kyJwzqIH156fUQWssFu4xj[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

kyJwzqIH156fUQWssFu4xj.zip
Size

3.4MB
MD5

9f3fcf58158b5c3f4418e6635d5cc800
SHA1

1f696efd401717e69f4c9186537344c4cefd2c48
SHA256

d6021ec49b9230d80dd07cfe08a43729ea7b5944eac9cb34c2a712c36a5592d8
SHA512

201420bf52b194fc041c007468606b37568b0235903c3839efcced085cb54fff9162667ab03634e9a5d6292b6f75b9eda7edb58b707e9f78f80196eef361407c
SSDEEP

98304:GLJ6sIGsqvKDBG3Luc0V3sMJo5FR8c3HO:GLvs/lG3LHMW5Fq6O

Score

N/A

Malware Config

Signatures

Files

kyJwzqIH156fUQWssFu4xj.zip
.zip

Password: unzip-me
KMSAuto Net v.1.5.1 Portable.7z_
.7z

Password: unzip-me
Info/readme_bg.txt
Info/readme_cn.txt
Info/readme_en.txt
Info/readme_es.txt
Info/readme_fr.txt
Info/readme_kms.txt
Info/readme_ru.txt
Info/readme_ua.txt
Info/readme_vi.txt
KMSAuto Net.exe
.exe windows x86

Password: unzip-me

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02-11-2016 18:47

Not After

31-12-2039 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1a:05:da:b8:f0:7a:e8:40:be:ad:78:fe:b2:55:a8:74
Certificate

Issuer

CN=WZTeam

Not Before

10-03-2017 18:02

Not After

31-12-2039 23:59

Subject

CN=WZTeam

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5f:05:31:0c:b6:73:d8:e4:bb:37:34:e5:f9:f0:fb:2b:33:b3:53:87:20:e9:19:0a:00:43:23:11:e0:05:77:1b
Signer

Actual PE Digest

5f:05:31:0c:b6:73:d8:e4:bb:37:34:e5:f9:f0:fb:2b:33:b3:53:87:20:e9:19:0a:00:43:23:11:e0:05:77:1b

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=WZTeam

12-07-2017 05:05
Valid: false

16:30:82:f2:5b:3c:2f:ab:cf:4a:00:e7:c2:35:c5:82:fe:3e:d1:a6
Signer

Actual PE Digest

16:30:82:f2:5b:3c:2f:ab:cf:4a:00:e7:c2:35:c5:82:fe:3e:d1:a6

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=WZTeam

12-07-2017 05:05
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 8.5MB - Virtual size: 8.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KMSCleaner.exe
.exe windows x86

Password: unzip-me

65ef43de0bb5fdb404965b6ed08a8eae

Code Sign

08:a8:e8:26:95:0f:1a:99:40:26:25:89:fc:af:0b:8f
Certificate

Issuer

CN=WZT

Not Before

08-11-2015 08:15

Not After

31-12-2039 23:59

Subject

CN=WZT

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d3:46:1b:c5:fa:73:0d:15:e1:da:8c:64:b5:fd:06:7c:ef:4d:bc:3f
Signer

Actual PE Digest

d3:46:1b:c5:fa:73:0d:15:e1:da:8c:64:b5:fd:06:7c:ef:4d:bc:3f

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=WZT

12-11-2015 19:45
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
wcsstr
wcsncmp
memmove
wcsncpy
_wcsnicmp
_wcsdup
free
wcslen
wcscpy
wcscat
wcscmp
strlen
strcpy
strcat
memcmp
_stricmp
memcpy
_wfopen
longjmp
_setjmp3
fclose
malloc
_snwprintf
sprintf
strcmp
tolower
_wcsicmp
gmtime
localtime
mktime
_itow
fabs
ceil
floor
pow
frexp
modf
_CIpow
fwrite
fflush
exit
__p__iob
fprintf
ferror
getenv
sscanf
_vsnwprintf
fmod
sin
cos
abs

kernel32

GetModuleHandleW
HeapCreate
GetEnvironmentVariableW
HeapDestroy
ExitProcess
SystemTimeToFileTime
LocalFileTimeToFileTime
FindResourceW
LoadResource
LockResource
SizeofResource
CreateToolhelp32Snapshot
CloseHandle
GetLogicalDriveStringsW
QueryDosDeviceW
FileTimeToLocalFileTime
FileTimeToSystemTime
ExpandEnvironmentStringsW
GetCurrentProcess
GetUserDefaultLangID
GetSystemDefaultLangID
MultiByteToWideChar
GetProcAddress
CreateRemoteThread
WaitForSingleObject
GetExitCodeThread
GetCurrentProcessId
OpenProcess
GetLastError
FormatMessageW
GetVolumeInformationW
FindFirstFileW
FindNextFileW
FindClose
WideCharToMultiByte
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
CreateProcessW
Beep
CreateFileW
CreateSemaphoreW
DeviceIoControl
GetCommandLineW
GetComputerNameW
GetDateFormatW
GetDiskFreeSpaceExW
GetExitCodeProcess
GetFileTime
GetPrivateProfileStringW
GetShortPathNameW
GetSystemDirectoryW
GetSystemPowerStatus
GetTimeZoneInformation
GetUserDefaultLCID
GetWindowsDirectoryW
GlobalMemoryStatus
LocalFree
Process32FirstW
Process32NextW
QueryPerformanceCounter
QueryPerformanceFrequency
SetComputerNameW
SetFileTime
SetSystemTime
SetVolumeLabelW
Sleep
TerminateProcess
WritePrivateProfileStringW
HeapAlloc
HeapFree
GetCurrentThreadId
InitializeCriticalSection
DuplicateHandle
CreatePipe
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
PeekNamedPipe
SetEnvironmentVariableW
GetModuleFileNameW
HeapReAlloc
ReadFile
SetFilePointer
SetEndOfFile
WriteFile
GetFileSize
FreeLibrary
LoadLibraryA
GetTickCount
LoadLibraryW
DeleteFileW
GetVersionExA
SetLastError
MulDiv
GetDriveTypeW
GetFileAttributesW
SetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateDirectoryW
RemoveDirectoryW
CopyFileW
GetTempPathW
MoveFileW
GetLocalTime
TlsAlloc
TlsSetValue
GetVersionExW
HeapSize
DeleteCriticalSection
lstrlenA

winspool.drv

ClosePrinter
DeletePrinter
OpenPrinterW
SetPrinterW

user32

OemToCharW
SendMessageW
ReleaseDC
EnumWindows
GetWindowThreadProcessId
FindWindowExW
FindWindowW
GetCursorPos
GetForegroundWindow
SetCursorPos
AnimateWindow
AttachThreadInput
BlockInput
ChangeDisplaySettingsW
CharToOemW
CreateWindowExW
DrawMenuBar
EnableMenuItem
EnableWindow
EnumDisplaySettingsW
ExitWindowsEx
FlashWindow
GetClassNameW
GetDC
GetDesktopWindow
GetFocus
GetKeyState
GetLastInputInfo
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindow
GetWindowLongW
GetWindowRect
GetWindowTextW
IsWindow
IsWindowEnabled
KillTimer
LoadCursorW
LockWorkStation
MessageBeep
PostMessageW
RegisterHotKey
RemoveMenu
SetClassLongW
SetFocus
SetForegroundWindow
SetTimer
SetWindowLongW
SetWindowPos
ShowWindow
UnregisterHotKey
UpdateWindow
WaitForInputIdle
keybd_event
mouse_event
CharUpperW
CharLowerW
MessageBoxW
IsWindowVisible
DestroyWindow
GetWindowTextLengthW
SetWindowTextW
SetScrollPos
GetPropW
SetPropW
GetParent
InflateRect
GetWindowDC
CallWindowProcW
RemovePropW
RedrawWindow
ScreenToClient
GetIconInfo
InvalidateRect
ReleaseCapture
BeginPaint
DrawStateW
EndPaint
SetCapture
GetSysColorBrush
DefWindowProcW
SetActiveWindow
UnregisterClassW
DestroyAcceleratorTable
LoadIconW
RegisterClassW
AdjustWindowRectEx
CreateAcceleratorTableW
PeekMessageW
MsgWaitForMultipleObjects
GetMessageW
GetActiveWindow
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
GetClientRect
FillRect
EnumChildWindows
DefFrameProcW
IsChild
RegisterWindowMessageW
DestroyIcon
CopyImage
DrawIconEx

gdi32

CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
GetPixel
GetStockObject
GetTextExtentPoint32W
ExcludeClipRect
GetObjectType
GetObjectW
DeleteObject
SetBkColor
SetTextColor
CreateSolidBrush
GetDeviceCaps
CreateFontW
GdiSetBatchLimit
GdiGetBatchLimit
CreateDIBSection
GetDIBits
CreateBitmap
SetPixel
SetBkMode
SetTextAlign
TextOutW
SetStretchBltMode
SetBrushOrgEx
StretchBlt
CreateFontIndirectW
GetTextMetricsW

advapi32

RegOpenKeyExW
RegOpenKeyW
RegConnectRegistryW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
LookupAccountNameW
IsValidSid
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyW
AdjustTokenPrivileges
ChangeServiceConfigW
CloseServiceHandle
ControlService
CryptAcquireContextW
CryptCreateHash
CryptDeriveKey
CryptDestroyHash
CryptDestroyKey
CryptEncrypt
CryptHashData
CryptReleaseContext
GetUserNameW
ImpersonateLoggedOnUser
LogonUserW
LookupPrivilegeValueW
OpenProcessToken
OpenSCManagerW
OpenServiceW
QueryServiceStatus
RegEnumValueW
RevertToSelf
StartServiceW

comctl32

InitCommonControlsEx

oleaut32

SafeArrayGetDim
SafeArrayGetUBound
SafeArrayGetElement

ole32

CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoCreateGuid
CoInitialize
StringFromGUID2
RevokeDragDrop

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
ExtractIconExW
ExtractIconW
IsNetDrive
RealDriveType
SHAddToRecentDocs
SHFileOperationW
SHFormatDrive
SHGetFileInfoW
ShellAboutW
Shell_NotifyIconW
ShellExecuteExW

wsock32

WSAStartup
gethostbyname
WSACleanup
gethostbyaddr
inet_addr
closesocket
gethostname
htons
select
__WSAFDIsSet
ioctlsocket
recvfrom
connect
socket
bind
recv

winmm

timeBeginPeriod

icmp

IcmpCloseHandle
IcmpCreateFile
IcmpSendEcho

imagehlp

MakeSureDirectoryPathExists

iphlpapi

GetAdaptersInfo
GetNetworkParams

msi

MsiEnumProductsW
MsiGetProductInfoW

netapi32

NetApiBufferFree
NetLocalGroupAdd
NetLocalGroupDel
NetLocalGroupEnum
NetUserDel
NetUserGetInfo
NetUserSetInfo

setupapi

SetupIterateCabinetW

urlmon

URLDownloadToFileW
UrlMkSetSessionOption

userenv

GetDefaultUserProfileDirectoryW

wininet

DeleteUrlCacheEntryW
InternetCloseHandle
InternetGetConnectedState
InternetOpenUrlW
InternetOpenW
InternetReadFile
UnlockUrlCacheEntryFileW

Sections

.code
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 225KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
READ ME!.txt
file-acquisition-raw-issues.bNztaMrUHbaiPQfM9vYx7D.xml
.xml
files-raw.YnUQDM0vFXhbgB4iVFJB7d.xml
.xml
manifest.json
metadata.json
script.xml
.xml
sysinfo.SSiFc5ZTzeh8QS3jbAjTd8.xml
.xml

Sharing

General

Malware Config

Signatures

Files

Password: unzip-me

Password: unzip-me

Password: unzip-me

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

1a:05:da:b8:f0:7a:e8:40:be:ad:78:fe:b2:55:a8:74Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

5f:05:31:0c:b6:73:d8:e4:bb:37:34:e5:f9:f0:fb:2b:33:b3:53:87:20:e9:19:0a:00:43:23:11:e0:05:77:1bSigner

Signature Validations

Verification

12-07-2017 05:05 Valid: false

16:30:82:f2:5b:3c:2f:ab:cf:4a:00:e7:c2:35:c5:82:fe:3e:d1:a6Signer

Signature Validations

Verification

12-07-2017 05:05 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 8.5MB - Virtual size: 8.5MB

.rsrc Size: 47KB - Virtual size: 47KB

.reloc Size: 512B - Virtual size: 12B

Password: unzip-me

65ef43de0bb5fdb404965b6ed08a8eae

Code Sign

08:a8:e8:26:95:0f:1a:99:40:26:25:89:fc:af:0b:8fCertificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

d3:46:1b:c5:fa:73:0d:15:e1:da:8c:64:b5:fd:06:7c:ef:4d:bc:3fSigner

Signature Validations

Verification

12-11-2015 19:45 Valid: false

Headers

File Characteristics

Imports

msvcrt

kernel32

winspool.drv

user32

gdi32

advapi32

comctl32

oleaut32

ole32

shell32

wsock32

winmm

icmp

imagehlp

iphlpapi

msi

netapi32

setupapi

urlmon

userenv

wininet

Sections

.code Size: 32KB - Virtual size: 31KB

.text Size: 227KB - Virtual size: 227KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 225KB - Virtual size: 227KB

.rsrc Size: 62KB - Virtual size: 61KB

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

1a:05:da:b8:f0:7a:e8:40:be:ad:78:fe:b2:55:a8:74
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

5f:05:31:0c:b6:73:d8:e4:bb:37:34:e5:f9:f0:fb:2b:33:b3:53:87:20:e9:19:0a:00:43:23:11:e0:05:77:1b
Signer

12-07-2017 05:05
Valid: false

16:30:82:f2:5b:3c:2f:ab:cf:4a:00:e7:c2:35:c5:82:fe:3e:d1:a6
Signer

12-07-2017 05:05
Valid: false

.text
Size: 8.5MB - Virtual size: 8.5MB

.rsrc
Size: 47KB - Virtual size: 47KB

.reloc
Size: 512B - Virtual size: 12B

08:a8:e8:26:95:0f:1a:99:40:26:25:89:fc:af:0b:8f
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

d3:46:1b:c5:fa:73:0d:15:e1:da:8c:64:b5:fd:06:7c:ef:4d:bc:3f
Signer

12-11-2015 19:45
Valid: false

.code
Size: 32KB - Virtual size: 31KB

.text
Size: 227KB - Virtual size: 227KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 225KB - Virtual size: 227KB

.rsrc
Size: 62KB - Virtual size: 61KB