Static task
static1
Behavioral task
behavioral1
Sample
efb7eb7c29f62049702d243f2835a51e_JaffaCakes118.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
efb7eb7c29f62049702d243f2835a51e_JaffaCakes118.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
efb7eb7c29f62049702d243f2835a51e_JaffaCakes118
-
Size
329KB
-
MD5
efb7eb7c29f62049702d243f2835a51e
-
SHA1
f8bc190abf8c7325a5befa538807094a530d1016
-
SHA256
76eb521491f4cb84e97561067197447df76ed595883c0fcd8fb0e634c803a083
-
SHA512
d187c37cdaed3a62f2fa2fc323e8050d716ca52094a7b62002ecff13d0e4788f7355ff8587549d4ede6603781cdd1872dba560abdf6a69c35ad8986539cf7fa2
-
SSDEEP
3072:0jxrII0oDDFIRvnwAx9lkVBwo3QFQSZcmHebBJJaNyJ1Joe/7S+F///2dy5:0liFbogFQSl+VJJaNyJ1Joe/e6
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource efb7eb7c29f62049702d243f2835a51e_JaffaCakes118
Files
-
efb7eb7c29f62049702d243f2835a51e_JaffaCakes118.exe windows:5 windows x86 arch:x86
76c4fcb54b97947cd7b4c73df967ba26
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Imports
rtl120.bpl
@System@initialization$qqrv
@System@Finalization$qqrv
@System@FreeMemory$qpv
@System@RegisterModule$qqrp17System@TLibModule
@System@@FinalizeArray$qqrpvt1ui
@System@Pos$qqrx20System@UnicodeStringt1
@System@@UStrDelete$qqrr20System@UnicodeStringii
@System@@UStrCopy$qqrx20System@UnicodeStringii
@System@@UStrEqual$qqrv
@System@@UStrCatN$qqrv
@System@@UStrCat3$qqrr20System@UnicodeStringx20System@UnicodeStringt2
@System@@UStrCat$qqrr20System@UnicodeStringx20System@UnicodeString
@System@@UStrLen$qqrx20System@UnicodeString
@System@@UStrFromString$qqrr20System@UnicodeStringrx28System@%SmallString$iuc$255%
@System@@UStrToString$qqrp28System@%SmallString$iuc$255%x20System@UnicodeStringi
@System@@WStrFromUStr$qqrr17System@WideStringx20System@UnicodeString
@System@@UStrFromWStr$qqrr20System@UnicodeStringx17System@WideString
@System@@LStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus
@System@@UStrFromWArray$qqrr20System@UnicodeStringpbi
@System@@UStrFromPWChar$qqrr20System@UnicodeStringpb
@System@@UStrFromWChar$qqrr20System@UnicodeStringb
@System@@UStrToPWChar$qqrx20System@UnicodeString
@System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString
@System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString
@System@@UStrArrayClr$qqrpvi
@System@@UStrClr$qqrpv
@System@@UStrAddRef$qqrpv
@System@@WStrArrayClr$qqrpvi
@System@@UniqueStringA$qqrr27System@%AnsiStringT$us$i0$%
@System@@LStrToPChar$qqrx27System@%AnsiStringT$us$i0$%
@System@@LStrFromPWChar$qqrr27System@%AnsiStringT$us$i0$%pbus
@System@@EnsureUnicodeString$qqrr20System@UnicodeString
@System@@LStrClr$qqrpv
@System@@Halt0$qqrv
@System@@StartExe$qqrp23System@PackageInfoTablep17System@TLibModule
@System@@DoneExcept$qqrv
@System@@HandleFinally$qqrv
@System@@HandleAnyException$qqrv
@System@@AfterConstruction$qqrp14System@TObject
@System@@ClassCreate$qqrp17System@TMetaClasso
@System@TObject@Dispatch$qqrpv
@System@TObject@BeforeDestruction$qqrv
@System@TObject@AfterConstruction$qqrv
@System@TObject@DefaultHandler$qqrpv
@System@TObject@ToString$qqrv
@System@TObject@SafeCallException$qqrp14System@TObjectpv
@System@TObject@GetHashCode$qqrv
@System@TObject@Equals$qqrp14System@TObject
@System@TObject@Free$qqrv
@System@TObject@$bctr$qqrv
@System@TObject@FreeInstance$qqrv
@System@TObject@NewInstance$qqrv
@System@TObject@ClassName$qqrv
@System@@FillChar$qqrpvib
