398f2477d219c687f353ced24c21baf633b93cc8a795f340a742939ef728d9bd

Sharing

Copy URL Twitter E-mail

General

Target

398f2477d219c687f353ced24c21baf633b93cc8a795f340a742939ef728d9bd
Size

10.0MB
MD5

ee41414abea0c4bda3074ee2232f0f7e
SHA1

5cde5fba67a66ed12271a0b777f6e5cb97dda3e6
SHA256

398f2477d219c687f353ced24c21baf633b93cc8a795f340a742939ef728d9bd
SHA512

7e8152407a5d0b1305a22697b4ff6822c54bc316ee81541da5a8623279df87ce448080074a438320b3be8e38860f0ddbc53857d819d4bff12365a6b6d654981d
SSDEEP

196608:S9eGbpr+/ZEiNo/N0Z6E0Hn7RerMsn2wRJBVEaTx2+YjTZwn6G3DDra3cBhGbqYi:S9eGbpr+/ZE4A8rM3wRJB/29TKnZOshx

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/⨢/KMSAuto x64.exe	upx
static1/unpack001/⨢/KMSAuto.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx
unpack003/out.upx

Files

398f2477d219c687f353ced24c21baf633b93cc8a795f340a742939ef728d9bd
.zip
⨢/KMSAuto x64.exe
.exe windows:4 windows x64 arch:x64

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02/11/2016, 18:47

Not After

31/12/2039, 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02/11/2016, 18:47

Not After

31/12/2039, 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

87:79:4b:02:d8:c3:04:27:72:9f:7f:51:dd:53:b2:c0:ab:df:b7:d8:23:09:cc:e9:77:55:90:75:d0:ea:61:f6
Signer

Actual PE Digest

87:79:4b:02:d8:c3:04:27:72:9f:7f:51:dd:53:b2:c0:ab:df:b7:d8:23:09:cc:e9:77:55:90:75:d0:ea:61:f6

Digest Algorithm

sha256

PE Digest Matches

true

a2:83:ed:e7:56:7a:9f:46:83:26:d2:b9:1d:44:f9:a1:d9:ab:0a:9d
Signer

Actual PE Digest

a2:83:ed:e7:56:7a:9f:46:83:26:d2:b9:1d:44:f9:a1:d9:ab:0a:9d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.code
Size: 347KB - Virtual size: 346KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 789KB - Virtual size: 788KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.0MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
⨢/KMSAuto.exe
.exe windows:4 windows x86 arch:x86

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02/11/2016, 18:47

Not After

31/12/2039, 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02/11/2016, 18:47

Not After

31/12/2039, 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d8:1b:6f:23:d0:77:78:ac:e5:1b:4e:27:5d:ee:fc:1e:2a:2d:5b:75:73:8e:c6:26:34:37:5d:a9:ac:a9:26:50
Signer

Actual PE Digest

d8:1b:6f:23:d0:77:78:ac:e5:1b:4e:27:5d:ee:fc:1e:2a:2d:5b:75:73:8e:c6:26:34:37:5d:a9:ac:a9:26:50

Digest Algorithm

sha256

PE Digest Matches

true

2c:94:2c:0e:1f:ba:0f:f1:c4:f4:eb:89:35:c3:cf:35:8b:0e:c4:d1
Signer

Actual PE Digest

2c:94:2c:0e:1f:ba:0f:f1:c4:f4:eb:89:35:c3:cf:35:8b:0e:c4:d1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.code
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 663KB - Virtual size: 663KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
⨢/KMSAutoLite.ini
⨢/KMSCleaner.exe
.exe windows:4 windows x86 arch:x86

65ef43de0bb5fdb404965b6ed08a8eae

Code Sign

08:a8:e8:26:95:0f:1a:99:40:26:25:89:fc:af:0b:8f
Certificate

Issuer

CN=WZT

Not Before

08/11/2015, 08:15

Not After

31/12/2039, 23:59

Subject

CN=WZT

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d3:46:1b:c5:fa:73:0d:15:e1:da:8c:64:b5:fd:06:7c:ef:4d:bc:3f
Signer

