_PropertyA
CM_Free_Res_Des
CM_Disable_DevNode_Ex
CM_Delete_Class_Key
CM_Get_Device_Interface_AliasA
CM_Query_Arbitrator_Free_Data_Ex
CM_Unregister_Device_InterfaceW
CM_Get_Device_ID_List_SizeW
CM_Get_Device_Interface_List_Size_ExA
CM_Free_Log_Conf_Ex
CM_Get_DevNode_Registry_PropertyW
CM_Get_Device_ID_List_ExW
CM_Get_Class_Registry_PropertyA
CM_Register_Device_Interface_ExW
CM_Get_Version
CM_Get_Class_Key_NameW
CM_Get_DevNode_Status
CM_Enumerate_EnumeratorsW
CM_Get_Global_State_Ex
CM_Query_And_Remove_SubTree_ExW
CM_Create_Range_List
CM_Get_Device_Interface_List_ExA
CM_Free_Res_Des_Ex
CM_Locate_DevNodeW
CM_Get_Hardware_Profile_Info_ExW
CM_Connect_MachineA
CM_Remove_SubTree_Ex
CM_Disconnect_Machine
CM_Get_Res_Des_Data_Size
CM_Enumerate_Enumerators_ExW
CM_Get_Device_ID_ExW
msvcrt20
is_wctype
isprint
?precision@ios@@QAEHH@Z
?attach@fstream@@QAEXH@Z
??0ostream_withassign@@QAE@ABV0@@Z
??1ostream_withassign@@UAE@XZ
_mbsset
_wcsdup
strchr
strtol
_initterm
?unbuffered@streambuf@@IAEXH@Z
__p__commode
__winitenv
?write@ostream@@QAEAAV1@PBEH@Z
_mkdir
??_8stdiostream@@7Bistream@@@
?seekp@ostream@@QAEAAV1@JW4seek_dir@ios@@@Z
??1streambuf@@UAE@XZ
?unlockbuf@ios@@QAAXXZ
fopen
??_Giostream@@UAEPAXI@Z
??5istream@@QAEAAV0@PAC@Z
??_Dstdiostream@@QAEXXZ
towupper
_spawnv
fputws
??6ostream@@QAEAAV0@M@Z
_wexecvp
??_7filebuf@@6B@
??6ostream@@QAEAAV0@F@Z
_mbsrev
fabs
strstr
_beginthreadex
fgetpos
putwchar
strcpy
_mbccpy
__argc
ispunct
vwprintf
??0filebuf@@QAE@H@Z
_matherr
wcscat
kernel32
FindFirstVolumeW
BuildCommDCBAndTimeoutsA
GetCurrentProcess
IsDBCSLeadByteEx
GetLocaleInfoW
GetLocalTime
InterlockedFlushSList
GetConsoleCursorInfo
GetEnvironmentVariableA
GetConsoleHardwareState
SetEvent
Sleep
WriteProfileSectionW
SleepEx
SetConsoleIcon
VirtualFreeEx
GetConsoleCursorMode
AssignProcessToJobObject
CreateActCtxW
GetConsoleFontInfo
SetThreadPriorityBoost
FindNextFileA
GetVersion
ReadFile
Beep
lstrcmp
VirtualAlloc
LocalReAlloc
GlobalAddAtomA
FindResourceExA
CmdBatNotification
GetVersionExA
Module32NextW
GetVersionExW
InterlockedCompareExchange
SetCommTimeouts
FatalAppExitW
GetComputerNameA
ResetEvent
SetupComm
lstrcatW
WritePrivateProfileStructA
DebugBreakProcess
GetFullPathNameA
olecli32
MfGetData
PbLoadFromStream
MfCopy
GenGetData
DibSaveToStream
LeQueryOpen
PbQueryBounds
ObjQueryName
DefCreateFromTemplate
PbCreateLinkFromFile
OleExecute
DefCreateFromFile
OleCreateFromFile
LeSaveToStream
LeCopy
LeChangeData
PbCreateFromTemplate
PbGetData
DibEnumFormat
SetNetName
LeDraw
ErrUpdate
BmClone
OleSaveToStream
LeEqual
LeSetUpdateOptions
ErrSetBounds
ErrReconnect
DibDraw
OleCreateLinkFromClip
DefCreateFromClip
OleSetData
MfEqual
OleUnlockServer
LeExecute
OleCopyFromLink
LeGetUpdateOptions
LeQueryOutOfDate
MfDraw
DibChangeData
OleSetColorScheme
GenEqual
opengl32
glClipPlane
glNormal3b
glFogfv
glGetTexGendv
glEvalPoint1
glGetTexEnviv
glEdgeFlagPointer
glRasterPos4fv
glTexCoord2i
glEnable
glGetString
glTexCoord1d