@System@@PStrNCpy$qqrp28System@%SmallString$iuc$255%t1uc
@System@ParamStr$qqri
@System@ParamCount$qqrv
@System@@FreeMem$qqrpv
@System@@GetMem$qqri
@System@AllocMem$qqrui
@$xp$13System@string
@Helpintfs@initialization$qqrv
@Helpintfs@Finalization$qqrv
@Classes@initialization$qqrv
@Classes@Finalization$qqrv
@Classes@TComponent@UpdateRegistry$qqrox20System@UnicodeStringt2
@Classes@TComponent@SafeCallException$qqrp14System@TObjectpv
@Classes@TComponent@WriteState$qqrp15Classes@TWriter
@Classes@TThread@DoTerminate$qqrv
@Classes@TThread@AfterConstruction$qqrv
@Classes@TThread@$bdtr$qqrv
@Classes@TThread@$bctr$qqro
@Classes@TStringList@$bctr$qqrv
@Classes@TPersistent@Assign$qqrp19Classes@TPersistent
@Classes@TList@Get$qqri
@Classes@TList@Add$qqrpv
@Classes@TThread@
@Classes@TStringList@
@Classes@TList@
@Typinfo@initialization$qqrv
@Typinfo@Finalization$qqrv
@Sysutils@initialization$qqrv
@Sysutils@Finalization$qqrv
@Sysutils@FreeAndNil$qqrpv
@Sysutils@StringReplace$qqrx20System@UnicodeStringt1t149System@%Set$t21Sysutils@Sysutils__15$iuc$0$iuc$1%
@Sysutils@DateTimeToStr$qqrx16System@TDateTime
@Sysutils@Now$qqrv
@Sysutils@EncodeDate$qqrususus
@Sysutils@EncodeTime$qqrusususus
@Sysutils@Format$qqrx20System@UnicodeStringpx14System@TVarRecxi
@Sysutils@ExtractFileName$qqrx20System@UnicodeString
@Sysutils@ExtractFileDir$qqrx20System@UnicodeString
@Sysutils@ExtractFilePath$qqrx20System@UnicodeString
@Sysutils@FileIsReadOnly$qqrx20System@UnicodeString
@Sysutils@FileSetAttr$qqrx20System@UnicodeStringi
@Sysutils@ForceDirectories$qqr20System@UnicodeString
@Sysutils@DirectoryExists$qqrx20System@UnicodeString
@Sysutils@FileExists$qqrx20System@UnicodeString
@Sysutils@StrToInt$qqrx20System@UnicodeString
@Sysutils@IntToHex$qqrii
@Sysutils@IntToStr$qqri
@Sysutils@Trim$qqrx20System@UnicodeString
@Sysutils@WideUpperCase$qqrx17System@WideString
@Sysutils@SameText$qqrx20System@UnicodeStringt1
@Sysutils@UpperCase$qqrx20System@UnicodeString
@Sysutils@Win32MajorVersion
@Variants@initialization$qqrv
@Variants@Finalization$qqrv
@Varutils@initialization$qqrv
@Varutils@Finalization$qqrv
@Multimon@initialization$qqrv
@Multimon@Finalization$qqrv
@Registry@initialization$qqrv
@Registry@Finalization$qqrv
@Registry@TRegistry@KeyExists$qqrx20System@UnicodeString
@Registry@TRegistry@ReadString$qqrx20System@UnicodeString
@Registry@TRegistry@OpenKey$qqrx20System@UnicodeStringo
@Registry@TRegistry@SetRootKey$qqrp6HKEY__
@Registry@TRegistry@CloseKey$qqrv
@Registry@TRegistry@$bctr$qqrv
@Registry@TRegistry@
@Inifiles@initialization$qqrv
@Inifiles@Finalization$qqrv
@Inifiles@TIniFile@UpdateFile$qqrv
@Inifiles@TIniFile@DeleteKey$qqrx20System@UnicodeStringt1
@Inifiles@TIniFile@EraseSection$qqrx20System@UnicodeString
@Inifiles@TIniFile@ReadSectionValues$qqrx20System@UnicodeStringp16Classes@TStrings
@Inifiles@TIniFile@ReadSection$qqrx20System@UnicodeStringp16Classes@TStrings
@Inifiles@TIniFile@ReadSections$qqrp16Classes@TStrings
@Inifiles@TIniFile@ReadString$qqrx20System@UnicodeStringt1t1
@Inifiles@TIniFile@$bdtr$qqrv
@Inifiles@TCustomIniFile@ReadSections$qqrx20System@UnicodeStringp16Classes@TStrings
@Inifiles@TCustomIniFile@WriteBinaryStream$qqrx20System@UnicodeStringt1p15Classes@TStream
@Inifiles@TCustomIniFile@ReadBinaryStream$qqrx20System@UnicodeStringt1p15Classes@TStream
@Inifiles@TCustomIniFile@ValueExists$qqrx20System@UnicodeStringt1
