Overview
overview
7Static
static
7130_office...or.exe
windows7-x64
7130_office...or.exe
windows10-2004-x64
7130_office...rg.url
windows7-x64
6130_office...rg.url
windows10-2004-x64
3130_office...NG.exe
windows7-x64
7130_office...NG.exe
windows10-2004-x64
7130_office...US.exe
windows7-x64
7130_office...US.exe
windows10-2004-x64
7130_office...US.exe
windows7-x64
7130_office...US.exe
windows10-2004-x64
7msofficeVI...se.exe
windows7-x64
1msofficeVI...se.exe
windows10-2004-x64
1msofficeVI...on.exe
windows7-x64
1msofficeVI...on.exe
windows10-2004-x64
1Behavioral task
behavioral1
Sample
130_office/ Activator office 2010/KMS_WMI_Activator.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
130_office/ Activator office 2010/KMS_WMI_Activator.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
130_office/TLTsoft.org.url
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
130_office/TLTsoft.org.url
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
130_office/_mini-KMS Activator office 2010/mini-KMS Activator v1.054 MS VL/mini-KMS_Activator_v1.054_ENG.exe
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
130_office/_mini-KMS Activator office 2010/mini-KMS Activator v1.054 MS VL/mini-KMS_Activator_v1.054_ENG.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
130_office/_mini-KMS Activator office 2010/mini-KMS Activator v1.054 MS VL/mini-KMS_Activator_v1.054_RUS.exe
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
130_office/_mini-KMS Activator office 2010/mini-KMS Activator v1.054 MS VL/mini-KMS_Activator_v1.054_RUS.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
130_office/_mini-KMS Activator office 2010/mini-KMS Activator v1.3 Office 2010 VL/mini-KMS_Activator_v1.3_Office2010_VL_RUS.exe
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
130_office/_mini-KMS Activator office 2010/mini-KMS Activator v1.3 Office 2010 VL/mini-KMS_Activator_v1.3_Office2010_VL_RUS.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral11
Sample
msofficeVISTA2007Enterprise.exe
Resource
win7-20231215-en
Behavioral task
behavioral12
Sample
msofficeVISTA2007Enterprise.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral13
Sample
msofficeVISTA2007kApplication.exe
Resource
win7-20231129-en
Behavioral task
behavioral14
Sample
msofficeVISTA2007kApplication.exe
Resource
win10v2004-20231215-en
General
-
Target
5b0e6395885697f240b21f619b1c542b
-
Size
3.6MB
-
MD5
5b0e6395885697f240b21f619b1c542b
-
SHA1
0cddda3c149d5bfe05e006967033cebf244e5195
-
SHA256
b14e62ac4c5a1874e019d507112c0e48bc724c11ffb95950150af274b035618a
-
SHA512
0d68fbc04a39db5a50e0976356b27783ae630ec9ed88921be2f39b47c5172f44a2d4438ca81e3807a373ab7554958d0bd994f6e14c86d0988fc785301369c7b9
-
SSDEEP
98304:GrlptZJZCXzYW+Pp8ihvZhyg5vkPZKI0PH9zNBWRDZQLRGPFySxDp:07tZJZC8WU5ygBkPg1zNY4Ep
Malware Config
Signatures
-
resource yara_rule static1/unpack001/130_office/ Activator office 2010/KMS_WMI_Activator.exe upx static1/unpack001/130_office/_mini-KMS Activator office 2010/mini-KMS Activator v1.054 MS VL/mini-KMS_Activator_v1.054_ENG.exe upx static1/unpack001/130_office/_mini-KMS Activator office 2010/mini-KMS Activator v1.054 MS VL/mini-KMS_Activator_v1.054_RUS.exe upx static1/unpack001/130_office/_mini-KMS Activator office 2010/mini-KMS Activator v1.3 Office 2010 VL/mini-KMS_Activator_v1.3_Office2010_VL_RUS.exe upx -
Unsigned PE 6 IoCs
Checks for missing Authenticode signature.
resource unpack001/130_office/ Activator office 2010/KMS_WMI_Activator.exe unpack001/130_office/_mini-KMS Activator office 2010/mini-KMS Activator v1.054 MS VL/mini-KMS_Activator_v1.054_ENG.exe unpack001/130_office/_mini-KMS Activator office 2010/mini-KMS Activator v1.054 MS VL/mini-KMS_Activator_v1.054_RUS.exe unpack001/130_office/_mini-KMS Activator office 2010/mini-KMS Activator v1.3 Office 2010 VL/mini-KMS_Activator_v1.3_Office2010_VL_RUS.exe unpack006/msofficeVISTA2007Enterprise.exe unpack007/msofficeVISTA2007kApplication.exe
Files
-
5b0e6395885697f240b21f619b1c542b.zip
-
130_office/ Activator office 2010/KMS_WMI_Activator.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 408KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 189KB - Virtual size: 192KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 10KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
130_office/ Activator office 2010/ReadMe.txt
-
130_office/SELECT EDITION VL - by Krokoz.txt
-
130_office/TLTsoft.org.url
-
130_office/_mini-KMS Activator office 2010/mini-KMS Activator v1.054 MS VL/hash.txt
-
130_office/_mini-KMS Activator office 2010/mini-KMS Activator v1.054 MS VL/mini-KMS_Activator_v1.054_ENG.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 1.5MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 1005KB - Virtual size: 1008KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 29KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
130_office/_mini-KMS Activator office 2010/mini-KMS Activator v1.054 MS VL/mini-KMS_Activator_v1.054_RUS.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 1.5MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 1005KB - Virtual size: 1008KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 29KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
130_office/_mini-KMS Activator office 2010/mini-KMS Activator v1.3 Office 2010 VL/hash.txt
-
130_office/_mini-KMS Activator office 2010/mini-KMS Activator v1.3 Office 2010 VL/mini-KMS_Activator_v1.3_Office2010_VL_RUS.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 1.5MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 989KB - Virtual size: 992KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 29KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
130_office/msofficeVISTA2007Enterprise.rar.rar
-
msofficeVISTA2007Enterprise.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
Size: - Virtual size: 404KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 213KB - Virtual size: 216KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 18KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
130_office/msofficeVISTA2007kApplication.rar.rar
-
msofficeVISTA2007kApplication.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
Size: - Virtual size: 376KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 173KB - Virtual size: 176KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 18KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
130_office/ .txt