Overview

overview

10

Static

static

10

HWID Bypass.zip

windows7-x64

1

HWID Bypass.zip

windows10-2004-x64

1

HWID Bypas...er.url

windows7-x64

1

HWID Bypas...er.url

windows10-2004-x64

1

HWID Bypas...rs.lnk

windows7-x64

1

HWID Bypas...rs.lnk

windows10-2004-x64

1

HWID Bypas...rs.lnk

windows7-x64

1

HWID Bypas...rs.lnk

windows10-2004-x64

1

HWID Bypas...er.lnk

windows7-x64

1

HWID Bypas...er.lnk

windows10-2004-x64

1

HWID Bypas...er.lnk

windows7-x64

1

HWID Bypas...er.lnk

windows10-2004-x64

1

HWID Bypas...er.lnk

windows7-x64

1

HWID Bypas...er.lnk

windows10-2004-x64

1

HWID Bypas...er.lnk

windows7-x64

1

HWID Bypas...er.lnk

windows10-2004-x64

1

HWID Bypas...er.lnk

windows7-x64

1

HWID Bypas...er.lnk

windows10-2004-x64

1

HWID Bypas...er.lnk

windows7-x64

1

HWID Bypas...er.lnk

windows10-2004-x64

1

HWID Bypas...it.lnk

windows7-x64

1

HWID Bypas...it.lnk

windows10-2004-x64

1

HWID Bypas...ry.txt

windows7-x64

1

HWID Bypas...ry.txt

windows10-2004-x64

1

HWID Bypas...SE.txt

windows7-x64

1

HWID Bypas...SE.txt

windows10-2004-x64

1

HWID Bypas...SE.txt

windows7-x64

1

HWID Bypas...SE.txt

windows10-2004-x64

1

HWID Bypas...ew.cfg

windows7-x64

3

HWID Bypas...ew.cfg

windows10-2004-x64

3

HWID Bypas...ew.chm

windows7-x64

1

HWID Bypas...ew.chm

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    HWID Bypass.zip

  • Size

    3.0MB

  • MD5

    ba4814af98e20597e04a7f820b212449

  • SHA1

    662ce8909af2af800efb313784c2ba3679aa1abd

  • SHA256

    daddcabc34dab9de2bfa0abad7eed1d3cd1b6f5c72e9209f9ec76e0becd80c20

  • SHA512

    3a816a114861410971dabc5795266b09cae63d859999e1f60385215532418d5619ed6a8e25aa8bbb396bc85db7926e4fa661f1ba86958c4b33dd8102bb097671

  • SSDEEP

    49152:mRXpz4speFQajigQIv6L9W8iKMrcky94nHYk2YZ1R7WuYz7H9D6usoo/DWwh5+Kn:mRpz4a0QUigQDZwcJ6HYkfRKJvp6/yw/

Score
10/10

Malware Config

Signatures

  • Nirsoft 1 IoCs
  • Unsigned PE 6 IoCs

    Checks for missing Authenticode signature.

Files

  • HWID Bypass.zip
    .zip
  • HWID Bypass/READ ME PLEASE.txt
  • HWID Bypass/STEP 1 - Uninstall & Clear Traces/1. Uninstall the Game & Launcher.url
    .url
  • HWID Bypass/STEP 1 - Uninstall & Clear Traces/2. Delete Game,Launcher Folders.lnk
    .lnk
  • HWID Bypass/STEP 1 - Uninstall & Clear Traces/3. Delete Game,Launcher Folders.lnk
    .lnk
  • HWID Bypass/STEP 1 - Uninstall & Clear Traces/4.1Delete Anything Related to Game and Launcher.lnk
    .lnk
  • HWID Bypass/STEP 1 - Uninstall & Clear Traces/4.2 Delete Anything Related to Game and Launcher.lnk
    .lnk
  • HWID Bypass/STEP 1 - Uninstall & Clear Traces/4.3 Delete Anything Related to Game and Launcher.lnk
    .lnk
  • HWID Bypass/STEP 1 - Uninstall & Clear Traces/4.4 Delete Anything Related to Game and Launcher.lnk
    .lnk
  • HWID Bypass/STEP 1 - Uninstall & Clear Traces/4.5 Delete Anything Related to Game and Launcher.lnk
    .lnk
  • HWID Bypass/STEP 1 - Uninstall & Clear Traces/4.6 Delete Anything Related to Game and Launcher.lnk
    .lnk
  • HWID Bypass/STEP 1 - Uninstall & Clear Traces/5. Open Registry Edit.lnk
    .lnk
  • HWID Bypass/STEP 1 - Uninstall & Clear Traces/5.1 Locations to search in Registry.txt
  • HWID Bypass/STEP 1 - Uninstall & Clear Traces/READ THIS FILE PLEASE.txt
  • HWID Bypass/STEP 10 - Change Mouse, Keyboard, Controller, SNs/READ ME PLEASE.txt
  • HWID Bypass/STEP 10 - Change Mouse, Keyboard, Controller, SNs/USBDeview.cfg
  • HWID Bypass/STEP 10 - Change Mouse, Keyboard, Controller, SNs/USBDeview.chm
    .chm
  • HWID Bypass/STEP 10 - Change Mouse, Keyboard, Controller, SNs/USBDeview.exe
    .exe windows:4 windows x64

