Static task
static1
Behavioral task
behavioral1
Sample
d3d1adfdbee62874c5e91fa0e76ef270_JaffaCakes118.exe
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral2
Sample
d3d1adfdbee62874c5e91fa0e76ef270_JaffaCakes118.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
d3d1adfdbee62874c5e91fa0e76ef270_JaffaCakes118
-
Size
268KB
-
MD5
d3d1adfdbee62874c5e91fa0e76ef270
-
SHA1
d7c01eb01267ee539af5264278c40344e79e4bbb
-
SHA256
177b22f068b1fbe3b83a37734c0969b8062708c2cf62b0a6e91b8b9a0d461723
-
SHA512
641eaddda77b06b09419ca82d3b1b639aff89c4b4b15abf23a10a30f019e2d6d65d62a1624dbc9515e2723e86ea0204d381a3c68a3dd271d0a63ea5cfc4f7672
-
SSDEEP
6144:TL3Ny+59gyurNwVBQosoRvQWkpmRvHCO7Fih:TL9yug5NJyvQWkpm5HCL
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d3d1adfdbee62874c5e91fa0e76ef270_JaffaCakes118
Files
-
d3d1adfdbee62874c5e91fa0e76ef270_JaffaCakes118.exe windows:4 windows x86 arch:x86
87ff3876a3cb42e3948cb6268b329e5a
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
msvcrt
_onexit
__dllonexit
?terminate@@YAXXZ
_initterm
srand
strtod
fread
fflush
fwrite
abort
sprintf
strncpy
_tempnam
exit
atol
_ultoa
wcstombs
rand
isxdigit
atof
_fpclass
strchr
_isnan
isalnum
isalpha
toupper
tolower
atoi
floor
_strtime
_strdate
sscanf
isspace
isdigit
longjmp
ldexp
frexp
wcslen
calloc
realloc
malloc
setlocale
_strdup
free
_clearfp
ceil
_controlfp
_vsnprintf
__CxxFrameHandler
_finite
memmove
qsort
_purecall
_stricmp
modf
iswspace
iswalpha
iswdigit
iswpunct
gdi32
TranslateCharsetInfo
ExtTextOutW
GetCurrentObject
ExtTextOutA
CreateCompatibleDC
SetMapMode
GetOutlineTextMetricsA
GetGlyphOutlineW
MoveToEx
CreateFontIndirectW
SetTextAlign
CreateFontIndirectA
GetFontLanguageInfo
GetTextMetricsW
SetBkMode
SetBkColor
SetTextColor
GetCharacterPlacementW
GetCharacterPlacementA
SelectObject
DeleteObject
DeleteDC
CreateDIBSection
GetGlyphOutlineA
GetTextMetricsA
GetObjectW
GetObjectA
kernel32
DeleteFileW
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
FindResourceA
LoadResource
LockResource
SizeofResource
FreeResource
CompareStringA
CreateFileW
GetLastError
FormatMessageA
LocalFree
GetFullPathNameA
LeaveCriticalSection
DeleteCriticalSection
InterlockedCompareExchange
SetFilePointer
InitializeCriticalSection
InterlockedExchange
EnterCriticalSection
lstrcmpiA
IsDBCSLeadByte
WriteFile
GetTempPathA
GetTempFileNameA
CreateFileA
ReadFile
CloseHandle
DeleteFileA
InterlockedDecrement
InterlockedIncrement
IsProcessorFeaturePresent
GetSystemInfo
VirtualAlloc
VirtualFree
GetACP
WideCharToMultiByte
MultiByteToWideChar
OutputDebugStringA
GetModuleHandleA
MoveFileA
MoveFileW
GetTempFileNameW
GlobalMemoryStatus
FreeLibrary
SetEndOfFile
ExpandEnvironmentStringsA
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
CreateMutexA
WaitForSingleObject
ReleaseMutex
HeapAlloc
GetProcessHeap
HeapFree
FindResourceW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
GetVersionExA
LoadLibraryA
GetProcAddress
FindVolumeMountPointClose
SetConsoleCursorMode
IsWow64Process
SetConsoleCursorPosition
LZDone
CopyFileW
SetConsoleMode
GetNumberFormatW
AreFileApisANSI
WTSGetActiveConsoleSessionId
CompareStringW
SetComputerNameExA
GetConsoleCharType
GetDiskFreeSpaceExW
FindNextChangeNotification
GetFileAttributesA
GetTimeZoneInformation
GetSystemTime
GetGeoInfoA
FindClose
GetConsoleTitleA
BaseInitAppcompatCacheSupport
FindNextFileA
FillConsoleOutputCharacterW
UnlockFileEx
VDMConsoleOperation
GetStringTypeExW
RemoveDirectoryW
GlobalAlloc
Heap32ListNext
CancelTimerQueueTimer
SetFileTime
CommConfigDialogW
EndUpdateResourceA
OpenThread
GetSystemWow64DirectoryW
HeapWalk
HeapQueryInformation
WaitNamedPipeW
GetDiskFreeSpaceA
SetFileShortNameA
GetThreadPriority
BeginUpdateResourceA
SetConsoleTextAttribute
GlobalHandle
DeleteVolumeMountPointA
RequestWakeupLatency
GetCurrencyFormatW
QueueUserWorkItem
SetDefaultCommConfigA
TlsAlloc
ExpungeConsoleCommandHistoryA
GetExpandedNameA
WriteConsoleOutputCharacterA
ReadConsoleOutputA
GlobalReAlloc
FreeUserPhysicalPages
FindCloseChangeNotification
GetCalendarInfoW
GetModuleFileNameW
FindNextVolumeMountPointW
LZCopy
BaseCheckAppcompatCache
CreateJobSet
GetTempPathW
WriteConsoleInputW
GetCurrentThread
GetPrivateProfileStructA
FindActCtxSectionStringA
EnumSystemLocalesW
ContinueDebugEvent
PostQueuedCompletionStatus
DeleteTimerQueueEx
GetProcessHeaps
AddVectoredExceptionHandler
CreateJobObjectW
CreateDirectoryA
VerifyVersionInfoA
GetMailslotInfo
ClearCommError
lstrcatA
GetPriorityClass
FindResourceExA
GetFileAttributesW
IsValidCodePage
GetOEMCP
GlobalAddAtomA
CancelWaitableTimer
CreateDirectoryExA
PrivMoveFileIdentityW
BeginUpdateResourceW
SetSystemTimeAdjustment
CreateProcessInternalW
GetSystemDirectoryA
CallNamedPipeW
OpenProcess
EnumResourceNamesW
lstrcmpiW
GetNativeSystemInfo
GetConsoleNlsMode
InterlockedExchangeAdd
FlushConsoleInputBuffer
SetConsolePalette
Thread32First
SetVolumeMountPointA
Beep
GetStartupInfoA
VDMOperationStarted
GetPrivateProfileIntW
QueryActCtxW
SetCommBreak
ScrollConsoleScreenBufferW
lstrcmpi
GetProcessPriorityBoost
CreateProcessInternalA
GetCalendarInfoA
GetLogicalDriveStringsA
EndUpdateResourceW
GetCurrencyFormatA
HeapCompact
Module32Next
QueueUserAPC
GetSystemTimeAdjustment
EnumCalendarInfoExA
TerminateThread
VerLanguageNameA
lstrlen
DefineDosDeviceW
GlobalGetAtomNameA
IsBadHugeReadPtr
FoldStringA
FatalExit
GlobalFindAtomW
GetEnvironmentStringsW
GetNamedPipeHandleStateW
SetFileShortNameW
OpenSemaphoreW
lstrlenA
GetConsoleAliasesA
LocalFlags
DeviceIoControl
VirtualLock
GetConsoleFontSize
GetNumberOfConsoleFonts
BaseFlushAppcompatCache
SetConsoleActiveScreenBuffer
SetLocaleInfoA
RtlMoveMemory
ResetWriteWatch
DebugBreak
GetDefaultCommConfigA
EnumCalendarInfoA
Process32FirstW
TryEnterCriticalSection
EnumSystemLanguageGroupsA
GetComputerNameA
WaitNamedPipeA
SetSystemPowerState
GetPrivateProfileStructW
GetOverlappedResult
VirtualAllocEx
BaseUpdateAppcompatCache
SetThreadPriorityBoost
GetNamedPipeHandleStateA
CreateDirectoryW
