Static task
static1
Behavioral task
behavioral1
Sample
56337cbda8cfeb29286295c483554117_JaffaCakes118.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral2
Sample
56337cbda8cfeb29286295c483554117_JaffaCakes118.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
General
-
Target
56337cbda8cfeb29286295c483554117_JaffaCakes118
-
Size
374KB
-
MD5
56337cbda8cfeb29286295c483554117
-
SHA1
8dad3a2392b46cdff5ea08225d2edc3bd60c6aac
-
SHA256
71a7be121a3c84e97dbf1de8a57ae2b2516ab9e234d63af95e58d726afaf5cf3
-
SHA512
d6fd986d17627152054aae28d93dcaa10122e8efd60b58a92ab88b4294f0813351888ef9aa9c74b9636a02af38923fc1fb5d212cc56ad989d8a84397e4dd3e62
-
SSDEEP
3072:NbsBqmbtAqFo2vOP29ot+82p8i3vobAfGU2DiQ1RQVPiZqjgKrORd9mjrkgqHnep:NwBqMDw+JpQ1TqjgK4d9m6eOrm
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 56337cbda8cfeb29286295c483554117_JaffaCakes118
Files
-
56337cbda8cfeb29286295c483554117_JaffaCakes118.exe windows:5 windows x86 arch:x86
698a811a73f193f61337f01675a0a168
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Imports
altiumcore.bpl
@System@initialization$qqrv
@System@Finalization$qqrv
@System@@CheckAutoResult$qqrl
@System@TInterfacedObject@_Release$qqsv
@System@TInterfacedObject@_AddRef$qqsv
@System@TInterfacedObject@QueryInterface$qqsrx5_GUIDpv
@System@TInterfacedObject@NewInstance$qqrv
@System@TInterfacedObject@BeforeDestruction$qqrv
@System@TInterfacedObject@AfterConstruction$qqrv
@System@@IntfAddRef$qqrx45System@%DelphiInterface$t17System@IInterface%
@System@@IntfCast$qqrr45System@%DelphiInterface$t17System@IInterface%x45System@%DelphiInterface$t17System@IInterface%rx5_GUID
@System@@IntfCopy$qqrr45System@%DelphiInterface$t17System@IInterface%x45System@%DelphiInterface$t17System@IInterface%
@System@@IntfClear$qqrr45System@%DelphiInterface$t17System@IInterface%
@System@RegisterModule$qqrp17System@TLibModule
@System@@DynArrayClear$qqrrpvpv
@System@@DynArraySetLength$qqrv
@System@@DynArrayHigh$qqrv
@System@@DynArrayLength$qqrv
@System@@ValInt64$qqrx20System@UnicodeStringri
@System@@Finalize$qqrpvt1
@System@@FinalizeArray$qqrpvt1ui
@System@@UStrCatN$qqrv
@System@@UStrCat3$qqrr20System@UnicodeStringx20System@UnicodeStringt2
@System@@UStrCat$qqrr20System@UnicodeStringx20System@UnicodeString
@System@@UStrLen$qqrx20System@UnicodeString
@System@@WStrFromUStr$qqrr17System@WideStringx20System@UnicodeString
@System@@UStrFromWStr$qqrr20System@UnicodeStringx17System@WideString
@System@@LStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus
@System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%
@System@@UStrFromWArray$qqrr20System@UnicodeStringpbi
@System@@UStrFromPWChar$qqrr20System@UnicodeStringpb
@System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi
@System@@UStrToPWChar$qqrx20System@UnicodeString
@System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString
@System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString
@System@@UStrArrayClr$qqrpvi
