General
-
Target
KMS Tools Portable password 2023.zip
-
Size
285.2MB
-
MD5
de8c2261e28291b4e39f1227ade3b8e6
-
SHA1
8d228684e86c9da88d1887397d369b57045f2514
-
SHA256
8bb0a647fb4f17c7a8c0feebb3f087ca21f1e22a87f08295642ba2721d26bb22
-
SHA512
968d0528ed78cd7d369dc8933912934417d74dd9794483769c28101289883ac3fc3950d9c175ec471f326afb0568c8c009a473fdb6e951d0efe361bbf0bf66f8
-
SSDEEP
6291456:dNkCmBbm3kx17umH0pemp/N7thtIeCrcKSQsiCB2lhB6HMf:dNkC5m1qA0pemp/NvaeC5s/Xe
Malware Config
Signatures
-
resource yara_rule static1/unpack001/KMS Tools Portable 01.03.2023/KMS Tools Unpack.exe themida
Files
-
KMS Tools Portable password 2023.zip.zip
Password: 2023
-
KMS Tools Portable 01.03.2023/Add_Defender_Exclusion.cmd
-
KMS Tools Portable 01.03.2023/KMS Tools Portable.chm.chm
-
KMS Tools Portable 01.03.2023/KMS Tools Unpack.exe.exe windows x64
Password: 2023
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Size: 358KB - Virtual size: 672KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 52KB - Virtual size: 198KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 2KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 15KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 170KB - Virtual size: 248KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 1KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.imports Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 196KB - Virtual size: 196KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 9.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.loadcon Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.boot Size: 6.1MB - Virtual size: 6.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 16B - Virtual size: 4KB
IMAGE_SCN_MEM_READ
-
KMS Tools Portable 01.03.2023/data0.bin.exe windows x86
Password: 2023
fcf1390e9ce472c7270447fc5c61a0c1
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetLastError
SetLastError
FormatMessageW
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
DecodePointer
gdiplus
GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
Sections
.text Size: 193KB - Virtual size: 193KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 142KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 232B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 56KB - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
KMS Tools Portable 01.03.2023/data1.bin.exe windows x86
Password: 2023
2b9a8abec9966c0f3722217d9fe9c645
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
memset
wcsncpy
wcslen
wcscmp
memmove
wcscpy
wcscat
memcmp
strlen
strcpy
strcat
_stricmp
memcpy
strncpy
_wfopen
longjmp
_setjmp3
fclose
malloc
free
_wcsicmp
wcsncmp
floor
_snwprintf
tolower
_wcsnicmp
_wtoi
gmtime
localtime
mktime
_itow
fabs
ceil
fseek
ftell
fread
pow
??3@YAXPAX@Z
wcsstr
_wcsdup
abort
frexp
modf
fflush
fwrite
atof
fopen
_errno
strerror
abs
exit
sprintf
__p__iob
fprintf
ferror
getenv
sscanf
_vsnwprintf
cos
fmod
sin
kernel32
GetModuleHandleW
HeapCreate
GetEnvironmentVariableW
HeapDestroy
ExitProcess
SystemTimeToFileTime
LocalFileTimeToFileTime
FindResourceW
LoadResource
LockResource
SizeofResource
CreateToolhelp32Snapshot
CloseHandle
GetLogicalDriveStringsW
QueryDosDeviceW
FileTimeToLocalFileTime
FileTimeToSystemTime
ExpandEnvironmentStringsW
GetCurrentProcess
GetUserDefaultLangID
GetSystemDefaultLangID
MultiByteToWideChar
GetProcAddress
CreateRemoteThread
WaitForSingleObject
GetExitCodeThread
GetCurrentProcessId
OpenProcess
GetLastError
FormatMessageW
GetVolumeInformationW
FindFirstFileW
FindNextFileW
FindClose
WideCharToMultiByte
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
CreateProcessW
Beep
CreateFileW
CreateSemaphoreW
DeviceIoControl
GetCommandLineW
GetComputerNameW
GetDateFormatW
GetDiskFreeSpaceExW
GetExitCodeProcess
GetFileTime
GetPrivateProfileStringW
GetShortPathNameW
GetSystemDirectoryW
GetSystemPowerStatus
GetTimeZoneInformation
GetUserDefaultLCID
GetWindowsDirectoryW
GlobalMemoryStatus
LocalFree
Process32FirstW
Process32NextW
QueryPerformanceCounter
QueryPerformanceFrequency
SetComputerNameW
SetFileTime
SetSystemTime
SetVolumeLabelW
Sleep
TerminateProcess
WritePrivateProfileStringW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateThread
LoadLibraryW
FreeLibrary
GetCurrentThreadId
GetModuleFileNameW
DuplicateHandle
CreatePipe
GetStdHandle
HeapAlloc
HeapFree
PeekNamedPipe
SetEnvironmentVariableW
ReadFile
HeapReAlloc
GetFileSize
SetFilePointer
SetEndOfFile
WriteFile
TlsAlloc
TlsSetValue
GetTickCount
TlsGetValue
DeleteFileW
GetVersionExW
SetLastError
MulDiv
GetDriveTypeW