ConnectNamedPipe
SetFileAttributesW
ReleaseActCtx
ReadConsoleA
GetModuleHandleExW
InterlockedFlushSList
QueryDepthSList
LoadModule
CallNamedPipeA
FindFirstVolumeW
SetThreadUILanguage
SetCommMask
EnumResourceNamesA
DosPathToSessionPathW
FileTimeToSystemTime
PeekNamedPipe
GetExitCodeProcess
GetTapePosition
DeleteTimerQueueTimer
GetCurrentDirectoryW
PrepareTape
GetProfileIntA
TlsSetValue
FindFirstVolumeMountPointW
GlobalMemoryStatusEx
DebugSetProcessKillOnExit
RemoveDirectoryA
GetFileInformationByHandle
SetFileAttributesA
VerifyConsoleIoHandle
UTRegister
SetCommState
EnumSystemCodePagesA
SetConsoleTitleA
DeleteVolumeMountPointW
DosPathToSessionPathA
UnregisterWait
MapUserPhysicalPagesScatter
UpdateResourceA
EnumDateFormatsW
WriteConsoleA
LocalAlloc
GetCPInfoExA
GetVolumePathNamesForVolumeNameW
FreeEnvironmentStringsA
GetVersionExW
FindFirstVolumeMountPointA
SetFirmwareEnvironmentVariableA
SetConsoleDisplayMode
WritePrivateProfileStringW
GetVDMCurrentDirectories
_lcreat
UnlockFile
GetDiskFreeSpaceW
UpdateResourceW
CopyFileExA
BaseCleanupAppcompatCacheSupport
GetModuleHandleExA
SearchPathW
GetConsoleScreenBufferInfo
CreateEventW
GetEnvironmentStringsA
GetDiskFreeSpaceExA
GetNumberFormatA
LZOpenFileW
SetConsoleTitleW
WaitCommEvent
CreateSemaphoreA
GetSystemPowerStatus
RegisterWaitForInputIdle
Module32FirstW
SwitchToThread
UnregisterConsoleIME
GetVersion
SetFileValidData
EnumLanguageGroupLocalesA
WriteProfileStringW
GetThreadLocale
GetEnvironmentVariableW
ConvertThreadToFiber
VerLanguageNameW
SetConsoleHardwareState
HeapReAlloc
LocalUnlock
CancelIo
GetThreadPriorityBoost
TlsFree
CreateIoCompletionPort
GetStringTypeExA
SetMailslotInfo
GetConsoleAliasesW
GetCommState
IsValidLanguageGroup
LoadLibraryExW
GetCommTimeouts
CloseProfileUserMapping
VirtualQueryEx
CreateFileMappingW
InitAtomTable
FindNextVolumeA
GetComputerNameExW
GetPrivateProfileSectionNamesW
DnsHostnameToComputerNameA
lstrcmp
lstrcmpW
EnumSystemCodePagesW
EnumLanguageGroupLocalesW
InterlockedPushEntrySList
EnumCalendarInfoExW
OutputDebugStringW
SetConsoleWindowInfo
GetPrivateProfileSectionA
GlobalWire
GetBinaryTypeW
GetProcessIoCounters
IsBadStringPtrA
FlushInstructionCache
EnumTimeFormatsA
SetThreadExecutionState
GetCommProperties
ZombifyActCtx
HeapDestroy
BindIoCompletionCallback
SetThreadContext
GetProfileIntW
ReadConsoleInputExA
_lclose
RegisterWaitForSingleObjectEx
AddAtomA
FindFirstFileW
GetExpandedNameW
ReadConsoleW
LocalSize
LZCreateFileW
GlobalUnWire
CompareFileTime
GetDateFormatA
GetVolumeInformationA
GetNumaNodeProcessorMask
GetWriteWatch
QueryDosDeviceW
WriteProfileSectionA
GetThreadContext
WritePrivateProfileSectionW
GetConsoleFontInfo
SetLocalPrimaryComputerNameA
GetConsoleInputExeNameW
ConsoleMenuControl
GetConsoleCP
RaiseException
WritePrivateProfileStringA
GetFileType
SetErrorMode
GetCommMask
GetConsoleAliasA
RemoveVectoredExceptionHandler
BackupRead
GetVolumeNameForVolumeMountPointA
RtlUnwind
FillConsoleOutputCharacterA
