Static task
static1
Behavioral task
behavioral1
Sample
642b93d89e8ceaa07a77c421690c6fcb_JaffaCakes118.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral2
Sample
642b93d89e8ceaa07a77c421690c6fcb_JaffaCakes118.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
General
-
Target
642b93d89e8ceaa07a77c421690c6fcb_JaffaCakes118
-
Size
2.0MB
-
MD5
642b93d89e8ceaa07a77c421690c6fcb
-
SHA1
0eb210d7fcb5592dcb3c9e72716e36ea4529e1b5
-
SHA256
1aabbe2f7b733dbb96c2b0e98698ae3cfbab9f0c13539f5f986930b16e6dd0f8
-
SHA512
3d6b0eb544739a0e585fedc7901615552b5464e0fd0cfe4032fdfec9f43fe7b79c9422cbeee51b99d93dde7c2c8074bba2f4a0854ee654329f3cf5d2546520ed
-
SSDEEP
24576:65AVsnjgsW4FuGyqR5LYTahY9r/nr7WRZ7T0a:rejgp4nyWYp/nGRZka
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 642b93d89e8ceaa07a77c421690c6fcb_JaffaCakes118
Files
-
642b93d89e8ceaa07a77c421690c6fcb_JaffaCakes118.exe windows:4 windows x86 arch:x86
ed716347843fab6f41c66d928b4c157e
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
gdiplus
GdiplusShutdown
GdiplusStartup
GdipCreateFromHDC
GdipDrawImageRectI
GdipDeleteGraphics
mfc80
ord5731
ord1063
ord6255
ord1009
ord1929
ord326
ord4001
ord4123
ord502
ord5641
ord5640
ord347
ord563
ord4951
ord3934
ord3761
ord2367
ord4035
ord3684
ord675
ord907
ord2321
ord442
ord762
ord4104
ord605
ord715
ord2176
ord2020
ord1308
ord3397
ord2902
ord908
ord3849
ord5403
ord2468
ord297
ord1489
ord6118
ord299
ord6703
ord2371
ord4125
ord3317
ord4240
ord1591
ord2095
ord741
ord3229
ord4237
ord1570
ord2091
ord4099
ord1484
ord1933
ord6266
ord1397
ord657
ord3315
ord4244
ord1589
ord1647
ord739
ord651
ord416
ord354
ord3182
ord4262
ord5203
ord1401
ord5912
ord6724
ord1551
ord1670
ord1671
ord4890
ord4212
ord5182
ord1880
ord1794
ord781
ord6236
ord1467
ord1486
ord1916
ord3997
ord2271
ord3641
ord6067
ord6090
ord4580
ord4735
ord3683
ord4541
ord4481
ord2838
ord5566
ord5213
ord5230
ord4568
ord3948
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2063
ord4326
ord3801
ord6278
ord4014
ord4038
ord5570
ord3401
ord5975
ord1054
ord3830
ord591
ord266
ord5563
ord2272
ord4085
ord1084
ord3171
ord4234
ord1547
ord2089
ord4098
ord1483
ord330
ord2899
ord2164
ord911
ord298
ord6168
ord2168
ord1122
ord3292
ord1581
ord1643
ord1892
ord1024
ord1185
ord1187
ord1191
ord2328
ord2368
ord3204
ord3576
ord709
ord6037
ord2264
ord5642
ord501
ord6754
ord6752
ord3172
ord1548
ord1636
ord592
ord4108
ord1564
ord4353
ord3878
ord3952
ord1966
ord1968
ord5727
ord2864
ord1482
ord3430
ord5702
ord2427
ord3070
ord3553
ord3552
ord5529
ord5419
ord372
ord4081
ord3592
ord1053
ord2018
ord300
ord2131
ord2248
ord757
ord2990
ord566
ord3244
ord2094
ord4100
ord1955
ord1283
ord2938
ord3286
ord4320
ord865
ord355
ord5644
ord1425
ord2657
ord6017
ord4118
ord1395
ord6283
ord1091
ord2324
ord4109
ord760
ord3337
ord1979
ord1161
ord3423
ord3086
ord6048
ord4888
ord4394
ord1729
ord5986
ord2654
ord6005
ord5714
ord6006
ord5715
ord745
ord722
ord557
ord530
ord782
ord3850
ord1199
ord758
ord567
ord356
ord1096
ord5491
ord6120
ord5613
ord589
ord5833
ord4115
ord602
ord753
ord587
ord2086
ord1545
ord6725
ord5915
ord1620
ord1617
ord3946
ord1402
ord4232
ord5152
ord1908
ord5073
ord6275
ord4185
ord5214
ord3403
ord4722
ord4282
ord1600
ord5960
ord5235
ord5233
ord923
ord928
ord932
ord930
ord934
ord2390
ord2410
ord2394
ord2400
ord2398
ord2396
ord2413
ord2408
ord2392
ord2415
ord2403
ord2385
ord2387
ord2405
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5175
ord1964
ord1656
ord1655
ord1599
ord5200
ord2537
ord2731
ord2835
ord4307
ord2714
ord2862
ord2540
ord2646
ord2533
ord2991
ord3718
ord3719
ord3709
ord2644
ord3949
ord4486
ord4261
ord3164
ord572
ord1903
ord2372
ord5637
ord1279
ord3161
ord3163
ord1280
ord3287
ord1934
ord1123
ord3210
ord6065
ord310
ord2322
ord876
ord265
ord304
ord784
ord578
ord764
ord1931
ord1207
msvcr80
_mbscmp
_makepath_s
_splitpath_s
_mbsrchr
_strdup
abs
fprintf
sscanf
strlen
_mbsnbcpy_s
_mbsstr
memcpy_s
_snprintf_s
isalnum
isalpha
strchr
isspace
tolower
_mbschr
_mbsicmp
strtoul
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
_stricmp
_strupr_s
strncpy_s
_findclose
_findfirst64
_stat64i32
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_except_handler4_common
_amsg_exit
__getmainargs
_cexit
_exit
strcmp
setlocale
toupper
memmove_s
_vsnprintf_s
_recalloc
calloc
free
malloc
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
atoi
strcat_s
vsprintf_s
_purecall
strcpy_s
strstr
strncmp
__CxxFrameHandler3
memset
memcpy
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__set_app_type
_setmbcp
__p__fmode
kernel32
FormatMessageA
GetModuleHandleA
SetLastError
GetLongPathNameA
FreeLibrary
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
LockResource
LoadResource
FindResourceA
LocalFree
WinExec
lstrcatA
GetWindowsDirectoryA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
IsBadReadPtr
lstrcpyA
GetLocaleInfoA
GetSystemDefaultLangID
Sleep
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
GetEnvironmentVariableA
lstrlenA
lstrcmpiA
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
GetCommandLineA
GetModuleFileNameA
GetShortPathNameA
InterlockedDecrement
LoadLibraryA
GetProcAddress
InterlockedIncrement
GetCurrentProcessId
GetVersionExA
GetDriveTypeA
DeviceIoControl
GetLastError
CloseHandle
GetACP
GetThreadLocale
CreateFileA
user32
IsWindowVisible
IsDialogMessageA
GetDlgCtrlID
SetWindowLongA
MessageBoxA
GetCapture
GetWindowTextA
IsWindowEnabled
DestroyIcon
DrawStateA
ReleaseDC
GetDC
CreateIconIndirect
GetIconInfo
SetWindowTextA
MessageBeep
CopyIcon
RedrawWindow
SetRectEmpty
PtInRect
GetDesktopWindow
ReleaseCapture
LoadCursorA
IsWindow
DestroyWindow
SetCapture
KillTimer
GetKeyState
MapDialogRect
SetTimer
UpdateWindow
IsRectEmpty
ModifyMenuA
GetMenuItemID
GetMenuItemCount
IsMenu
GetClassNameA
GetMenu
GetWindow
GetSysColorBrush
LoadBitmapA
SetMenuDefaultItem
GetCursorPos
TrackPopupMenu
LoadIconA
AppendMenuA
FindWindowA
ShowWindow
BringWindowToTop
SetForegroundWindow
GetSystemMenu
RemoveMenu
LoadMenuA
LoadImageA
GetSysColor
GetSubMenu
TrackPopupMenuEx
PostMessageA
SetCursor
DestroyCursor
DestroyMenu
GetWindowLongA
EnableWindow
WindowFromPoint
GetParent
GetNextDlgTabItem
GetActiveWindow
InvalidateRect
ClientToScreen
GetClientRect
GetWindowRect
SendMessageA
DrawFocusRect
FrameRect
FillRect
OffsetRect
InflateRect
CopyRect
gdi32
ExtTextOutA
StretchBlt
RealizePalette
GetBkColor
CreateFontIndirectA
GetObjectA
CreateCompatibleBitmap
GetPixel
GetTextExtentPoint32A
CreateBitmap
CreateCompatibleDC
SelectObject
SetBkColor
BitBlt
SetTextColor
DeleteDC
GetStockObject
DeleteObject
CreatePalette
CreateDIBitmap
SelectPalette
SetDIBitsToDevice
CreateDIBSection
TextOutA
SetTextJustification
GetTextExtentPointA
CreatePen
CreateSolidBrush
SetPixel
RoundRect
advapi32
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueA
RegOpenCurrentUser
RegDeleteValueA
RegCreateKeyExA
RegQueryValueExA
shell32
ShellExecuteA
Shell_NotifyIconA
ShellExecuteExA
comctl32
ord17
_TrackMouseEvent
shlwapi
PathFileExistsA
ole32
CoInitialize
CoInitializeEx
CoCreateInstance
CoUninitialize
oleaut32
SysAllocStringLen
SysFreeString
msvcp80
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
?rend@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$reverse_iterator@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@XZ
?rbegin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$reverse_iterator@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?insert@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IPB_W@Z
?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?insert@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IABV12@@Z
?_Init@locale@std@@CAPAV_Locimp@12@XZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_W@Z
?push_back@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEX_W@Z
??1locale@std@@QAE@XZ
?is@?$ctype@_W@std@@QBE_NF_W@Z
?tolower@?$ctype@_W@std@@QBE_W_W@Z
??0_Lockit@std@@QAE@H@Z
?id@?$ctype@_W@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@@Z
?_Incref@facet@locale@std@@QAEXXZ
?facet_Register@facet@locale@std@@CAXPAV123@@Z
??1_Lockit@std@@QAE@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
version
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA
Sections
.text Size: 180KB - Virtual size: 178KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 72KB - Virtual size: 69KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 20KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.1rdata Size: 76KB - Virtual size: 76KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE