Activador 2019[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Activador 2019.zip
Size

47.3MB
MD5

2967975a912076e1de27f00707692699
SHA1

9664a289ccd8a3001f9e62168ad703a248955a34
SHA256

e5ec5a26d7f6038fc29136c8d5382ed3a182f64fa70c058d5b7015345693176d
SHA512

262fda17e686aae83c31a4fd71cc69faa75800e410abe945a9aabc44d554a7fa452e916b0c2aa663956d6ec5dbaf49b9555af7db3b92d76e8b9715cb97041d75
SSDEEP

786432:lkdGDxHVsNlisvn8+DIT+llm5pWVsDLEqFcwFMx2kwKVb3gHy2GX47OQG77PUIq6:lk0zsNl1vniT+oWVsnzmEMkkwKzLJUv6

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/Activador 2019/Programs/AAct v3.9.3 Portable/AAct_x64.exe	upx
static1/unpack001/Activador 2019/Programs/KMSAuto Lite Portable v1.4.0/KMSAuto x64.exe	upx
static1/unpack001/Activador 2019/Programs/Office 2013-2019 C2R Install v6.4.5/OInstall.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack002/out.upx
unpack003/out.upx
unpack004/out.upx

Files

Activador 2019.zip
.zip
Activador 2019/KMSTools.exe
.exe windows:4 windows x86 arch:x86

1fbf9aa972ca7be66adef3d6d50a683e

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02-11-2016 18:47

Not After

31-12-2039 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1a:05:da:b8:f0:7a:e8:40:be:ad:78:fe:b2:55:a8:74
Certificate

Issuer

CN=WZTeam

Not Before

10-03-2017 18:02

Not After

31-12-2039 23:59

Subject

CN=WZTeam

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c5:43:17:5c:27:6f:50:56:c4:20:ac:f5:2a:f2:37:a0:30:10:7c:61:97:90:30:0e:de:5d:43:50:e4:af:43:ed
Signer

Actual PE Digest

c5:43:17:5c:27:6f:50:56:c4:20:ac:f5:2a:f2:37:a0:30:10:7c:61:97:90:30:0e:de:5d:43:50:e4:af:43:ed

Digest Algorithm

sha256

PE Digest Matches

true

c5:7a:49:61:9e:06:7b:5e:92:81:d0:70:8d:8b:12:c2:bd:e0:25:f1
Signer

Actual PE Digest

c5:7a:49:61:9e:06:7b:5e:92:81:d0:70:8d:8b:12:c2:bd:e0:25:f1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
wcsncpy
memcpy
log10
_wfopen
fseek
fclose
malloc
free
strncmp
memmove
printf
wcscmp
wcslen
wcscpy
wcscat
memcmp
_stricmp
sprintf
strcpy
sscanf
strlen
strcat
wcsstr
tolower
fread
longjmp
_setjmp3
wcsncmp
_snwprintf
_wcsicmp
floor
ceil
gmtime
localtime
mktime
_wcsnicmp
_itow
fabs
ftell
pow
??3@YAXPAX@Z
_wcsdup
frexp
modf
_CIpow
fopen
_errno
strerror
abort
atof
fflush
ferror
remove
fwrite
exit
__p__iob
fprintf
getenv
_vsnwprintf
cos
fmod
sin
abs

