Static task
static1
Behavioral task
behavioral1
Sample
0f560abca51b5a21008caf997630e8ac_JaffaCakes118.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
0f560abca51b5a21008caf997630e8ac_JaffaCakes118.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
0f560abca51b5a21008caf997630e8ac_JaffaCakes118
-
Size
241KB
-
MD5
0f560abca51b5a21008caf997630e8ac
-
SHA1
2e99b7fc0fde4475989f2ef0ac98c4eb76847fe3
-
SHA256
5cccdbb17f86561bda66c5a2065a6dc9bf54703d2063786513987475f623bad8
-
SHA512
32b4365b11a1217edf350ba2d492434e4576d0ff12adde5be30fdfd1ed0844ad830be4763827cfcdea9531c2b91cc51915dc3433ff337ec6be479afeafa9f0d7
-
SSDEEP
6144:YVpTZ7jz0wDvvutBLvMv46G2yc7I0EvRX:YVpTZ7joK2Bk4B2REFB
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0f560abca51b5a21008caf997630e8ac_JaffaCakes118
Files
-
0f560abca51b5a21008caf997630e8ac_JaffaCakes118.exe windows:5 windows x86 arch:x86
25110f23cad2c52193957fb52c7fd82f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
RegCreateKeyW
ConvertStringSidToSidW
RegQueryValueW
OpenServiceA
RegQueryValueExW
RegFlushKey
RegQueryValueExA
GetSidSubAuthorityCount
IsValidSecurityDescriptor
SetSecurityDescriptorGroup
LookupAccountNameW
CryptGetHashParam
GetSidIdentifierAuthority
GetUserNameW
ConvertSidToStringSidW
CryptAcquireContextA
ImpersonateLoggedOnUser
CryptDestroyHash
ControlService
InitializeAcl
AdjustTokenPrivileges
RegDeleteValueA
CryptHashData
CopySid
GetTraceEnableFlags
LsaClose
CryptCreateHash
DeleteService
AddAccessAllowedAce
RegDeleteKeyA
GetTokenInformation
CryptAcquireContextW
RegisterEventSourceW
GetAclInformation
LsaOpenPolicy
LockServiceDatabase
GetLengthSid
RegCreateKeyA
FreeSid
DeregisterEventSource
RegQueryInfoKeyW
GetSidSubAuthority
UnlockServiceDatabase
RegEnumKeyExW
RegOpenKeyExA
QueryServiceConfigW
OpenServiceW
RegQueryValueA
GetTraceEnableLevel
RegOpenKeyExW
SetThreadToken
OpenSCManagerA
LookupAccountSidW
OpenProcessToken
QueryServiceStatus
GetSecurityDescriptorControl
RegCreateKeyExA
InitializeSecurityDescriptor
CryptDestroyKey
RegEnumValueW
LookupPrivilegeValueW
RegDeleteKeyW
UnregisterTraceGuids
ChangeServiceConfigW
RegEnumKeyA
LookupPrivilegeValueA
AllocateAndInitializeSid
CryptGenRandom
LsaQueryInformationPolicy
GetSecurityDescriptorDacl
RegSetValueA
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptReleaseContext
GetUserNameA
GetSecurityDescriptorLength
RegEnumKeyExA
RegSetValueW
OpenThreadToken
RegDeleteValueW
MakeSelfRelativeSD
GetAce
SetEntriesInAclW
StartServiceW
RegEnumValueA
RegSetValueExA
RegCreateKeyExW
RegQueryInfoKeyA
RegOpenKeyW
IsValidSid
CheckTokenMembership
GetSecurityDescriptorOwner
SetNamedSecurityInfoW
SetSecurityDescriptorOwner