glEvalMesh1
glRasterPos3f
glLightModelf
glMapGrid2f
glRasterPos2i
glIndexubv
glScaled
glLightiv
glVertex4dv
wglSetLayerPaletteEntries
glDisableClientState
glPixelMapuiv
glVertex2sv
glCopyTexImage1D
glVertex2s
glClearDepth
glNormal3fv
glEvalCoord1dv
glVertex4d
wglDescribeLayerPlane
glTexCoord1f
glDepthRange
glRasterPos2dv
glDebugEntry
glClear
glTexCoord4f
glEndList
glPassThrough
glGetPolygonStipple
glDrawBuffer
wglDescribePixelFormat
glTexCoord2sv
glTexGendv
msvcrt
_spawnle
iswcntrl
__set_app_type
_lseek
__initenv
_findnexti64
_wspawnl
_adjust_fdiv
_swab
_wgetcwd
_putenv
_fileno
__wargv
_ultoa
?set_new_handler@@YAP6AXXZP6AXXZ@Z
_fmode
_isnan
_isatty
_execle
??_Fbad_typeid@@QAEXXZ
__crtLCMapStringW
_mbsncmp
mbstowcs
sinh
_wspawnvp
__CxxLongjmpUnwind
isprint
realloc
_mbsbtype
_wmakepath
wscanf
getwc
_filelength
_strtoi64
___lc_handle_func
_mbctokata
__iscsym
_wcserror
_findfirst64
_mbscoll
__getmainargs
_tzset
__p__timezone
__iob_func
_splitpath
_mbsrev
_rotr
_ismbcgraph
_strtoui64
??_G__non_rtti_object@@UAEPAXI@Z
wcslen
_tolower
_set_SSE2_enable
asctime
__crtGetLocaleInfoW
freopen
_vscwprintf
_wtof
_filbuf
_findfirsti64
_adj_fpatan
fread
_spawnlp
_i64tow
__p__pctype
_mbsspn
_ismbcprint
_mbctoupper
??0exception@@QAE@XZ
_memicmp
_getwche
__p__commode
_mbclen
wcscoll
??0__non_rtti_object@@QAE@ABV0@@Z
_Strftime
??1exception@@UAE@XZ
__p__pgmptr
ftell
_ismbcsymbol
_cexit
_mbsnbicoll
_CItanh
_CIsqrt
fwprintf
??0bad_typeid@@QAE@ABV0@@Z
sin
ntdll
LdrShutdownProcess
NtRemoveIoCompletion
RtlDowncaseUnicodeString
RtlAddAccessDeniedAce
RtlxAnsiStringToUnicodeSize
RtlDnsHostNameToComputerName
RtlCharToInteger
NtQueueApcThread
RtlSelfRelativeToAbsoluteSD
RtlActivateActivationContextEx
RtlIpv4AddressToStringA
ZwWriteVirtualMemory
RtlValidAcl
NtSetUuidSeed
ZwInitializeRegistry
RtlpNotOwnerCriticalSection
RtlQueryProcessDebugInformation
RtlSetIoCompletionCallback
NtDeleteKey
ZwAreMappedFilesTheSame
RtlDosSearchPath_Ustr
RtlSetSaclSecurityDescriptor
RtlLargeIntegerArithmeticShift
floor
RtlRemoteCall
ZwCompareTokens
wcsncpy
RtlExtendedMagicDivide
NtCreateMailslotFile
ZwCreateKeyedEvent
LdrGetDllHandle
NtUnloadKey
RtlDeregisterWaitEx
NtQueryDirectoryFile
RtlTimeToSecondsSince1980
NtCreateFile
ZwFsControlFile
RtlExtendedIntegerMultiply
NtQueryObject
NtReplyWaitReceivePort
RtlLengthRequiredSid
ole32
CoInitialize
CoAddRefServerProcess
CoMarshalInterface
StgCreatePropStg
WdtpInterfacePointer_UserFree
ReadStringStream
CoQueryAuthenticationServices
OleNoteObjectVisible
HMETAFILE_UserMarshal
StgOpenStorage
OleInitialize
OleQueryLinkFromData
OleSetAutoConvert
CoIsOle1Class
CoCreateFreeThreadedMarshaler
OleCreateLinkToFile
CreateStreamOnHGlobal
OleCreateFromFile
StgCreatePropSetStg
CreateObjrefMoniker
OleCreateFromFileEx
CoCreateObjectInContext
CoRegisterSurrogate
CoGetInstanceFromIStorage
CLSIDFromString
HBITMAP_UserFree
WriteStringStream
SNB_UserSize
OleSetClipboard
DcomChannelSetHResult
CLIPFORMAT_UserFree
