Static task
static1
Behavioral task
behavioral1
Sample
b4409a5d659a25a32191e01a96421a72_JaffaCakes118.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral2
Sample
b4409a5d659a25a32191e01a96421a72_JaffaCakes118.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
b4409a5d659a25a32191e01a96421a72_JaffaCakes118
-
Size
241KB
-
MD5
b4409a5d659a25a32191e01a96421a72
-
SHA1
6873839b81b7ff337381b069f95ed8539c9f21ff
-
SHA256
95c5441b014c429cd9acbd09ff7689eaded1529d595cc6b6082c782133661726
-
SHA512
979dcddf4535e4e183644a76c79744b1607242bc6a88ac2e7103235efdde538b13871307c5cee0b895027ef58115015573ebcf710cd82d9a2195eb7befb98977
-
SSDEEP
6144:jxplAr/vilmEfl9DGQKwf5g57XFnaEOM1Dm3HRryo8hGxIGaCWY:jxplArilrfl9D8wf5g57VnTOM1+x0hmv
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b4409a5d659a25a32191e01a96421a72_JaffaCakes118
Files
-
b4409a5d659a25a32191e01a96421a72_JaffaCakes118.exe windows:4 windows x86 arch:x86
9f6385d84451d1a77b757e822319248e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
HeapReAlloc
HeapAlloc
HeapFree
VirtualAlloc
EnumResourceNamesW
GetWindowsDirectoryA
GetThreadPriorityBoost
DeleteFileA
OutputDebugStringW
WriteConsoleInputW
SetConsoleCtrlHandler
VirtualUnlock
FindResourceA
SetWaitableTimer
OpenFileMappingA
BeginUpdateResourceA
GetLogicalDriveStringsA
LocalShrink
FlushInstructionCache
GetUserDefaultLangID
GetTimeFormatW
ConnectNamedPipe
ReadConsoleW
GetAtomNameW
GetLogicalDriveStringsW
lstrcpynA
LocalUnlock
CreateSemaphoreW
GlobalUnWire
HeapCompact
WriteProfileSectionA
LockFileEx
lstrcmpW
GetStringTypeExA
GetSystemDirectoryA
GetProfileIntA
GlobalFix
GlobalCompact
GlobalDeleteAtom
PeekConsoleInputA
lstrcatW
ReadConsoleInputA
SetFileAttributesA
GetStdHandle
EnumSystemCodePagesW
GetConsoleCP
GetDiskFreeSpaceW
GetConsoleTitleA
SetThreadIdealProcessor
WinExec
WriteConsoleA
GetDriveTypeA
CreateMutexA
WritePrivateProfileStructA
CreateRemoteThread
CreateNamedPipeA
GlobalUnlock
HeapValidate
SetCurrentDirectoryA
GlobalAddAtomA
GetPrivateProfileSectionNamesA
WaitForSingleObject
GlobalFlags
PulseEvent
GetVolumeInformationA
DisconnectNamedPipe
GetNamedPipeHandleStateA
Toolhelp32ReadProcessMemory
LocalFlags
DebugBreak
GetCompressedFileSizeA
BeginUpdateResourceW
GetVersion
CreateNamedPipeW
GetFileAttributesExW
TlsSetValue
GetShortPathNameA
SetConsoleCursorInfo
SetConsoleTitleA
DebugActiveProcess
EnumTimeFormatsW
GetFileAttributesA
ConvertDefaultLocale
GetSystemDefaultLCID
EnumCalendarInfoExA
GetSystemInfo
SearchPathA
GetPrivateProfileStructW
GetExitCodeThread
CreateFileMappingW
CloseHandle
DefineDosDeviceA
WaitCommEvent
SetFileTime
FreeEnvironmentStringsW
ReadFileScatter
SetThreadLocale
GetThreadTimes
GetNamedPipeHandleStateW
GetWriteWatch
WriteConsoleInputA
GetSystemDirectoryW
LocalLock
FindFirstFileA
EscapeCommFunction
SetConsoleTitleW
SetFileAttributesW
GetEnvironmentVariableW
ReadConsoleOutputCharacterW
CreateSemaphoreA
FindNextFileW
GetLocaleInfoA
GetProcessShutdownParameters
EnumResourceLanguagesW
GetEnvironmentStrings
VirtualQueryEx
SleepEx
ReadConsoleOutputW
FileTimeToDosDateTime
WriteConsoleW
GetPriorityClass
CreateProcessA
EnumSystemLocalesA
GlobalAlloc
WritePrivateProfileStringA
ExpandEnvironmentStringsW
GetUserDefaultLCID
ResetEvent
GetThreadSelectorEntry
FreeLibrary
HeapLock
FoldStringW
GlobalGetAtomNameA
LocalCompact
CreateThread
WriteFile
GetProcAddress
GetTimeFormatA
GetFileAttributesW
InterlockedIncrement
GetNumberFormatA
LocalSize
FindFirstChangeNotificationW
CreatePipe
ReadConsoleInputW
GetCurrencyFormatA
CreateDirectoryExA
ExpandEnvironmentStringsA
GetStringTypeA
EnterCriticalSection
FillConsoleOutputAttribute
SetConsoleTextAttribute
WaitForSingleObjectEx
DosDateTimeToFileTime
GetThreadContext
DeleteFiber
LocalAlloc
VirtualProtect
GetProcessVersion
WriteConsoleOutputW
GetExitCodeProcess
SetConsoleOutputCP
GetNamedPipeInfo
InitAtomTable
FindClose
UnhandledExceptionFilter
GetFullPathNameA
Module32Next
EraseTape
GetSystemTime
GetComputerNameW
GetPrivateProfileStringW
TryEnterCriticalSection
SetComputerNameA
VirtualProtectEx
UpdateResourceA
MoveFileW
WaitForDebugEvent
OpenMutexA
FillConsoleOutputCharacterA
FindAtomW
lstrcpyA
ReadFileEx
GetLogicalDrives
GlobalFree
CreateEventW
TlsAlloc
CreateTapePartition
GetPrivateProfileSectionA
GetCurrentThread
EnumResourceLanguagesA
ReadConsoleOutputAttribute
FoldStringA
HeapWalk
DefineDosDeviceW
SetSystemTimeAdjustment
LoadLibraryW
lstrcpyW
DeleteCriticalSection
LocalFree
GetEnvironmentStringsW
CopyFileA
ResetWriteWatch
GetThreadLocale
Thread32Next
CreateConsoleScreenBuffer
lstrcat
GlobalWire
GetProfileIntW
WriteFileEx
UnmapViewOfFile
SetPriorityClass
GlobalSize
RemoveDirectoryA
SystemTimeToTzSpecificLocalTime
GetPrivateProfileStringA
GetConsoleOutputCP
WritePrivateProfileSectionW
GetModuleHandleW
WaitForMultipleObjects
lstrcpynW
FormatMessageA
FindResourceExW
WaitForMultipleObjectsEx
SetVolumeLabelW
EnumCalendarInfoA
PeekConsoleInputW
SetEnvironmentVariableA
CommConfigDialogW
SetSystemTime
FindResourceExA
ResumeThread
CreateMailslotA
GetSystemPowerStatus
Sleep
EnumResourceNamesA
SetLastError
LoadLibraryExW
lstrcatA
InterlockedExchangeAdd
HeapUnlock
GetModuleFileNameW
FreeResource
SignalObjectAndWait
ReleaseSemaphore
GetConsoleScreenBufferInfo
GetStartupInfoW
UnlockFileEx
DisableThreadLibraryCalls
WriteProfileSectionW
SetLocaleInfoW
FindCloseChangeNotification
EnumTimeFormatsA
GetPrivateProfileIntW
SetHandleCount
SetTimeZoneInformation
SetThreadExecutionState
GetFileAttributesExA
EnumCalendarInfoW
OpenEventA
MultiByteToWideChar
CreateFileA
GetCurrentDirectoryA
LeaveCriticalSection
EnumSystemCodePagesA
GetFileInformationByHandle
GetStartupInfoA
LoadLibraryExA
EnumDateFormatsA
GetDateFormatA
GetConsoleTitleW
LoadModule
FindResourceW
FreeLibraryAndExitThread
FillConsoleOutputCharacterW
lstrcmpiA
CreateWaitableTimerA
ReadDirectoryChangesW
FileTimeToSystemTime
GetProcessHeaps
GetLastError
SetLocalTime
InitializeCriticalSection
LocalReAlloc
CreateProcessW
SetConsoleMode
SetThreadContext
SetEnvironmentVariableW
OpenSemaphoreW
HeapDestroy
GetTempFileNameW
GetComputerNameA
OpenProcess
GetProcessHeap
SetThreadAffinityMask
WriteFileGather
LockResource
EnumDateFormatsExW
GetFullPathNameW
OpenEventW
Heap32First
SetCriticalSectionSpinCount
ReadConsoleA
CreateWaitableTimerW
ReadConsoleOutputCharacterA
SetConsoleActiveScreenBuffer
CompareFileTime
Heap32ListFirst
FindNextFileA
FindFirstFileW
GlobalLock
OpenMutexW
UpdateResourceW
SearchPathW
InterlockedDecrement
GetSystemTimeAdjustment
GlobalMemoryStatus
VirtualAllocEx
UnlockFile
GlobalGetAtomNameW
GetNumberFormatW
EnumDateFormatsW
GetCompressedFileSizeW
GetStringTypeW
MoveFileA
GetEnvironmentVariableA
FormatMessageW
GetLocalTime
Heap32Next
GetFileType
OpenSemaphoreA
GlobalAddAtomW
WritePrivateProfileSectionA
ReleaseMutex
lstrlen
WritePrivateProfileStructW
GetProcessTimes
GetAtomNameA
ExitThread
SetLocaleInfoA
GetTempPathA
CompareStringA
SuspendThread
TlsGetValue
EnumDateFormatsExA
GetLongPathNameA
WriteConsoleOutputCharacterW
lstrlenA
TransactNamedPipe
VirtualLock
WriteConsoleOutputA
GlobalFindAtomA
Process32Next
GetFileSize
AllocConsole
OpenFile
GetCalendarInfoA
GetDiskFreeSpaceExA
GetFileTime
SetConsoleScreenBufferSize
GetPrivateProfileStructA
SetComputerNameW
WriteProcessMemory
VirtualFreeEx
TerminateThread
OpenFileMappingW
FindFirstFileExW
WaitNamedPipeA
RtlZeroMemory
GetPrivateProfileIntA
WriteConsoleOutputAttribute
InterlockedCompareExchange
CreateEventA
MapViewOfFile
GetProfileSectionW
Thread32First
lstrcmpA
GetStringTypeExW
GetPrivateProfileSectionW
GetDriveTypeW
GetWindowsDirectoryW
SetConsoleWindowInfo
GetCommandLineA
GetPrivateProfileSectionNamesW
GetDateFormatW
FindAtomA
OutputDebugStringA
RemoveDirectoryW
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent
EnumCalendarInfoExW
lstrcpy
FindNextChangeNotification
TlsFree
GetProfileStringW
SetThreadPriorityBoost
FindFirstChangeNotificationA
GetVolumeInformationW
GetConsoleCursorInfo
EnumSystemLocalesW
GetEnvironmentStringsA
RtlFillMemory
SetThreadPriority
AddAtomA
GetTempPathW
GetConsoleMode
WriteProfileStringW
EnumResourceTypesA
Heap32ListNext
GetLocaleInfoW
lstrcpyn
GetProcessAffinityMask
wininet
InternetTimeFromSystemTimeA
FindFirstUrlCacheContainerA