ReportEventW
RegCloseKey
GetTraceLoggerHandle
SetFileSecurityW
RegisterTraceGuidsW
OpenSCManagerW
RevertToSelf
EqualSid
RegEnumKeyW
SetServiceStatus
LsaFreeMemory
AddAce
shlwapi
StrCatBuffW
StrCmpNW
PathFindFileNameA
StrChrW
PathStripToRootW
UrlUnescapeW
StrStrIW
StrRetToBufW
SHRegGetBoolUSValueW
StrChrIW
SHStrDupW
PathAddBackslashW
SHDeleteValueW
wnsprintfW
StrToIntExW
StrCatW
StrCpyNW
PathSkipRootW
PathCombineW
AssocQueryStringW
PathRemoveBackslashW
StrStrW
PathAppendA
StrTrimW
PathIsUNCW
StrCmpIW
StrRChrW
PathIsURLW
PathIsDirectoryW
PathFindExtensionA
SHDeleteKeyA
PathIsRootW
wnsprintfA
StrDupW
PathRemoveFileSpecA
PathStripToRootA
StrCmpW
SHGetValueW
StrToIntW
PathRemoveBlanksW
PathAppendW
PathFindExtensionW
SHDeleteKeyW
StrCpyW
UrlIsW
SHDeleteValueA
PathGetDriveNumberW
PathRemoveFileSpecW
PathIsRelativeW
StrStrIA
SHSetValueW
UrlCanonicalizeW
PathRemoveExtensionW
PathCreateFromUrlW
StrCmpNIW
PathFileExistsW
StrCmpNIA
PathFindFileNameW
ole32
StgOpenStorage
CoRevertToSelf
CoFreeUnusedLibraries
WriteClassStm
CoMarshalInterface
CoInitializeEx
CoTaskMemAlloc
CoDisconnectObject
PropVariantClear
CLSIDFromProgID
CoMarshalInterThreadInterfaceInStream
OleRegGetUserType
OleRegEnumVerbs
CoCreateInstanceEx
CoCreateGuid
CoUninitialize
CoGetObjectContext
CoRegisterClassObject
ReleaseStgMedium
StringFromCLSID
CreateItemMoniker
CoSetProxyBlanket
StringFromIID
CoCreateInstance
IIDFromString
CoTaskMemFree
CLSIDFromString
OleInitialize
CoGetClassObject
OleRun
CoRevokeClassObject
CoInitializeSecurity
StringFromGUID2
ProgIDFromCLSID
PropVariantCopy
CoGetMalloc
CoUnmarshalInterface
CreateOleAdviseHolder
OleUninitialize
CoInitialize
OleRegGetMiscStatus
CreateStreamOnHGlobal
CreateBindCtx
StgCreateDocfile
CoCreateFreeThreadedMarshaler
CreateDataAdviseHolder
MkParseDisplayName
StgCreateDocfileOnILockBytes
StgIsStorageFile
CoImpersonateClient
OleLoadFromStream
CoReleaseMarshalData
CoGetInterfaceAndReleaseStream
OleSaveToStream
comctl32
CreatePropertySheetPageW
ImageList_Destroy
InitCommonControls
ImageList_ReplaceIcon
ImageList_Create
PropertySheetA
ImageList_Draw
InitCommonControlsEx
PropertySheetW
msvcrt
wcsstr
??2@YAPAXI@Z
malloc
realloc
_stat
strstr
_vsnwprintf
__CxxFrameHandler
_except_handler3
strncpy
floor
calloc
_errno
printf
_cexit
??3@YAXPAX@Z
strrchr
_wtol
wcscat
fseek
isalnum
_controlfp
_vsnprintf
wcsncmp
wcstoul
_rotl
_strnicmp
_wcsicmp
isleadbyte
setlocale
memcpy
atoi
exit
memmove
_unlock
free
strlen
fopen
wcsspn
swscanf
_wcsdup
_onexit
_exit
mbstowcs
_wsplitpath
iswalpha
strchr
_adjust_fdiv
_itoa
_initterm
rand
iswctype
_CIacos
_iob
??1type_info@@UAE@XZ
ceil
_commit
__set_app_type
wcspbrk