kernel32

GetModuleHandleW
HeapCreate
GetEnvironmentVariableW
GetUserDefaultLangID
CreateSemaphoreW
GetLastError
CloseHandle
HeapDestroy
ExitProcess
SystemTimeToFileTime
LocalFileTimeToFileTime
FindResourceW
LoadResource
LockResource
SizeofResource
CreateToolhelp32Snapshot
GetLogicalDriveStringsW
QueryDosDeviceW
FileTimeToLocalFileTime
FileTimeToSystemTime
ExpandEnvironmentStringsW
GetCurrentProcess
GetSystemDefaultLangID
MultiByteToWideChar
GetProcAddress
CreateRemoteThread
WaitForSingleObject
GetExitCodeThread
GetCurrentProcessId
OpenProcess
FormatMessageW
GetVolumeInformationW
FindFirstFileW
FindNextFileW
FindClose
WideCharToMultiByte
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
CreateProcessW
Beep
CreateFileW
DeviceIoControl
GetCommandLineW
GetComputerNameW
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceExW
GetExitCodeProcess
GetFileTime
GetPrivateProfileStringW
GetShortPathNameW
GetSystemDirectoryW
GetSystemPowerStatus
GetTimeZoneInformation
GetUserDefaultLCID
GetWindowsDirectoryW
GlobalMemoryStatus
LocalFree
Process32FirstW
Process32NextW
QueryPerformanceCounter
QueryPerformanceFrequency
SetComputerNameW
SetFileTime
SetSystemTime
SetVolumeLabelW
Sleep
TerminateProcess
WritePrivateProfileStringW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateThread
HeapAlloc
HeapFree
FreeLibrary
LoadLibraryW
GetModuleFileNameW
DuplicateHandle
CreatePipe
GetStdHandle
PeekNamedPipe
SetEnvironmentVariableW
ReadFile
HeapReAlloc
GetFileSize
SetFilePointer
SetEndOfFile
WriteFile
TlsAlloc
TlsSetValue
GetTickCount
TlsGetValue
DeleteFileW
MulDiv
GetVersionExW
SetLastError
GetTempPathW
GetDriveTypeW
GetFileAttributesW
SetFileAttributesW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
CopyFileW
GetLocalTime
GlobalFree
GlobalAlloc
HeapSize
TlsFree
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject

gdiplus

GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY

winspool.drv

ClosePrinter
DeletePrinter
OpenPrinterW
SetPrinterW

user32

GetKeyState
SendMessageW
ShowWindow
SetForegroundWindow
SetTimer
GetCursorPos
WindowFromPoint
SetClassLongW
KillTimer
ReleaseDC
OemToCharW
EnumWindows
GetWindowThreadProcessId
FindWindowExW
FindWindowW
GetForegroundWindow
SetCursorPos
AnimateWindow
AttachThreadInput
BlockInput
ChangeDisplaySettingsW
CharToOemW
CreateWindowExW
DrawMenuBar
EnableMenuItem
EnableWindow
EnumDisplaySettingsW
ExitWindowsEx
FlashWindow
GetClassNameW
GetDC
GetDesktopWindow
GetFocus
GetLastInputInfo
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindow
GetWindowLongW
GetWindowRect
GetWindowTextW
InvalidateRect
IsWindow
IsWindowEnabled
LoadCursorW
LockWorkStation
MessageBeep
PostMessageW
RegisterHotKey
RemoveMenu
SetFocus
SetWindowLongW
SetWindowPos
UnregisterHotKey
UpdateLayeredWindow
UpdateWindow
WaitForInputIdle
keybd_event
mouse_event
SetWindowRgn
SetWindowLongA
SetClassLongA
GetClientRect
CallWindowProcA
DefWindowProcA
DestroyIcon
CreateIconIndirect
BeginPaint
EndPaint
DefWindowProcW
LoadIconW
RegisterClassExW
MessageBoxW
IsWindowVisible
SetMenu
DestroyMenu
DrawStateW
GetIconInfo
DrawIconEx
SystemParametersInfoW
DrawTextW
GetMenuItemCount
GetSubMenu
GetPropW
GetMenu
GetMenuItemInfoW
ModifyMenuW
SetMenuItemInfoW
GetSysColorBrush
FillRect
FrameRect
CallWindowProcW
SetPropW
CreateMenu
AppendMenuW
CreatePopupMenu
TrackPopupMenu
DestroyWindow
DrawFocusRect
ValidateRect
GetWindowTextLengthW
RedrawWindow
ReleaseCapture
SetCapture
ScreenToClient
GetParent
SetRect
SetCursor
GetMessagePos
MapWindowPoints
MoveWindow
ClientToScreen
SetWindowTextW
RemovePropW
SetScrollPos
InflateRect
GetWindowDC
SetActiveWindow
IsZoomed
IsIconic
RegisterClassW
AdjustWindowRectEx
CreateAcceleratorTableW
UnregisterClassW
PeekMessageW
MsgWaitForMultipleObjects
GetMessageW
GetActiveWindow
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DefFrameProcW
DestroyAcceleratorTable
EnumChildWindows
IsChild
RegisterWindowMessageW
CopyImage
CreateIconFromResourceEx
CreateIconFromResource
CharUpperW
CharLowerW