@Inifiles@TCustomIniFile@WriteBool$qqrx20System@UnicodeStringt1o
@Inifiles@TCustomIniFile@WriteTime$qqrx20System@UnicodeStringt116System@TDateTime
@Inifiles@TCustomIniFile@WriteFloat$qqrx20System@UnicodeStringt1d
@Inifiles@TCustomIniFile@WriteDateTime$qqrx20System@UnicodeStringt116System@TDateTime
@Inifiles@TCustomIniFile@WriteDate$qqrx20System@UnicodeStringt116System@TDateTime
@Inifiles@TCustomIniFile@ReadTime$qqrx20System@UnicodeStringt116System@TDateTime
@Inifiles@TCustomIniFile@ReadFloat$qqrx20System@UnicodeStringt1d
@Inifiles@TCustomIniFile@ReadDateTime$qqrx20System@UnicodeStringt116System@TDateTime
@Inifiles@TCustomIniFile@ReadDate$qqrx20System@UnicodeStringt116System@TDateTime
@Inifiles@TCustomIniFile@ReadBool$qqrx20System@UnicodeStringt1o
@Inifiles@TCustomIniFile@WriteInteger$qqrx20System@UnicodeStringt1i
@Inifiles@TCustomIniFile@ReadInteger$qqrx20System@UnicodeStringt1i
@Inifiles@TCustomIniFile@$bctr$qqrx20System@UnicodeString
@Inifiles@TIniFile@
@Syncobjs@initialization$qqrv
@Syncobjs@Finalization$qqrv
@Uxtheme@initialization$qqrv
@Uxtheme@Finalization$qqrv
@Dwmapi@initialization$qqrv
@Dwmapi@Finalization$qqrv
@Mapi@initialization$qqrv
@Mapi@Finalization$qqrv
@Flatsb@initialization$qqrv
@Flatsb@Finalization$qqrv
@Dateutils@SecondsBetween$qqrx16System@TDateTimet1
@Dateutils@MinutesBetween$qqrx16System@TDateTimet1
kernel32
GetModuleHandleW
WritePrivateProfileStringW
WinExec
WaitForSingleObject
TerminateProcess
OutputDebugStringW
LoadLibraryW
GetWindowsDirectoryW
GetVersionExW
GetProcAddress
GetModuleHandleW
GetCurrentProcess
FreeLibrary
CloseHandle
Sleep
vcl120.bpl
@Forms@initialization$qqrv
@Forms@Finalization$qqrv
@Forms@TApplication@SetMainFormOnTaskBar$qqrxo
@Forms@TApplication@GetExeName$qqrv
@Forms@TApplication@Run$qqrv
@Forms@TApplication@CreateForm$qqrp17System@TMetaClasspv
@Forms@TApplication@Initialize$qqrv
@Forms@TCustomForm@QueryInterface$qqsrx5_GUIDpv
@Forms@TCustomForm@RequestAlign$qqrv
@Forms@TCustomForm@UpdateActions$qqrv
@Forms@TCustomForm@ShowModal$qqrv
@Forms@TCustomForm@SetFocus$qqrv
@Forms@TCustomForm@CloseQuery$qqrv
@Forms@TCustomForm@Resizing$qqr18Forms@TWindowState
@Forms@TCustomForm@PaintWindow$qqrp5HDC__
@Forms@TCustomForm@SetFocusedControl$qqrp20Controls@TWinControl
@Forms@TCustomForm@DefaultHandler$qqrpv
@Forms@TCustomForm@DestroyWindowHandle$qqrv
@Forms@TCustomForm@DestroyHandle$qqrv
@Forms@TCustomForm@CreateWindowHandle$qqrrx22Controls@TCreateParams
@Forms@TCustomForm@CreateWnd$qqrv
@Forms@TCustomForm@CreateParams$qqrr22Controls@TCreateParams
@Forms@TCustomForm@AlignControls$qqrp17Controls@TControlr11Types@TRect
@Forms@TCustomForm@WndProc$qqrr17Messages@TMessage
@Forms@TCustomForm@ValidateRename$qqrp18Classes@TComponentx20System@UnicodeStringt2
@Forms@TCustomForm@SetParent$qqrp20Controls@TWinControl
@Forms@TCustomForm@WantChildKey$qqrp17Controls@TControlr17Messages@TMessage
@Forms@TCustomForm@SetParentBiDiMode$qqro
@Forms@TCustomForm@GetFloating$qqrv
@Forms@TCustomForm@GetClientRect$qqrv
@Forms@TCustomForm@DefineProperties$qqrp14Classes@TFiler
@Forms@TCustomForm@ReadState$qqrp15Classes@TReader
@Forms@TCustomForm@Notification$qqrp18Classes@TComponent18Classes@TOperation
@Forms@TCustomForm@Loaded$qqrv
@Forms@TCustomForm@DoDestroy$qqrv
@Forms@TCustomForm@DoCreate$qqrv
@Forms@TCustomForm@$bdtr$qqrv
@Forms@TCustomForm@BeforeDestruction$qqrv
@Forms@TCustomForm@$bctr$qqrp18Classes@TComponenti