GetLogicalDriveStringsW
PrivCopyFileExW
GetFirmwareEnvironmentVariableA
SetHandleInformation
EnumUILanguagesW
GetShortPathNameW
ReadConsoleOutputW
lstrcpyA
IsBadHugeWritePtr
QueryInformationJobObject
_llseek
FileTimeToDosDateTime
FormatMessageW
SetConsoleNumberOfCommandsA
IsValidLocale
FindFirstChangeNotificationW
InvalidateConsoleDIBits
_hread
GlobalLock
GetConsoleOutputCP
CreateJobObjectA
GetCommConfig
WriteConsoleW
SetVolumeLabelA
ActivateActCtx
SetMessageWaitingIndicator
ReplaceFile
SetWaitableTimer
GetConsoleAliasExesA
SetConsoleInputExeNameA
GlobalFindAtomA
GetConsoleAliasW
GetCPInfoExW
ConvertDefaultLocale
WriteFileEx
AssignProcessToJobObject
CreateWaitableTimerA
GetVolumeNameForVolumeMountPointW
Module32First
FoldStringW
Thread32Next
SetHandleContext
ReadConsoleOutputCharacterA
SetComPlusPackageInstallStatus
VirtualQuery
GetCompressedFileSizeA
RtlCaptureStackBackTrace
HeapUnlock
GetConsoleTitleW
SetNamedPipeHandleState
BuildCommDCBA
ResumeThread
LocalReAlloc
GetLocaleInfoW
FindResourceExW
LoadLibraryExA
advapi32
RegCloseKey
RegOpenKeyA
RegQueryValueExA
user32
LoadIconA
PrivateExtractIconExA
GetKeyboardLayoutNameW
GetAltTabInfoW
DrawTextW
GetRawInputDeviceInfoA
SendMessageCallbackA
DestroyWindow
GetTabbedTextExtentW
ChildWindowFromPointEx
OemToCharW
ReasonCodeNeedsBugID
SubtractRect
EmptyClipboard
CharUpperBuffA
KillTimer
SetForegroundWindow
CallNextHookEx
DialogBoxIndirectParamW
CreateAcceleratorTableW
CreateDesktopA
UnregisterClassW
SetMenu
EnumDisplayDevicesA
EndDeferWindowPos
SetClassLongW
GetTaskmanWindow
SendNotifyMessageA
SetCursor
GetScrollRange
GetMenuItemInfoW
CascadeWindows
PostThreadMessageW
InSendMessage
LockSetForegroundWindow
SetWindowStationUser
ToAscii
SetCursorContents
DdeSetQualityOfService
RealChildWindowFromPoint
SwitchDesktop
EnumThreadWindows
DisplayExitWindowsWarnings
GetWindowModuleFileNameW
TrackMouseEvent
CharUpperBuffW
BringWindowToTop
EnumChildWindows
GetTabbedTextExtentA
MenuWindowProcW
SetClassLongA
CloseDesktop
SetLayeredWindowAttributes
SendDlgItemMessageA
OpenDesktopW
GetWindowLongW
MessageBoxExW
UnionRect
MsgWaitForMultipleObjectsEx
DispatchMessageW
DdeImpersonateClient
GetDialogBaseUnits
TrackPopupMenuEx
DrawTextA
DeviceEventWorker
ChangeDisplaySettingsW
EditWndProc
GetUserObjectInformationW
SetKeyboardState
CreateIcon
ResolveDesktopForWOW
ChildWindowFromPoint
DlgDirListA
AllowForegroundActivation
SetUserObjectInformationW
DdeCreateStringHandleW
GetReasonTitleFromReasonCode
GetUserObjectSecurity
GetLayeredWindowAttributes
ToUnicode
SetDoubleClickTime
OffsetRect
ShowStartGlass
CreateDesktopW
ToUnicodeEx
EnumDisplaySettingsExA
TranslateMessageEx
SetActiveWindow
LoadKeyboardLayoutW
OpenInputDesktop
GetKeyboardLayout
Sections
.text Size: 72KB - Virtual size: 72KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 14KB - Virtual size: 199KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DATA Size: 160KB - Virtual size: 159KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