HEU-KMS-Activator-40[.]0[.]0[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

HEU-KMS-Activator-40.0.0.rar
Size

4.5MB
MD5

432c509e4c7b90cab727db44a13335af
SHA1

dd2c523ac7e07824ef3728c44c20a0d3cf82afd2
SHA256

76a8e33e7f66f2afd1af5c795f777476666d4402d7b7cc61c3edfbeeec0d4e0e
SHA512

1c800ea0a0ebb4a5ebf90dc5e2e2cc1aedb195605e33e3d3dbc39eb57a14a7868a0807bf1821da6eb44b44db43cb26ac77705d77f3804d2afb8c9ebea63b2153
SSDEEP

98304:6xztPCdoS/ddNip/d7+7u7/66q4s/lnIBeG8jWyuXCA3wNqGkR:6hGXdHiB5+S7/1qXIBSKJwEGS

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/HEU KMS Activator 40.0.0/HEU_KMS_Activator_40.0.0.exe	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack002/out.upx	autoit_exe

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/HEU KMS Activator 40.0.0/HEU_KMS_Activator_40.0.0.exe
unpack002/out.upx

Files

HEU-KMS-Activator-40.0.0.rar
.rar

Password: 1progs
HEU KMS Activator 40.0.0/HEU_KMS_Activator_40.0.0.exe
.exe windows:5 windows x86

Password: 1progs

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 4.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 372KB - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 619KB - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HEU KMS Activator 40.0.0/Скачано с 1progs.com.url
.url
HEU KMS Activator 40.0.0/更新地址：微信公众号.png
HEU KMS Activator 40.0.0/更新日志.txt

Sharing

General

Malware Config

Signatures

Files

Password: 1progs

Password: 1progs

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 4.7MB

UPX1 Size: 372KB - Virtual size: 376KB

.rsrc Size: 4.2MB - Virtual size: 4.2MB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 619KB - Virtual size: 618KB

.rdata Size: 191KB - Virtual size: 190KB

.data Size: 18KB - Virtual size: 28KB

.rsrc Size: 4.2MB - Virtual size: 4.2MB

.reloc Size: 29KB - Virtual size: 29KB

UPX0
Size: - Virtual size: 4.7MB

UPX1
Size: 372KB - Virtual size: 376KB

.rsrc
Size: 4.2MB - Virtual size: 4.2MB

.text
Size: 619KB - Virtual size: 618KB

.rdata
Size: 191KB - Virtual size: 190KB

.data
Size: 18KB - Virtual size: 28KB

.rsrc
Size: 4.2MB - Virtual size: 4.2MB

.reloc
Size: 29KB - Virtual size: 29KB