GetUrlCacheGroupAttributeA
CreateUrlCacheGroup
FtpSetCurrentDirectoryW
InternetCombineUrlW
InternetCheckConnectionW
FtpPutFileEx
InternetFindNextFileW
SetUrlCacheGroupAttributeA
InternetShowSecurityInfoByURL
GopherCreateLocatorA
ReadUrlCacheEntryStream
IsUrlCacheEntryExpiredA
FtpFindFirstFileA
FtpCreateDirectoryA
InternetGetCertByURLA
FindNextUrlCacheEntryA
FtpFindFirstFileW
GopherGetAttributeA
IsUrlCacheEntryExpiredW
FtpDeleteFileA
InternetConfirmZoneCrossingW
FindFirstUrlCacheEntryW
InternetGetCertByURL
ShowClientAuthCerts
FtpCommandW
InternetSetDialStateA
RegisterUrlCacheNotification
InternetSetOptionExW
FtpGetCurrentDirectoryA
IsHostInProxyBypassList
InternetOpenUrlA
FtpRemoveDirectoryW
SetUrlCacheEntryGroupA
FtpOpenFileW
CommitUrlCacheEntryW
UnlockUrlCacheEntryFile
InternetConnectA
GopherGetLocatorTypeW
SetUrlCacheConfigInfoA
GopherCreateLocatorW
DeleteUrlCacheEntryW
ShowSecurityInfo
InternetQueryFortezzaStatus
FreeUrlCacheSpaceA
InternetSetOptionA
CreateUrlCacheEntryW
DeleteUrlCacheEntryA
FtpCreateDirectoryW
HttpOpenRequestA
DetectAutoProxyUrl
InternetWriteFile
InternetLockRequestFile
InternetSetFilePointer
DeleteIE3Cache
HttpSendRequestExW
RunOnceUrlCache
InternetQueryDataAvailable
UnlockUrlCacheEntryFileW
LoadUrlCacheContent
InternetHangUp
InternetFortezzaCommand
InternetSetCookieA
InternetCheckConnectionA
FindNextUrlCacheGroup
InternetErrorDlg
InternetFindNextFileA
FindNextUrlCacheContainerA
FtpRenameFileA
InternetGetConnectedStateExA
InternetGetConnectedStateEx
GopherOpenFileW
HttpCheckDavCompliance
InternetAutodial
ShowX509EncodedCertificate
FtpDeleteFileW
FindFirstUrlCacheEntryExA
GetUrlCacheEntryInfoExA
FtpOpenFileA
InternetAutodialHangup
InternetSetCookieW
FtpRemoveDirectoryA
InternetCrackUrlA
InternetOpenW
InternetGetConnectedState
FtpGetFileSize
InternetInitializeAutoProxyDll
GetUrlCacheHeaderData
FtpCommandA
DeleteUrlCacheEntry
InternetReadFile
CommitUrlCacheEntryA
RetrieveUrlCacheEntryFileW
HttpSendRequestW
FindNextUrlCacheEntryW
SetUrlCacheEntryGroup
FindNextUrlCacheContainerW
SetUrlCacheHeaderData
UrlZonesDetach
InternetQueryOptionA
FindFirstUrlCacheEntryExW
HttpSendRequestA
UnlockUrlCacheEntryFileA
RetrieveUrlCacheEntryFileA
InternetTimeToSystemTime
GopherGetLocatorTypeA
InternetCrackUrlW
InternetGetCookieW
GopherFindFirstFileW
SetUrlCacheEntryGroupW
HttpQueryInfoW
FindNextUrlCacheEntryExW
GetUrlCacheEntryInfoA
InternetGoOnlineW
IncrementUrlCacheHeaderData
ShowCertificate
InternetCanonicalizeUrlW
FindCloseUrlCache
FindFirstUrlCacheContainerW
RetrieveUrlCacheEntryStreamA
FreeUrlCacheSpaceW
InternetGetConnectedStateExW
GopherFindFirstFileA
CreateUrlCacheContainerW
InternetConnectW
InternetAlgIdToStringW
GetUrlCacheEntryInfoExW
InternetConfirmZoneCrossingA