GetFileAttributesW
GetTempPathW
CreateDirectoryW
CopyFileW
SetFileAttributesW
RemoveDirectoryW
MoveFileW
GetLocalTime
HeapSize
TlsFree
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject
user32
SendMessageW
ReleaseDC
OemToCharW
EnumWindows
GetWindowThreadProcessId
FindWindowExW
FindWindowW
GetCursorPos
GetForegroundWindow
SetCursorPos
AnimateWindow
AttachThreadInput
BlockInput
ChangeDisplaySettingsW
CharToOemW
CreateWindowExW
DrawMenuBar
EnableMenuItem
EnableWindow
EnumDisplaySettingsW
ExitWindowsEx
FlashWindow
GetClassNameW
GetDC
GetDesktopWindow
GetFocus
GetKeyState
GetLastInputInfo
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindow
GetWindowLongW
GetWindowRect
GetWindowTextW
IsWindow
IsWindowEnabled
KillTimer
LoadCursorW
LockWorkStation
MessageBeep
PostMessageW
RegisterHotKey
RemoveMenu
SetClassLongW
SetFocus
SetForegroundWindow
SetTimer
SetWindowLongW
SetWindowPos
ShowWindow
UnregisterHotKey
UpdateWindow
WaitForInputIdle
keybd_event
mouse_event
MessageBoxW
IsWindowVisible
DestroyWindow
SystemParametersInfoW
GetParent
MapWindowPoints
MoveWindow
InvalidateRect
RedrawWindow
SetWindowTextW
GetSysColorBrush
GetWindowTextLengthW
SetRect
DrawTextW
ValidateRect
CallWindowProcW
RemovePropW
GetPropW
SetPropW
SetScrollPos
InflateRect
GetWindowDC
GetIconInfo
ReleaseCapture
BeginPaint
DrawStateW
EndPaint
SetCapture
ScreenToClient
DefWindowProcW
SetActiveWindow
DestroyIcon
LoadIconW
GetClientRect
RegisterClassW
AdjustWindowRectEx
CreateAcceleratorTableW
UnregisterClassW
PeekMessageW
MsgWaitForMultipleObjects
GetMessageW
GetActiveWindow
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DefFrameProcW
DestroyAcceleratorTable
EnumChildWindows
FillRect
IsChild
RegisterWindowMessageW
CopyImage
CharUpperW
CharLowerW
DrawIconEx
gdi32
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
GetPixel
DeleteObject
GetStockObject
CreateFontIndirectW
SetTextColor
SetBkColor
GetTextExtentPoint32W
ExcludeClipRect
GetObjectType
GetObjectW
CreateSolidBrush
GetDeviceCaps
CreateRectRgnIndirect
GetClipRgn
ExtSelectClipRgn
SelectClipRgn
GdiGetBatchLimit
GdiSetBatchLimit
CreateDIBSection
CreateBitmap
SetPixel
GetDIBits
CreateFontW
SetBkMode
SetTextAlign
TextOutW
SetStretchBltMode
SetBrushOrgEx
StretchBlt
GetTextMetricsW
advapi32
RegOpenKeyExW
RegOpenKeyW
RegConnectRegistryW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
LookupAccountNameW
IsValidSid
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyW
AdjustTokenPrivileges
ChangeServiceConfigW
CloseServiceHandle
ControlService
CryptAcquireContextW
CryptCreateHash
CryptDeriveKey
CryptDestroyHash
CryptDestroyKey
CryptEncrypt
CryptHashData
CryptReleaseContext
GetUserNameW
ImpersonateLoggedOnUser
LogonUserW
LookupPrivilegeValueW
OpenProcessToken
OpenSCManagerW
OpenServiceW
QueryServiceStatus
RegEnumValueW
RevertToSelf
StartServiceW
oleaut32
SafeArrayGetDim
SafeArrayGetUBound
SafeArrayGetElement
ole32
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoSetProxyBlanket
CoCreateGuid
CoInitialize
StringFromGUID2
CoTaskMemFree
RevokeDragDrop
shell32
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ExtractIconExW
ExtractIconW
ord66
ord524
SHAddToRecentDocs
SHFileOperationW
SHFormatDrive
SHGetFileInfoW
ShellAboutW
Shell_NotifyIconW
ShellExecuteExW
ws2_32
WSAStartup
gethostbyname
WSACleanup
gethostbyaddr
inet_addr
closesocket
gethostname
htons
select
__WSAFDIsSet
ioctlsocket
recvfrom
socket
bind
connect
recv
winmm
timeBeginPeriod
gdiplus
GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY
icmp
IcmpCloseHandle
IcmpCreateFile
IcmpSendEcho
imagehlp
MakeSureDirectoryPathExists
iphlpapi
GetAdaptersInfo
GetNetworkParams
msi
ord45
ord70
netapi32
NetApiBufferFree
NetLocalGroupAdd
NetLocalGroupDel
NetLocalGroupEnum
NetUserDel
NetUserGetInfo
NetUserSetInfo
setupapi
SetupIterateCabinetW
urlmon
URLDownloadToFileW
UrlMkSetSessionOption
userenv
GetDefaultUserProfileDirectoryW
wininet
DeleteUrlCacheEntryW
InternetCloseHandle
InternetGetConnectedState
InternetOpenUrlW
InternetOpenW
InternetReadFile
UnlockUrlCacheEntryFileW
winspool.drv
ClosePrinter
DeletePrinter
OpenPrinterW
SetPrinterW
comctl32
InitCommonControlsEx
Sections
.code Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.text Size: 324KB - Virtual size: 323KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 49KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 62.8MB - Virtual size: 62.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 195KB - Virtual size: 195KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
KMS Tools Portable 01.03.2023/readme.txt