Static task
static1
Behavioral task
behavioral1
Sample
d09ca3e204370d4a38e62ecb8c0a2971_JaffaCakes118.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
d09ca3e204370d4a38e62ecb8c0a2971_JaffaCakes118.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
d09ca3e204370d4a38e62ecb8c0a2971_JaffaCakes118
-
Size
39KB
-
MD5
d09ca3e204370d4a38e62ecb8c0a2971
-
SHA1
898ba52bb00f649b6b21bfbf560370826d23632b
-
SHA256
69bba196c3ac4919beacb60a8e5f3f030cf455edf7638f75e92808307af67c82
-
SHA512
e7e5d4aabb16ed7416f84d76b3b31d90545e575176f293b64f8bf99689315a9846171be51bdc44d1381e3b83902bf713ba3632e2eeb6f4cd12f9e54055e9176b
-
SSDEEP
768:I/6+lmLPojAT+H0yhvHER6BiDmT+haCHzTCUYzNAMenA9nhVTb:I/6jGACH0KHERvmTxCHqdNAMYARTb
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d09ca3e204370d4a38e62ecb8c0a2971_JaffaCakes118
Files
-
d09ca3e204370d4a38e62ecb8c0a2971_JaffaCakes118.exe windows:5 windows x86 arch:x86
920025861721f3340cda19a2a6a07177
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
expsrv
rtcAbsVar
rtcGetMonthOfYear
__vbaStrFixstr
__vbaCastObj
rtcLenVar
__vbaI2ForNextCheck
__vbaRecAnsiToUni
rtcLeftVar
__vbaVarCmpLe
rtUI1FromErrVar
rtcRightVar
rtcDoEvents
rtcCreateObject2
rtcLowerCaseBstr
__vbaR4ErrVar
__vbaFpCDblR4
rtcStrReverse
__vbaStrVarCopy
__vbaGet3
rtcCurrentDirBstr
rtcRgb
__vbaEraseKeepData
__vbaI4Var
__vbaBoolVarNull
EVENT_SINK_AddRef
rtcFormatNumber
__vbaR8ForNextCheck
__vbaGosubFree
__vbaRecAssign
rtcCharValueBstr
__vbaCastObjVar
__vbaAryLock
__vbaAryRecCopy
rtcVarBstrFromByte
__vbaFpCmpCy
TipSetOption
__vbaVarTstGe
__vbaRecUniToAnsi
__vbaVarVargNofree
rtcVarFromError
rtDecFromVar
rtcChoose
rtcStrConvVar
__vbaVarNeg
rtcGetHostLCID
shlwapi
SHOpenRegStreamW
PathIsSystemFolderW
PathCommonPrefixW
SHQueryInfoKeyW
StrRetToBufW
SHRegQueryUSValueW
AssocQueryStringByKeyA
StrFormatKBSizeA
PathCanonicalizeW
StrChrIW
AssocQueryStringByKeyW
StrDupA
PathSetDlgItemPathA
StrStrW
PathSearchAndQualifyW
PathRenameExtensionW
PathFindSuffixArrayW
PathIsURLW
PathIsContentTypeW
PathGetDriveNumberA
GetMenuPosFromID
PathIsRootA
SHRegDeleteUSValueA
wnsprintfW
StrTrimA
StrCatChainW
UrlGetPartW
PathAppendW
SHCreateStreamWrapper
StrChrNIW
PathRelativePathToA
StrIsIntlEqualW
DllGetVersion
PathIsNetworkPathW
PathFindOnPathW
PathIsUNCServerA
SHQueryInfoKeyA
StrRChrIA
PathRemoveExtensionW
PathStripToRootW
UrlCanonicalizeW
SHRegGetBoolUSValueW
StrCatW
opengl32
glEvalMesh1
glPushName
glIndexi
glRasterPos4i
glColor4dv
glNormalPointer
glEdgeFlagPointer
glVertexPointer
glEvalCoord1f
glGenTextures
glClipPlane
glColor3d
wglRealizeLayerPalette
glRasterPos2d
wglCreateContext
glDeleteLists
glCopyPixels
glLightModeliv
glInterleavedArrays
glMap1f
glVertex4f
glGetMapdv
glVertex3s
glColor4us
glTexGeniv
glMapGrid2f
glTexCoord3s
glGetString
glRasterPos2f
glColor4bv
glBitmap
clusapi
ResumeClusterNode
GetClusterNetworkId
RemoveClusterResourceNode
CreateClusterResourceType
OnlineClusterGroup
EvictClusterNode
GetClusterNodeState
EvictClusterNodeEx
RemoveClusterResourceDependency
GetClusterFromResource
GetClusterNotify
GetClusterInformation
ClusterGetEnumCount
ClusterRegDeleteKey
BackupClusterDatabase
AddClusterResourceNode
SetClusterQuorumResource
ChangeClusterResourceGroup
ClusterRegCloseKey
ClusterNodeCloseEnum
ClusterNetworkCloseEnum
ClusterRegQueryValue
RestoreClusterDatabase
GetClusterResourceNetworkName
SetClusterGroupName
ntdll
ZwSetInformationProcess
RtlLargeIntegerDivide
NtQueryValueKey
RtlOemStringToUnicodeString
ZwCallbackReturn
NtCreatePagingFile
RtlAllocateAndInitializeSid
RtlFormatMessage
RtlCopyUnicodeString
ZwReplaceKey
RtlPushFrame
RtlFreeOemString
NtWriteFile
NtQueryInformationPort
RtlIsValidHandle
_wcslwr
RtlEmptyAtomTable
RtlAbortRXact
RtlCaptureStackContext
RtlIsActivationContextActive
ZwSetBootEntryOrder
NtQuerySection
ZwFreeUserPhysicalPages
NtOpenIoCompletion
ZwQuerySystemTime
DbgUiRemoteBreakin
iswlower
NtSetSecurityObject
RtlClearAllBits
RtlConvertExclusiveToShared
LdrInitShimEngineDynamic
memset
NtCloseObjectAuditAlarm
RtlCreateUnicodeString
RtlDestroyEnvironment
ZwSetInformationObject
ZwReleaseKeyedEvent
NtLockProductActivationKeys
RtlAppendPathElement
NtCreateDirectoryObject
RtlTraceDatabaseAdd
RtlGetSaclSecurityDescriptor
ZwAccessCheckByTypeResultListAndAuditAlarmByHandle
NtYieldExecution
NtGetContextThread
NtRenameKey
RtlLargeIntegerShiftRight
NtLoadDriver
DbgUserBreakPoint
NtCancelTimer
RtlRaiseStatus
RtlAreAllAccessesGranted
RtlEnlargedIntegerMultiply
RtlFindNextForwardRunClear
NtRaiseException
RtlSetSecurityDescriptorRMControl
ZwCreateDirectoryObject
RtlDoesFileExists_U
RtlpWaitForCriticalSection
RtlDecompressFragment
ZwTerminateThread
NtSetBootEntryOrder
RtlInitializeBitMap
NtWaitForSingleObject
NtQuerySemaphore
ZwEnumerateKey
RtlCloneMemoryStream
NtDisplayString
ZwQuerySystemEnvironmentValueEx
ZwContinue
mfcsubs
??O@YG_NABVCString@@0@Z
??0CMapStringToPtr@@QAE@H@Z
?GetData@CStringArray@@QAEPAVCString@@XZ
?GetData@CStringArray@@QBEPBVCString@@XZ
??4CString@@QAEABV0@D@Z
?Empty@CString@@QAEXXZ
?Release@CString@@IAEXXZ
?MakeReverse@CString@@QAEXXZ
??4CString@@QAEABV0@PBD@Z
?LookupKey@CMapStringToPtr@@QBEHPBGAAPBG@Z
??YCString@@QAEABV0@ABV0@@Z
?SetAtGrow@CStringArray@@QAEXHPBG@Z
??0CStringArray@@QAE@XZ
?AllocBuffer@CString@@IAEXH@Z
??_7CCriticalSection@@6B@
?Lock@CCriticalSection@@UAEHK@Z
?GetUpperBound@CStringArray@@QBEHXZ
?Left@CString@@QBE?AV1@H@Z
??H@YG?AVCString@@ABV0@PBG@Z
?Init@CString@@IAEXXZ
??H@YG?AVCString@@DABV0@@Z
??0CString@@QAE@PBE@Z
??0CObject@@IAE@XZ
?Find@CString@@QBEHPBG@Z