HGLOBAL_UserUnmarshal
UtGetDvtd32Info
CoGetTreatAsClass
CoUnmarshalHresult
OleUninitialize
CreateClassMoniker
CoFreeUnusedLibraries
GetErrorInfo
WriteOleStg
OleIsRunning
CoReleaseServerProcess
userenv
RefreshPolicyEx
RsopFileAccessCheck
EnterCriticalPolicySection
GetAppliedGPOListW
GetPreviousFgPolicyRefreshInfo
GetUserProfileDirectoryW
RsopAccessCheckByType
DllRegisterServer
RefreshPolicy
LeaveCriticalPolicySection
FreeGPOListW
WaitForUserPolicyForegroundProcessing
ProcessGroupPolicyCompletedEx
DllUnregisterServer
ExpandEnvironmentStringsForUserA
GetAllUsersProfileDirectoryA
FreeGPOListA
DllCanUnloadNow
GetGPOListA
DllGetClassObject
LoadUserProfileA
GetProfilesDirectoryA
RsopLoggingEnabled
GetNextFgPolicyRefreshInfo
GetDefaultUserProfileDirectoryW
ProcessGroupPolicyCompleted
GetAllUsersProfileDirectoryW
GetAppliedGPOListA
GetUserProfileDirectoryA
GetDefaultUserProfileDirectoryA
RsopResetPolicySettingStatus
GetProfileType
RsopSetPolicySettingStatus
LoadUserProfileW
DeleteProfileW
DeleteProfileA
WaitForMachinePolicyForegroundProcessing
UnregisterGPNotification
DestroyEnvironmentBlock
UnloadUserProfile
GetProfilesDirectoryW
activeds
ADsGetLastError
FreeADsStr
AllocADsMem
SecurityDescriptorToBinarySD
ADsBuildVarArrayStr
ReallocADsStr
PropVariantToAdsType2
PropVariantToAdsType
AdsTypeToPropVariant
ADsGetObject
ConvertSecDescriptorToVariant
ADsBuildEnumerator
AdsFreeAdsValues
DllGetClassObject
ADsOpenObject
ADsBuildVarArrayInt
ReallocADsMem
ConvertSecurityDescriptorToSecDes
AdsTypeToPropVariant2
ADsEnumerateNext
BinarySDToSecurityDescriptor
DllCanUnloadNow
ADsDecodeBinaryData
FreeADsMem
ADsEncodeBinaryData
untfs
?QueryAttributeByOrdinal@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_ATTRIBUTE@@PAEKK@Z
??0NTFS_ATTRIBUTE_DEFINITION_TABLE@@QAE@XZ
??0NTFS_MFT_FILE@@QAE@XZ
?ReadSet@NTFS_FRS_STRUCTURE@@QAEEPAVTLINK@@@Z
??0NTFS_FILE_RECORD_SEGMENT@@QAE@XZ
?IsDosName@NTFS_SA@@SGEPBU_FILE_NAME@@@Z
?Initialize@NTFS_SA@@QAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@VBIG_INT@@2@Z
?Read@NTFS_SA@@UAEEXZ
??0NTFS_ATTRIBUTE_LIST@@QAE@XZ
??1NTFS_REFLECTED_MASTER_FILE_TABLE@@UAE@XZ
??1NTFS_BAD_CLUSTER_FILE@@UAE@XZ
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@KPAVNTFS_MASTER_FILE_TABLE@@@Z
??1NTFS_UPCASE_TABLE@@UAE@XZ
?Resize@NTFS_ATTRIBUTE@@UAEEVBIG_INT@@PAVNTFS_BITMAP@@@Z
Extend
?Extend@NTFS_MASTER_FILE_TABLE@@QAEEK@Z
?QueryEntry@NTFS_INDEX_TREE@@QAEEKPAXKPAPAU_INDEX_ENTRY@@PAPAVNTFS_INDEX_BUFFER@@PAE@Z
?InsertEntry@NTFS_INDEX_TREE@@QAEEKPAXU_MFT_SEGMENT_REFERENCE@@E@Z
?NtfsUpcaseCompare@@YGJPBGK0KPBVNTFS_UPCASE_TABLE@@E@Z
?ComputeFileNameSignature@NTFS_MFT_INFO@@CGXKPAU_FILE_NAME@@QAE@Z
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@PAVNTFS_MFT_FILE@@@Z
??1NTFS_MFT_FILE@@UAE@XZ
??0NTFS_INDEX_TREE@@QAE@XZ
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@PAVNTFS_MASTER_FILE_TABLE@@@Z
msdart
??1CCritSec@@QAE@XZ
?ConvertExclusiveToShared@CFakeLock@@QAEXXZ
