Static task
static1
Behavioral task
behavioral1
Sample
a6570eb1a6377fa68b5f065e06fc65f7_JaffaCakes118.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral2
Sample
a6570eb1a6377fa68b5f065e06fc65f7_JaffaCakes118.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
a6570eb1a6377fa68b5f065e06fc65f7_JaffaCakes118
-
Size
15.4MB
-
MD5
a6570eb1a6377fa68b5f065e06fc65f7
-
SHA1
82e1c2f620d008d2baa72cc057bd6686cf2d4d64
-
SHA256
737506fcd26a86c014c98cd900109fefcbf116a7fa0a6d8dcb8a00fd3bd2bc4d
-
SHA512
7992421a7387a9aa300bcdb931d0f68d9c2294580ff511a25db6ce6e8fbe7aabe057aa9818c9921ca8119103c32628237fb5baa6ea36269bfcfc551b7909f6b7
-
SSDEEP
49152:wrFPbQUo/OWeu0R2ThDLgDcZJULKdBrCY8+Mlp:wrFPbQUo/tThDLgDcZJULKDrCY
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a6570eb1a6377fa68b5f065e06fc65f7_JaffaCakes118
Files
-
a6570eb1a6377fa68b5f065e06fc65f7_JaffaCakes118.exe windows:4 windows x86 arch:x86
0a9326db02bf00d65b1a0f06d378c6bd
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
dnsapi
DnsQuery_A
DnsRecordListFree
winmm
PlaySoundA
mfc71
ord591
ord656
ord605
ord572
ord354
ord1883
ord6236
ord4580
ord2657
ord4100
ord2094
ord3244
ord1955
ord6144
ord1283
ord1425
ord2958
ord709
ord501
ord5866
ord2322
ord5873
ord3879
ord4768
ord1063
ord2321
ord6237
ord1647
ord1589
ord3315
ord1654
ord1598
ord2987
ord3328
ord651
ord754
ord416
ord739
ord3883
ord6182
ord2884
ord907
ord2496
ord5751
ord1486
ord2370
ord1564
ord3991
ord3799
ord2168
ord1554
ord3195
ord4104
ord3875
ord2176
ord1308
ord1262
ord3684
ord2090
ord1637
ord1558
ord4236
ord3214
ord642
ord3651
ord6255
ord2873
ord2468
ord1009
ord563
ord6120
ord3163
ord3287
ord3302
ord602
ord1966
ord5523
ord4001
ord4123
ord5641
ord502
ord326
ord5639
ord5588
ord1279
ord347
ord2306
ord1181
ord2259
ord2794
ord4109
ord2271
ord667
ord584
ord1434
ord317
ord433
ord3108
ord2654
ord6304
ord1970
ord2907
ord432
ord4081
ord911
ord2451
ord2095
ord1591
ord4240
ord3317
ord741
ord5613
ord3161
ord6035
ord3401
ord1968
ord5731
ord5637
ord4118
ord4115
ord1728
ord5640
ord2368
ord2086
ord1545
ord4232
ord3164
ord587
ord3989
ord4749
ord4761
ord4394
ord5235
ord5233
ord2390
ord2400
ord2398
ord2396
ord2392
ord2415
ord2403
ord1191
ord1187
ord3683
ord4038
ord4014
ord6278
ord3801
ord6276
ord4326
ord2063
ord2018
ord5583
ord3806
ord1010
ord5102
ord6219
ord5382
ord3832
ord1920
ord2931
ord5224
ord5226
ord3948
ord4568
ord5230
ord5213
ord5566
ord2537
ord2731
ord2835
ord4307
ord2714
ord2838
ord2540
ord2646
ord2533
ord3718
ord3719
ord3709
ord2644
ord3949
ord4481
ord4261
ord3333
ord757
ord566
ord764
ord578
ord658
ord620
ord1123
ord1084
ord1054
ord2020
ord1122
ord2248
ord2164
ord297
ord2469
ord3934
ord784
ord265
ord1207
ord304
ord3397
ord3182
ord5203
ord3227
ord2991
ord5214
ord1568
ord1639
ord3171
ord4234
ord1547
ord2089
ord4098
ord1483
ord1931
ord3641
ord1280
ord1916
ord1248
ord1934
ord3210
ord3204
ord4353
ord6090
ord5833
ord6065
ord781
ord1903
ord1794
ord4262
ord4967
ord4244
ord1401
ord5912
ord1551
ord1670
ord1671
ord4890
ord4735
ord4212
ord5182
ord3441
ord1091
ord6067
ord3761
ord266
ord6168
ord2292
ord3850
ord6138
ord1482
ord4085
ord2272
ord5491
ord2372
ord5200
ord2160
ord310
ord2866
ord4035
ord3230
ord4486
ord2862
ord1599
ord1655
ord1656
ord1964
ord5175
ord1362
ord3345
ord6277
ord3802
ord6279
ord1522
ord2172
ord2178
ord2405
ord2387
ord2385
ord2408
ord2413
ord2394
ord2410