time
ctime
fprintf
wcsrchr
_CIpow
memset
wcstok
_wfopen
atol
_acmdln
__initenv
bsearch
_wtoi
_ultoa
_chsize
qsort
wcschr
__p__osver
_strlwr
__p__fmode
__wgetmainargs
__p__iob
wcscmp
srand
_lseeki64
_rotr
isalpha
towlower
strncmp
_isatty
_tell
_access
__getmainargs
_lock
_ltoa
wcstombs
__dllonexit
_CxxThrowException
iswdigit
_local_unwind2
wcscpy
fread
_wcslwr
fflush
fclose
_ultow
isspace
_write
wcsncpy
sscanf
??0exception@@QAE@ABV0@@Z
_strdup
_ftol
__badioinfo
wcstol
_amsg_exit
_wcsnicmp
_beginthreadex
wcscspn
_snwprintf
tolower
strtoul
__pioinfo
sprintf
_purecall
isdigit
__p__commode
user32
PostQuitMessage
GetCapture
GetDesktopWindow
LoadCursorA
GetMessageA
CreatePopupMenu
PostMessageA
GetParent
SetDlgItemTextW
SetDlgItemTextA
LoadStringW
MessageBoxA
GetCursorPos
SetWindowTextA
TrackPopupMenu
InvalidateRect
CallWindowProcA
GetDlgItem
LoadStringA
CharNextW
CharPrevA
UpdateWindow
SetMenu
DrawTextW
DestroyIcon
GetWindowTextLengthW
GetWindowTextA
GetClientRect
IsWindowEnabled
CharLowerW
CheckMenuItem
DestroyWindow
SendMessageW
GetSysColorBrush
IsIconic
CopyRect
GetDC
IsWindowVisible
GetMessageW
RegisterWindowMessageA
CreateWindowExW
GetFocus
BeginPaint
CharPrevW
IsRectEmpty
ClientToScreen
EndDialog
CreateDialogParamW
GetDlgItemTextW
DrawFocusRect
ReleaseCapture
LoadBitmapA
GetMenu
MoveWindow
EnumChildWindows
GetSysColor
LoadCursorW
GetWindowLongW
GetSystemMenu
SetWindowLongW
CallWindowProcW
CallNextHookEx
RegisterClassExA
GetForegroundWindow
LoadIconA
SystemParametersInfoA
EnableMenuItem
ShowWindow
SetForegroundWindow
DispatchMessageW
DrawTextA
SetCapture
GetMenuItemCount
SetTimer
GetDlgCtrlID
KillTimer
DestroyMenu
IsWindow
GetWindowDC
FindWindowW
PeekMessageW
GetWindowRect
DrawIcon
UnregisterClassW
LoadIconW
UnregisterClassA
GetWindow
GetKeyState
MapWindowPoints
UnhookWindowsHookEx
DispatchMessageA
CharUpperA
GetWindowTextW
SetWindowTextW
ntdll
wcsncpy
RtlUnicodeToMultiByteN
wcscmp
RtlMultiByteToUnicodeN
RtlInitUnicodeString
RtlIntegerToUnicodeString
wcscpy
RtlDeleteSecurityObject
VerSetConditionMask
NtCreateEvent
NtMapViewOfSection
RtlFreeHeap
memmove
RtlOemToUnicodeN
RtlAddAce
RtlRegisterWait
RtlExpandEnvironmentStrings_U
RtlDeleteElementGenericTable
NtAllocateVirtualMemory
NtSetSecurityObject
RtlNtStatusToDosError
RtlInitializeResource
RtlValidSecurityDescriptor
RtlGUIDFromString
RtlRaiseStatus
wcscat
RtlCreateAcl
wcsncat
NtAllocateLocallyUniqueId
RtlxOemStringToUnicodeSize
RtlGetDaclSecurityDescriptor
RtlSubAuthoritySid
NtOpenDirectoryObject
NtOpenSymbolicLinkObject
RtlDestroyEnvironment
NtReadFile
RtlConvertSidToUnicodeString
RtlFreeUnicodeString
NtOpenProcess
NtSetValueKey
NtDuplicateObject
