Static task
static1
Behavioral task
behavioral1
Sample
68a506113e88f99889665171ccec3dda_JaffaCakes118.exe
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral2
Sample
68a506113e88f99889665171ccec3dda_JaffaCakes118.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
General
-
Target
68a506113e88f99889665171ccec3dda_JaffaCakes118
-
Size
16.3MB
-
MD5
68a506113e88f99889665171ccec3dda
-
SHA1
2d09046740dad0622564da56588caf356099c2c1
-
SHA256
e788292d9d00f2195739aa3b6da67e9037d8c93fb5955aa01640b3f6c1ea1d41
-
SHA512
230699ac0239f578a24564b89fa20c0caed531571a35650798de11450c16e5955f91e1fd1fc28b8d04e941dc88d8004fcb58021c629d26c9e4a67c98eacaa887
-
SSDEEP
49152:J+FPb3gm/R4R2ThDLgDcZR1uKdBrCYS+clp:J+FPb3gmhThDLgDcZ+KDrCY
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 68a506113e88f99889665171ccec3dda_JaffaCakes118
Files
-
68a506113e88f99889665171ccec3dda_JaffaCakes118.exe windows:4 windows x86 arch:x86
4879b0d8198f93b77faa139e5589eb48
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
dnsapi
DnsQuery_A
DnsRecordListFree
winmm
PlaySoundA
mfc71
ord4234
ord3171
ord1639
ord1568
ord5214
ord2991
ord3227
ord5203
ord3182
ord591
ord656
ord605
ord572
ord354
ord587
ord1883
ord6236
ord5807
ord2657
ord4580
ord4100
ord2094
ord3244
ord1955
ord6144
ord1283
ord1425
ord630
ord3088
ord2021
ord385
ord1873
ord2168
ord2958
ord709
ord501
ord5866
ord5873
ord3879
ord911
ord4768
ord1063
ord2321
ord6237
ord1647
ord1589
ord3315
ord1654
ord1598
ord2987
ord3328
ord651
ord754
ord416
ord739
ord3883
ord6182
ord2884
ord907
ord2496
ord5751
ord2370
ord1564
ord3991
ord3799
ord1489
ord299
ord2933
ord6118
ord1554
ord3195
ord4104
ord3875
ord2176
ord1308
ord1262
ord3684
ord2090
ord1637
ord1558
ord4236
ord3214
ord642
ord3651
ord6255
ord2873
ord2468
ord1009
ord563
ord6120
ord3163
ord3287
ord3302
ord602
ord1966
ord5523
ord4001
ord4123
ord5641
ord502
ord326
ord5639
ord5588
ord1279
ord347
ord2306
ord1181
ord2259
ord2794
ord4109
ord2271
ord667
ord584
ord1434
ord317
ord433
ord3108
ord2654
ord6304
ord1970
ord2907
ord432
ord4081
ord2451
ord2095
ord1591
ord4240
ord3317
ord741
ord5613
ord3161
ord6035
ord3401
ord1968
ord5731
ord5637
ord4118
ord4115
ord1728
ord5640
ord2368
ord3989
ord4749
ord4761
ord4394
ord5235
ord5233
ord2390
ord2400
ord2398
ord2396
ord2392
ord2415
ord2403
ord1191
ord1187
ord3683
ord4038
ord4014
ord6278
ord3801
ord6276
ord4326
ord2063
ord2018
ord5583
ord3806
ord1010
ord5102
ord6219
ord5382
ord3832
ord1920
ord2931
ord5224
ord5226
ord3948
ord4568
ord5230
ord5213
ord5566
ord2537
ord2731
ord2835
ord4307
ord2714
ord2838
ord2540
ord2646
ord2533
ord3718
ord3719
ord3709
ord2644
ord3949
ord4481
ord4261
ord3333
ord757
ord566
ord764
ord578
ord658
ord620
ord1123
ord2322
ord310
ord1084
ord1054
ord2020
ord1122
ord2248
ord2164
ord297
ord2469
ord1207
ord3934
ord784
ord265
ord304
ord762
ord2092
ord1641
ord1547
ord2089
ord4098
ord1483
ord1931
ord3164
ord4232
ord1545
ord2086
ord3641
ord1280
ord1916
ord1934
ord3210
ord3204
ord4353
ord6090
ord5833
ord6065
ord781
ord1903
ord1794
ord4262
ord4967
ord4244
ord1401
ord5912
ord1551
ord1670
ord1671
ord4890
ord4735
ord4212
ord5182
ord3441
ord1249
ord1091
ord6067
ord3761
ord266
ord6168
ord2292
ord3850
ord3997
ord3397
ord2902
ord1248
ord6138
ord1482
ord1247
ord1486
ord4085
ord2272
ord5491
ord2372
ord5200
ord2160
ord2866
ord4035
ord876
ord3230
ord4486
ord2862
ord1599
ord1655
ord1656
ord1964
ord5175
ord1362
ord3345