?FindKey@CLKRLinearHashTable@@QBE?AW4LK_RETCODE@@KPAPBX@Z
SetMemHook
?ConvertSharedToExclusive@CReaderWriterLock3@@QAEXXZ
?ApplyIf@CLKRHashTable@@QAEKP6G?AW4LK_PREDICATE@@PBXPAX@ZP6G?AW4LK_ACTION@@01@Z1W4LK_LOCKTYPE@@@Z
?_ReadOrWriteLock@CLKRLinearHashTable@@ABE_NXZ
?ConvertExclusiveToShared@CCritSec@@QAEXXZ
?WriteUnlock@CLKRLinearHashTable@@QBEXXZ
?IsWriteUnlocked@CReaderWriterLock@@QBE_NXZ
?NumSubTables@CLKRHashTable@@QBEHXZ
?_TryWriteLock@CReaderWriterLock2@@AAE_NJ@Z
UMSEnterCSWraper
?sm_dblDfltSpinAdjFctr@CReaderWriterLock3@@1NA
?_Initialize@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@P6G?BKPBX@ZP6GKK@ZP6G_NKK@ZP6GX0H@ZPBDNK@Z
?InsertHead@CLockedDoubleList@@QAEXQAVCListEntry@@@Z
?sm_wDefaultSpinCount@CFakeLock@@1GA
?IsValid@CLKRLinearHashTable@@QBE_NXZ
?IsEmpty@CLockedDoubleList@@QBE_NXZ
?IsUsable@CLKRLinearHashTable@@QBE_NXZ
?TryWriteLock@CReaderWriterLock2@@QAE_NXZ
?ReadUnlock@CReaderWriterLock3@@QAEXXZ
?BucketIndex@CLKRHashTableStats@@SGJJ@Z
?_LockSpin@CReaderWriterLock2@@AAEX_N@Z
?IsReadLocked@CLKRHashTable@@QBE_NXZ
?ConvertSharedToExclusive@CLKRLinearHashTable@@QBEXXZ
msvcp60
?seekg@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV12@JW4seekdir@ios_base@2@@Z
_FCosh
?real@std@@YAOABV?$complex@O@1@@Z
?is_open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QBE_NXZ
?_Fabs@std@@YAMABV?$complex@M@1@PAH@Z
??0?$_Mpunct@D@std@@QAE@ABV_Locinfo@1@I_N@Z
?sqrt@?$_Ctr@M@std@@SAMM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PAG0PBG1@Z
?eof@?$char_traits@D@std@@SAHXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0ABV?$allocator@D@1@@Z
?ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??_D?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAEXXZ
?is@?$ctype@G@std@@QBEPBGPBG0PAF@Z
?_Tidy@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXXZ
?eq_int_type@?$char_traits@G@std@@SA_NABG0@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0ABV12@@Z
?_Getcat@?$messages@D@std@@SAIXZ
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
?do_hash@?$collate@D@std@@MBEJPBD0@Z
?_Getcat@?$collate@G@std@@SAIXZ
?_Getcat@?$moneypunct@G$00@std@@SAIXZ
?get@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEGXZ
??_F?$codecvt@DDH@std@@QAEXXZ
?width@ios_base@std@@QAEHH@Z
?do_thousands_sep@?$numpunct@D@std@@MBEDXZ
wctob
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHIIPBGI@Z
?_Copy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
_Stod
??1?$codecvt@GDH@std@@UAE@XZ
?_Cltab@?$ctype@D@std@@0PBFB
_FXbig
?arg@std@@YANABV?$complex@N@1@@Z
??1codecvt_base@std@@UAE@XZ
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@W4_Uninitialized@1@@Z
?id@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@2V0locale@2@A
?eof@?$char_traits@G@std@@SAGXZ
??9locale@std@@QBE_NABV01@@Z
?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
?_Getyes@_Locinfo@std@@QBEPBDXZ
user32
SetFocus
input
CPlApplet
Sections
.text Size: 17KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE