Static task
static1
Behavioral task
behavioral1
Sample
791a9b079203d68d9f5ca63a068eb3e8_JaffaCakes118.exe
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral2
Sample
791a9b079203d68d9f5ca63a068eb3e8_JaffaCakes118.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
General
-
Target
791a9b079203d68d9f5ca63a068eb3e8_JaffaCakes118
-
Size
394KB
-
MD5
791a9b079203d68d9f5ca63a068eb3e8
-
SHA1
6f8eb900675630357b8463bc68e0a20b63e9c104
-
SHA256
5e41a001c7fbdfcaa7dfdbb68137ed1faae89035a83e57760656c185a7eb5085
-
SHA512
26dc503f8c4e5a991bd378bd32fa7e4a1d40fdd7e0a53892ac47108e272e752fdf6ebf4c7919c024a3a579bc4d54f79e795b7a7deb30924002a68a418e508f80
-
SSDEEP
6144:55mII7GtsRqbX2hs1YApl5FTGV5804aroCcGMoqfPU/EN6WTBf+sBi0rj8:55mVq2RsmLIl5ct2XjoaOEN6WTB9M
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 791a9b079203d68d9f5ca63a068eb3e8_JaffaCakes118
Files
-
791a9b079203d68d9f5ca63a068eb3e8_JaffaCakes118.exe windows:4 windows x86 arch:x86
06e70d492a3bf45e194ad4931c9989e3
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
shfolder
SHGetFolderPathA
shell32
SHGetSpecialFolderPathA
ShellExecuteA
ShellExecuteExA
iphlpapi
GetAdaptersInfo
mfc71
ord5419
ord5490
ord6021
ord305
ord5154
ord2368
ord2367
ord2372
ord4125
ord4118
ord4735
ord6277
ord3596
ord5915
ord1402
ord5073
ord5214
ord2991
ord572
ord1614
ord760
ord3605
ord3908
ord1794
ord3337
ord1024
ord3641
ord3441
ord709
ord501
ord4648
ord4394
ord4692
ord3401
ord2719
ord5203
ord3204
ord605
ord356
ord354
ord4115
ord4580
ord1968
ord3989
ord1425
ord5731
ord1279
ord347
ord3684
ord3423
ord2160
ord1545
ord6120
ord1377
ord4232
ord587
ord5833
ord602
ord5710
ord3761
ord589
ord4078
ord6037
ord330
ord2451
ord4353
ord3174
ord747
ord1263
ord3835
ord1395
ord6283
ord2264
ord2346
ord3287
ord3163
ord5637
ord4100
ord2094
ord3244
ord1955
ord758
ord567
ord5640
ord5641
ord2075
ord2234
ord1580
ord1929
ord2233
ord5642
ord5727
ord5331
ord6297
ord5320
ord6286
ord3551
ord1643
ord715
ord1581
ord3139
ord5613
ord2263
ord4085
ord259
ord1283
ord2371
ord6017
ord1971
ord2938
ord1092
ord3233
ord423
ord660
ord4063
ord866
ord5466
ord2271
ord3997
ord6168
ord1916
ord2168
ord6065
ord6090
ord2164
ord6067
ord907
ord2469
ord4262
ord4486
ord2862
ord5200
ord1599
ord1655
ord1656
ord1964
ord5175
ord1362
ord4967
ord3345
ord3802
ord6279
ord1522
ord2172
ord2178
ord2405
ord2387
ord2385
ord2403
ord2415
ord2392
ord2408
ord2413
ord2396
ord2398
ord2400
ord2394
ord2410
ord2390
ord934
ord930
ord932
ord928
ord923
ord5233
ord5235
ord5960
ord1600
ord4282
ord4722
ord3403
ord4185
ord6275
ord1908
ord5152
ord4244
ord1401
ord3946
ord1617
ord1620
ord5912
ord1551
ord1670
ord1671
ord4890
ord4212
ord5182
ord1903
ord1084
ord1054
ord3830
ord5119
ord1564
ord2322
ord6179
ord769
ord6172
ord6178
ord5124
ord566
ord416
ord865
ord908
ord2131
ord5491
ord2020
ord3397
ord1248
ord757
ord3333
ord4261
ord4481
ord3949
ord2644
ord3709
ord3719
ord3718
ord2533
ord2646
ord2540
ord2838
ord2714
ord4307
ord2835
ord2731
ord2537
ord5566
ord5213
ord5230
ord4568
ord3948
ord2248
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord3801
ord6278
ord4014
ord4038
ord2699
ord4081
ord1207
ord2272
ord3850
ord2594
ord1486
ord2468
ord5403
ord4035
ord300
ord762
ord1063
ord1280
ord3161
ord1934
ord3210
ord1482
ord2933
ord299
ord6118
ord2902
ord1489
ord6138
ord3934
ord1258
ord1247
ord781
ord651
ord764
ord1187
ord1191
ord876
ord5420
ord1917
ord304
ord265
ord911
ord266
ord297
ord578
ord593
ord334
ord310
ord3255
ord784
ord3683
ord4541
ord559
msvcr71
_fstat
_fileno
_setmbcp
_errno
fputc
ftell
fprintf
memset
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_c_exit
