57462a9d49d4cffd9f71ff57963a03f136fec301754222b876604b96d26f5739

Sharing

Copy URL Twitter E-mail

General

Target

57462a9d49d4cffd9f71ff57963a03f136fec301754222b876604b96d26f5739
Size

141KB
MD5

6aeb9e3cc8aa876afd4adbd8c9afdf53
SHA1

f3d458012dbc9ebff20f57940e75de70a75cf604
SHA256

57462a9d49d4cffd9f71ff57963a03f136fec301754222b876604b96d26f5739
SHA512

d8d49cf5f6caedcb507b45da2cbf651f4cabec0c64f3ff1cce9eec3b288a450671f34d047e8e28e1b54f07b101cff1cd6863e3071ba3029875f4eebf11bac864
SSDEEP

3072:SrXVh87JcImhCWYlLBhPrXVu88GcKetjH8A:SrXVq7JcFCjlFlrXVJ8GchtIA

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/KMS_VL_ALL-51/$OEM$/$$/Setup/Scripts/bin/x64.dll
unpack001/KMS_VL_ALL-51/$OEM$/$$/Setup/Scripts/bin/x86.dll
unpack001/KMS_VL_ALL-51/bin/x64.dll
unpack001/KMS_VL_ALL-51/bin/x86.dll

Files

57462a9d49d4cffd9f71ff57963a03f136fec301754222b876604b96d26f5739
.rar
KMS_VL_ALL-51/$OEM$/$$/Setup/Scripts/bin/A64.dll
KMS_VL_ALL-51/$OEM$/$$/Setup/Scripts/bin/CleanOffice.txt
.ps1
KMS_VL_ALL-51/$OEM$/$$/Setup/Scripts/bin/SvcTrigger.xml
KMS_VL_ALL-51/$OEM$/$$/Setup/Scripts/bin/x64.dll
.dll windows:6 windows x64 arch:x64

09aa7a1a68855623e3ac071d6080ef31

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntdll

LdrDisableThreadCalloutsForDll
NtProtectVirtualMemory
RtlInitUnicodeString
LdrGetDllHandle
LdrLoadDll
RtlInitAnsiString
LdrGetProcedureAddress
RtlTimeToTimeFields
NtSetEvent
RtlRandomEx
NtQueryPerformanceCounter
NtQuerySystemTime
RtlTimeFieldsToTime
RtlAllocateHeap
LdrOpenImageFileOptionsKey
LdrQueryImageFileKeyOption
NtClose
swprintf_s
strcmp
_wcsnicmp
memmove
memcpy
memset
wcslen
_wcsicmp
memcmp

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 950B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KMS_VL_ALL-51/$OEM$/$$/Setup/Scripts/bin/x86.dll
.dll windows:6 windows x86 arch:x86

8a7f219820c2adf212c4edf3841eebff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

LdrDisableThreadCalloutsForDll
NtProtectVirtualMemory
RtlInitUnicodeString
LdrGetDllHandle
LdrLoadDll
RtlInitAnsiString
LdrGetProcedureAddress
RtlTimeToTimeFields
NtSetEvent
RtlRandomEx
NtQueryPerformanceCounter
NtQuerySystemTime
RtlTimeFieldsToTime
RtlAllocateHeap
LdrOpenImageFileOptionsKey
LdrQueryImageFileKeyOption
NtClose
_aulldvrm
strcmp
_wcsnicmp
memmove
memcpy
memset
wcslen
_wcsicmp
swprintf_s
memcmp
_alldiv
_allmul
_allshl
_aulldiv
_aullrem

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KMS_VL_ALL-51/$OEM$/$$/Setup/Scripts/bin/xrm.txt
.ps1
KMS_VL_ALL-51/$OEM$/$$/Setup/Scripts/setupcomplete.cmd
.cmd .vbs
KMS_VL_ALL-51/Activate.cmd
.cmd .vbs
KMS_VL_ALL-51/AutoRenewal-Setup.cmd
.wsf .vbs polyglot
KMS_VL_ALL-51/Check-Activation-Status-vbs.cmd
.cmd .vbs
KMS_VL_ALL-51/Check-Activation-Status-wmi.cmd
.wsf .vbs polyglot
KMS_VL_ALL-51/ReadMe.html
KMS_VL_ALL-51/bin/A64.dll
KMS_VL_ALL-51/bin/CleanOffice.txt
.ps1
KMS_VL_ALL-51/bin/SvcTrigger.xml
KMS_VL_ALL-51/bin/x64.dll
.dll windows:6 windows x64 arch:x64