Actual PE Digest

d3:46:1b:c5:fa:73:0d:15:e1:da:8c:64:b5:fd:06:7c:ef:4d:bc:3f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
wcsstr
wcsncmp
memmove
wcsncpy
_wcsnicmp
_wcsdup
free
wcslen
wcscpy
wcscat
wcscmp
strlen
strcpy
strcat
memcmp
_stricmp
memcpy
_wfopen
longjmp
_setjmp3
fclose
malloc
_snwprintf
sprintf
strcmp
tolower
_wcsicmp
gmtime
localtime
mktime
_itow
fabs
ceil
floor
pow
frexp
modf
_CIpow
fwrite
fflush
exit
__p__iob
fprintf
ferror
getenv
sscanf
_vsnwprintf
fmod
sin
cos
abs

kernel32

GetModuleHandleW
HeapCreate
GetEnvironmentVariableW
HeapDestroy
ExitProcess
SystemTimeToFileTime
LocalFileTimeToFileTime
FindResourceW
LoadResource
LockResource
SizeofResource
CreateToolhelp32Snapshot
CloseHandle
GetLogicalDriveStringsW
QueryDosDeviceW
FileTimeToLocalFileTime
FileTimeToSystemTime
ExpandEnvironmentStringsW
GetCurrentProcess
GetUserDefaultLangID
GetSystemDefaultLangID
MultiByteToWideChar
GetProcAddress
CreateRemoteThread
WaitForSingleObject
GetExitCodeThread
GetCurrentProcessId
OpenProcess
GetLastError
FormatMessageW
GetVolumeInformationW
FindFirstFileW
FindNextFileW
FindClose
WideCharToMultiByte
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
CreateProcessW
Beep
CreateFileW
CreateSemaphoreW
DeviceIoControl
GetCommandLineW
GetComputerNameW
GetDateFormatW
GetDiskFreeSpaceExW
GetExitCodeProcess
GetFileTime
GetPrivateProfileStringW
GetShortPathNameW
GetSystemDirectoryW
GetSystemPowerStatus
GetTimeZoneInformation
GetUserDefaultLCID
GetWindowsDirectoryW
GlobalMemoryStatus
LocalFree
Process32FirstW
Process32NextW
QueryPerformanceCounter
QueryPerformanceFrequency
SetComputerNameW
SetFileTime
SetSystemTime
SetVolumeLabelW
Sleep
TerminateProcess
WritePrivateProfileStringW
HeapAlloc
HeapFree
GetCurrentThreadId
InitializeCriticalSection
DuplicateHandle
CreatePipe
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
PeekNamedPipe
SetEnvironmentVariableW
GetModuleFileNameW
HeapReAlloc
ReadFile
SetFilePointer
SetEndOfFile
WriteFile
GetFileSize
FreeLibrary
LoadLibraryA
GetTickCount
LoadLibraryW
DeleteFileW
GetVersionExA
SetLastError
MulDiv
GetDriveTypeW
GetFileAttributesW
SetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateDirectoryW
RemoveDirectoryW
CopyFileW
GetTempPathW
MoveFileW
GetLocalTime
TlsAlloc
TlsSetValue
GetVersionExW
HeapSize
DeleteCriticalSection
lstrlenA

