KMS Tools Portable (2)[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

KMS Tools Portable (2).zip
Size

168.0MB
MD5

d4f69c9e7efb20ec789e45b829e2b542
SHA1

43715328ac2eb50c31a075cd4ed02d33c626140b
SHA256

3611d70fd0636f5858bd4d436e75e4afc9fc8763a034254ad6d5033f4a64ef84
SHA512

36d042b636530f3eb4bc31128b7d12905f2976df718d1d834c3476f75a8658c036c4060645ca2b9be8e9e7f2cec7c45e692040883af0332d9aaa556a24f4f865
SSDEEP

3145728:kJCHBM+DyG4HQqJMK/IoUoN2u1U1qjp6R6cPRfsG3NoZmp+paWrjfpNOn:kwHBVyGvqTXo1qFIZ5/dSgW5NOn

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/KMS Tools Portable/KMS Tools Unpack.exe	themida

Files

KMS Tools Portable (2).zip
.zip
KMS Tools Portable/Add_Defender_Exclusion.cmd
KMS Tools Portable/KMS Tools Portable.chm
.chm
KMS Tools Portable/KMS Tools Unpack.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 358KB - Virtual size: 672KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 52KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 15KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 170KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 8.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.loadcon
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.boot
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
KMS Tools Portable/KMSAuto++.ini
KMS Tools Portable/data0.bin
.exe windows x86

fcf1390e9ce472c7270447fc5c61a0c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
SetLastError
FormatMessageW
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
DecodePointer

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc

Sections

.text
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KMS Tools Portable/data1.bin
.exe windows x86

4a0eb751a0cc2fdf8841ea3c33b85101

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
wcsncpy
wcslen
wcscmp
memmove
wcscpy
wcscat
memcmp
strlen
strcpy
strcat
_stricmp
memcpy
strncpy
_wfopen
longjmp
_setjmp3
fclose
malloc
free
wcsncmp
floor
_snwprintf
_wcsicmp
tolower
_wcsnicmp
_wtoi
gmtime
localtime
mktime
_itow
fabs
ceil
fseek
ftell
fread
pow
??3@YAXPAX@Z
wcsstr
_wcsdup
abort
frexp
modf
fflush
fwrite
atof
fopen
_errno
strerror
abs
exit
sprintf
__p__iob
fprintf
ferror
getenv
sscanf
_vsnwprintf
cos
fmod
sin

kernel32

GetModuleHandleW
HeapCreate
GetEnvironmentVariableW
HeapDestroy
ExitProcess
SystemTimeToFileTime
LocalFileTimeToFileTime
FindResourceW
LoadResource
LockResource
SizeofResource
CreateToolhelp32Snapshot
CloseHandle
GetLogicalDriveStringsW
QueryDosDeviceW
FileTimeToLocalFileTime
FileTimeToSystemTime
ExpandEnvironmentStringsW
GetCurrentProcess
GetUserDefaultLangID
GetSystemDefaultLangID
MultiByteToWideChar
GetProcAddress
CreateRemoteThread
WaitForSingleObject
GetExitCodeThread
GetCurrentProcessId
OpenProcess
GetLastError
FormatMessageW
GetVolumeInformationW
FindFirstFileW
FindNextFileW
FindClose
WideCharToMultiByte
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
CreateProcessW
Beep
CreateFileW
CreateSemaphoreW
DeviceIoControl
GetCommandLineW
GetComputerNameW
GetDateFormatW
GetDiskFreeSpaceExW
GetExitCodeProcess
GetFileTime
GetPrivateProfileStringW
GetShortPathNameW
GetSystemDirectoryW
GetSystemPowerStatus
GetTimeZoneInformation
GetUserDefaultLCID
GetWindowsDirectoryW
GlobalMemoryStatus
LocalFree
Process32FirstW
Process32NextW
QueryPerformanceCounter
QueryPerformanceFrequency
SetComputerNameW
SetFileTime
SetSystemTime
SetVolumeLabelW
Sleep
TerminateProcess
WritePrivateProfileStringW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateThread
LoadLibraryW
FreeLibrary
GetCurrentThreadId
GetModuleFileNameW
DuplicateHandle
CreatePipe
GetStdHandle
HeapAlloc
HeapFree
PeekNamedPipe
SetEnvironmentVariableW
ReadFile
HeapReAlloc
GetFileSize
SetFilePointer
SetEndOfFile
WriteFile
TlsAlloc
TlsSetValue
GetTickCount
TlsGetValue
DeleteFileW
GetVersionExW
SetLastError
MulDiv
GetDriveTypeW
GetFileAttributesW
GetTempPathW
CreateDirectoryW
CopyFileW
SetFileAttributesW
RemoveDirectoryW
MoveFileW
GetLocalTime
HeapSize
TlsFree
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject

gdiplus

GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY

winspool.drv

ClosePrinter
DeletePrinter
OpenPrinterW
SetPrinterW

user32

SendMessageW
ReleaseDC
OemToCharW
EnumWindows
GetWindowThreadProcessId
FindWindowExW
FindWindowW
GetCursorPos
GetForegroundWindow
SetCursorPos
AnimateWindow
AttachThreadInput
BlockInput
ChangeDisplaySettingsW
CharToOemW
CreateWindowExW
DrawMenuBar
EnableMenuItem
EnableWindow
EnumDisplaySettingsW
ExitWindowsEx
FlashWindow
GetClassNameW
GetDC
GetDesktopWindow
GetFocus
GetKeyState
GetLastInputInfo
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindow
GetWindowLongW
GetWindowRect
GetWindowTextW
IsWindow
IsWindowEnabled
KillTimer
LoadCursorW
LockWorkStation
MessageBeep
PostMessageW
RegisterHotKey
RemoveMenu
SetClassLongW
SetFocus
SetForegroundWindow
SetTimer
SetWindowLongW
SetWindowPos
ShowWindow
UnregisterHotKey
UpdateWindow
WaitForInputIdle
keybd_event
mouse_event
MessageBoxW
IsWindowVisible
DestroyWindow
SystemParametersInfoW
GetParent
MapWindowPoints
MoveWindow
InvalidateRect
RedrawWindow
SetWindowTextW
GetSysColorBrush
GetWindowTextLengthW
SetRect
DrawTextW
ValidateRect
CallWindowProcW
RemovePropW
GetPropW
SetPropW
SetScrollPos
InflateRect
GetWindowDC
GetIconInfo
ReleaseCapture
BeginPaint
DrawStateW
EndPaint
SetCapture
ScreenToClient
DefWindowProcW
SetActiveWindow
DestroyIcon
LoadIconW
GetClientRect
RegisterClassW
AdjustWindowRectEx
CreateAcceleratorTableW
UnregisterClassW
PeekMessageW
MsgWaitForMultipleObjects
GetMessageW
GetActiveWindow
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DefFrameProcW
FillRect
DestroyAcceleratorTable
EnumChildWindows
IsChild
RegisterWindowMessageW
CopyImage
CharUpperW
CharLowerW
DrawIconEx

gdi32

CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
GetPixel
DeleteObject
GetStockObject
CreateFontIndirectW
SetTextColor
SetBkColor
GetTextExtentPoint32W
ExcludeClipRect
GetObjectType
GetObjectW
CreateSolidBrush
GetDeviceCaps
GdiGetBatchLimit
GdiSetBatchLimit
CreateDIBSection
CreateBitmap
SetPixel
GetDIBits
CreateFontW
SetBkMode
SetTextAlign
TextOutW
SetStretchBltMode
SetBrushOrgEx
StretchBlt
GetTextMetricsW

advapi32

RegOpenKeyExW
RegOpenKeyW
RegConnectRegistryW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
LookupAccountNameW
IsValidSid
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyW
AdjustTokenPrivileges
ChangeServiceConfigW
CloseServiceHandle
ControlService
CryptAcquireContextW
CryptCreateHash
CryptDeriveKey
CryptDestroyHash
CryptDestroyKey
CryptEncrypt
CryptHashData
CryptReleaseContext
GetUserNameW
ImpersonateLoggedOnUser
LogonUserW
LookupPrivilegeValueW
OpenProcessToken
OpenSCManagerW
OpenServiceW
QueryServiceStatus
RegEnumValueW
RevertToSelf
StartServiceW

comctl32

InitCommonControlsEx

oleaut32

SafeArrayGetDim
SafeArrayGetUBound
SafeArrayGetElement

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoSetProxyBlanket
CoCreateGuid
CoInitialize
StringFromGUID2
CoTaskMemFree
RevokeDragDrop

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
ExtractIconExW
ExtractIconW
IsNetDrive
RealDriveType
SHAddToRecentDocs
SHFileOperationW
SHFormatDrive
SHGetFileInfoW
ShellAboutW
Shell_NotifyIconW
ShellExecuteExW

wsock32

WSAStartup
gethostbyname
WSACleanup
gethostbyaddr
inet_addr
closesocket
gethostname
htons
select
__WSAFDIsSet
ioctlsocket
recvfrom
socket
bind
connect
recv

winmm

timeBeginPeriod

icmp

IcmpCloseHandle
IcmpCreateFile
IcmpSendEcho

imagehlp

MakeSureDirectoryPathExists

iphlpapi

GetAdaptersInfo
GetNetworkParams

msi

MsiEnumProductsW
MsiGetProductInfoW

netapi32

NetApiBufferFree
NetLocalGroupAdd
NetLocalGroupDel
NetLocalGroupEnum
NetUserDel
NetUserGetInfo
NetUserSetInfo

setupapi

SetupIterateCabinetW

urlmon

URLDownloadToFileW
UrlMkSetSessionOption

userenv

GetDefaultUserProfileDirectoryW

wininet

DeleteUrlCacheEntryW
InternetCloseHandle
InternetGetConnectedState
InternetOpenUrlW
InternetOpenW
InternetReadFile
UnlockUrlCacheEntryFileW

Sections

.code
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 323KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56.6MB - Virtual size: 56.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
KMS Tools Portable/readme.txt

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: 358KB - Virtual size: 672KB

Size: 52KB - Virtual size: 198KB

Size: 2KB - Virtual size: 44KB

Size: 15KB - Virtual size: 26KB

Size: 170KB - Virtual size: 248KB

Size: 1KB - Virtual size: 2KB

.imports Size: 1KB - Virtual size: 4KB

.rsrc Size: 196KB - Virtual size: 196KB

.themida Size: - Virtual size: 8.0MB

.loadcon Size: 512B - Virtual size: 4KB

.boot Size: 5.1MB - Virtual size: 5.1MB

.reloc Size: 16B - Virtual size: 4KB

fcf1390e9ce472c7270447fc5c61a0c1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdiplus

Sections

.text Size: 193KB - Virtual size: 193KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 4KB - Virtual size: 142KB

.gfids Size: 512B - Virtual size: 232B

.rsrc Size: 56KB - Virtual size: 56KB

.reloc Size: 8KB - Virtual size: 8KB

4a0eb751a0cc2fdf8841ea3c33b85101

Headers

File Characteristics

Imports

msvcrt

kernel32

gdiplus

winspool.drv

user32

gdi32

advapi32

comctl32

oleaut32

ole32

shell32

wsock32

winmm

icmp

imagehlp

iphlpapi

msi

netapi32

setupapi

urlmon

userenv

wininet

Sections

.code Size: 27KB - Virtual size: 27KB

.text Size: 323KB - Virtual size: 323KB

.rdata Size: 47KB - Virtual size: 46KB

.data Size: 56.6MB - Virtual size: 56.6MB

.rsrc Size: 195KB - Virtual size: 195KB

.imports
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 196KB - Virtual size: 196KB

.themida
Size: - Virtual size: 8.0MB

.loadcon
Size: 512B - Virtual size: 4KB

.boot
Size: 5.1MB - Virtual size: 5.1MB

.reloc
Size: 16B - Virtual size: 4KB

.text
Size: 193KB - Virtual size: 193KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 4KB - Virtual size: 142KB

.gfids
Size: 512B - Virtual size: 232B

.rsrc
Size: 56KB - Virtual size: 56KB

.reloc
Size: 8KB - Virtual size: 8KB

.code
Size: 27KB - Virtual size: 27KB

.text
Size: 323KB - Virtual size: 323KB

.rdata
Size: 47KB - Virtual size: 46KB

.data
Size: 56.6MB - Virtual size: 56.6MB

.rsrc
Size: 195KB - Virtual size: 195KB