HttpSendRequestExA
RetrieveUrlCacheEntryStreamW
FtpPutFileW
InternetQueryOptionW
GetUrlCacheConfigInfoA
FindFirstUrlCacheEntryA
ResumeSuspendedDownload
InternetSetOptionExA
InternetWriteFileExA
InternetReadFileExA
InternetDialW
DeleteUrlCacheContainerA
HttpEndRequestW
InternetAttemptConnect
HttpQueryInfoA
GopherOpenFileA
InternetTimeToSystemTimeW
InternetTimeFromSystemTimeW
InternetTimeToSystemTimeA
FtpGetCurrentDirectoryW
SetUrlCacheEntryInfoA
InternetGoOnline
GetUrlCacheConfigInfoW
InternetSecurityProtocolToStringA
CreateUrlCacheContainerA
FindFirstUrlCacheGroup
FindNextUrlCacheEntryExA
InternetGetLastResponseInfoW
GopherGetAttributeW
UpdateUrlCacheContentPath
InternetUnlockRequestFile
InternetGoOnlineA
DeleteUrlCacheContainerW
InternetReadFileExW
InternetCreateUrlA
InternetGetCookieA
InternetSetOptionW
InternetShowSecurityInfoByURLW
GetUrlCacheEntryInfoW
InternetShowSecurityInfoByURLA
InternetSecurityProtocolToStringW
InternetSetDialStateW
HttpAddRequestHeadersA
SetUrlCacheEntryInfoW
DeleteUrlCacheGroup
InternetDialA
InternetWriteFileExW
UnlockUrlCacheEntryStream
GetUrlCacheGroupAttributeW
SetUrlCacheConfigInfoW
InternetGetLastResponseInfoA
InternetSetDialState
InternetTimeFromSystemTime
FtpPutFileA
InternetCloseHandle
InternetCreateUrlW
InternetCanonicalizeUrlA
HttpEndRequestA
FtpGetFileW
HttpOpenRequestW
FtpRenameFileW
CreateUrlCacheEntryA
HttpAddRequestHeadersW
InternetDial
FtpGetFileEx
InternetOpenUrlW
SetUrlCacheGroupAttributeW
InternetOpenA
InternetConfirmZoneCrossing
InternetCombineUrlA
InternetAlgIdToStringA
FtpGetFileA
advapi32
InitiateSystemShutdownA
LookupSecurityDescriptorPartsW
CryptSetProviderW
CryptDeriveKey
LookupSecurityDescriptorPartsA
CryptSetHashParam
CryptDuplicateHash
CryptGetDefaultProviderA
RegConnectRegistryA
RegConnectRegistryW
CryptSetProvParam
CryptGetUserKey
RegCreateKeyExW
CryptVerifySignatureA
InitializeSecurityDescriptor
GetUserNameW
RegLoadKeyW
CryptAcquireContextA
RegReplaceKeyA
RegQueryValueW
RegEnumValueA
RegSaveKeyA
AbortSystemShutdownW
DuplicateTokenEx
RegLoadKeyA
CryptExportKey
CryptGetHashParam
RegRestoreKeyW
CryptSetProviderA
CryptAcquireContextW
shell32
SHGetNewLinkInfo
CheckEscapesW
DragQueryFileAorW
SHInvokePrinterCommandA
SHFileOperationW
DoEnvironmentSubstW
CommandLineToArgvW
SHLoadInProc
ExtractIconExA
SHEmptyRecycleBinA
ExtractAssociatedIconA
SHInvokePrinterCommandW
SHGetDataFromIDListA
SHGetFileInfoW
SHGetSpecialFolderPathA
FreeIconList
SHGetPathFromIDList
ShellAboutW
SHQueryRecycleBinW
SHQueryRecycleBinA
SHGetDiskFreeSpaceA
RealShellExecuteA
Sections
.text Size: 99KB - Virtual size: 98KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 127KB - Virtual size: 126KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