_exit
_XcptFilter
_ismbblead
_ultoa
fread
isdigit
srand
rand
fwrite
_snprintf
_vsnprintf
_itoa
asctime
_mbslen
_mbsnbcmp
_mbstok
_mbsrchr
_mbsnbcat
_beginthread
_endthreadex
sprintf
_mbsnbicmp
_beginthreadex
_mbscmp
_mbschr
_mbctype
memchr
strtol
atoi
_mbsnbcpy
_mbsinc
fputs
fopen
fclose
_mbslwr
_mbsstr
_findfirst
_findnext
_findclose
_time64
_cexit
exit
_CxxThrowException
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
??0exception@@QAE@ABV0@@Z
vsprintf
_vscprintf
??0exception@@QAE@XZ
??1exception@@UAE@XZ
ceil
memmove
_mbsicmp
_localtime64
_purecall
_open
_setmode
_fdopen
_filelength
fgets
__CxxFrameHandler
_except_handler3
_resetstkoflw
free
malloc
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__security_error_handler
_controlfp
kernel32
LocalFree
lstrlenA
CreateDirectoryA
GetFileAttributesA
GetCurrentProcess
SetLastError
CloseHandle
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
GetShortPathNameA
MoveFileExA
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
LoadLibraryA
FreeLibrary
MulDiv
SetEndOfFile
CreateMutexA
LeaveCriticalSection
GetExitCodeThread
GetLocalTime
OutputDebugStringA
FindClose
RemoveDirectoryA
GetCurrentDirectoryA
SetEvent
ResetEvent
OpenEventA
GetDriveTypeA
GetLogicalDriveStringsA
GetDiskFreeSpaceExA
CreateProcessA
GetModuleHandleA
CreateEventA
WaitForMultipleObjectsEx
GetVolumeInformationA
GetStartupInfoA
ExitProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
WideCharToMultiByte
lstrlenW
LocalAlloc
FormatMessageA
TerminateProcess
OpenProcess
Process32Next
GetCurrentProcessId
GetModuleFileNameA
Process32First
CreateToolhelp32Snapshot
InterlockedDecrement
WaitForSingleObject
SetWaitableTimer
CreateWaitableTimerA
WriteFile
CreateFileA
FindNextFileA
FindFirstFileA
SetCurrentDirectoryA
CopyFileA
DeleteFileA
SetFileAttributesA
GetWindowsDirectoryA
GetCurrentThreadId
GetCommandLineA
GetVersion
InterlockedIncrement
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
ReadFile
MapViewOfFileEx
CreateFileMappingA
GetFileSize
UnmapViewOfFile
GetPrivateProfileIntA
Sleep
SetPriorityClass
SetFilePointer
EnterCriticalSection
FlushFileBuffers
GetTickCount
lstrcpynA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiA
TerminateThread
CreateThread
lstrcatA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
lstrcpyA
OpenMutexA
GetProcAddress
user32
CallWindowProcA
GetSystemMetrics
DestroyMenu
IsZoomed
IsIconic
GetMenuItemID
SetMenuDefaultItem
EnableMenuItem
AppendMenuA
CreatePopupMenu
GetSubMenu
WindowFromPoint
UnhookWindowsHookEx
GetWindowTextA
SetWindowsHookExA
CallNextHookEx
SetWindowLongA
DrawFocusRect
SystemParametersInfoA
GetSysColor
UpdateWindow
SetRectEmpty
GetMenuItemRect
UnionRect
TrackPopupMenuEx
FillRect
FrameRect
SetMenuItemInfoA
SetMenuItemBitmaps
GetDesktopWindow
GetMenuItemInfoA
GetMenuDefaultItem
LoadStringA
GetMenuItemCount
GetMenuState
IsMenu
InsertMenuItemA
keybd_event
GetFocus
OffsetRect
ValidateRect
DrawTextA
GetDlgCtrlID
GetWindowLongA
LoadCursorA
SetCapture
CopyRect
SetCursor
FindWindowExA
IsWindow
GetCursorPos
GetWindow
GetClassNameA
GetWindowRect
GetWindowDC
InvalidateRect
SetWindowRgn
PtInRect
DrawStateA
IsDialogMessageA
PostThreadMessageA
GetClientRect
MsgWaitForMultipleObjects
PeekMessageA
IsWindowUnicode
GetMessageW
GetMessageA
TranslateMessage
DispatchMessageW
DispatchMessageA
SetWindowPos
IsWindowVisible
GetParent
ReleaseDC
GetDC
PostMessageA
PostQuitMessage
GetDlgItem
GetSystemMenu
TrackPopupMenu
EnableWindow
CloseWindow
LoadIconA
FlashWindow
KillTimer
SetTimer
RedrawWindow
ScreenToClient
ClientToScreen
SendMessageA
ExitWindowsEx
FindWindowA
GetForegroundWindow
GetWindowThreadProcessId
LoadBitmapA
wsprintfA
SetForegroundWindow
ShowWindow
AttachThreadInput
ReleaseCapture
InflateRect
gdi32
SetStretchBltMode
DPtoLP
CreateBitmap
GetMapMode
SetMapMode
CreateSolidBrush
GetBitmapBits
SetBitmapBits
GetPixel
Rectangle
CreateBrushIndirect
MoveToEx
CreatePen
LineTo
GetTextColor
GetBkColor
GetBkMode
SetBkColor
TextOutA
SetBkMode
SetTextColor
GetStockObject
StretchBlt
GetDeviceCaps
GetDIBits
CreateCompatibleDC
BitBlt
DeleteDC
CreateEllipticRgn
GetTextExtentPoint32A
SelectObject
CreateCompatibleBitmap
CreateFontIndirectA
CreateRectRgn
CombineRgn
DeleteObject
GetObjectA
CreateFontA
msimg32
AlphaBlend
advapi32
RegSetValueExA
EqualSid
GetTokenInformation
OpenProcessToken
AllocateAndInitializeSid
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
LookupPrivilegeValueA
AdjustTokenPrivileges
FreeSid
RegQueryValueExA
RegOpenKeyExA
comctl32
ImageList_AddMasked
ord17
ImageList_DrawEx
ImageList_GetImageInfo
ImageList_GetIconSize
_TrackMouseEvent
ImageList_GetImageCount
ImageList_Draw
ImageList_GetIcon
shlwapi
PathStripPathA
PathRemoveFileSpecA
PathRemoveExtensionA
PathFileExistsA
PathCombineA
SHCopyKeyA
PathAppendA
ole32
OleRun
CoCreateInstance
CLSIDFromProgID
CoInitialize
CoCreateGuid
StringFromCLSID
CoTaskMemFree
CLSIDFromString
oleaut32
VarDateFromStr
GetErrorInfo
SysAllocStringLen
SysFreeString
SystemTimeToVariantTime
VarBstrFromDate
SysAllocStringByteLen
SysStringByteLen
VariantClear
VariantInit
SysAllocString
msvcp71
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_Register@facet@locale@std@@QAEXXZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
??Bid@locale@std@@QAEIXZ
?id@?$ctype@D@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?eof@?$char_traits@D@std@@SAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flags@ios_base@std@@QBEHXZ
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AVconst_iterator@12@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AVconst_iterator@12@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@Vconst_iterator@01@0@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@Viterator@12@0ABV12@@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?rbegin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$reverse_iterator@Viterator@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ
?rend@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$reverse_iterator@Viterator@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?classic@locale@std@@SAABV12@XZ
??0locale@std@@QAE@ABV01@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??1locale@std@@QAE@XZ
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IABV12@@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?width@ios_base@std@@QBEHXZ
wininet
InternetGetConnectedState
InternetCanonicalizeUrlA
InternetSetOptionA
InternetQueryOptionA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetSetFilePointer
InternetReadFile
InternetOpenA
HttpQueryInfoA
InternetOpenUrlA
InternetCloseHandle
InternetGetCookieA
setupapi
SetupInstallFileA
ws2_32
WSAGetLastError
setsockopt
inet_ntoa
WSASendTo
WSARecvFrom
gethostbyname
inet_addr
WSACloseEvent
WSAResetEvent
WSAWaitForMultipleEvents
WSASetEvent
WSACreateEvent
shutdown
closesocket
WSACleanup
WSAStartup
WSASocketA
Sections
.text Size: 304KB - Virtual size: 301KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 80KB - Virtual size: 78KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 952KB - Virtual size: 949KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