KMS-R@1nHook[.]exe | Triage

Submit
Reports

Overview

overview

3

Static

static

1

Device/Har...ok.exe

windows7-x64

3

Device/Har...ok.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

Device/HarddiskVolume2/Windows/[email protected]

Resource

win7-20230220-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

Device/HarddiskVolume2/Windows/[email protected]

Resource

win10v2004-20230220-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

[email protected]
Size

2KB
MD5

fe6d4c2f51238f60d08653713afad9e0
SHA1

f4251efcd19ea6699cbcf32e3ae98b47f41a06ae
SHA256

1a60070922c19158b605aa43f873ddc35f98e733da76bf39b0af78bc10fdeefc
SHA512

e66aa550339357e1eb00d30aa4c85b8b3b92be92c9069279bf8f262a31d7310748d80b4fc75a04be2918e998a75ec7b92a4752bf21dcf69e102473e002927225

Score

1^/10

Malware Config

Signatures

Files

[email protected]
.zip

Password: S@ndb0x!2023@@
Device/HarddiskVolume2/Windows/[email protected]
.exe windows x64

Password: S@ndb0x!2023@@

668ac028f2a272193c8b85912214bb06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

wcslen
wcsstr
wcschr
_wcsicmp

kernel32

CreateToolhelp32Snapshot
GetExitCodeProcess
OpenThread
VirtualFreeEx
CreateRemoteThread
GetStartupInfoW
WriteProcessMemory
GetCommandLineW
Thread32Next
Thread32First
WaitForSingleObject
DebugActiveProcessStop
SuspendThread
ResumeThread
GetModuleHandleA
OpenProcess
GetExitCodeThread
Sleep
GetLastError
Process32NextW
Process32FirstW
CloseHandle
GetProcAddress
VirtualAllocEx
ExitProcess
CreateProcessW

Sections

.text
Size: 1024B - Virtual size: 1023B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
manifest.json

© 2018-2025

Terms | Privacy