WinActivate[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

WinActivate.zip
Size

191KB
MD5

57c69cbef2adf7c778ec44c26b700be3
SHA1

35ee2a9880a58c2b3d406244ca24c6ece7931786
SHA256

c56b9e4a2a5e218d71cb9124ed8fd40cfbbcff24cdc3d8aef192968ad78d3e70
SHA512

1cb627472c9d08d776a6f575aa5ededd857c15c7176598d7bb82af433d4987bc8bb9e836f0baeeea85511a13734aa2182f273a6e2222973abf06b9abbb61202a
SSDEEP

3072:ZNLBfVmkLkvjA7ArrEXQ+wF21hYq3cka9F9EMKyAfpg/O2SlKhHTCI2I184AOnYh:P5AkLIjCjXwFcSqg79EMKXpi9Slup2I6

Score

N/A

Malware Config

Signatures

Files

WinActivate.zip
.zip

Password: Macaco
WinActivate/LICENSE
WinActivate/README.md
WinActivate/gatherosstate.exe
.exe windows x86

Password: Macaco

de6c800823c77882b5d9888457698a55

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memcpy
memcmp
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_onexit
__dllonexit
memchr
wcschr
_unlock
_lock
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_purecall
malloc
free
wcsstr
_wcsicmp
memmove
_vsnwprintf
wprintf
memset

ntdll

RtlCaptureContext
RtlAllocateHeap
RtlFreeHeap

kernel32

DeviceIoControl
GlobalMemoryStatusEx
GetSystemDirectoryW
LoadLibraryExW
FreeLibrary
LoadLibraryExA
DelayLoadFailureHook
IsWow64Process
HeapFree
WriteFile
GetModuleHandleExW
GetModuleFileNameW
SetErrorMode
LocalAlloc
CreateFileW
GetFileAttributesW
CompareStringW
GetLastError
FileTimeToSystemTime
CloseHandle
HeapAlloc
GetProcAddress
LocalFree
GetProcessHeap
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
VirtualProtect
EnterCriticalSection
GetCurrentProcess
TerminateProcess
LeaveCriticalSection
GetSystemDefaultUILanguage
UnhandledExceptionFilter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetVersionExW
GetCurrentThread

advapi32

CryptDestroyHash
CryptReleaseContext
CryptHashData
CryptGetHashParam
CryptCreateHash
CryptAcquireContextW
GetCurrentHwProfileW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

Sections

.text
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinActivate/slc.dll
.dll windows x86

Password: Macaco

80f1b618ce492ee900827fa57dbe6c0c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegGetValueW
RegOpenKeyExW

imagehlp

MapFileAndCheckSumW

kernel32

CloseHandle
CopyFileExW
CreateFileW
DeleteFileW
GetFileAttributesW
GetFileSize
GetProcessHeap
GetProductInfo
HeapAlloc
HeapFree
HeapReAlloc
ReadFile
SetFilePointer
WriteFile

msvcrt

exit
sscanf
time
wcschr
wcscmp
wcscpy
wcslen
wcsncmp
wcstoul

user32

MessageBoxW

Exports

Exports

PatchGatherosstate
SLClose
SLGetGenuineInformation
SLGetLicensingStatusInformation
SLGetPKeyInformation
SLGetProductSkuInformation
SLGetSLIDList
SLGetServiceInformation
SLGetWindowsInformationDWORD
SLOpen

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 353B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinActivate/winactivate.cmd

Sharing

General

Malware Config

Signatures

Files

Password: Macaco

Password: Macaco

de6c800823c77882b5d9888457698a55

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

kernel32

advapi32

Sections

.text Size: 315KB - Virtual size: 315KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 2KB

.didat Size: 512B - Virtual size: 144B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

Password: Macaco

80f1b618ce492ee900827fa57dbe6c0c

Headers

File Characteristics

Imports

advapi32

imagehlp

kernel32

msvcrt

user32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1024B - Virtual size: 760B

.edata Size: 512B - Virtual size: 353B

.idata Size: 1024B - Virtual size: 920B

.reloc Size: 512B - Virtual size: 164B

.text
Size: 315KB - Virtual size: 315KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 2KB

.didat
Size: 512B - Virtual size: 144B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1024B - Virtual size: 760B

.edata
Size: 512B - Virtual size: 353B

.idata
Size: 1024B - Virtual size: 920B

.reloc
Size: 512B - Virtual size: 164B