winspool.drv

ClosePrinter
DeletePrinter
OpenPrinterW
SetPrinterW

user32

OemToCharW
SendMessageW
ReleaseDC
EnumWindows
GetWindowThreadProcessId
FindWindowExW
FindWindowW
GetCursorPos
GetForegroundWindow
SetCursorPos
AnimateWindow
AttachThreadInput
BlockInput
ChangeDisplaySettingsW
CharToOemW
CreateWindowExW
DrawMenuBar
EnableMenuItem
EnableWindow
EnumDisplaySettingsW
ExitWindowsEx
FlashWindow
GetClassNameW
GetDC
GetDesktopWindow
GetFocus
GetKeyState
GetLastInputInfo
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindow
GetWindowLongW
GetWindowRect
GetWindowTextW
IsWindow
IsWindowEnabled
KillTimer
LoadCursorW
LockWorkStation
MessageBeep
PostMessageW
RegisterHotKey
RemoveMenu
SetClassLongW
SetFocus
SetForegroundWindow
SetTimer
SetWindowLongW
SetWindowPos
ShowWindow
UnregisterHotKey
UpdateWindow
WaitForInputIdle
keybd_event
mouse_event
CharUpperW
CharLowerW
MessageBoxW
IsWindowVisible
DestroyWindow
GetWindowTextLengthW
SetWindowTextW
SetScrollPos
GetPropW
SetPropW
GetParent
InflateRect
GetWindowDC
CallWindowProcW
RemovePropW
RedrawWindow
ScreenToClient
GetIconInfo
InvalidateRect
ReleaseCapture
BeginPaint
DrawStateW
EndPaint
SetCapture
GetSysColorBrush
DefWindowProcW
SetActiveWindow
UnregisterClassW
DestroyAcceleratorTable
LoadIconW
RegisterClassW
AdjustWindowRectEx
CreateAcceleratorTableW
PeekMessageW
MsgWaitForMultipleObjects
GetMessageW
GetActiveWindow
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
GetClientRect
FillRect
EnumChildWindows
DefFrameProcW
IsChild
RegisterWindowMessageW
DestroyIcon
CopyImage
DrawIconEx

gdi32

CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
GetPixel
GetStockObject
GetTextExtentPoint32W
ExcludeClipRect
GetObjectType
GetObjectW
DeleteObject
SetBkColor
SetTextColor
CreateSolidBrush
GetDeviceCaps
CreateFontW
GdiSetBatchLimit
GdiGetBatchLimit
CreateDIBSection
GetDIBits
CreateBitmap
SetPixel
SetBkMode
SetTextAlign
TextOutW
SetStretchBltMode
SetBrushOrgEx
StretchBlt
CreateFontIndirectW
GetTextMetricsW

advapi32

RegOpenKeyExW
RegOpenKeyW
RegConnectRegistryW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
LookupAccountNameW
IsValidSid
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyW
AdjustTokenPrivileges
ChangeServiceConfigW
CloseServiceHandle
ControlService
CryptAcquireContextW
CryptCreateHash
CryptDeriveKey
CryptDestroyHash
CryptDestroyKey
CryptEncrypt
CryptHashData
CryptReleaseContext
GetUserNameW
ImpersonateLoggedOnUser
LogonUserW
LookupPrivilegeValueW
OpenProcessToken
OpenSCManagerW
OpenServiceW
QueryServiceStatus
RegEnumValueW
RevertToSelf
StartServiceW

comctl32

InitCommonControlsEx

oleaut32

SafeArrayGetDim
SafeArrayGetUBound
SafeArrayGetElement

ole32

CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoCreateGuid
CoInitialize
StringFromGUID2
RevokeDragDrop

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
ExtractIconExW
ExtractIconW
IsNetDrive
RealDriveType
SHAddToRecentDocs
SHFileOperationW
SHFormatDrive
SHGetFileInfoW
ShellAboutW
Shell_NotifyIconW
ShellExecuteExW

wsock32

WSAStartup
gethostbyname
WSACleanup
gethostbyaddr
inet_addr
closesocket
gethostname
htons
select
__WSAFDIsSet
ioctlsocket
recvfrom
connect
socket
bind
recv

winmm

timeBeginPeriod

icmp

IcmpCloseHandle
IcmpCreateFile
IcmpSendEcho

imagehlp

MakeSureDirectoryPathExists

iphlpapi

GetAdaptersInfo
GetNetworkParams

msi

MsiEnumProductsW
MsiGetProductInfoW

netapi32

NetApiBufferFree
NetLocalGroupAdd
NetLocalGroupDel
NetLocalGroupEnum
NetUserDel
NetUserGetInfo
NetUserSetInfo

setupapi

SetupIterateCabinetW

urlmon

URLDownloadToFileW
UrlMkSetSessionOption

userenv

GetDefaultUserProfileDirectoryW

wininet

DeleteUrlCacheEntryW
InternetCloseHandle
InternetGetConnectedState
InternetOpenUrlW
InternetOpenW
InternetReadFile
UnlockUrlCacheEntryFileW

Sections

.code
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 225KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
⨢/readme_bg.txt
⨢/readme_cn.txt
⨢/readme_en.txt
⨢/readme_ru.txt

