Overview

overview

7

Static

static

7

HEU_KMS_Ac....0.exe

windows7-x64

7

HEU_KMS_Ac....0.exe

windows10-2004-x64

7

HEU_KMS_Ac...��.url

windows7-x64

1

HEU_KMS_Ac...��.url

windows10-2004-x64

1

HEU_KMS_Ac...��.url

windows7-x64

1

HEU_KMS_Ac...��.url

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    f1afaa52fc2bdf058d7c86bf8aa58633fba0a7b68c6e439f160523dab4f15d65.zip.zip

  • Size

    4.3MB

  • MD5

    64f4234ad291503c545f84c31f48629b

  • SHA1

    b971eb275cc04209cae89e90913acf3b7a81828a

  • SHA256

    1afd101a0e36baeef4ca4d26c2d3eb793e1014d6c89841f1c59dfc3fe756d3a8

  • SHA512

    2048ae4724cb1ee1a5fe702fd512eefeee60f213d8b84eab9d74818bc91657063181d94942e44476e3ffb2b3a78b49f28cd71fc8bcc80172507235a1b4113f88

  • SSDEEP

    98304:Tl4r3jx2I7hN90nLzi9XXhHOGoViJ6DBY4mq3sDkNAkiSkH9RlUFsj:TluQIFN9AsXXoVi+74QAkdCnj

Score
7/10
qrlinkupx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • One or more HTTP URLs in qr code identified

    Detects presence of HTTP links in QR codes.

    qrlink
  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • f1afaa52fc2bdf058d7c86bf8aa58633fba0a7b68c6e439f160523dab4f15d65.zip.zip
    .zip

    Password: infected

  • f1afaa52fc2bdf058d7c86bf8aa58633fba0a7b68c6e439f160523dab4f15d65.zip
    .zip
  • HEU_KMS_Activator_v30.3.0/HEU3030_Debug.txt
  • HEU_KMS_Activator_v30.3.0/HEU_KMS_Activator_30.3.0.exe
    .exe windows:5 windows x86


    Headers

    Sections

  • out.upx
    .exe windows:5 windows x86


    Headers

    Sections

  • HEU_KMS_Activator_v30.3.0/J - ˬɾڣ.url
    .url
  • HEU_KMS_Activator_v30.3.0/΢Źں.jpg
    .jpg

    • http://weixin.qq.com/r/AiiutiXEk3jsrWHV930Q

  • HEU_KMS_Activator_v30.3.0/.url
    .url
  • HEU_KMS_Activator_v30.3.0/־.txt