09aa7a1a68855623e3ac071d6080ef31

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntdll

LdrDisableThreadCalloutsForDll
NtProtectVirtualMemory
RtlInitUnicodeString
LdrGetDllHandle
LdrLoadDll
RtlInitAnsiString
LdrGetProcedureAddress
RtlTimeToTimeFields
NtSetEvent
RtlRandomEx
NtQueryPerformanceCounter
NtQuerySystemTime
RtlTimeFieldsToTime
RtlAllocateHeap
LdrOpenImageFileOptionsKey
LdrQueryImageFileKeyOption
NtClose
swprintf_s
strcmp
_wcsnicmp
memmove
memcpy
memset
wcslen
_wcsicmp
memcmp

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 950B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KMS_VL_ALL-51/bin/x86.dll
.dll windows:6 windows x86 arch:x86

8a7f219820c2adf212c4edf3841eebff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

LdrDisableThreadCalloutsForDll
NtProtectVirtualMemory
RtlInitUnicodeString
LdrGetDllHandle
LdrLoadDll
RtlInitAnsiString
LdrGetProcedureAddress
RtlTimeToTimeFields
NtSetEvent
RtlRandomEx
NtQueryPerformanceCounter
NtQuerySystemTime
RtlTimeFieldsToTime
RtlAllocateHeap
LdrOpenImageFileOptionsKey
LdrQueryImageFileKeyOption
NtClose
_aulldvrm
strcmp
_wcsnicmp
memmove
memcpy
memset
wcslen
_wcsicmp
swprintf_s
memcmp
_alldiv
_allmul
_allshl
_aulldiv
_aullrem

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KMS_VL_ALL-51/bin/xrm.txt
.ps1

Sharing

General

Malware Config

Signatures

Files

09aa7a1a68855623e3ac071d6080ef31

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

Sections

.text Size: 15KB - Virtual size: 15KB

.data Size: 1KB - Virtual size: 1KB

.idata Size: 1024B - Virtual size: 950B

.reloc Size: 512B - Virtual size: 148B

8a7f219820c2adf212c4edf3841eebff

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

Sections

.text Size: 11KB - Virtual size: 11KB

.data Size: 1024B - Virtual size: 992B

.idata Size: 1024B - Virtual size: 848B

.reloc Size: 1024B - Virtual size: 692B

09aa7a1a68855623e3ac071d6080ef31

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

Sections

.text Size: 15KB - Virtual size: 15KB

.data Size: 1KB - Virtual size: 1KB

.idata Size: 1024B - Virtual size: 950B

.reloc Size: 512B - Virtual size: 148B

8a7f219820c2adf212c4edf3841eebff

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

Sections

.text Size: 11KB - Virtual size: 11KB

.data Size: 1024B - Virtual size: 992B

.idata Size: 1024B - Virtual size: 848B

.reloc Size: 1024B - Virtual size: 692B

.text
Size: 15KB - Virtual size: 15KB

.data
Size: 1KB - Virtual size: 1KB

.idata
Size: 1024B - Virtual size: 950B

.reloc
Size: 512B - Virtual size: 148B

.text
Size: 11KB - Virtual size: 11KB

.data
Size: 1024B - Virtual size: 992B

.idata
Size: 1024B - Virtual size: 848B

.reloc
Size: 1024B - Virtual size: 692B

.text
Size: 15KB - Virtual size: 15KB

.data
Size: 1KB - Virtual size: 1KB

.idata
Size: 1024B - Virtual size: 950B

.reloc
Size: 512B - Virtual size: 148B

.text
Size: 11KB - Virtual size: 11KB

.data
Size: 1024B - Virtual size: 992B

.idata
Size: 1024B - Virtual size: 848B

.reloc
Size: 1024B - Virtual size: 692B