    a40d8b81263f7fc26c2e21012deecd1a


    Code Sign

    Headers

    Imports

    Sections

  • HWID Bypass/STEP 2 - Change Drive IDs/1. Change Disk IDs.cmd
  • HWID Bypass/STEP 2 - Change Drive IDs/READ ME PLEASE.txt
  • HWID Bypass/STEP 2 - Change Drive IDs/_/Volumeid.exe
    .exe windows:5 windows x86

    196b8047c609ccadce7fd294c9a3e6a2


    Code Sign

    Headers

    Imports

    Sections

  • HWID Bypass/STEP 2 - Change Drive IDs/_/Volumeid64.exe
    .exe windows:5 windows x64

    735aed1002ee8ff1be0e1dee668e8b0d


    Code Sign

    Headers

    Imports

    Sections

  • HWID Bypass/STEP 3 - Change HWIDS/1. Change ALL HWIDs.cmd
  • HWID Bypass/STEP 3 - Change HWIDS/READ ME PLEASE.txt
  • HWID Bypass/STEP 3 - Change HWIDS/_/AMIDEWINx64.EXE
    .exe windows:6 windows x64

    272dae991c0311688a7a20faa5468b8e


    Headers

    Imports

    Sections

  • HWID Bypass/STEP 3 - Change HWIDS/_/Command Prompt.lnk
    .lnk
  • HWID Bypass/STEP 3 - Change HWIDS/_/amifldrv64.sys
    .sys windows:6 windows x64

    b05ee5c816a30bc52378c759486af0b9


    Code Sign

    Headers

    Imports

    Sections

  • HWID Bypass/STEP 4 - Edit HWID Registry keys/1. Registry Editor.lnk
    .lnk
  • HWID Bypass/STEP 4 - Edit HWID Registry keys/2. Locations in Registry.txt
  • HWID Bypass/STEP 4 - Edit HWID Registry keys/3. GUID Generator Website.url
    .url
  • HWID Bypass/STEP 4 - Edit HWID Registry keys/READ ME PLEASE.txt
  • HWID Bypass/STEP 5 - Change MAC address/1. Install TMACv6.0.7_Setup.exe
    .exe windows:4 windows x86

    a8fd72e864d14b8484dd49e800fd3a36


    Headers

    Imports

    Sections

  • HWID Bypass/STEP 5 - Change MAC address/READ ME PLEASE.txt
  • HWID Bypass/STEP 6 - Mask your IP/1. Download NordVPN.url
    .url
  • HWID Bypass/STEP 6 - Mask your IP/READ ME PLEASE.txt
  • HWID Bypass/STEP 7 - New Account/MMOGA.url
    .url
  • HWID Bypass/STEP 7 - New Account/MMOGAH.url
    .url
  • HWID Bypass/STEP 7 - New Account/READ ME PLEASE.txt
  • HWID Bypass/STEP 8 - Create New Windows User/READ ME PLEASE.txt
  • HWID Bypass/STEP 9 - Change Monitor HWID/CRU.exe
    .exe windows:4 windows x86

    cafc89e1b0a9b2c5b10389d6d19936ce


    Headers

    Imports

    Exports

    Sections

  • HWID Bypass/STEP 9 - Change Monitor HWID/READ ME PLEASE.txt
  • HWID Bypass/STEP 9 - Change Monitor HWID/reset-all.exe
    .exe windows:5 windows x86

    32f33abb2edf5d9be4310f0050d459d0


    Headers

    Imports

    Sections

  • HWID Bypass/STEP 9 - Change Monitor HWID/restart.exe
    .exe windows:5 windows x86

    cf4f510acda53bad738cb1d4e01b1c70


    Headers

    Imports

    Sections

  • HWID Bypass/STEP 9 - Change Monitor HWID/restart64.exe
    .exe windows:5 windows x64

    2a69fe822ced9bf301916c1307e497a9


    Headers

    Imports

    Sections