NtEnumerateKey
NtEnumerateValueKey
RtlAcquireResourceShared
NtUnmapViewOfSection
RtlUpcaseUnicodeStringToOemString
NtOpenThreadToken
RtlCreateTimerQueue
wcsncmp
wcstol
strncpy
NtSetInformationThread
RtlCreateUserThread
NtQueryVirtualMemory
NtClose
NtWaitForSingleObject
RtlUnwind
atoi
RtlInitializeCriticalSection
NtDeleteKey
wcstoul
NtAdjustPrivilegesToken
RtlValidSid
RtlAppendUnicodeToString
NtQuerySystemInformation
RtlOpenCurrentUser
RtlxUnicodeStringToOemSize
RtlMakeSelfRelativeSD
RtlReAllocateHeap
NtQueryDirectoryObject
RtlDetermineDosPathNameType_U
RtlOemStringToUnicodeString
strchr
RtlEqualUnicodeString
NtWaitForMultipleObjects
RtlxUnicodeStringToAnsiSize
RtlGetFullPathName_U
_allmul
NtCreateKey
NtDuplicateToken
RtlStringFromGUID
RtlCreateSecurityDescriptor
RtlCreateEnvironment
NtOpenThread
RtlInitAnsiString
RtlQueryEnvironmentVariable_U
NtWriteFile
NtImpersonateAnonymousToken
DbgPrint
RtlCompareMemory
NtQueryPerformanceCounter
NtDeleteValueKey
_wcslwr
NtTerminateProcess
qsort
RtlValidRelativeSecurityDescriptor
RtlSystemTimeToLocalTime
RtlAddAccessAllowedAce
RtlInitializeCriticalSectionAndSpinCount
wcschr
RtlTimeToTimeFields
RtlDeleteCriticalSection
RtlInitString
_snwprintf
RtlAdjustPrivilege
NtQueryDirectoryFile
RtlTimeToSecondsSince1970
RtlLookupElementGenericTable
_stricmp
NtOpenFile
RtlGetNtProductType
RtlWriteRegistryValue
swprintf
NtQueryKey
RtlSetGroupSecurityDescriptor
RtlLengthSecurityDescriptor
NtQuerySecurityObject
RtlUnicodeStringToInteger
RtlDestroyHeap
NtQueryInformationFile
sprintf
RtlUpcaseUnicodeChar
RtlDeleteResource
_wcsupr
NlsMbCodePageTag
RtlCreateUnicodeString
NtCancelIoFile
RtlNewSecurityObject
RtlDosPathNameToNtPathName_U
NtSetEvent
RtlSubAuthorityCountSid
strrchr
RtlExtendedLargeIntegerDivide
RtlImageNtHeader
NtQueryInformationToken
RtlEnterCriticalSection
NtQueryInformationProcess
NtCreateFile
NtSetVolumeInformationFile
NtCreateSection
RtlCreateTimer
RtlInitializeSid
NtQueryVolumeInformationFile
RtlQueryInformationAcl
RtlQueueWorkItem
RtlAppendUnicodeStringToString
RtlClearBits
_wcsnicmp
RtlQueryRegistryValues
RtlLengthRequiredSid
version
GetFileVersionInfoW
VerQueryValueA
VerLanguageNameA
comdlg32
ChooseFontW
FindTextW
PageSetupDlgA
GetSaveFileNameW
PrintDlgA
CommDlgExtendedError
ChooseFontA
GetFileTitleA
GetOpenFileNameA
FindTextA
ChooseColorA
PrintDlgW
GetFileTitleW
ChooseColorW
PageSetupDlgW
PrintDlgExW
GetOpenFileNameW
GetSaveFileNameA
shell32
SHGetMalloc
ShellExecuteA
ShellExecuteExW
SHGetSpecialFolderPathW
SHChangeNotify
SHBrowseForFolderW
SHGetPathFromIDListA
SHBindToParent
DragQueryFileW
SHGetSpecialFolderLocation
DragQueryFileA
SHGetPathFromIDListW
SHGetFileInfoW
SHGetFolderPathW
SHFileOperationW
ShellExecuteW
SHGetDesktopFolder
CommandLineToArgvW
gdi32
ExcludeClipRect
CreateBitmap
DeleteObject
CreateHalftonePalette
SaveDC
MoveToEx
GetObjectW
PtVisible
SetViewportExtEx
EndPage
ScaleWindowExtEx
EndDoc
GetBkMode
SetTextColor
RestoreDC
LPtoDP
SetStretchBltMode
DeleteMetaFile
Ellipse
RealizePalette
CreateRectRgnIndirect
SelectPalette
GetWindowExtEx
CreateFontIndirectA
TranslateCharsetInfo
SetWindowOrgEx
GetClipRgn
SetBkMode
CreateCompatibleDC
CreateFontA
CreateMetaFileA
PatBlt
CreateFontIndirectW
DPtoLP
GetMapMode
EnumFontFamiliesExW
CombineRgn
CloseMetaFile
CreateBrushIndirect
GetTextAlign
Escape
GetTextMetricsA
SetViewportOrgEx
TextOutW
GetNearestColor
CreateSolidBrush
CreateRectRgn
GetGlyphOutlineA
GetRgnBox
CreateMetaFileW
SetROP2
SetBrushOrgEx
GetBitmapBits
GetStockObject
SetWindowExtEx
DeleteDC
StretchDIBits
GetPixel
GetTextExtentPoint32A
StartPage
GetObjectType
CreateDIBitmap
GetPaletteEntries
BitBlt
SetTextAlign
Rectangle
OffsetViewportOrgEx
GetClipBox
ExtTextOutW
SelectClipRgn
GetTextExtentPointW
FillRgn
GetDIBits
LineTo
GetViewportExtEx
CreateDCW
Polyline
UnrealizeObject
ExtSelectClipRgn
SetPixel
CreatePen
GetDeviceCaps
GetCurrentObject
GetObjectA
StretchBlt
SelectObject
CreateCompatibleBitmap
IntersectClipRect
CreateDCA
SetMapMode
GetTextMetricsW
TextOutA
RectVisible
CreatePatternBrush
GetTextColor
SetBkColor
GetTextExtentPointA
PlayMetaFile
rpcrt4
IUnknown_AddRef_Proxy
UuidToStringA
NdrServerCall2
CStdStubBuffer_DebugServerRelease
RpcBindingToStringBindingW
CStdStubBuffer_CountRefs
UuidToStringW
NdrClientCall2
CStdStubBuffer_DebugServerQueryInterface
RpcServerRegisterIfEx
RpcStringBindingParseW
CStdStubBuffer_IsIIDSupported
RpcBindingVectorFree
RpcServerInqBindings
NdrCStdStubBuffer_Release
UuidFromStringW
NdrDllUnregisterProxy
RpcEpResolveBinding
CStdStubBuffer_Connect
RpcImpersonateClient
RpcBindingFree
CStdStubBuffer_Disconnect
RpcServerUseProtseqEpW
RpcStringFreeA
NdrOleFree
NdrStubCall2
RpcServerRegisterAuthInfoW
UuidCreate
RpcServerUnregisterIf
RpcBindingSetAuthInfoExW
CStdStubBuffer_AddRef
RpcStringFreeW
CStdStubBuffer_QueryInterface
NdrDllGetClassObject
RpcBindingFromStringBindingW
RpcRaiseException
NdrDllRegisterProxy
RpcRevertToSelf
NdrOleAllocate
NdrCStdStubBuffer2_Release
CStdStubBuffer_Invoke
NdrStubForwardingFunction
IUnknown_Release_Proxy
RpcStringBindingComposeW
IUnknown_QueryInterface_Proxy
RpcBindingSetAuthInfoW
NdrDllCanUnloadNow
kernel32
CreateThread
HeapCreate
DeleteFileA
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
FindNextFileW
TlsSetValue
DeleteCriticalSection
LocalFree
FindClose
GetComputerNameW
VirtualProtect
InitializeCriticalSection
IsDBCSLeadByte
GetVersionExW
GlobalFree
ResetEvent
MulDiv
LoadLibraryExW
lstrcpyA
LocalAlloc
WideCharToMultiByte
OpenEventA
GetFileAttributesW
GetLocaleInfoW
FreeLibrary
CompareStringA
lstrcmpiW
HeapDestroy
TerminateProcess
WaitForSingleObject
CreateFileMappingW
GetDriveTypeA
MultiByteToWideChar
lstrcpyW
CompareStringW
InterlockedIncrement
OpenMutexA
GetWindowsDirectoryA
GetFileSize
GlobalLock
GetCurrentProcess
SetErrorMode
SetLastError
GetExitCodeProcess
CreateProcessA
InterlockedExchange
GetSystemDirectoryW
lstrcpynW
CreateEventW
ResumeThread
OutputDebugStringA
GetVersion
LoadResource
lstrcatA
FindFirstFileW
FlushFileBuffers
LeaveCriticalSection
LoadLibraryExA
lstrcmpiA
FileTimeToSystemTime
CreateEventA
GetModuleFileNameW
FormatMessageW
SetEvent
GetConsoleMode
VirtualFree
GetFileAttributesA
FindResourceA
QueryPerformanceCounter
GetModuleHandleA
lstrlenA
VirtualAlloc
lstrcmpA
CloseHandle
TlsGetValue
MapViewOfFile
GetExitCodeThread
TlsAlloc
VirtualQuery
SetHandleCount
HeapReAlloc
GlobalUnlock
GetDriveTypeW
GetLocalTime
ReadFile
FindFirstFileA
GetCurrentDirectoryW
GetTempPathA
IsBadReadPtr
InitializeCriticalSectionAndSpinCount
GetStdHandle
Sleep
CreateProcessW
SystemTimeToFileTime
GetCPInfo
FindResourceW
OutputDebugStringW
DisableThreadLibraryCalls
InterlockedCompareExchange
GetStringTypeA
GetCommandLineA
FileTimeToLocalFileTime
GetModuleHandleW
ExpandEnvironmentStringsW
HeapAlloc
RaiseException
FreeEnvironmentStringsA
GetCurrentProcessId
IsBadWritePtr
InterlockedDecrement
SizeofResource
UnmapViewOfFile
CreateDirectoryA
GetEnvironmentStringsW
CreateMutexA
EnterCriticalSection
LCMapStringW
ReleaseMutex
GetCommandLineW
WaitForMultipleObjects
GetProcessHeap
WriteFile
GetFullPathNameW
GetThreadLocale
CreateDirectoryW
oleaut32
CreateErrorInfo
VariantCopy
VariantCopyInd
OleLoadPicture
SafeArrayUnaccessData
SysAllocStringLen
GetActiveObject
SafeArrayGetUBound
VariantChangeType
SetErrorInfo
SysAllocStringByteLen
SysReAllocStringLen
LoadTypeLib
SysStringByteLen
SafeArrayPtrOfIndex
VariantClear
GetErrorInfo
SafeArrayGetLBound
SafeArrayCreate
SafeArrayAccessData
VariantInit
VariantChangeTypeEx
RegisterTypeLib
SysFreeString
SafeArrayPutElement
SafeArrayGetElement
Sections
.textbss Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.text Size: 217KB - Virtual size: 217KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.tls Size: 1024B - Virtual size: 996B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DATA Size: 1024B - Virtual size: 1003B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 483B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