ord934
ord930
ord932
ord928
ord923
ord5960
ord1600
ord4282
ord4722
ord3403
ord4185
ord6275
ord5073
ord1908
ord5152
ord4238
ord1402
ord3946
ord1617
ord1620
ord5915
ord1571
ord1641
ord2092
ord762
ord2933
ord299
ord6118
ord1489
ord2902
ord876
msvcr71
atoi
mbstowcs
??0exception@@QAE@XZ
??1exception@@UAE@XZ
strlen
memcpy
toupper
memset
_CxxThrowException
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
??0exception@@QAE@ABV0@@Z
_except_handler3
malloc
_itoa
strcpy
strcat
isdigit
tolower
_ismbcdigit
__CxxFrameHandler
free
strstr
time
labs
strcmp
memmove
_fmode
fclose
fopen
ftell
fseek
fwrite
fread
memcmp
memchr
rand
srand
getenv
sprintf
??1type_info@@UAE@XZ
__dllonexit
_controlfp
_onexit
?terminate@@YAXXZ
_exit
_XcptFilter
_ismbblead
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__security_error_handler
_stat
wcslen
_setmbcp
_c_exit
kernel32
GetSystemTimeAsFileTime
GetCurrentProcessId
GetStartupInfoA
ReleaseSemaphore
CreateSemaphoreA
OpenSemaphoreA
OpenEventA
OutputDebugStringA
GetShortPathNameA
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
HeapFree
GetProcessHeap
HeapAlloc
GetVolumeInformationA
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
VirtualFreeEx
FindResourceA
LoadResource
LockResource
CopyFileA
MoveFileExA
GetExitCodeThread
SetThreadPriority
SuspendThread
SetFileAttributesA
DeleteFileA
ResetEvent
GetCurrentThreadId
ReadDirectoryChangesW
GetFullPathNameA
ResumeThread
WaitForMultipleObjects
CreateEventA
SetEvent
DeviceIoControl
GetCurrentDirectoryA
GetFileAttributesA
TerminateThread
CreateThread
GetTickCount
lstrcmpA
GetLogicalDriveStringsA
GetDriveTypeA
EnterCriticalSection
LeaveCriticalSection
GetWindowsDirectoryA
SetFileTime
InterlockedDecrement
lstrcpyA
WriteFile
GetFileSize
ReadFile
FormatMessageA
GetTempPathA
GetTempFileNameA
VirtualQuery
CreateFileA
GetFileTime
GetSystemTime
SystemTimeToFileTime
FindFirstFileA
FindNextFileA
FindClose
QueryPerformanceFrequency
QueryPerformanceCounter
lstrcpynA
LocalFree
TerminateProcess
GetExitCodeProcess
OpenProcess
GetCurrentProcess
GetSystemDirectoryA
lstrcatA
CreateProcessA
CloseHandle
LoadLibraryA
GetProcAddress
WaitForSingleObject
FreeLibrary
ReleaseMutex
GetModuleHandleA
ExitProcess
GetCommandLineA
GetModuleFileNameA
CreateMutexA
IsDebuggerPresent
Sleep
DeleteCriticalSection
InitializeCriticalSection
GetLastError
lstrlenA
lstrcmpiA
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetVersion
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
InterlockedExchange
user32
MessageBoxA
FindWindowExA
GetWindowThreadProcessId
AttachThreadInput
WaitForInputIdle
GetMessageA
TranslateMessage
IsWindowEnabled
EnumChildWindows
GetDlgCtrlID
LoadImageA
SetWindowRgn
GetDC
MoveWindow
ReleaseDC
OffsetRect
CopyRect
GetSysColor
ShowWindow
SetWindowPos
AnimateWindow
MonitorFromRect
GetMonitorInfoA
GetKeyState
SetCursor
DispatchMessageA
GetCursorPos
TrackPopupMenu
GetTopWindow
IsWindowVisible
UpdateWindow
ModifyMenuA
DestroyMenu
PtInRect
IsIconic
DrawIcon
CreatePopupMenu
AppendMenuA
GetParent
DrawTextA
RedrawWindow
GetFocus
GetWindowRect
GetWindowLongA
SetWindowLongA
SetLayeredWindowAttributes
SetFocus
FillRect
InvalidateRect
GetSystemMetrics
KillTimer
SetTimer
GetPropA
DefWindowProcA
DestroyIcon
RemovePropA
DestroyWindow
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
SetPropA
EnableWindow
GetClientRect
GetMessagePos
ScreenToClient
SendMessageA
SystemParametersInfoA
SetForegroundWindow
FindWindowA
PostMessageA
LoadMenuA
GetSubMenu
CharLowerA
ClientToScreen
wsprintfA
gdi32
DPtoLP
GetMapMode
SetMapMode
CreateBitmap
DeleteDC
ExtCreateRegion
GetDeviceCaps
Rectangle
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
GetViewportOrgEx
SetViewportOrgEx
BitBlt
DeleteObject
CreateRectRgnIndirect
CreateFontIndirectA
SelectObject
SetTextColor
SetBkMode
SetBkColor
TextOutA
GetPixel
CreateSolidBrush
GetStockObject
advapi32
SetNamedSecurityInfoA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
InitializeSecurityDescriptor
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
RegQueryValueExW
RegCreateKeyW
RegOpenKeyExW
RegSetValueExW
StartServiceA
DeleteService
CreateServiceA
InitiateSystemShutdownA
RegCreateKeyA
RegSetValueA
OpenSCManagerA
OpenServiceA
ControlService
ChangeServiceConfigA
CloseServiceHandle
RegSetValueExA
RegDeleteValueA
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSecurityDescriptorSacl
RegCreateKeyExA
shell32
Shell_NotifyIconA
ShellExecuteA
SHAppBarMessage
ShellExecuteExA
SHGetSpecialFolderPathA
comctl32
ImageList_Create
_TrackMouseEvent
ImageList_ReplaceIcon
shlwapi
PathIsDirectoryA
PathRemoveExtensionA
PathFindFileNameA
StrStrIA
ole32
CoCreateInstance
StringFromGUID2
CoCreateGuid
CoInitializeEx
CoInitialize
CoUninitialize
oleaut32
VariantInit
SysAllocString
SysFreeString
VariantClear
msvcp71
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?eof@?$char_traits@D@std@@SAHXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?to_char_type@?$char_traits@D@std@@SADABH@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAJ@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@V312@@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
?is_open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
?rdbuf@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPAV?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?eof@ios_base@std@@QBE_NXZ
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?is@?$ctype@D@std@@QBE_NFD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?width@ios_base@std@@QBEHXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?_Register@facet@locale@std@@QAEXXZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
??Bid@locale@std@@QAEIXZ
?id@?$ctype@D@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flags@ios_base@std@@QBEHXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
hjengine
hj_cvdfree
hj_cvdhead
hj_scanfile
hj_load
hj_build
hj_free
hj_cvdverify
psapi
EnumProcessModules
EnumProcesses
GetModuleFileNameExA
GetModuleBaseNameA
wininet
InternetOpenUrlA
InternetSetFilePointer
HttpQueryInfoA
InternetReadFile
InternetOpenA
InternetConnectA
HttpOpenRequestA
FindCloseUrlCache
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
InternetCloseHandle
HttpSendRequestA
ws2_32
inet_addr
htonl
htons
ntohl
ntohs
WSACleanup
inet_ntoa
gethostbyname
gethostname
WSAStartup
Sections
.text Size: 212KB - Virtual size: 208KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 104KB - Virtual size: 100KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 4KB - Virtual size: 3B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 15.1MB - Virtual size: 15.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