ord6277
ord3802
ord6279
ord1522
ord2172
ord2178
ord2405
ord2387
ord2385
ord2408
ord2413
ord2394
ord2410
ord934
ord930
ord932
ord928
ord923
ord5960
ord1600
ord4282
ord4722
ord3403
ord4185
ord6275
ord5073
ord1908
ord5152
ord4238
ord1402
ord3946
ord1617
ord1620
ord5915
ord1571
msvcr71
tolower
isdigit
strcat
_itoa
sscanf
atoi
strcpy
mbstowcs
??0exception@@QAE@XZ
??1exception@@UAE@XZ
strlen
memcpy
toupper
memset
_CxxThrowException
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
??0exception@@QAE@ABV0@@Z
_except_handler3
_ismbcdigit
strstr
time
labs
strcmp
_fmode
malloc
__CxxFrameHandler
free
fclose
fopen
ftell
fseek
fwrite
fread
memmove
memcmp
memchr
rand
srand
getenv
sprintf
wcscat
_wfopen
wcslen
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_exit
_XcptFilter
_ismbblead
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
_stat
_strcmpi
_wcsnicmp
_setmbcp
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__security_error_handler
_c_exit
_controlfp
kernel32
GetSystemTimeAsFileTime
GetStartupInfoA
ReleaseSemaphore
CreateSemaphoreA
OpenSemaphoreA
OpenEventA
OutputDebugStringA
GetShortPathNameA
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
HeapFree
GetProcessHeap
HeapAlloc
GetVolumeInformationA
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
VirtualFreeEx
FindResourceA
LoadResource
LockResource
CopyFileA
MoveFileExA
GetExitCodeThread
SetThreadPriority
SuspendThread
SetFileAttributesA
DeleteFileA
ResetEvent
GetCurrentThreadId
ReadDirectoryChangesW
GetFullPathNameA
ResumeThread
WaitForMultipleObjects
CreateEventA
SetEvent
GetCurrentProcessId
TerminateThread
CreateThread
GetTickCount
lstrcmpA
GetLogicalDriveStringsA
GetDriveTypeA
EnterCriticalSection
LeaveCriticalSection
GetWindowsDirectoryA
GetFileTime
SetFileTime
InterlockedDecrement
lstrcpyA
CreateProcessA
WriteFile
CreateFileA
GetFileSize
ReadFile
FormatMessageA
GetTempPathA
GetTempFileNameA
VirtualQuery
GetSystemTime
lstrcatA
FindFirstFileA
FindNextFileA
FindClose
QueryPerformanceFrequency
QueryPerformanceCounter
lstrcpynA
LocalFree
TerminateProcess
GetExitCodeProcess
OpenProcess
GetCurrentProcess
CloseHandle
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
WaitForSingleObject
FreeLibrary
ReleaseMutex
GetModuleHandleA
ExitProcess
GetCommandLineA
GetModuleFileNameA
CreateMutexA
IsDebuggerPresent
Sleep
SetUnhandledExceptionFilter
DeleteCriticalSection
InitializeCriticalSection
GetLastError
lstrlenA
lstrcmpiA
lstrcmpiW
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetVersion
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
InterlockedExchange
user32
GetSubMenu
LoadMenuA
MessageBoxA
FindWindowExA
GetWindowThreadProcessId
AttachThreadInput
WaitForInputIdle
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowEnabled
EnumChildWindows
GetDlgCtrlID
LoadImageA
SetWindowRgn
GetDC
MoveWindow
ReleaseDC
OffsetRect
CopyRect
GetSysColor
ShowWindow
SetWindowPos
AnimateWindow
MonitorFromRect
GetMonitorInfoA
GetKeyState
SetCursor
ClientToScreen
PostQuitMessage
GetCursorPos
EnableMenuItem
GetTopWindow
IsWindowVisible
UpdateWindow
ModifyMenuA
DestroyMenu
PtInRect
IsIconic
DrawIcon
SetForegroundWindow
CreatePopupMenu
AppendMenuA
GetParent
DrawTextA
RedrawWindow
GetFocus
GetWindowRect
GetWindowLongA
SetWindowLongA
SetLayeredWindowAttributes
SystemParametersInfoA
FillRect
InvalidateRect
GetSystemMetrics
KillTimer
SetTimer
GetPropA
DefWindowProcA
DestroyIcon
RemovePropA
DestroyWindow
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
SetPropA
EnableWindow
GetClientRect
GetMessagePos
ScreenToClient
SendMessageA
PostMessageA
FindWindowA
wsprintfA
CharLowerA
TrackPopupMenu
SetFocus
gdi32
DPtoLP
GetMapMode
SetMapMode
CreateBitmap
DeleteDC
ExtCreateRegion
GetDeviceCaps
Rectangle
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
GetViewportOrgEx
SetViewportOrgEx
BitBlt
DeleteObject
CreateRectRgnIndirect
CreateFontIndirectA
SelectObject
SetTextColor
SetBkMode
SetBkColor
TextOutA
GetPixel
CreateSolidBrush
GetStockObject
advapi32
OpenProcessToken
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
SetNamedSecurityInfoA
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
InitializeSecurityDescriptor
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
RegQueryValueExW
RegCreateKeyW
RegOpenKeyExW
RegSetValueExW
InitiateSystemShutdownA
RegCreateKeyA
RegSetValueA
OpenSCManagerA
OpenServiceA
ControlService
ChangeServiceConfigA
CloseServiceHandle
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
shell32
ShellExecuteA
SHGetSpecialFolderPathA
SHAppBarMessage
ShellExecuteExA
Shell_NotifyIconA
comctl32
_TrackMouseEvent
ImageList_Create
ImageList_ReplaceIcon
shlwapi
StrStrIA
SHRegGetUSValueW
PathIsDirectoryA
SHDeleteValueA
ole32
CoUninitialize
StringFromGUID2
CoCreateGuid
CoInitializeEx
CoCreateInstance
CoInitialize
oleaut32
VariantClear
VariantInit
SysFreeString
SysAllocString
msvcp71
?_Register@facet@locale@std@@QAEXXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?eof@?$char_traits@D@std@@SAHXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?to_char_type@?$char_traits@D@std@@SADABH@Z
??1_Lockit@std@@QAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?is@?$ctype@D@std@@QBE_NFD@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAJ@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@V312@@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
?is_open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
?rdbuf@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPAV?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?eof@ios_base@std@@QBE_NXZ
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?uncaught_exception@std@@YA_NXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?width@ios_base@std@@QBEHXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
??Bid@locale@std@@QAEIXZ
?id@?$ctype@D@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flags@ios_base@std@@QBEHXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
af
GetAF
hjengine
hj_cvdfree
hj_cvdverify
hj_scanfile
hj_load
hj_free
hj_build
hj_cvdhead
psapi
GetModuleBaseNameA
EnumProcesses
GetModuleFileNameExA
EnumProcessModules
wininet
InternetSetFilePointer
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetQueryOptionA
InternetOpenA
FindCloseUrlCache
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
InternetOpenUrlA
ws2_32
WSAStartup
inet_addr
htons
ntohl
WSACleanup
ntohs
gethostbyname
gethostname
inet_ntoa
htonl
Sections
.text Size: 216KB - Virtual size: 214KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 108KB - Virtual size: 105KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 4KB - Virtual size: 3B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 16.0MB - Virtual size: 16.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