@Forms@TCustomForm@AfterConstruction$qqrv
@Forms@TCustomForm@$bctr$qqrp18Classes@TComponent
@Forms@TScrollingWinControl@AdjustClientRect$qqrr11Types@TRect
@Forms@TScrollingWinControl@AutoScrollInView$qqrp17Controls@TControl
@Forms@TScrollingWinControl@AutoScrollEnabled$qqrv
@Forms@Application
@$xp$11Forms@TForm
@Forms@TForm@
@Actnlist@initialization$qqrv
@Actnlist@Finalization$qqrv
@Graphics@initialization$qqrv
@Graphics@Finalization$qqrv
@Themes@initialization$qqrv
@Themes@Finalization$qqrv
@Controls@initialization$qqrv
@Controls@Finalization$qqrv
@Controls@TWinControl@UpdateControlOriginalParentSize$qqrp17Controls@TControlr12Types@TPoint
@Controls@TWinControl@DockReplaceDockClient$qqrp17Controls@TControlp20Controls@TWinControlt115Controls@TAlignt1
@Controls@TWinControl@SetParentBackground$qqro
@Controls@TWinControl@CanAutoSize$qqrrit1
@Controls@TWinControl@AssignTo$qqrp19Classes@TPersistent
@Controls@TWinControl@ConstrainedResize$qqrrit1t1t1
@Controls@TWinControl@CanResize$qqrrit1
@Controls@TWinControl@GetClientOrigin$qqrv
@Controls@TWinControl@GetControlExtents$qqrv
@Controls@TWinControl@Repaint$qqrv
@Controls@TWinControl@Update$qqrv
@Controls@TWinControl@Invalidate$qqrv
@Controls@TWinControl@GetDeviceContext$qqrrp6HWND__
@Controls@TWinControl@ShowControl$qqrp17Controls@TControl
@Controls@TWinControl@SetBounds$qqriiii
@Controls@TWinControl@SetParentDoubleBuffered$qqro
@Controls@TWinControl@CustomAlignPosition$qqrp17Controls@TControlrit2t2t2r11Types@TRectrx19Controls@TAlignInfo
@Controls@TWinControl@CustomAlignInsertBefore$qqrp17Controls@TControlt1
@Controls@TWinControl@CreateHandle$qqrv
@Controls@TWinControl@DestroyWnd$qqrv
@Controls@TControl@InitiateAction$qqrv
@Controls@TControl@GetFloatingDockSiteClass$qqrv
@Controls@TControl@SetBiDiMode$qqr17Classes@TBiDiMode
@Controls@TControl@SetEnabled$qqro
@Controls@TControl@SetName$qqrx20System@UnicodeString
@Controls@TControl@SetAutoSize$qqro
@Controls@TControl@SetHeight$qqri
@Controls@TControl@SetWidth$qqri
@Controls@TControl@SetDragMode$qqr18Controls@TDragMode
@Controls@TControl@GetAction$qqrv
@Controls@TControl@GetEnabled$qqrv
@Controls@TControl@GetDragImages$qqrv
@Menus@initialization$qqrv
@Menus@Finalization$qqrv
@Dialogs@initialization$qqrv
@Dialogs@Finalization$qqrv
@Comctrls@initialization$qqrv
@Comctrls@Finalization$qqrv
@Graphutil@initialization$qqrv
@Graphutil@Finalization$qqrv
@Extctrls@initialization$qqrv
@Extctrls@Finalization$qqrv
@Extctrls@TTimer@SetEnabled$qqro
@Extctrls@TTimer@
@Printers@initialization$qqrv
@Printers@Finalization$qqrv
@Clipbrd@initialization$qqrv
@Clipbrd@Finalization$qqrv
@Extactns@initialization$qqrv
@Extactns@Finalization$qqrv
@Extdlgs@initialization$qqrv
@Extdlgs@Finalization$qqrv
@Buttons@initialization$qqrv
@Buttons@Finalization$qqrv
@Appevnts@initialization$qqrv
@Appevnts@Finalization$qqrv
@Appevnts@TApplicationEvents@
ole32
CoUninitialize
CoInitialize
version
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
advapi32
GetUserNameW
shell32
SHGetSpecialFolderPathW
ShellExecuteW
Sections
.text Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.itext Size: 512B - Virtual size: 380B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 64B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 160B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 283KB - Virtual size: 283KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