Sharing

General

Malware Config

Signatures

Files

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

87:79:4b:02:d8:c3:04:27:72:9f:7f:51:dd:53:b2:c0:ab:df:b7:d8:23:09:cc:e9:77:55:90:75:d0:ea:61:f6Signer

a2:83:ed:e7:56:7a:9f:46:83:26:d2:b9:1d:44:f9:a1:d9:ab:0a:9dSigner

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.5MB

UPX1 Size: 5.0MB - Virtual size: 5.0MB

.rsrc Size: 46KB - Virtual size: 48KB

Headers

File Characteristics

Sections

.code Size: 347KB - Virtual size: 346KB

.text Size: 789KB - Virtual size: 788KB

.rdata Size: 214KB - Virtual size: 214KB

.pdata Size: 35KB - Virtual size: 34KB

.data Size: 5.0MB - Virtual size: 5.1MB

.rsrc Size: 45KB - Virtual size: 44KB

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

d8:1b:6f:23:d0:77:78:ac:e5:1b:4e:27:5d:ee:fc:1e:2a:2d:5b:75:73:8e:c6:26:34:37:5d:a9:ac:a9:26:50Signer

2c:94:2c:0e:1f:ba:0f:f1:c4:f4:eb:89:35:c3:cf:35:8b:0e:c4:d1Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.2MB

UPX1 Size: 4.9MB - Virtual size: 4.9MB

.rsrc Size: 46KB - Virtual size: 48KB

Headers

File Characteristics

Sections

.code Size: 213KB - Virtual size: 213KB

.text Size: 663KB - Virtual size: 663KB

.rdata Size: 163KB - Virtual size: 162KB

.data Size: 5.0MB - Virtual size: 5.0MB

.rsrc Size: 45KB - Virtual size: 44KB

65ef43de0bb5fdb404965b6ed08a8eae

Code Sign

08:a8:e8:26:95:0f:1a:99:40:26:25:89:fc:af:0b:8fCertificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

87:79:4b:02:d8:c3:04:27:72:9f:7f:51:dd:53:b2:c0:ab:df:b7:d8:23:09:cc:e9:77:55:90:75:d0:ea:61:f6
Signer

a2:83:ed:e7:56:7a:9f:46:83:26:d2:b9:1d:44:f9:a1:d9:ab:0a:9d
Signer

UPX0
Size: - Virtual size: 1.5MB

UPX1
Size: 5.0MB - Virtual size: 5.0MB

.rsrc
Size: 46KB - Virtual size: 48KB

.code
Size: 347KB - Virtual size: 346KB

.text
Size: 789KB - Virtual size: 788KB

.rdata
Size: 214KB - Virtual size: 214KB

.pdata
Size: 35KB - Virtual size: 34KB

.data
Size: 5.0MB - Virtual size: 5.1MB

.rsrc
Size: 45KB - Virtual size: 44KB

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

d8:1b:6f:23:d0:77:78:ac:e5:1b:4e:27:5d:ee:fc:1e:2a:2d:5b:75:73:8e:c6:26:34:37:5d:a9:ac:a9:26:50
Signer

2c:94:2c:0e:1f:ba:0f:f1:c4:f4:eb:89:35:c3:cf:35:8b:0e:c4:d1
Signer

UPX0
Size: - Virtual size: 1.2MB

UPX1
Size: 4.9MB - Virtual size: 4.9MB

.rsrc
Size: 46KB - Virtual size: 48KB

.code
Size: 213KB - Virtual size: 213KB

.text
Size: 663KB - Virtual size: 663KB

.rdata
Size: 163KB - Virtual size: 162KB

.data
Size: 5.0MB - Virtual size: 5.0MB

.rsrc
Size: 45KB - Virtual size: 44KB

08:a8:e8:26:95:0f:1a:99:40:26:25:89:fc:af:0b:8f
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

d3:46:1b:c5:fa:73:0d:15:e1:da:8c:64:b5:fd:06:7c:ef:4d:bc:3f
Signer

.code
Size: 32KB - Virtual size: 31KB

.text
Size: 227KB - Virtual size: 227KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 225KB - Virtual size: 227KB

.rsrc
Size: 62KB - Virtual size: 61KB