Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Static task
static1
Behavioral task
behavioral1
Sample
764dde3f1fd9259e60c40b148db70637_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
764dde3f1fd9259e60c40b148db70637_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
764dde3f1fd9259e60c40b148db70637_JaffaCakes118
-
Size
317KB
-
MD5
764dde3f1fd9259e60c40b148db70637
-
SHA1
0594e04536101063361d903e7db109a6dfaef85f
-
SHA256
403736515e661b6b36e18644a1e4aaa8b64f3d2597cf260300c815f9326d669a
-
SHA512
cbc6bc71698f75ebf23b2991476dabc895b23fd16af84967a2197aacc77b243e27ac143cdcc787549019492481bef63c847d79489eb3a8d672e8c8b5d0be157a
-
SSDEEP
6144:J6tiiYyUYE+I6TdpIg+aLUvPOfE2sg4qJLfG7zWBMvKvGB77Z:J60iYyo+JT/+f282sGtw/77Z
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 764dde3f1fd9259e60c40b148db70637_JaffaCakes118
Files
-
764dde3f1fd9259e60c40b148db70637_JaffaCakes118.exe windows:4 windows x86 arch:x86
e561a4efc3e7aed28a132f88ae3d515e
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msi
ord9
pdh
PdhMakeCounterPathA
comdlg32
PrintDlgA
user32
ToUnicodeEx
GetWindowPlacement
SetWindowContextHelpId
RegisterClassA
GetWindowThreadProcessId
rasapi32
RasEnumEntriesA
gdi32
CloseMetaFile
CreateFontIndirectA
GetMetaFileBitsEx
GetTextMetricsA
SetICMMode
GetColorAdjustment
GetOutlineTextMetricsW
GetKerningPairsW
CreateRectRgn
SetBkMode
GdiGetBatchLimit
CreatePenIndirect
EndPath
GetFontData
StartDocA
GetPixelFormat
DrawEscape
SetAbortProc
CreateDIBPatternBrush
ResetDCW
StretchDIBits
SetSystemPaletteUse
GetICMProfileA
RoundRect
GetTextCharacterExtra
GetTextCharsetInfo
SetDIBits
GetLogColorSpaceA
StrokePath
SetTextAlign
SetICMProfileW
SetViewportOrgEx
DeleteDC
BitBlt
PaintRgn
EndPage
SetPixelV
Pie
PolyPolyline
CreateColorSpaceA
SetStretchBltMode
MoveToEx
GetPolyFillMode
GetTextExtentPointW
PolylineTo
CreateRoundRectRgn
GetEnhMetaFileHeader
GetLogColorSpaceW
Polygon
PolyBezier
PolyTextOutW
FillPath
SetViewportExtEx
GetTextExtentPoint32W
PolyBezierTo
SetArcDirection
CreateEllipticRgn
CreateSolidBrush
SelectObject
GetDeviceGammaRamp
PlayMetaFile
GetEnhMetaFileA
DescribePixelFormat
InvertRgn
SetTextColor
EnumFontFamiliesExA
SetDeviceGammaRamp
ResetDCA
FrameRgn
SetDIBColorTable
GetOutlineTextMetricsA
GdiFlush
GetPixel
SetPixelFormat
CreateMetaFileW
RemoveFontResourceA
CreateDIBPatternBrushPt
SetMetaFileBitsEx
SetPolyFillMode
GetMiterLimit
CreateBitmap
GetObjectType
GetWinMetaFileBits
Ellipse
PlayMetaFileRecord
SetBitmapDimensionEx
EnumObjects
Arc
SwapBuffers
GetBrushOrgEx
PlgBlt
FloodFill
ExtTextOutW
UpdateICMRegKeyW
EqualRgn
IntersectClipRect
CreateFontA
CreateMetaFileA
CreateICW
GetDCOrgEx
PolyDraw
CreateDIBSection
GetTextFaceA
GetAspectRatioFilterEx
TextOutA
GetNearestPaletteIndex
BeginPath
EnumFontsW
GetRegionData
DeleteColorSpace
SetMapMode
CombineTransform
SetEnhMetaFileBits
CheckColorsInGamut
GetCharABCWidthsFloatW
GetSystemPaletteEntries
CreateDIBitmap
Escape
GetBitmapDimensionEx
CopyEnhMetaFileA
ArcTo
MaskBlt
CreateEllipticRgnIndirect
GetFontLanguageInfo
CreateICA
GetEnhMetaFileDescriptionW
WidenPath
GetGlyphOutlineA
ResizePalette
DeleteObject
GetMetaFileA
GetPath
CreatePatternBrush
GetViewportOrgEx
CopyEnhMetaFileW
RectVisible
SetBoundsRect
PolyPolygon
GetCharWidthW
CreateBitmapIndirect
GetICMProfileW
UnrealizeObject
SetICMProfileA
CreateHatchBrush
DeleteMetaFile
CreateFontW
Chord
SetWindowExtEx
EndDoc
GetGraphicsMode
CreateEnhMetaFileA
SetBitmapBits
CreateCompatibleBitmap
Polyline
GetMetaRgn
GetColorSpace
PatBlt
CreateFontIndirectW
GetMapMode
GetTextColor
ChoosePixelFormat
CancelDC
GetObjectW
GetWindowExtEx
GetCharWidth32W
PathToRegion
ExtCreateRegion
SelectClipRgn
GdiComment
TranslateCharsetInfo
FlattenPath
GetTextAlign
LineTo
GetCharWidth32A
CloseEnhMetaFile
LineDDA
CreateDCA
PtInRegion
EnumEnhMetaFile
SetRectRgn
GetNearestColor
GetTextCharset
SetColorAdjustment
CreateEnhMetaFileW
GetMetaFileW
EnumMetaFile
GetTextFaceW
OffsetRgn
GetClipRgn
GetClipBox
GetDIBColorTable
mpr
WNetAddConnection2W
WNetConnectionDialog1A
WNetConnectionDialog1W
WNetOpenEnumA
WNetGetNetworkInformationA
MultinetGetConnectionPerformanceW
WNetAddConnection3A
WNetDisconnectDialog
WNetGetUniversalNameA
WNetGetUserA
WNetOpenEnumW
WNetGetLastErrorW
MultinetGetConnectionPerformanceA
WNetGetUserW
WNetAddConnectionA
WNetAddConnection3W
WNetGetConnectionW
WNetConnectionDialog
WNetGetUniversalNameW
WNetCancelConnectionA
WNetGetProviderNameA
WNetAddConnection2A
WNetEnumResourceW
WNetEnumResourceA
WNetCloseEnum
WNetCancelConnectionW
winmm
mciSendStringW
midiOutGetErrorTextW
midiInStart
waveInGetPosition
midiOutGetDevCapsW
midiOutClose
joyGetPosEx
mixerGetLineInfoA
waveInGetID
mmioAdvance
waveInStart
midiOutGetNumDevs
OpenDriver
mmioWrite
mmioInstallIOProcA
CloseDriver
waveOutOpen
waveInStop
mciGetErrorStringW
joyGetNumDevs
waveOutGetPosition
mixerGetLineInfoW
timeBeginPeriod
mciGetDeviceIDFromElementIDW
midiInGetErrorTextW
waveOutSetVolume
mciGetCreatorTask
waveInReset
mmioOpenW
mmioAscend
midiInReset
timeKillEvent
midiOutCachePatches
midiInMessage
midiStreamClose
DefDriverProc
auxSetVolume
midiInPrepareHeader
advapi32
EqualSid
RegCloseKey
RegCreateKeyA
QueryServiceObjectSecurity
CreateServiceA
LsaQueryTrustedDomainInfo
CloseEventLog
RegUnLoadKeyA
LookupPrivilegeNameW
SetServiceObjectSecurity
RegSetValueW
LsaRetrievePrivateData
RegEnumValueA
GetMultipleTrusteeW
GetServiceKeyNameA
RegOpenKeyExA
AbortSystemShutdownW
RegConnectRegistryA
ChangeServiceConfig2A
OpenEventLogA
GetNamedSecurityInfoA
RegUnLoadKeyW
StartServiceCtrlDispatcherA
LsaEnumerateTrustedDomains
RegisterServiceCtrlHandlerW
GetFileSecurityA
ObjectDeleteAuditAlarmW
LsaNtStatusToWinError
BuildImpersonateTrusteeA
SetPrivateObjectSecurity
GetSecurityDescriptorGroup
RegEnumKeyA
InitializeSecurityDescriptor
InitiateSystemShutdownW
LsaEnumerateAccountsWithUserRight
BuildSecurityDescriptorW
GetSecurityInfo
RegDeleteValueW
GetSidIdentifierAuthority
SetTokenInformation
RevertToSelf
ReadEventLogW
SetFileSecurityA
RegCreateKeyW
LookupPrivilegeDisplayNameA
GetSecurityDescriptorDacl
QueryServiceLockStatusA
RegDeleteValueA
LsaCreateTrustedDomainEx
SetNamedSecurityInfoW
CreateProcessAsUserA
GetFileSecurityW
LsaEnumerateTrustedDomainsEx
GetNamedSecurityInfoW
AddAccessDeniedAce
EncryptFileW
RegSetValueA
IsTokenRestricted
LsaEnumerateAccountRights
ObjectPrivilegeAuditAlarmA
DeregisterEventSource
IsValidAcl
BackupEventLogW
GetServiceDisplayNameW
BuildImpersonateExplicitAccessWithNameW
ReportEventW
GetSidSubAuthority
UnlockServiceDatabase
RegisterEventSourceW
RegCreateKeyExW
MakeSelfRelativeSD
RegQueryValueW
AccessCheck
SetNamedSecurityInfoA
RegEnumKeyExW
QueryServiceStatus
ChangeServiceConfigW
BuildExplicitAccessWithNameW
LsaSetDomainInformationPolicy
LsaSetTrustedDomainInfoByName
GetSecurityDescriptorControl
RegOverridePredefKey
LogonUserW
FindFirstFreeAce
EnumDependentServicesW
StartServiceCtrlDispatcherW
ObjectOpenAuditAlarmW
SetFileSecurityW
DeleteService
LsaQueryInformationPolicy
ChangeServiceConfigA
AllocateLocallyUniqueId
GetSecurityDescriptorLength
RegSetKeySecurity
GetTrusteeFormA
StartServiceA
LsaQueryTrustedDomainInfoByName
GetUserNameW
GetExplicitEntriesFromAclW
BuildImpersonateTrusteeW
MakeAbsoluteSD
GetTrusteeTypeA
GetAuditedPermissionsFromAclW
LsaLookupNames
SetAclInformation
GetTokenInformation
NotifyChangeEventLog
GetNumberOfEventLogRecords
GetSecurityDescriptorOwner
AdjustTokenPrivileges
SetServiceStatus
RegQueryValueExW
OpenSCManagerW
CopySid
RegLoadKeyW
RegEnumValueW
BuildTrusteeWithNameA
LookupSecurityDescriptorPartsW
AddAce
LogonUserA
GetExplicitEntriesFromAclA
QueryServiceConfigA
LsaFreeMemory
LockServiceDatabase
BuildTrusteeWithSidA
GetTrusteeFormW
ControlService
AdjustTokenGroups
ObjectCloseAuditAlarmA
RegCreateKeyExA
BackupEventLogA
GetKernelObjectSecurity
LookupPrivilegeValueW
SetSecurityDescriptorSacl
RegConnectRegistryW
LsaDeleteTrustedDomain
SetEntriesInAclW
ReadEventLogA
RegDeleteKeyW
EnumServicesStatusA
GetServiceKeyNameW
GetLengthSid
LookupPrivilegeValueA
LookupPrivilegeDisplayNameW
QueryServiceConfig2A
LookupAccountNameA
AllocateAndInitializeSid
IsValidSid
RegReplaceKeyA
SetKernelObjectSecurity
ClearEventLogW
GetOldestEventLogRecord
FreeSid
CreatePrivateObjectSecurity
OpenServiceW
QueryServiceConfig2W
AccessCheckAndAuditAlarmA
GetSecurityDescriptorSacl
RegOpenKeyW
RegRestoreKeyW
GetSidLengthRequired
DuplicateTokenEx
RegQueryValueA
GetEffectiveRightsFromAclA
GetMultipleTrusteeA
RegQueryInfoKeyW
GetTrusteeNameW
EqualPrefixSid
RegOpenKeyExW
GetAce
OpenBackupEventLogA
RegisterServiceCtrlHandlerA
ImpersonateLoggedOnUser
LsaClose
GetAclInformation
MapGenericMask
BuildImpersonateExplicitAccessWithNameA
ImpersonateSelf
OpenProcessToken
SetSecurityDescriptorGroup
LsaOpenPolicy
RegQueryMultipleValuesW
SetSecurityInfo
CreateRestrictedToken
RegQueryMultipleValuesA
RegGetKeySecurity
RegOpenKeyA
PrivilegedServiceAuditAlarmW
GetPrivateObjectSecurity
RegQueryValueExA
OpenBackupEventLogW
SetSecurityDescriptorOwner
BuildTrusteeWithNameW
RegDeleteKeyA
DuplicateToken
RegSaveKeyA
RegisterEventSourceA
SetSecurityDescriptorDacl
DecryptFileW
SetThreadToken
InitiateSystemShutdownA
LsaSetInformationPolicy
AreAnyAccessesGranted
BuildExplicitAccessWithNameA
AddAuditAccessAce
RegLoadKeyA
RegNotifyChangeKeyValue
RegSetValueExA
LookupAccountNameW
SetEntriesInAclA
QueryServiceLockStatusW
RegSetValueExW
IsTextUnicode
RegReplaceKeyW
OpenServiceA
LookupPrivilegeNameA
LsaSetTrustedDomainInformation
ObjectCloseAuditAlarmW
LsaAddAccountRights
imm32
ImmGetCompositionFontA
ImmGetCandidateListW
ImmAssociateContext
ImmGetContext
ImmUnregisterWordW
ImmEnumRegisterWordW
kernel32
AddAtomA
GlobalAlloc
GetStartupInfoA
GetModuleHandleA
GetNumberFormatA
GetPrivateProfileSectionNamesA
winspool.drv
GetPrinterDriverDirectoryA
msvcrt
_acmdln
_XcptFilter
_exit
__getmainargs
exit
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
Sections
.text Size: 100KB - Virtual size: 99KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 16KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 3.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 12KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