General

Malware Config

Signatures

Files

• a0262556d45bb84c1e5d907fe3c7071793d39ba2bb8f5a1f775ec3fea35a0fa3

  .zip
• heukms/HEU_KMS_Activator_v19.5.1.exe

  .exe windows x86

  eb97e4fc5518ac300a92a11673825e0b

  
  

  Code Sign

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  wsock32

  WSACleanup

  socket

  inet_ntoa

  setsockopt

  ntohs

  recvfrom

  ioctlsocket

  htons

  WSAStartup

  __WSAFDIsSet

  select

  accept

  listen

  bind

  closesocket

  WSAGetLastError

  recv

  sendto

  send

  inet_addr

  gethostbyname

  gethostname

  connect

  version

  GetFileVersionInfoW

  GetFileVersionInfoSizeW

  VerQueryValueW

  winmm

  timeGetTime

  waveOutSetVolume

  mciSendStringW

  comctl32

  ImageList_ReplaceIcon

  ImageList_Destroy

  ImageList_Remove

  ImageList_SetDragCursorImage

  ImageList_BeginDrag

  ImageList_DragEnter

  ImageList_DragLeave

  ImageList_EndDrag

  ImageList_DragMove

  InitCommonControlsEx

  ImageList_Create

  mpr

  WNetUseConnectionW

  WNetCancelConnection2W

  WNetGetConnectionW

  WNetAddConnection2W

  wininet

  InternetQueryDataAvailable

  InternetCloseHandle

  InternetOpenW

  InternetSetOptionW

  InternetCrackUrlW

  HttpQueryInfoW

  InternetQueryOptionW

  HttpOpenRequestW

  HttpSendRequestW

  FtpOpenFileW

  FtpGetFileSize

  InternetOpenUrlW

  InternetReadFile

  InternetConnectW

  psapi

  GetProcessMemoryInfo

  iphlpapi

  IcmpCreateFile

  IcmpCloseHandle

  IcmpSendEcho

  userenv

  DestroyEnvironmentBlock

  UnloadUserProfile

  CreateEnvironmentBlock

  LoadUserProfileW

  uxtheme

  IsThemeActive

  kernel32

  DuplicateHandle

  CreateThread

  WaitForSingleObject

  HeapAlloc

  GetProcessHeap

  HeapFree

  Sleep

  GetCurrentThreadId

  MultiByteToWideChar

  MulDiv

  GetVersionExW

  IsWow64Process

  GetSystemInfo

  FreeLibrary

  LoadLibraryA

  GetProcAddress

  SetErrorMode

  GetModuleFileNameW

  WideCharToMultiByte

  lstrcpyW

  lstrlenW

  GetModuleHandleW

  QueryPerformanceCounter

  VirtualFreeEx

  OpenProcess

  VirtualAllocEx

  WriteProcessMemory

  ReadProcessMemory

  CreateFileW

  SetFilePointerEx

  SetEndOfFile

  ReadFile

  WriteFile

  FlushFileBuffers

  TerminateProcess

  CreateToolhelp32Snapshot

  Process32FirstW

  Process32NextW

  SetFileTime

  GetFileAttributesW

  FindFirstFileW

  SetCurrentDirectoryW

  GetLongPathNameW

  GetShortPathNameW

  DeleteFileW

  FindNextFileW

  CopyFileExW

  MoveFileW

  CreateDirectoryW

  RemoveDirectoryW

  SetSystemPowerState

  QueryPerformanceFrequency

  FindResourceW

  LoadResource

  LockResource

  SizeofResource

  EnumResourceNamesW

  OutputDebugStringW

  GetTempPathW

  GetTempFileNameW

  DeviceIoControl

  GetLocalTime

  CompareStringW

  GetCurrentProcess

  EnterCriticalSection

  LeaveCriticalSection

  GetStdHandle

  CreatePipe

  InterlockedExchange

  TerminateThread

  LoadLibraryExW

  FindResourceExW

  CopyFileW

  VirtualFree

  FormatMessageW

  GetExitCodeProcess

  GetPrivateProfileStringW

  WritePrivateProfileStringW

  GetPrivateProfileSectionW

  WritePrivateProfileSectionW

  GetPrivateProfileSectionNamesW

  FileTimeToLocalFileTime

  FileTimeToSystemTime

  SystemTimeToFileTime

  LocalFileTimeToFileTime

  GetDriveTypeW

  GetDiskFreeSpaceExW

  GetDiskFreeSpaceW

  GetVolumeInformationW

  SetVolumeLabelW

  CreateHardLinkW

  SetFileAttributesW

  CreateEventW

  SetEvent

  GetEnvironmentVariableW

  SetEnvironmentVariableW

  GlobalLock

  GlobalUnlock

  GlobalAlloc

  GetFileSize

  GlobalFree

  GlobalMemoryStatusEx

  Beep

  GetSystemDirectoryW

  HeapReAlloc

  HeapSize

  GetComputerNameW

  GetWindowsDirectoryW

  GetCurrentProcessId

  GetProcessIoCounters

  CreateProcessW

  GetProcessId

  SetPriorityClass

  LoadLibraryW

  VirtualAlloc

  IsDebuggerPresent

  GetCurrentDirectoryW

  lstrcmpiW

  DecodePointer

  GetLastError

  RaiseException

  InitializeCriticalSectionAndSpinCount

  DeleteCriticalSection

  InterlockedDecrement

  InterlockedIncrement

  GetCurrentThread

  CloseHandle

  GetFullPathNameW

  EncodePointer

  ExitProcess

  GetModuleHandleExW

  ExitThread

  GetSystemTimeAsFileTime

  ResumeThread

  GetCommandLineW

  IsProcessorFeaturePresent

  IsValidCodePage

  GetACP

  GetOEMCP

  GetCPInfo

  SetLastError

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetStartupInfoW

  GetStringTypeW

  SetStdHandle

  GetFileType

  GetConsoleCP

  GetConsoleMode

  RtlUnwind

  ReadConsoleW

  GetTimeZoneInformation

  GetDateFormatW

  GetTimeFormatW

  LCMapStringW

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  WriteConsoleW

  FindClose

  SetEnvironmentVariableA

  user32

  AdjustWindowRectEx

  CopyImage

  SetWindowPos

  GetCursorInfo

  RegisterHotKey

  ClientToScreen

  GetKeyboardLayoutNameW

  IsCharAlphaW

  IsCharAlphaNumericW

  IsCharLowerW

  IsCharUpperW

  GetMenuStringW

  GetSubMenu

  GetCaretPos

  IsZoomed

  MonitorFromPoint

  GetMonitorInfoW

  SetWindowLongW

  SetLayeredWindowAttributes

  FlashWindow

  GetClassLongW

  TranslateAcceleratorW

  IsDialogMessageW

  GetSysColor

  InflateRect

  DrawFocusRect

  DrawTextW

  FrameRect

  DrawFrameControl

  FillRect

  PtInRect

  DestroyAcceleratorTable

  CreateAcceleratorTableW

  SetCursor

  GetWindowDC

  GetSystemMetrics

  GetActiveWindow

  CharNextW

  wsprintfW

  RedrawWindow

  DrawMenuBar

  DestroyMenu

  SetMenu

  GetWindowTextLengthW

  CreateMenu

  IsDlgButtonChecked

  DefDlgProcW

  CallWindowProcW

  ReleaseCapture

  SetCapture

  CreateIconFromResourceEx

  mouse_event

  ExitWindowsEx

  SetActiveWindow

  FindWindowExW

  EnumThreadWindows

  SetMenuDefaultItem

  InsertMenuItemW

  IsMenu

  TrackPopupMenuEx

  GetCursorPos

  DeleteMenu

  SetRect

  GetMenuItemID

  GetMenuItemCount

  SetMenuItemInfoW

  GetMenuItemInfoW

  SetForegroundWindow

  IsIconic

  FindWindowW

  MonitorFromRect

  keybd_event

  SendInput

  GetAsyncKeyState

  SetKeyboardState

  GetKeyboardState

  GetKeyState

  VkKeyScanW

  LoadStringW

  DialogBoxParamW

  MessageBeep

  EndDialog

  SendDlgItemMessageW

  GetDlgItem

  SetWindowTextW

  CopyRect

  ReleaseDC

  GetDC

  EndPaint

  BeginPaint

  GetClientRect

  GetMenu

  DestroyWindow

  EnumWindows

  GetDesktopWindow

  IsWindow

  IsWindowEnabled

  IsWindowVisible

  EnableWindow

  InvalidateRect

  GetWindowLongW

  GetWindowThreadProcessId

  AttachThreadInput

  GetFocus

  GetWindowTextW

  ScreenToClient

  SendMessageTimeoutW

  EnumChildWindows

  CharUpperBuffW

  GetParent

  GetDlgCtrlID

  SendMessageW

  MapVirtualKeyW

  PostMessageW

  GetWindowRect

  SetUserObjectSecurity

  CloseDesktop

  CloseWindowStation

  OpenDesktopW

  SetProcessWindowStation

  GetProcessWindowStation

  OpenWindowStationW

  GetUserObjectSecurity

  MessageBoxW

  DefWindowProcW

  SetClipboardData

  EmptyClipboard

  CountClipboardFormats

  CloseClipboard

  GetClipboardData

  IsClipboardFormatAvailable

  OpenClipboard

  BlockInput

  GetMessageW

  LockWindowUpdate

  DispatchMessageW

  TranslateMessage

  PeekMessageW

  UnregisterHotKey

  CheckMenuRadioItem

  CharLowerBuffW

  MoveWindow

  SetFocus

  PostQuitMessage

  KillTimer

  CreatePopupMenu

  RegisterWindowMessageW

  SetTimer

  ShowWindow

  CreateWindowExW

  RegisterClassExW

  LoadIconW

  LoadCursorW

  GetSysColorBrush

  GetForegroundWindow

  MessageBoxA

  DestroyIcon

  SystemParametersInfoW

  LoadImageW

  GetClassNameW

  gdi32

  StrokePath

  DeleteObject

  GetTextExtentPoint32W

  ExtCreatePen

  GetDeviceCaps

  EndPath

  SetPixel

  CloseFigure

  CreateCompatibleBitmap

  CreateCompatibleDC

  SelectObject

  StretchBlt

  GetDIBits

  LineTo

  AngleArc

  MoveToEx

  Ellipse

  DeleteDC

  GetPixel

  CreateDCW

  GetStockObject

  GetTextFaceW

  CreateFontW

  SetTextColor

  PolyDraw

  BeginPath

  Rectangle

  SetViewportOrgEx

  GetObjectW

  SetBkMode

  RoundRect

  SetBkColor

  CreatePen

  CreateSolidBrush

  StrokeAndFillPath

  comdlg32

  GetOpenFileNameW

  GetSaveFileNameW

  advapi32

  GetAce

  RegEnumValueW

  RegDeleteValueW

  RegDeleteKeyW

  RegEnumKeyExW

  RegSetValueExW

  RegOpenKeyExW

  RegCloseKey

  RegQueryValueExW

  RegConnectRegistryW

  InitializeSecurityDescriptor

  InitializeAcl

  AdjustTokenPrivileges

  OpenThreadToken

  OpenProcessToken

  LookupPrivilegeValueW

  DuplicateTokenEx

  CreateProcessAsUserW

  CreateProcessWithLogonW

  GetLengthSid

  CopySid

  LogonUserW

  AllocateAndInitializeSid

  CheckTokenMembership

  RegCreateKeyExW

  FreeSid

  GetTokenInformation

  GetSecurityDescriptorDacl

  GetAclInformation

  AddAce

  SetSecurityDescriptorDacl

  GetUserNameW

  InitiateSystemShutdownExW

  shell32

  DragQueryPoint

  ShellExecuteExW

  DragQueryFileW

  SHEmptyRecycleBinW

  SHGetPathFromIDListW

  SHBrowseForFolderW

  SHCreateShellItem

  SHGetDesktopFolder

  SHGetSpecialFolderLocation

  SHGetFolderPathW

  SHFileOperationW

  ExtractIconExW

  Shell_NotifyIconW

  ShellExecuteW

  DragFinish

  ole32

  CoTaskMemAlloc

  CoTaskMemFree

  CLSIDFromString

  ProgIDFromCLSID

  CLSIDFromProgID

  OleSetMenuDescriptor

  MkParseDisplayName

  OleSetContainedObject

  CoCreateInstance

  IIDFromString

  StringFromGUID2

  CreateStreamOnHGlobal

  OleInitialize

  OleUninitialize

  CoInitialize

  CoUninitialize

  GetRunningObjectTable

  CoGetInstanceFromFile

  CoGetObject

  CoSetProxyBlanket

  CoCreateInstanceEx

  CoInitializeSecurity

  oleaut32

  LoadTypeLibEx

  VariantCopyInd

  SysReAllocString

  SysFreeString

  SafeArrayDestroyDescriptor

  SafeArrayDestroyData

  SafeArrayUnaccessData

  SafeArrayAccessData

  SafeArrayAllocData

  SafeArrayAllocDescriptorEx

  SafeArrayCreateVector

  RegisterTypeLi

  CreateStdDispatch

  DispCallFunc

  VariantChangeType

  SysStringLen

  VariantTimeToSystemTime

  VarR8FromDec

  SafeArrayGetVartype

  VariantCopy

  VariantClear

  OleLoadPicture

  QueryPathOfRegTypeLi

  RegisterTypeLibForUser

  UnRegisterTypeLibForUser

  UnRegisterTypeLi

  CreateDispTypeInfo

  SysAllocString

  VariantInit

  Sections

  .text

  Size: 567KB - Virtual size: 567KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 184KB - Virtual size: 184KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 20KB - Virtual size: 35KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 4.0MB - Virtual size: 4.0MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 28KB - Virtual size: 28KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• heukms/HEU_KMS_Activator_v19.5.1˵���ĵ�.pdf

  .pdf

  • http://technet.microsoft.com/en-us/library/jj612867.aspx

    Analyze
• heukms/������־.txt