?GetBufferSetLength@CString@@QAEPAGH@Z
??4CPlex@@QAEAAU0@ABU0@@Z
?IsEmpty@CMapStringToPtr@@QBEHXZ
??BCCriticalSection@@QAEPAU_RTL_CRITICAL_SECTION@@XZ
?Right@CString@@QBE?AV1@H@Z
?SafeStrlen@CString@@KGHPBG@Z
??_7CObject@@6B@
??8@YG_NPBGABVCString@@@Z
?GetAssocAt@CMapStringToPtr@@IBEPAUCAssoc@1@PBGAAI@Z
?Lock@CSyncObject@@UAEHK@Z
?SetAt@CMapStringToPtr@@QAEXPBGPAX@Z
??_FCMapStringToPtr@@QAEXXZ
?Unlock@CSyncObject@@UAEHJPAJ@Z
??4CString@@QAEABV0@G@Z
??YCString@@QAEABV0@PBG@Z
?SetAt@CStringArray@@QAEXHPBG@Z
??4CString@@QAEABV0@PBG@Z
msvcrt
_finite
_longjmpex
iswcntrl
atoi
sqrt
system
_i64toa
_safe_fdiv
_mbsncpy
_strupr
??_G__non_rtti_object@@UAEPAXI@Z
atan2
_CIlog
__crtCompareStringW
_wenviron
vfwprintf
_ismbbpunct
__wargv
strcoll
wcsncpy
wcscoll
_mbsnbcmp
_cgets
__p___wargv
_eof
_hypot
??4exception@@QAEAAV0@ABV0@@Z
_wcstoui64
__CxxLongjmpUnwind
??1__non_rtti_object@@UAE@XZ
??2@YAPAXI@Z
_CIsqrt
cosh
ungetwc
strtod
__set_app_type
_flushall
wprintf
atol
_i64tow
_spawnv
__p__wcmdln
memset
_wctime64
_wperror
ceil
_CItan
_fgetchar
_copysign
__getmainargs
_swab
__p__amblksiz
_CIasin
??_U@YAPAXI@Z
scanf
_mbscpy
___lc_handle_func
_mbscoll
vfprintf
__CxxRegisterExceptionObject
__p__winver
sinh
_amsg_exit
_ltoa
__p__commode
_outp
_daylight
_tzset
__winitenv
_execlpe
msvcrt40
?fill@ios@@QBEDXZ
??_7istream_withassign@@6B@
wcsftime
??1bad_cast@@UAE@XZ
?clrlock@ios@@QAAXXZ
??0exception@@QAE@XZ
_strupr
?rdbuf@ofstream@@QBEPAVfilebuf@@XZ
?rdbuf@istrstream@@QBEPAVstrstreambuf@@XZ
swscanf
??0ofstream@@QAE@XZ
difftime
??6ostream@@QAEAAV0@PBE@Z
_mbscat
??_Difstream@@QAEXXZ
_ismbchira
isalpha
??_Eexception@@UAEPAXI@Z
_getdcwd
??1ostrstream@@UAE@XZ
pow
??_Ebad_typeid@@UAEPAXI@Z
?eof@ios@@QBEHXZ
??1istrstream@@UAE@XZ
_safe_fdivr
remove
tolower
?blen@streambuf@@IBEHXZ
scanf
_mbsnicmp
?good@ios@@QBEHXZ
?open@ifstream@@QAEXPBDHH@Z
_memccpy
_wexecl
asctime
_strlwr
?read@istream@@QAEAAV1@PADH@Z
_wpopen
_inpd
_mbsbtype
?cin@@3Vistream_withassign@@A
sqrt
_mbsrev
iswxdigit
_heapset
?flags@ios@@QAEJJ@Z
??5istream@@QAEAAV0@AAM@Z
freopen
??0ostream@@QAE@PAVstreambuf@@@Z
strncpy
?adjustfield@ios@@2JB
_ismbstrail
??_E__non_rtti_object@@UAEPAXI@Z
_mbsdec
_mbsnbcmp
_execvp
??0filebuf@@QAE@ABV0@@Z
??0__non_rtti_object@@QAE@PBD@Z
qsort
_wfindnexti64
query
?Find@CEmptyPropertyList@@QAEPBVCPropEntry@@ABVCDbColId@@@Z
?DoFailTest@@YGXJ@Z
CIBuildQueryNode
?UnMarshall@CDbByGuid@@QAEHAAVPDeSerStream@@@Z
CIMakeICommand
?Commit@CRcovStrmWriteTrans@@QAEXXZ
?ciDelete@@YGXPAX@Z
?CloseRecord@CPropStoreManager@@QAEXPAVCCompositePropRecord@@@Z
DllUnregisterServer
?DoUpdates@CFilterDaemon@@QAEJXZ
?Marshall@CDbCmdTreeNode@@QBEXAAVPSerStream@@@Z
?ReportEventW@CFwEventItem@@QAEXAAUICiCAdviseStatus@@@Z
??1CMetaDataMgr@@QAE@XZ
?CleanupDataValue@CDbCmdTreeNode@@IAEXXZ
??0CMachineAdmin@@QAE@PBGH@Z
CollectCIISAPIPerformanceData
?Release@CEmptyPropertyList@@UAGKXZ
?AddRef@CQueryUnknown@@UAGKXZ
?Marshall@CNodeRestriction@@QBEXAAVPSerStream@@@Z
??0CVirtualString@@QAE@I@Z
??0CDFA@@QAE@PBGAAVCTimeLimit@@E@Z
?BeginTransaction@CPropStoreManager@@QAEKXZ
?PauseCI@CMachineAdmin@@QAEHXZ
LocateCatalogsW
LoadIFilter
?Marshall@CDbPropSet@@QBEXAAVPSerStream@@@Z
?SetR8@CStorageVariant@@QAEXNI@Z
??1CFwAsyncWorkItem@@UAE@XZ
?UnMarshall@CDbCmdTreeNode@@QAEHAAVPDeSerStream@@@Z
?GetOleDBErrorInfo@@YGJPAUIUnknown@@ABU_GUID@@KIPAUtagERRORINFO@@PAPAUIErrorInfo@@@Z
?WritePropertyInNewRecord@CPropStoreManager@@QAEKKABVCStorageVariant@@@Z
?SetProperty@CDbPropBaseRestriction@@QAEHABUtagDBID@@@Z
?SetScopePropertiesNoThrow@@YGJPAUICommand@@IPBQBGPBK11@Z
?Close@CPipeClient@@IAEXXZ
??1CDbQueryResults@@QAE@XZ
?SetExclude@CScopeAdmin@@QAEXH@Z
??0CPropNameArray@@QAE@AAVPDeSerStream@@@Z
?Size@CDbQueryResults@@QAEKXZ
?SkipBlob@CMemDeSerStream@@UAEXK@Z
?Copy@CDbPropSet@@QAEHABUtagDBPROPSET@@@Z
?CiNtOpen@@YGPAXPBGKKK@Z
?IsSameDrive@CDriveInfo@@QAEHPBG@Z
??0CPidLookupTable@@QAE@XZ
?GetPropTypeCount@CEmptyPropertyList@@SGIXZ
?GetBOOL@CAllocStorageVariant@@QBEFI@Z
??1CDbSortKey@@QAE@XZ
InitializeCIPerformanceData
?ReleaseWorkThreads@CWorkQueue@@QAEXXZ
?GetCLSID@CAllocStorageVariant@@QBE?AU_GUID@@I@Z
?SetLPWSTR@CStorageVariant@@QAEXPBGI@Z
CICreateCommand
?GetCY@CAllocStorageVariant@@QBE?ATtagCY@@I@Z
?SkipLong@CMemDeSerStream@@UAEXXZ
?Add@CDbColumns@@QAEHABVCDbColId@@I@Z
?QueryVirtualScopeList@CiStorage@@QAEPAVPRcovStorageObj@@K@Z
??1CEventLog@@QAE@XZ
?QueryScopeAdmin@CScopeEnum@@QAEPAVCScopeAdmin@@XZ
?FetchProperty@COLEPropManager@@QAEXABU_GUID@@ABUtagPROPSPEC@@PAUtagPROPVARIANT@@PAI@Z
?AllocHeapAndCopy@@YGPAGPBGAAK@Z
?AcceptWord@CQueryScanner@@QAEXXZ
?QueryCatalogEnum@CMachineAdmin@@QAEPAVCCatalogEnum@@XZ
?AcqRst@CRangeKeyRepository@@QAEPAVCRangeRestriction@@XZ
?Next@CEnumWorkid@@UAGJKPAK0@Z
?GetWChar@CMemDeSerStream@@UAEXPAGK@Z
?SetValue@CPropertyRestriction@@QAEXPAU_GUID@@@Z
user32
SetFocus
spoolss
AlignRpcPtr
SplReadPrinter
SplPowerEvent
EnumPrinterDataExW
ReplyPrinterChangeNotification
EnumPrintProcessorDatatypesW
SplCloseSpoolFileHandle
ReadPrinter
SetPortW
AddMonitorW
GetPrinterDataExW
SetPrinterW
GetPrinterDriverExW
UndoAlignKMPtr
AddPrinterExW
StartPagePrinter
OpenPrinterW
DeletePrinterDataExW
ClosePrinter
bGetDevModePerUser
AddPortW
UpdatePrinterRegAll
XcvDataW
DeletePrintProvidorW
AppendPrinterNotifyInfoData
RemoteFindFirstPrinterChangeNotification
AbortPrinter
AdjustPointers
ProvidorFindFirstPrinterChangeNotification
PartialReplyPrinterChangeNotification
SplIsUpgrade
AlignKMPtr
SplUnregisterForDeviceEvents
EnumPrinterDataW
GetNetworkId
DeleteFormW
ReplyClosePrinter
GetJobAttributes
SplShutDownRouter
kernel32
WriteProfileStringW
GetDefaultCommConfigA
TlsAlloc
RemoveDirectoryW
GlobalFindAtomW
ReadConsoleInputExA
Sleep
GetCommandLineW
GetTempFileNameA
Beep
GetConsoleInputWaitHandle
AssignProcessToJobObject
GetComputerNameW
WriteProfileStringA
GetGeoInfoW
RequestWakeupLatency
SetSystemTime
FindAtomA
GetCalendarInfoA
DeleteFileW
EnumResourceTypesA
IsValidLocale
GetConsoleNlsMode
GetCurrentConsoleFont
SetFileShortNameA
AddLocalAlternateComputerNameA
VirtualAlloc
IsBadHugeWritePtr
WinExec
HeapAlloc
GetVersion
EnumResourceTypesW
LocalShrink
HeapLock
GetBinaryTypeA
WTSGetActiveConsoleSessionId
wintrust
CryptSIPCreateIndirectData
WTHelperGetFileName
TrustFreeDecode
WintrustLoadFunctionPointers
CryptCATCDFEnumMembersByCDFTag
WTHelperOpenKnownStores
SoftpubLoadDefUsageCallData
TrustFindIssuerCertificate
CryptCATPutAttrInfo
CryptCATEnumerateCatAttr
mssip32DllUnregisterServer
CryptSIPGetRegWorkingFlags
CryptSIPVerifyIndirectData
WVTAsn1SpcSpOpusInfoDecode
CryptCATAdminReleaseContext
CryptCATAdminResolveCatalogPath
WTHelperGetFileHandle
mscat32DllUnregisterServer
DriverFinalPolicy
WVTAsn1SpcMinimalCriteriaInfoEncode
CryptSIPPutSignedDataMsg
CryptCATVerifyMember
HTTPSFinalProv
WVTAsn1SpcFinancialCriteriaInfoDecode
WintrustAddActionID
DriverInitializePolicy
SoftpubDefCertInit
WVTAsn1SpcIndirectDataContentEncode
mscat32DllRegisterServer
GenericChainFinalProv
CryptSIPRemoveSignedDataMsg
WintrustCertificateTrust
MsCatConstructHashTag
WVTAsn1SpcStatementTypeDecode
CryptCATCDFClose
WVTAsn1SpcPeImageDataEncode
CryptCATCDFEnumMembers
CryptCATAdminPauseServiceForBackup
SoftpubCleanup
FindCertsByIssuer
CryptCATAdminCalcHashFromFileHandle
TrustIsCertificateSelfSigned
CryptCATPutMemberInfo
setupapi
CM_Get_Device_Interface_Alias_ExW
pSetupDestroyRunOnceNodeList
SetupDiSetDeviceRegistryPropertyW
pSetupStringTableLookUpStringEx
CM_Get_First_Log_Conf_Ex
SetupDefaultQueueCallbackW
SetupDiGetClassImageListExW
CM_Get_Log_Conf_Priority
SetupPromptReboot
SetupDiSetSelectedDriverA
SetupInitDefaultQueueCallback
SetupDiOpenDeviceInterfaceA
CM_Set_DevNode_Registry_Property_ExW
CM_Is_Dock_Station_Present
CMP_WaitServicesAvailable
CM_Get_DevNode_Custom_Property_ExA
SetupDiGetClassRegistryPropertyW
CM_Invert_Range_List
CM_Request_Eject_PC_Ex
SetupInstallFileExA
pSetupShouldDeviceBeExcluded
SetupQueryInfFileInformationW
CM_Add_Empty_Log_Conf
SetupInstallFromInfSectionW
CM_Query_And_Remove_SubTree_ExA
pSetupStringTableInitialize
pSetupMakeSurePathExists
CM_Uninstall_DevNode
CM_Free_Res_Des_Handle
Sections
.text Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 21KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 786B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE