t:\Tpm-sw\Tss\bin\IA32\win\Release\IfxSpMgtExe.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
cfa224ec9b861fd69e0c84106837c3a5_JaffaCakes118.exe
Resource
win7-20240708-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
cfa224ec9b861fd69e0c84106837c3a5_JaffaCakes118.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
cfa224ec9b861fd69e0c84106837c3a5_JaffaCakes118
-
Size
500KB
-
MD5
cfa224ec9b861fd69e0c84106837c3a5
-
SHA1
51f105d53492ce5ecfdded521ea390dc5891593f
-
SHA256
01902b6aa13c83bd4ba324ec5022397f1728a38c5511a17e25f34ecad9afab51
-
SHA512
c5c6c944f9d74b95bdd0d9ce478fb19a179646546317452d9119c60f77cd657293544a877d4ffa57fa64b38aff9c85e4ebb1a8f687029a5d3cb3995c1db8e1b1
-
SSDEEP
12288:i2NnajLaIuhXV7HJ+tSD5fkjhXHepDXCZM1HxAmd3Sf:ELbwJd58lX+pDXcwAmA
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource cfa224ec9b861fd69e0c84106837c3a5_JaffaCakes118
Files
-
cfa224ec9b861fd69e0c84106837c3a5_JaffaCakes118.exe windows:5 windows x86 arch:x86
bc9f2097fdb994f261dca74e6172762e
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
version
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
crypt32
CertSerializeCertificateStoreElement
CertFindCertificateInStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertEnumCertificatesInStore
CertControlStore
CertOpenStore
CertCloseStore
userenv
DestroyEnvironmentBlock
CreateEnvironmentBlock
mfc71u
ord265
ord1908
ord1178
ord1182
ord266
ord1067
ord314
ord762
ord2895
ord1079
ord631
ord764
ord386
ord629
ord384
ord2279
ord1271
ord577
ord870
ord899
ord283
ord5398
ord2460
ord2468
ord2260
ord5485
ord774
ord287
ord3927
ord4027
ord2311
ord776
ord293
ord280
ord1479
ord282
ord2926
ord6111
ord2261
ord2461
ord2121
ord2271
ord860
ord4078
ord896
ord1248
ord6009
ord3383
ord1476
ord5711
ord2742
ord2745
msvcr71
realloc
??1type_info@@UAE@XZ
__security_error_handler
_CRT_RTC_INIT
__dllonexit
_onexit
?terminate@@YAXXZ
_controlfp
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
memcmp
memset
__CxxFrameHandler
_CxxThrowException
memcpy
_except_handler3
__wgetmainargs
free
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_beginthreadex
memmove
wcsncpy
wcslen
_purecall
malloc
__set_app_type
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@PBD@Z
_snwprintf
wcstol
swprintf
_wcsicmp
swscanf
wcscmp
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
_amsg_exit
kernel32
lstrcmpiW
GetProcessHeap
HeapFree
HeapAlloc
GetModuleFileNameA
DebugBreak
LoadLibraryA
GetVersionExA
GetSystemTimeAsFileTime
GetCurrentProcessId
ExpandEnvironmentStringsW
FreeLibrary
GetLastError
GetVersionExW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
CloseHandle
ResetEvent
Sleep
SetEvent
OpenEventW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
RaiseException
VirtualQuery
VirtualAlloc
VirtualFree
VirtualProtect
GetCurrentThread
GetExitCodeProcess
WaitForSingleObject
WaitForMultipleObjects
CreateEventW
GetExitCodeThread
CreateThread
SetThreadPriority
GetThreadPriority
GetCurrentThreadId
RegisterWaitForSingleObject
UnregisterWait
GetCommandLineW
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
lstrlenW
GetModuleHandleW
lstrcpyW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcpynW
lstrcatW
GetCurrentProcess
CreateMutexW
ReleaseMutex
SetLastError
LocalFree
GetComputerNameW
GetProcAddress
LoadLibraryW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
VerifyVersionInfoW
VerSetConditionMask
GetFullPathNameW
GetStringTypeExW
GetDriveTypeW
GetModuleHandleA
GetStartupInfoW
ExitProcess
QueryPerformanceCounter
GetTickCount
user32
GetMessageW
LoadStringW
SetForegroundWindow
DispatchMessageW
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
TranslateMessage
PostThreadMessageW
CharNextW
UnregisterClassW
GetDC
UnregisterClassA
ReleaseDC
wsprintfW
MsgWaitForMultipleObjects
SetFocus
PeekMessageW
gdi32
CreateFontW
GetDeviceCaps
advapi32
QueryServiceStatusEx
DuplicateToken
OpenThreadToken
DuplicateTokenEx
CreateProcessAsUserW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
CloseServiceHandle
StartServiceW
OpenServiceW
OpenSCManagerW
RegisterServiceCtrlHandlerExW
SetServiceStatus
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ChangeServiceConfig2W
CreateServiceW
DeleteService
ControlService
StartServiceCtrlDispatcherW
RegOpenKeyW
RevertToSelf
ImpersonateLoggedOnUser
FileEncryptionStatusW
DecryptFileW
RegLoadKeyW
RegUnLoadKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
ConvertStringSidToSidW
LookupAccountSidW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegisterEventSourceW
ReportEventW
DeregisterEventSource
GetUserNameW
LookupAccountNameW
ConvertSidToStringSidW
CryptGenRandom
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegEnumValueW
RegOpenCurrentUser
GetTokenInformation
OpenProcessToken
SetSecurityDescriptorGroup
IsValidSid
GetLengthSid
CopySid
SetSecurityDescriptorOwner
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
shell32
SHCreateDirectoryExW
SHFileOperationW
SHGetFolderPathW
shlwapi
PathFindExtensionW
PathRenameExtensionW
PathRemoveFileSpecW
PathRemoveBackslashW
PathAddBackslashW
PathIsDirectoryW
PathFileExistsW
ole32
CoTaskMemFree
CoRevertToSelf
CoImpersonateClient
StringFromCLSID
CLSIDFromProgID
CoCreateInstance
CoUninitialize
CoInitializeEx
CoQueryClientBlanket
CoInitialize
CoSuspendClassObjects
CoResumeClassObjects
CoInitializeSecurity
CoTaskMemAlloc
CoTaskMemRealloc
CoRegisterClassObject
CoRevokeClassObject
StringFromGUID2
CoCreateGuid
oleaut32
CreateErrorInfo
GetErrorInfo
VariantChangeType
VariantClear
VariantInit
SetErrorInfo
SysAllocString
VarUI4FromStr
SysFreeString
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
LoadRegTypeLi
SysStringLen
msvcp71
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?width@ios_base@std@@QBEHXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?_Register@facet@locale@std@@QAEXXZ
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
??Bid@locale@std@@QAEIXZ
?id@?$ctype@D@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?to_int_type@?$char_traits@D@std@@SAHABD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flags@ios_base@std@@QBEHXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?is@?$ctype@G@std@@QBE_NFG@Z
?to_char_type@?$char_traits@G@std@@SAGABG@Z
?eof@?$char_traits@G@std@@SAGXZ
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
?eq_int_type@?$char_traits@G@std@@SA_NABG0@Z
?eof@?$char_traits@D@std@@SAHXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?to_char_type@?$char_traits@D@std@@SADABH@Z
?is@?$ctype@D@std@@QBE_NFD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?at@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?swap@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXAAV12@@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?reserve@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEABGI@Z
?to_int_type@?$char_traits@G@std@@SAGABG@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
?id@?$ctype@G@std@@2V0locale@2@A
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
ifxsparc
?ArcCreateInstance@IFXTCGArc@@YAPAVISPArcManagement@1@W4TYPE_ARCACCESS@1@@Z
?QueryValueBinary@CSpArcConfigDataSet@IFXTCGArc@@QAEIABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0AAPAEAAK@Z
??0CSPDataRecord@IFXTCGArc@@QAE@PAVCSPBaseObject@1@@Z
??0CSpArcConfigDataSet@IFXTCGArc@@QAE@XZ
??1CSPDataRecord@IFXTCGArc@@UAE@XZ
??1CSPArcArchiveWrapper@IFXTCGArc@@QAE@XZ
??0CSPArcArchiveWrapper@IFXTCGArc@@QAE@PAVISPArcManagement@1@@Z
?SetName@CSpArcConfigDataSet@IFXTCGArc@@QAEIABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?QueryValueDWORD@CSpArcConfigDataSet@IFXTCGArc@@QAEIABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0AAK@Z
?ArcReleaseInstance@IFXTCGArc@@YA_NXZ
?GetURI@CSpArcLinkageListDataSet@IFXTCGArc@@QAEIABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAV34@@Z
?EnumLinkageKeys@CSpArcLinkageListDataSet@IFXTCGArc@@QAEIAAV?$vector@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V?$allocator@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@@std@@@Z
??CCSPArcArchiveWrapper@IFXTCGArc@@QAEPAVCSPArchive@1@XZ
?OpenArchive@CSPArcArchiveWrapper@IFXTCGArc@@QAEIW4TYPE_SP_ARCHIVE@2@KKABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@11@Z
??1CSPArcStoreIterator@IFXTCGArc@@QAE@XZ
?CloseArchive@CSPArcArchiveWrapper@IFXTCGArc@@QAEIXZ
??CCSPArcStoreIterator@IFXTCGArc@@QAEPAV?$vector@PAVCSPStore@IFXTCGArc@@V?$allocator@PAVCSPStore@IFXTCGArc@@@std@@@std@@XZ
?GetAllStores@CSPArcStoreIterator@IFXTCGArc@@QAEIXZ
??0CSPArcStoreIterator@IFXTCGArc@@QAE@PAVCSPArchive@1@@Z
??BCSPArcArchiveWrapper@IFXTCGArc@@QAEPAVCSPArchive@1@XZ
?SaveArchive@CSPArcArchiveWrapper@IFXTCGArc@@QAEIXZ
??0CSpArcLinkageListDataSet@IFXTCGArc@@QAE@XZ
?SetValueDWORD@CSpArcConfigDataSet@IFXTCGArc@@QAEIABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0K@Z
?SetStoreName@CSpArcCapiCertDataSet@IFXTCGArc@@QAEIABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?RemoveCertificate@CSpArcCapiCertDataSet@IFXTCGArc@@QAEIABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?SetCertificate@CSpArcCapiCertDataSet@IFXTCGArc@@QAEIABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PAEK@Z
?EnumCertificates@CSpArcCapiCertDataSet@IFXTCGArc@@QAEIAAV?$vector@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V?$allocator@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@@std@@@Z
??0CSpArcCapiCertDataSet@IFXTCGArc@@QAE@XZ
?AddURI@CSpArcLinkageListDataSet@IFXTCGArc@@QAEIABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z
?RemoveURI@CSpArcLinkageListDataSet@IFXTCGArc@@QAEIABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?HasURI@CSpArcLinkageListDataSet@IFXTCGArc@@QAEIABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
Sections
.text Size: 380KB - Virtual size: 379KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 72KB - Virtual size: 71KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 28KB - Virtual size: 37KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 16KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