@System@@UStrClr$qqrpv
@System@@UStrAddRef$qqrpv
@System@@WStrClr$qqrpv
@System@@LStrSetLength$qqrv
@System@@UniqueStringA$qqrr27System@%AnsiStringT$us$i0$%
@System@@LStrToPChar$qqrx27System@%AnsiStringT$us$i0$%
@System@@LStrCat3$qqrv
@System@@LStrCat$qqrv
@System@@LStrLen$qqrx27System@%AnsiStringT$us$i0$%
@System@@LStrFromPWChar$qqrr27System@%AnsiStringT$us$i0$%pbus
@System@@LStrFromChar$qqrr27System@%AnsiStringT$us$i0$%cus
@System@@EnsureAnsiString$qqrr27System@%AnsiStringT$us$i0$%us
@System@@EnsureUnicodeString$qqrr20System@UnicodeString
@System@@LStrClr$qqrpv
@System@@Assert$qqrx20System@UnicodeStringt1i
@System@@Halt0$qqrv
@System@@StartExe$qqrp23System@PackageInfoTablep17System@TLibModule
@System@@DoneExcept$qqrv
@System@@RaiseExcept$qqrv
@System@@HandleFinally$qqrv
@System@@HandleOnException$qqrv
@System@@HandleAnyException$qqrv
@System@@BeforeDestruction$qqrp14System@TObjectzc
@System@@AfterConstruction$qqrp14System@TObject
@System@@ClassDestroy$qqrp14System@TObject
@System@@ClassCreate$qqrp17System@TMetaClasso
@System@TObject@Dispatch$qqrpv
@System@TObject@BeforeDestruction$qqrv
@System@TObject@AfterConstruction$qqrv
@System@TObject@DefaultHandler$qqrpv
@System@TObject@ToString$qqrv
@System@TObject@SafeCallException$qqrp14System@TObjectpv
@System@@IsClass$qqrp14System@TObjectp17System@TMetaClass
@System@TObject@GetHashCode$qqrv
@System@TObject@Equals$qqrp14System@TObject
@System@TObject@Free$qqrv
@System@TObject@$bdtr$qqrv
@System@TObject@$bctr$qqrv
@System@TObject@FreeInstance$qqrv
@System@TObject@NewInstance$qqrv
@System@TObject@ClassName$qqrv
@System@TObject@ClassType$qqrv
@System@@ValExt$qqrv
@System@@ValLong$qqrx20System@UnicodeStringri
@System@@FillChar$qqrpvib
@System@Flush$qqrr15System@Textfile
@System@@ROUND$qqrv
@System@Sin$qqrxg
@System@Cos$qqrxg
@System@Set8087CW$qqrus
@System@ParamStr$qqri
@System@ParamCount$qqrv
@System@Move$qqrpxvpvi
@System@@FreeMem$qqrpv
@System@@GetMem$qqri
@System@Output
@System@ExitCode
@System@CmdLine
@$xp$24System@TInterfacedObject
@System@TInterfacedObject@
@$xp$9IDispatch
@$xp$17System@IInterface
@$xp$14System@TObject
@System@TObject@
@$xp$13System@string
@$xp$15System@WordBool
@$xp$16System@PWideChar
@$xp$6Double
@$xp$6Single
@$xp$5Int64
@$xp$8Cardinal
@$xp$7Pointer
@$xp$11System@Word
@$xp$7Integer
@$xp$8SmallInt
@$xp$7Boolean
@Classes@initialization$qqrv
@Classes@Finalization$qqrv
@Classes@TThread@Start$qqrv
@Classes@TThread@DoTerminate$qqrv
@Classes@TThread@AfterConstruction$qqrv
@Classes@TThread@$bcdtr$qqrv
@Classes@TThread@$bdtr$qqrv
@Classes@TThread@$bcctr$qqrv
@Classes@TThread@$bctr$qqro
@Classes@TStringStream@WriteString$qqrx20System@UnicodeString
@Classes@TStringStream@$bctr$qqrx27System@%AnsiStringT$us$i0$%
@Classes@TStringStream@$bctr$qqrv
@Classes@TFileStream@$bctr$qqrx20System@UnicodeStringus
@Classes@THandleStream@SetSize$qqrxj
@Classes@THandleStream@SetSize$qqri
@Classes@THandleStream@Seek$qqrxj19Classes@TSeekOrigin
@Classes@THandleStream@$bctr$qqri
@Classes@TStream@CopyFrom$qqrp15Classes@TStreamj
@Classes@TStream@ReadBuffer$qqrpvi
@Classes@TStream@Seek$qqrius
@Classes@TStream@GetSize$qqrv
@Classes@TStringList@$bctr$qqrv
@Classes@TInterfaceList@Add$qqrx45System@%DelphiInterface$t17System@IInterface%
@Classes@TInterfaceList@GetCount$qqrv
@Classes@TInterfaceList@Get$qqri
@Classes@TInterfaceList@Delete$qqri
@Classes@TInterfaceList@Clear$qqrv
@Classes@TInterfaceList@$bctr$qqrv
@Classes@TList@Notify$qqrpv25Classes@TListNotification
@Classes@TList@Pack$qqrv
@Classes@TList@Remove$qqrpv
@Classes@TList@Grow$qqrv
@Classes@TList@Get$qqri
@Classes@TList@Error$qqrx20System@UnicodeStringi
@Classes@TList@Clear$qqrv
@Classes@TList@Add$qqrpv
@Classes@TList@$bdtr$qqrv
@$xp$15Classes@TThread
@Classes@TThread@
@Classes@TStringStream@
@Classes@TMemoryStream@
@Classes@TFileStream@
@$xp$21Classes@THandleStream
@Classes@THandleStream@
@$xp$15Classes@TStream
@Classes@TStringList@
@$xp$22Classes@TInterfaceList
@Classes@TInterfaceList@
@$xp$13Classes@TList
@Classes@TList@
@Typinfo@initialization$qqrv
@Typinfo@Finalization$qqrv
@Sysutils@initialization$qqrv
@Sysutils@Finalization$qqrv
@Sysutils@TEncoding@$bcdtr$qqrv
@Sysutils@TLanguages@$bcdtr$qqrv
@Sysutils@Supports$qqrx45System@%DelphiInterface$t17System@IInterface%rx5_GUIDpv
@Sysutils@FreeAndNil$qqrpv
@Sysutils@RaiseLastOSError$qqrv
@Sysutils@Exception@$bcdtr$qqrv
@Sysutils@Exception@$bcctr$qqrv
@Sysutils@Exception@ToString$qqrv
@Sysutils@Exception@RaisingException$qqrp25Sysutils@TExceptionRecord
@Sysutils@Exception@GetBaseException$qqrv
@Sysutils@Exception@$bdtr$qqrv
@Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi
@Sysutils@Exception@$bctr$qqrx20System@UnicodeString
@Sysutils@SysErrorMessage$qqrui
@Sysutils@DateTimeToStr$qqrx16System@TDateTime
@Sysutils@Now$qqrv
@Sysutils@StrToFloat$qqrx20System@UnicodeString
@Sysutils@FloatToStr$qqrg
@Sysutils@Format$qqrx20System@UnicodeStringpx14System@TVarRecxi
@Sysutils@StrNew$qqrpxb
@Sysutils@StrPas$qqrpxb
@Sysutils@StrCat$qqrpbpxb
@Sysutils@ExtractFilePath$qqrx20System@UnicodeString
@Sysutils@DeleteFile$qqrx20System@UnicodeString
@Sysutils@ForceDirectories$qqr20System@UnicodeString
@Sysutils@DirectoryExists$qqrx20System@UnicodeString
@Sysutils@FileExists$qqrx20System@UnicodeString
@Sysutils@IntToStr$qqrj
@Sysutils@IntToStr$qqri
@Sysutils@AnsiDequotedStr$qqrx20System@UnicodeStringb
@Sysutils@Trim$qqrx20System@UnicodeString
@Sysutils@SameText$qqrx20System@UnicodeStringt1
@Sysutils@UpperCase$qqrx20System@UnicodeString
@Sysutils@GUIDToString$qqrrx5_GUID
@Sysutils@CreateGUID$qqsr5_GUID
@Sysutils@TEncoding@$bcctr$qqrv
@Sysutils@DecimalSeparator
@$xp$17Sysutils@EOSError
@Sysutils@EOSError@
@$xp$18Sysutils@Exception
@Sysutils@Exception@
@Sysutils@TLanguages@$bcctr$qqrv
@Sysconst@_SOSError
@Math@EnsureRange$qqrxixixi
@Math@Max$qqrxfxf
@Math@Min$qqrxfxf
@Math@Power$qqrxgxg
@Math@Tan$qqrxg
@Variants@initialization$qqrv
