Static task
static1
Behavioral task
behavioral1
Sample
a00557175050a65c432c77ba2130f89a_JaffaCakes118.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral2
Sample
a00557175050a65c432c77ba2130f89a_JaffaCakes118.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
a00557175050a65c432c77ba2130f89a_JaffaCakes118
-
Size
36KB
-
MD5
a00557175050a65c432c77ba2130f89a
-
SHA1
d7a4d37bd1540e7f327980f8dfc3308acb6b54bd
-
SHA256
09790a1fa799470cc6603088abc175a39786aae8ab83b7fa2a4e764b4928b2ea
-
SHA512
ddb06ac67d26e175f8cf4cd8f842dc1a2083e9c28b9c11a36bc0c2ecf0bd34f22f64cc265fc2d969d41523c77d6a5e90d6883bae9a2cd2dc0a4e7aa1c5ec79ca
-
SSDEEP
768:mSqoPLmlWpVDit6viXLRKsrq6JPaNyxcjHbegxwrqn1y:ooPLm4pVDiy2ntJPH6HbegxA+y
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a00557175050a65c432c77ba2130f89a_JaffaCakes118
Files
-
a00557175050a65c432c77ba2130f89a_JaffaCakes118.exe windows:5 windows x86 arch:x86
b76c4dd9796c7fc56bcb1462b5e61cca
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mprapi
MprAdminUpgradeUsers
MprAdminPortDisconnect
MprAdminMIBEntryGetNext
MprAdminPortEnum
MprAdminInterfaceDeviceSetInfo
MprAdminUserRead
MprAdminInterfaceDelete
MprAdminInterfaceUpdatePhonebookInfo
MprConfigTransportGetHandle
MprConfigServerRestore
MprAdminServerGetCredentials
MprDomainRegisterRasServer
MprAdminUserSetInfo
MprAdminConnectionClearStats
MprAdminInterfaceTransportRemove
MprConfigInterfaceTransportGetHandle
MprAdminInterfaceTransportGetInfo
MprAdminMIBBufferFree
MprAdminInterfaceEnum
MprConfigInterfaceTransportAdd
MprAdminServerConnect
MprConfigInterfaceTransportEnum
MprAdminInterfaceSetCredentials
MprAdminUserOpen
esent
JetEnumerateColumns
JetRegisterCallback
JetGetColumnInfo
JetBeginTransaction2
JetRetrieveKey
JetSetCurrentIndex
JetTruncateLogInstance
JetSetCurrentIndex2
JetTerm@4
JetMakeKey
JetGetLogInfoInstance2
JetOSSnapshotFreeze
JetResetTableSequential
JetTerm2
JetGetInstanceInfo
JetGetObjectInfo
JetRollback
JetGetTableColumnInfo
JetEndExternalBackupInstance2
JetRestore
JetConvertDDL
JetCreateInstance
JetDetachDatabase2
JetSetColumnDefaultValue
JetSetColumn@28
JetUpdate
JetSetSessionContext
JetOpenFileSectionInstance
JetInit@4
ntdll
NtCompressKey
strcspn
RtlTimeToElapsedTimeFields
_wcsupr
NtCreateMutant
DbgPrompt
RtlInitializeAtomPackage
RtlCompareMemoryUlong
NtDebugActiveProcess
NtSaveKey
RtlDosPathNameToNtPathName_U
ZwAcceptConnectPort
RtlUnicodeStringToAnsiSize
ZwQuerySection
RtlSplay
RtlRegisterWait
CsrCaptureTimeout
ZwImpersonateThread
RtlDeleteTimerQueue
RtlInitString
ZwCreateWaitablePort
CsrCaptureMessageBuffer
RtlGetCurrentDirectory_U
ZwCreateDebugObject
NtQueryInformationProcess
NtSetHighEventPair
RtlUnlockHeap
RtlEqualLuid
ZwOpenSection
RtlLengthRequiredSid
RtlCopySecurityDescriptor
samsrv
SamIRetrievePrimaryCredentials
SamIDsCreateObjectInDomain
SamIFloatingSingleMasterOpEx
SamrOpenGroup
SamrQueryInformationDomain
SamIFree_UserInternal6Information
SamIResetBadPwdCountOnPdc
SampGetSerialNumberDomain2
SamIGetUserLogonInformation
SamIChangePasswordForeignUser
SamILoopbackConnect
SamIGetUserLogonInformation2
SamrLookupIdsInDomain
SampFlagsToAccountControl
SampAcquireWriteLock
SamrLookupNamesInDomain
SamIGetResourceGroupMembershipsTransitive
SampAbortSingleLoopbackTask
SamrCreateUser2InDomain
SamrDeleteUser
SamIFree_SAMPR_ULONG_ARRAY
SamIIsDownlevelDcUpgrade
SampReleaseWriteLock
SamIPromote
SamILoadDownlevelDatabase
SamrSetInformationUser
SamrQueryDisplayInformation
SamIPromoteUndo
SamrGetAliasMembership
SamIDemote
SamIMixedDomain
SamrEnumerateUsersInDomain
SamIFreeSidArray
SamIAccountRestrictions
SamIGetAliasMembership
SamIGetDefaultAdministratorName
SampNotifyReplicatedInChange
SamIGCLookupSids
SamIFree_SAMPR_DOMAIN_INFO_BUFFER
SamIMixedDomain2
SamIStorePrimaryCredentials
SamrCloseHandle
SamIFree_SAMPR_DISPLAY_INFO_BUFFER
kernel32
DeleteAtom
GetCPInfo
VirtualAlloc
UnregisterWait
SetVolumeLabelA
EnumTimeFormatsW
EnumUILanguagesA
GetComputerNameExA
ReadFileEx
CompareStringA
Beep
GetModuleHandleA
DeleteFileA
CreateMutexW
BeginUpdateResourceA
GetBinaryTypeA
SetConsoleOS2OemFormat
CopyFileW
GetLocalTime
GetVersion
IsDebuggerPresent
GetConsoleAliasA
RemoveLocalAlternateComputerNameA
GetSystemDefaultUILanguage
ResumeThread
FindClose
SetDefaultCommConfigW
GetCompressedFileSizeW
GetConsoleHardwareState
IsValidCodePage
ReplaceFile
CloseConsoleHandle
WriteConsoleA
RtlZeroMemory
LocalSize
GetTapeParameters
LoadResource
GlobalUnfix
EnumCalendarInfoExA
GetConsoleCursorInfo
AreFileApisANSI
GetProcessHeap
DeleteFiber
OpenWaitableTimerA
GetThreadPriorityBoost
FindNextVolumeW
msvcp60
?assign@?$char_traits@G@std@@SAXAAGABG@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??_8?$basic_ofstream@DU?$char_traits@D@std@@@std@@7B@
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IPBG@Z
??Pstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??_8?$basic_fstream@DU?$char_traits@D@std@@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??4?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAJ@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??Gstd@@YA?AV?$complex@N@0@ABV10@ABN@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??0?$complex@M@std@@QAE@ABV?$complex@N@1@@Z
?_Init@?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAEXABV_Locinfo@2@@Z
?infinity@?$numeric_limits@N@std@@SANXZ
?max@?$numeric_limits@H@std@@SAHXZ
??_7?$basic_ifstream@GU?$char_traits@G@std@@@std@@6B@
??0?$codecvt@DDH@std@@QAE@ABV_Locinfo@1@I@Z
??Zstd@@YAAAV?$complex@O@0@AAV10@ABV10@@Z
?length@?$codecvt@GDH@std@@QBEHAAHPBG1I@Z
??0_Lockit@std@@QAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Init@locale@std@@CAPAV_Locimp@12@XZ
??0?$numpunct@G@std@@QAE@I@Z
?_Cltab@?$ctype@D@std@@0PBFB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
?do_curr_symbol@?$_Mpunct@D@std@@MBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?not_eof@?$char_traits@G@std@@SAGABG@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAG@Z
?_Getcat@?$numpunct@D@std@@SAIXZ
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@M@0@@Z
??_8?$basic_ofstream@GU?$char_traits@G@std@@@std@@7B@
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??1?$numpunct@G@std@@UAE@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADHD@Z
?_Psum@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGPBGI@Z
??0length_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0facet@locale@std@@IAE@I@Z
?_Ffmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@KAPADPADDH@Z
?exp@?$_Ctr@M@std@@SAMM@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?id@?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?exp@?$_Ctr@N@std@@SANN@Z
?sinh@std@@YA?AV?$complex@N@1@ABV21@@Z
??0locale@std@@QAE@ABV01@0H@Z
?_Init@?$messages@D@std@@IAEXABV_Locinfo@2@@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0PBD1@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
??1?$moneypunct@G$00@std@@UAE@XZ
??_Fcodecvt_base@std@@QAEXXZ
?pbackfail@strstreambuf@std@@MAEHH@Z
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAK@Z
?move@?$char_traits@G@std@@SAPAGPAGPBGI@Z
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIXZ
?global@locale@std@@SA?AV12@ABV12@@Z
?min@?$numeric_limits@M@std@@SAMXZ
?read@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV12@PAGH@Z
?quiet_NaN@?$numeric_limits@J@std@@SAJXZ
?min@?$numeric_limits@K@std@@SAKXZ
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??4length_error@std@@QAEAAV01@ABV01@@Z
?do_always_noconv@codecvt_base@std@@MBE_NXZ
??_8?$basic_fstream@GU?$char_traits@G@std@@@std@@7B?$basic_ostream@GU?$char_traits@G@std@@@1@@
?pow@std@@YA?AV?$complex@M@1@ABV21@0@Z
msvcrt40
iswpunct
?setbuf@ofstream@@QAEPAVstreambuf@@PADH@Z
?width@ios@@QBEHXZ
asctime
fwscanf
_flsbuf
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_dstbias
??_8iostream@@7Bistream@@@
__p__pwctype
_mbschr
??6ostream@@QAEAAV0@PBE@Z
_adj_fdivr_m32
??_7fstream@@6B@
_mbscoll
putwc
difftime
__p___winitenv
??0fstream@@QAE@HPADH@Z
??_Gifstream@@UAEPAXI@Z
fsetpos
_wfullpath
??Bios@@QBEPAXXZ
??_7ostream@@6B@
??5istream@@QAEAAV0@AAD@Z
?sputc@streambuf@@QAEHH@Z
_write
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_execve
?sh_read@filebuf@@2HB
??3@YAXPAX@Z
??5istream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
_setsystime
??0exception@@QAE@ABV0@@Z
_jn
??6ostream@@QAEAAV0@PBX@Z
tmpfile
_endthreadex
??1type_info@@UAE@XZ
_ftime
strtod
?setlock@streambuf@@QAEXXZ
_daylight
?setbuf@fstream@@QAEPAVstreambuf@@PADH@Z
strtol
?setmode@ofstream@@QAEHH@Z
?attach@fstream@@QAEXH@Z
fwprintf
memchr
sqrt
?unlock@ios@@QAAXXZ
localtime
_wstat
_winmajor
_wspawnl
??0strstreambuf@@QAE@H@Z
?unlockc@ios@@KAXXZ
strtoul
?rdbuf@fstream@@QBEPAVfilebuf@@XZ
??0streambuf@@IAE@PADH@Z
?rdbuf@ifstream@@QBEPAVfilebuf@@XZ
?seekoff@filebuf@@UAEJJW4seek_dir@ios@@H@Z
_strncoll
__wgetmainargs
?get@istream@@QAEAAV1@AAVstreambuf@@D@Z
isdigit
?stossc@streambuf@@QAEXXZ
msvcrt20
?peek@istream@@QAEHXZ
_clearfp
getwchar
??4ostrstream@@QAEAAV0@ABV0@@Z
_wmktemp
_flushall
??_Giostream@@UAEPAXI@Z
??6ostream@@QAEAAV0@C@Z
??0ios@@IAE@ABV0@@Z
_mbsnbset
getc
calloc
fflush
ungetc
_wsystem
?rdbuf@ofstream@@QBEPAVfilebuf@@XZ
towlower
_wmkdir
?open@filebuf@@QAEPAV1@PBDHH@Z
strcspn
??_Dostream@@QAEXXZ
_wcsrev
_cscanf
opengl32
glClearStencil
glGetError
glEnableClientState
glNormal3dv
glColor3uiv
glLightiv
glPushAttrib
glTexCoord1sv
glScaled
wglGetCurrentContext
glInterleavedArrays
glAccum
glEvalCoord2fv
glTexCoord2iv
glGetMaterialfv
glDepthMask
glLoadIdentity
glRasterPos2iv
glNormal3iv
wglCopyContext
glVertexPointer
glNormal3b
glMap1d
glColor3i
glPushName
winsta
WinStationRegisterConsoleNotification
WinStationRenameW
WinStationShadowStop
WinStationConnectW
WinStationGetMachinePolicy
WinStationIsHelpAssistantSession
_WinStationAnnoyancePopup
WinStationSendWindowMessage
_WinStationReInitializeSecurity
_WinStationShadowTargetSetup
ServerSetInternetConnectorStatus
_WinStationNotifyLogon
WinStationEnumerate_IndexedA
ServerLicensingGetAvailablePolicyIds
ServerLicensingOpenW
WinStationSendMessageA
WinStationNtsdDebug
WinStationBroadcastSystemMessage
_WinStationUpdateUserConfig
WinStationEnumerateProcesses
WinStationFreeMemory
WinStationSetPoolCount
WinStationRenameA
WinStationRemoveLicense
WinStationInstallLicense
_NWLogonSetAdmin
WinStationDisconnect
WinStationSetInformationW
_NWLogonQueryAdmin
WinStationGetAllProcesses
lsasrv
LsapInitLsa
LsarQueryInformationPolicy
LsaIFree_LSAP_SITE_INFO
LsarSetTrustedDomainInfoByName
LsaIQueryInformationPolicyTrusted
LsaISafeMode
LsaIFree_LSA_FOREST_TRUST_COLLISION_INFORMATION
LsaIUnregisterPolicyChangeNotificationCallback
LsaIAuditAccountLogon
LsaIGetNbAndDnsDomainNames
LsaINotifyChangeNotification
LsaIFree_LSAPR_TRANSLATED_SIDS
LsaIFree_LSAI_PRIVATE_DATA
LsaIDsNotifiedObjectChange
LsaIRegisterPolicyChangeNotificationCallback
LsaIAuditSamEvent
LsarSetInformationPolicy
LsaIQueryForestTrustInfo
LsaIAuditNotifyPackageLoad
LsapDsDebugInitialize
LsapDsInitializeDsStateInfo
LsaIAuditKerberosLogon
LsaIFree_LSAPR_TRUSTED_DOMAIN_INFO
LsapAuOpenSam
LsaIQuerySiteInfo
LsaICallPackageEx
LsaICancelNotification
LsaIFree_LSAP_SITENAME_INFO
LsaISetClientDnsHostName
user32
CreateCaret
GetMouseMovePointsEx
DefWindowProcW
MoveWindow
RegisterSystemThread
GetMenuDefaultItem
EnumPropsExW
InsertMenuA
EnumChildWindows
OpenClipboard
LoadAcceleratorsA
LoadCursorFromFileA
GetMonitorInfoA
keybd_event
EditWndProc
GetActiveWindow
RegisterServicesProcess
OemToCharA
SendNotifyMessageA
DefMDIChildProcA
GetDlgItemTextA
OpenWindowStationA
DialogBoxParamW
DdeQueryConvInfo
AllowSetForegroundWindow
GetQueueStatus
MonitorFromRect
ResolveDesktopForWOW
WindowFromDC
CountClipboardFormats
SetShellWindowEx
GetScrollInfo
SetClassWord
DefDlgProcA
SetWindowTextW
AllowForegroundActivation
SendMessageTimeoutA
TranslateMessage
GetTitleBarInfo
UpdatePerUserSystemParameters
GetUserObjectInformationW
GetWindowLongW
EnumDisplaySettingsExW
RemovePropW
GetCursorInfo
FreeDDElParam
EndPaint
wdigest
SpUserModeInitialize
SpInstanceInit
CredentialUpdateFree
SpLsaModeInitialize
CredentialUpdateRegister
CredentialUpdateNotify
SpInitialize
Sections
.text Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE