pico[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

pico.rar
Size

1.2MB
MD5

619054a8cf685d4c675f7ddb7d85eafc
SHA1

b70bcd460ef9131b74a1e2b3c31ea0c2f45cbe81
SHA256

8557f6d351334174760092ef68fb01f1ad8224a84c8ddb4dfcdac06f382b3a6b
SHA512

74284900c398c52410a2b5436eaf7da2aa74e59e7480e237d80a49119f88b13536104ab8240d0ed72904363b42a9b2962f380d37822a1be89c6588605d77f8fb
SSDEEP

24576:xTGKDkgCNgBYgVMLsmpqbjAKxE3QZh0HcwMzDMjYHkcn04ZP:/kgCN+UHpq3pgQZhUcwoRHkvUP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/KMSpico.v10.2.0/KMSpico.exe

Files

pico.rar
.rar

Password: 4all
KMSpico.v10.2.0/Check_Activation.cmd
KMSpico.v10.2.0/Check_Logfile.cmd
KMSpico.v10.2.0/KMSpico.exe
.exe windows:4 windows x86 arch:x86

Password: 4all

1d1577d864d2da06952f7affd8635371

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteExW

gdi32

CreateCompatibleDC
CreateFontIndirectW
DeleteObject
DeleteDC
GetCurrentObject
StretchBlt
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
SetStretchBltMode
GetObjectW

advapi32

FreeSid
AllocateAndInitializeSid
CheckTokenMembership

user32

GetMenu
SetWindowPos
GetWindowDC
ReleaseDC
CopyImage
GetKeyState
GetWindowRect
ScreenToClient
GetWindowLongW
SetTimer
GetMessageW
DispatchMessageW
KillTimer
DestroyWindow
EndDialog
SendMessageW
wsprintfW
GetClassNameA
GetWindowTextW
GetWindowTextLengthW
GetSysColor
wsprintfA
SetWindowTextW
CreateWindowExW
GetDlgItem
GetClientRect
SetWindowLongW
UnhookWindowsHookEx
SetFocus
GetSystemMetrics
SystemParametersInfoW
ShowWindow
DrawTextW
GetDC
ClientToScreen
GetWindow
DialogBoxIndirectParamW
DrawIconEx
CallWindowProcW
DefWindowProcW
CallNextHookEx
PtInRect
SetWindowsHookExW
LoadImageW
LoadIconW
MessageBeep
EnableWindow
IsWindow
EnableMenuItem
GetSystemMenu
wvsprintfW
CharUpperW
MessageBoxA
GetParent

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoInitialize

oleaut32

SysAllocString
VariantClear
OleLoadPicture

kernel32

SetFileTime
SetEndOfFile
EnterCriticalSection
DeleteCriticalSection
GetModuleHandleA
LeaveCriticalSection
WaitForMultipleObjects
ReadFile
SetFilePointer
GetFileSize
FormatMessageW
lstrcpyW
LocalFree
IsBadReadPtr
GetSystemDirectoryW
GetCurrentThreadId
SuspendThread
TerminateThread
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
GetVersionExW
GetModuleFileNameW
GetCurrentProcess
SetProcessWorkingSetSize
SetCurrentDirectoryW
GetDriveTypeW
CreateFileW
GetCommandLineW
GetStartupInfoW
CreateProcessW
CreateJobObjectW
ResumeThread
AssignProcessToJobObject
CreateIoCompletionPort
SetInformationJobObject
GetQueuedCompletionStatus
GetExitCodeProcess
CloseHandle
SetEnvironmentVariableW
GetTempPathW
GetSystemTimeAsFileTime
lstrlenW
CompareFileTime
SetThreadLocale
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
RemoveDirectoryW
ExpandEnvironmentStringsW
WideCharToMultiByte
VirtualAlloc
GlobalMemoryStatusEx
lstrcmpW
GetEnvironmentVariableW
lstrcmpiW
lstrlenA
GetLocaleInfoW
MultiByteToWideChar
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetSystemDefaultLCID
lstrcmpiA
GlobalAlloc
GlobalFree
MulDiv
FindResourceExA
SizeofResource
LoadResource
LockResource
LoadLibraryA
ExitProcess
lstrcatW
GetDiskFreeSpaceExW
SetFileAttributesW
SetLastError
Sleep
GetExitCodeThread
WaitForSingleObject
CreateThread
GetLastError
SystemTimeToFileTime
GetLocalTime
GetFileAttributesW
CreateDirectoryW
WriteFile
GetStdHandle
VirtualFree
GetModuleHandleW
GetProcAddress
GetStartupInfoA

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
memcmp
free
memcpy
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
_CxxThrowException
_beginthreadex
_EH_prolog
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
memset
_wcsnicmp
strncmp
wcsncmp
malloc
memmove
_wtol
_purecall

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
KMSpico.v10.2.0/readme.txt

Sharing

General

Malware Config

Signatures

Files

Password: 4all

Password: 4all

1d1577d864d2da06952f7affd8635371

Headers

File Characteristics

Imports

comctl32

shell32

gdi32

advapi32

user32

ole32

oleaut32

kernel32

msvcrt

Sections

.text Size: 88KB - Virtual size: 88KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 363KB - Virtual size: 363KB

.text
Size: 88KB - Virtual size: 88KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 363KB - Virtual size: 363KB