@Variants@Finalization$qqrv
@Variants@@VarAddRef$qqrr8TVarData
@Variants@@VarFromLStr$qqrr8TVarDatax27System@%AnsiStringT$us$i0$%
@Variants@@VarToUStr$qqrr20System@UnicodeStringrx8TVarData
@Variants@@VarToLStr$qqrr27System@%AnsiStringT$us$i0$%rx8TVarData
@Variants@@VarToInteger$qqrrx8TVarData
@Variants@@VarClr$qqrr8TVarData
@Varutils@initialization$qqrv
@Varutils@Finalization$qqrv
@Syncobjs@initialization$qqrv
@Syncobjs@Finalization$qqrv
@Timespan@TTimeSpan@$bcctr$qqrv
@Timespan@TTimeSpan@$bcdtr$qqrv
@Contnrs@TObjectList@GetItem$qqri
@Contnrs@TObjectList@$bctr$qqrv
@Contnrs@TObjectList@Add$qqrp14System@TObject
@$xp$19Contnrs@TObjectList
@Contnrs@TObjectList@
@Registry@initialization$qqrv
@Registry@Finalization$qqrv
@Registry@TRegistryIniFile@$bctr$qqrx20System@UnicodeString
@Registry@TRegistry@ReadString$qqrx20System@UnicodeString
@Registry@TRegistry@OpenKeyReadOnly$qqrx20System@UnicodeString
@Registry@TRegistry@SetRootKey$qqrp6HKEY__
@Registry@TRegistry@$bctr$qqrv
@Registry@TRegistryIniFile@
@Registry@TRegistry@
@Inifiles@initialization$qqrv
@Inifiles@Finalization$qqrv
@Inifiles@TCustomIniFile@SectionExists$qqrx20System@UnicodeString
@Inifiles@TCustomIniFile@$bctr$qqrx20System@UnicodeString
@Inifiles@TIniFile@
@Ioutils@initialization$qqrv
@Ioutils@Finalization$qqrv
@Ioutils@TPath@$bcctr$qqrv
@Ioutils@TPath@$bcdtr$qqrv
@Dialogs@initialization$qqrv
@Dialogs@Finalization$qqrv
@Comctrls@initialization$qqrv
@Comctrls@Finalization$qqrv
@Actnlist@initialization$qqrv
@Actnlist@Finalization$qqrv
@Graphics@initialization$qqrv
@Graphics@Finalization$qqrv
@Themes@initialization$qqrv
@Themes@Finalization$qqrv
@Controls@initialization$qqrv
@Controls@Finalization$qqrv
@Menus@initialization$qqrv
@Menus@Finalization$qqrv
@Uxtheme@initialization$qqrv
@Uxtheme@Finalization$qqrv
@Multimon@initialization$qqrv
@Multimon@Finalization$qqrv
@Forms@initialization$qqrv
@Forms@Finalization$qqrv
@Forms@TApplication@GetExeName$qqrv
@Forms@Application
@Helpintfs@initialization$qqrv
@Helpintfs@Finalization$qqrv
@Graphutil@initialization$qqrv
@Graphutil@Finalization$qqrv
@Extctrls@initialization$qqrv
@Extctrls@Finalization$qqrv
@Printers@initialization$qqrv
@Printers@Finalization$qqrv
@Clipbrd@initialization$qqrv
@Clipbrd@Finalization$qqrv
@Flatsb@initialization$qqrv
@Flatsb@Finalization$qqrv
@Db@initialization$qqrv
@Db@Finalization$qqrv
@Widestrings@initialization$qqrv
@Widestrings@Finalization$qqrv
@Fmtbcd@initialization$qqrv
@Fmtbcd@Finalization$qqrv
@Sqltimst@initialization$qqrv
@Sqltimst@Finalization$qqrv
@Comobj@initialization$qqrv
@Comobj@Finalization$qqrv
@Buttons@initialization$qqrv
@Buttons@Finalization$qqrv
@Olectrls@initialization$qqrv
@Olectrls@Finalization$qqrv
@Axctrls@initialization$qqrv
@Axctrls@Finalization$qqrv
@Oleserver@initialization$qqrv
@Oleserver@Finalization$qqrv
@Mapi@initialization$qqrv
@Mapi@Finalization$qqrv
@Ansistrings@initialization$qqrv
@Ansistrings@Finalization$qqrv
kernel32
GetModuleHandleW
WriteFile
WaitForSingleObject
WaitForMultipleObjects
TerminateProcess
SetDllDirectoryW
ReadFile
LoadLibraryExW
GetVersionExW
GetTempPathW
GetTempFileNameW
GetProcAddress
GetOverlappedResult
GetModuleHandleW
GetLastError
GetCurrentProcess
FreeLibrary
FlushFileBuffers
CreateNamedPipeW
CreateFileW
CreateEventW
ConnectNamedPipe
CloseHandle
CancelIo
user32
TranslateMessage
SetCursor
LoadCursorW
GetMessageW
DispatchMessageW
advapi32
RegOpenKeyW
RegCloseKey
shell32
SHGetSpecialFolderPathW
altiumcomponents.bpl
@Xpextedits@initialization$qqrv
@Xpextedits@Finalization$qqrv
@Xpextedits@TXPHistoryEdit@$bcdtr$qqrv
@Xpextedits@TXPHistoryEdit@$bcctr$qqrv
@Xpextedits@XPHistoryEditRegKey
@Xpcontrols@TXPCustomControl@$bcdtr$qqrv
@Xpcontrols@TXPCustomControl@$bcctr$qqrv
@Commonutils@initialization$qqrv
@Commonutils@Finalization$qqrv
@Xpcontrolutils@TXPControlManager@$bcdtr$qqrv
@Xpcontrolutils@TXPControlManager@$bcctr$qqrv
@Alphaimage@TAlphaBitmap@$bcdtr$qqrv
@Alphaimage@TAlphaBitmap@$bcctr$qqrv
@Xpgraphics@TImgLibManager@$bcdtr$qqrv
@Xpgraphics@TImgLibManager@$bcctr$qqrv
@Smoothtext@TSmoothTextRenderer@$bcdtr$qqrv
@Smoothtext@TSmoothTextRenderer@$bcctr$qqrv
@Xpimages@TCompressedBitmap@$bcdtr$qqrv
@Xpimages@TCompressedBitmap@$bcctr$qqrv
@Xputils@initialization$qqrv
@Xputils@Finalization$qqrv
@Xpscrolls@TResourceManager@$bcdtr$qqrv
@Xpscrolls@TResourceManager@$bcctr$qqrv
@Xpedits2@TXPEditResourceManager@$bcdtr$qqrv
@Xpedits2@TXPEditResourceManager@$bcctr$qqrv
@Xpextctrls@TResourceManager@$bcdtr$qqrv
@Xpextctrls@TResourceManager@$bcctr$qqrv
@Xplabels@TXPCustomLabel@$bcctr$qqrv
@Xplabels@TXPCustomLabel@$bcdtr$qqrv
@Xpfading@TTimerManager@$bcdtr$qqrv
@Xpfading@TTimerManager@$bcctr$qqrv
@Winxpbuttons@initialization$qqrv
@Winxpbuttons@Finalization$qqrv
@Winxpbuttons@TResourceManager@$bcdtr$qqrv
@Winxpbuttons@TResourceManager@$bcctr$qqrv
d3dx9_33
D3DXVec3TransformNormal
D3DXVec3TransformCoord
altiummisc.bpl
@Jclsysinfo@initialization$qqrv
@Jclsysinfo@Finalization$qqrv
@Jclbase@initialization$qqrv
@Jclbase@Finalization$qqrv
@Jclstrings@initialization$qqrv
@Jclstrings@Finalization$qqrv
@Jclunicode@initialization$qqrv
@Jclunicode@Finalization$qqrv
@Jclsysutils@initialization$qqrv
@Jclsysutils@Finalization$qqrv
@Jclansistrings@initialization$qqrv
@Jclansistrings@Finalization$qqrv
@Jclmath@initialization$qqrv
@Jclmath@Finalization$qqrv
@Jclcharsets@initialization$qqrv
@Jclcharsets@Finalization$qqrv
@Jclregistry@initialization$qqrv
@Jclregistry@Finalization$qqrv
@Jclfileutils@initialization$qqrv
@Jclfileutils@Finalization$qqrv
@Jclshell@initialization$qqrv
@Jclshell@Finalization$qqrv
Sections
.text Size: 94KB - Virtual size: 93KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.itext Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 624B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 245KB - Virtual size: 245KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