41c434f9ed60c03a47b8832da126eb60_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

41c434f9ed60c03a47b8832da126eb60_JaffaCakes118
Size

77KB
MD5

41c434f9ed60c03a47b8832da126eb60
SHA1

f0a96088071d866ea42ec15a571efd6d27a8e858
SHA256

8638fec92f63013ad03dc97c0386a61b836efb3548bab18971ca94beb7ba4a72
SHA512

a2a59b901285db919b92ea014ff591c1851ac1ee105ff120fdc942c8b5850b3eaa090df79561a2090c8e7e7eaba01982052b9b4c67da3f0aa9154f7bb0de2e10
SSDEEP

1536:c5/wx7+c9lBTb3o9qft2uH/pCSavGgqrUG7JEb4u6LjhvN2l2tns:q/y+YBTkkHhCDXG7JQ+hvNDs

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/KMS-VL-ALL/32-bit/SppExtComObjHook.dll
unpack001/KMS-VL-ALL/32-bit/SppExtComObjPatcher.exe
unpack001/KMS-VL-ALL/32-bit/vlmcsd.exe
unpack001/KMS-VL-ALL/64-bit/SppExtComObjHook.dll
unpack001/KMS-VL-ALL/64-bit/SppExtComObjPatcher.exe

Files

41c434f9ed60c03a47b8832da126eb60_JaffaCakes118
.rar
KMS-VL-ALL/32-bit/SppExtComObjHook.dll
.dll windows:5 windows x86 arch:x86

63a76c31d70c29e01d71b628052a98be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_wcsupr
wcsstr
_stricmp
_time64
_localtime64
_vsnwprintf
wcsrchr
wcslen
_errno
memcmp
wcstoul
_wcsicmp
memset
memcpy

kernel32

GetSystemDefaultLCID
GetProcessHeap
GetModuleFileNameW
GetCurrentProcess
SetEvent
GetCurrentThread
GetLastError
SetLastError
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleA
VirtualProtect
WriteProcessMemory
HeapAlloc

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CryptHashData
CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptCreateHash
CryptEncrypt
CryptImportKey
CryptGenRandom
CryptReleaseContext
CryptSetKeyParam
CryptAcquireContextW
CryptSetHashParam
CryptGetHashParam

Exports

Exports

_InitHook@0

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KMS-VL-ALL/32-bit/SppExtComObjPatcher.exe
.exe windows:5 windows x86 arch:x86

80d4996be4f3279aee256ea8a8635393

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcsstr
wcslen
_wcsicmp
wcschr

kernel32

Thread32Next
ResumeThread
SuspendThread
WriteProcessMemory
CloseHandle
ExitProcess
GetCommandLineW
DebugActiveProcessStop
CreateProcessW
WaitForSingleObject
CreateRemoteThread
OpenProcess
Thread32First
VirtualFreeEx
Sleep
GetExitCodeProcess
GetStartupInfoW
GetLastError
GetProcAddress
VirtualAllocEx
Process32FirstW
OpenThread
GetExitCodeThread
Process32NextW
GetModuleHandleA
CreateToolhelp32Snapshot

Sections

.text
Size: 1024B - Virtual size: 753B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KMS-VL-ALL/32-bit/vlmcsd.exe
.exe windows:5 windows x86 arch:x86

44154c3663ec4940e689d432ad785b86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

strtol
strncmp
ferror
fgets
isspace
_localtime64
vfprintf
strftime
_vsnprintf
fprintf
printf
_snprintf
fflush
__iob_func
free
_time64
rand
memmove
_gmtime64
sprintf
_stricmp
exit
fclose
fseek
realloc
ftell
toupper
strrchr
_strdup
srand
fread
fopen
strncpy
_errno
strchr
_strtoi64
strerror
malloc
_strnicmp
strncat
memcmp
memcpy
memset

shlwapi

PathRemoveFileSpecA

iphlpapi

GetIpAddrTable
GetAdaptersAddresses

ws2_32

recv
setsockopt
WSAGetLastError
select
getaddrinfo
closesocket
getpeername
bind
WSAStartup
inet_addr
inet_ntoa
send
listen
getnameinfo
accept
freeaddrinfo
socket
getsockname
__WSAFDIsSet

kernel32

DeviceIoControl
ReadFile
WriteFile
CreateFileA
DeleteFileA
GetCurrentProcessId
SetConsoleCtrlHandler
CreateSemaphoreA
WideCharToMultiByte
GetCommandLineW
Sleep
WaitForSingleObject
CloseHandle
GetLastError
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
CreateThread
GetModuleHandleA
GetModuleFileNameA
FormatMessageA
GetTickCount
ReleaseSemaphore

advapi32

CryptAcquireContextW
CryptGetHashParam
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
StartServiceCtrlDispatcherA
ControlService
OpenSCManagerA
SetServiceStatus
QueryServiceStatus
StartServiceA
CreateServiceA
RegisterServiceCtrlHandlerA
DeleteService
CloseServiceHandle
OpenServiceA
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptCreateHash
CryptImportKey
CryptSetHashParam

shell32

CommandLineToArgvW

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KMS-VL-ALL/64-bit/SppExtComObjHook.dll
.dll windows:5 windows x64 arch:x64

63a76c31d70c29e01d71b628052a98be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_wcsupr
wcsstr
_stricmp
_time64
_localtime64
_vsnwprintf
wcsrchr
wcslen
_errno
memcmp
wcstoul
_wcsicmp
memset
memcpy

kernel32

GetSystemDefaultLCID
GetProcessHeap
GetModuleFileNameW
GetCurrentProcess
SetEvent
GetCurrentThread
GetLastError
SetLastError
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleA
VirtualProtect
WriteProcessMemory
HeapAlloc

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CryptHashData
CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptCreateHash
CryptEncrypt
CryptImportKey
CryptGenRandom
CryptReleaseContext
CryptSetKeyParam
CryptAcquireContextW
CryptSetHashParam
CryptGetHashParam

Exports

Exports

InitHook

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KMS-VL-ALL/64-bit/SppExtComObjPatcher.exe
.exe windows:5 windows x64 arch:x64

80d4996be4f3279aee256ea8a8635393

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

wcsstr
wcslen
_wcsicmp
wcschr

kernel32

Thread32Next
ResumeThread
SuspendThread
WriteProcessMemory
CloseHandle
ExitProcess
GetCommandLineW
DebugActiveProcessStop
CreateProcessW
WaitForSingleObject
CreateRemoteThread
OpenProcess
Thread32First
VirtualFreeEx
Sleep
GetExitCodeProcess
GetStartupInfoW
GetLastError
GetProcAddress
VirtualAllocEx
Process32FirstW
OpenThread
GetExitCodeThread
Process32NextW
GetModuleHandleA
CreateToolhelp32Snapshot

Sections

.text
Size: 1024B - Virtual size: 1023B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
KMS-VL-ALL/KMS-VL-ALL_cn.cmd
.cmd .vbs
KMS-VL-ALL/KMS-VL-ALL_en.cmd
.cmd .vbs
KMS-VL-ALL/功能简介.txt
KMS-VL-ALL/安全软件站.url
.url

Sharing

General

Malware Config

Signatures

Files

63a76c31d70c29e01d71b628052a98be

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

advapi32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 932B

.reloc Size: 512B - Virtual size: 456B

80d4996be4f3279aee256ea8a8635393

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

Sections

.text Size: 1024B - Virtual size: 753B

.rdata Size: 1024B - Virtual size: 988B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 96B

44154c3663ec4940e689d432ad785b86

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

shlwapi

iphlpapi

ws2_32

kernel32

advapi32

shell32

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 2KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 1KB

63a76c31d70c29e01d71b628052a98be

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

advapi32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 492B

.reloc Size: 512B - Virtual size: 80B

80d4996be4f3279aee256ea8a8635393

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

Sections

.text Size: 1024B - Virtual size: 1023B

.rdata Size: 1KB - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 48B

.rsrc Size: 512B - Virtual size: 480B

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 932B

.reloc
Size: 512B - Virtual size: 456B

.text
Size: 1024B - Virtual size: 753B

.rdata
Size: 1024B - Virtual size: 988B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 96B

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 2KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 492B

.reloc
Size: 512B - Virtual size: 80B

.text
Size: 1024B - Virtual size: 1023B

.rdata
Size: 1KB - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 48B

.rsrc
Size: 512B - Virtual size: 480B