gdi32

GetStockObject
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
GetDIBits
GetPixel
SetDIBits
DeleteObject
GetObjectA
CreateRectRgn
CombineRgn
GetObjectType
GetObjectW
SetPixel
SetBkMode
GetTextExtentPoint32W
CreateSolidBrush
SetBkColor
SetTextColor
MoveToEx
LineTo
CreateFontIndirectW
CreateFontW
SelectClipRgn
CreateRectRgnIndirect
TextOutW
CreatePen
ExcludeClipRect
GetDeviceCaps
GdiGetBatchLimit
GdiSetBatchLimit
CreateDIBSection
SetStretchBltMode
SetBrushOrgEx
StretchBlt
CreateBitmap
SetTextAlign
GetTextMetricsW

advapi32

RegOpenKeyExW
RegOpenKeyW
RegConnectRegistryW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
LookupAccountNameW
IsValidSid
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyW
AdjustTokenPrivileges
ChangeServiceConfigW
CloseServiceHandle
ControlService
CryptAcquireContextW
CryptCreateHash
CryptDeriveKey
CryptDestroyHash
CryptDestroyKey
CryptEncrypt
CryptHashData
CryptReleaseContext
GetUserNameW
ImpersonateLoggedOnUser
LogonUserW
LookupPrivilegeValueW
OpenProcessToken
OpenSCManagerW
OpenServiceW
QueryServiceStatus
RegEnumValueW
RevertToSelf
StartServiceW

comctl32

InitCommonControlsEx

oleaut32

SafeArrayGetDim
SafeArrayGetUBound
SafeArrayGetElement

shell32

ExtractIconW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ExtractIconExW
IsNetDrive
RealDriveType
SHAddToRecentDocs
SHFileOperationW
SHFormatDrive
SHGetFileInfoW
ShellAboutW
Shell_NotifyIconW
ShellExecuteExW

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateGuid
StringFromGUID2
RevokeDragDrop

wsock32

WSAStartup
gethostbyname
WSACleanup
gethostbyaddr
inet_addr
closesocket
gethostname
htons
select
__WSAFDIsSet
ioctlsocket
recvfrom
socket
bind
connect
recv

winmm

timeBeginPeriod

icmp

IcmpCloseHandle
IcmpCreateFile
IcmpSendEcho

imagehlp

MakeSureDirectoryPathExists

iphlpapi

GetAdaptersInfo
GetNetworkParams

msi

MsiEnumProductsW
MsiGetProductInfoW

netapi32

NetApiBufferFree
NetLocalGroupAdd
NetLocalGroupDel
NetLocalGroupEnum
NetUserDel
NetUserGetInfo
NetUserSetInfo

setupapi

SetupIterateCabinetW

urlmon

URLDownloadToFileW
UrlMkSetSessionOption

userenv

GetDefaultUserProfileDirectoryW

wininet

DeleteUrlCacheEntryW
InternetCloseHandle
InternetGetConnectedState
InternetOpenUrlW
InternetOpenW
InternetReadFile
UnlockUrlCacheEntryFileW

Sections

.code
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 456KB - Virtual size: 455KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33.8MB - Virtual size: 33.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Activador 2019/Programs/AAct v3.9.3 Portable/AAct_x64.exe
.exe windows:4 windows x64 arch:x64

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02-11-2016 18:47

Not After

31-12-2039 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1a:05:da:b8:f0:7a:e8:40:be:ad:78:fe:b2:55:a8:74
Certificate

Issuer

CN=WZTeam

Not Before

10-03-2017 18:02

Not After

31-12-2039 23:59

Subject

CN=WZTeam

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b7:3c:f2:ec:ea:8b:06:36:d8:02:98:e1:24:0a:b4:9b:27:28:eb:61:a3:d6:c2:44:f5:b6:ec:9c:4d:a5:8b:83
Signer

Actual PE Digest

b7:3c:f2:ec:ea:8b:06:36:d8:02:98:e1:24:0a:b4:9b:27:28:eb:61:a3:d6:c2:44:f5:b6:ec:9c:4d:a5:8b:83

Digest Algorithm

sha256

PE Digest Matches

true

5e:75:5d:bd:ef:8a:bf:ef:07:3a:f5:e9:74:96:09:8c:4a:29:83:05
Signer

Actual PE Digest

5e:75:5d:bd:ef:8a:bf:ef:07:3a:f5:e9:74:96:09:8c:4a:29:83:05

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.code
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 547KB - Virtual size: 546KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Activador 2019/Programs/KMSAuto Lite Portable v1.4.0/KMSAuto x64.exe
.exe windows:4 windows x64 arch:x64

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02-11-2016 18:47

Not After

31-12-2039 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1a:05:da:b8:f0:7a:e8:40:be:ad:78:fe:b2:55:a8:74
Certificate

Issuer

CN=WZTeam

Not Before

10-03-2017 18:02

Not After

31-12-2039 23:59

Subject

CN=WZTeam

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

cf:a3:e1:ee:88:fc:28:a6:8f:59:4a:b8:a5:b6:21:e2:48:e0:76:34:41:90:32:55:0c:7f:ed:7f:d5:a9:8e:ca
Signer

Actual PE Digest

cf:a3:e1:ee:88:fc:28:a6:8f:59:4a:b8:a5:b6:21:e2:48:e0:76:34:41:90:32:55:0c:7f:ed:7f:d5:a9:8e:ca

Digest Algorithm

sha256

PE Digest Matches

true

c0:b2:19:c0:bc:3e:cf:49:cb:66:30:82:52:cb:c5:d3:f8:7d:fe:3e
Signer

Actual PE Digest

c0:b2:19:c0:bc:3e:cf:49:cb:66:30:82:52:cb:c5:d3:f8:7d:fe:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.code
Size: 283KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 806KB - Virtual size: 806KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Activador 2019/Programs/Office 2013-2019 C2R Install v6.4.5/OInstall.exe
.exe windows:4 windows x86 arch:x86

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02-11-2016 18:47

Not After

31-12-2039 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1a:05:da:b8:f0:7a:e8:40:be:ad:78:fe:b2:55:a8:74
Certificate

Issuer

CN=WZTeam

Not Before

10-03-2017 18:02

Not After

31-12-2039 23:59

Subject

CN=WZTeam

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a7:8a:84:aa:17:cf:c6:ca:b5:49:b9:9b:68:f9:22:d7:66:ab:3d:df:78:3d:00:3d:f1:30:32:42:01:d8:ea:91
Signer

Actual PE Digest

a7:8a:84:aa:17:cf:c6:ca:b5:49:b9:9b:68:f9:22:d7:66:ab:3d:df:78:3d:00:3d:f1:30:32:42:01:d8:ea:91

Digest Algorithm

sha256

PE Digest Matches

true

da:a1:7f:76:d9:49:a0:38:f7:35:6a:24:e5:72:52:18:6b:82:69:8b
Signer

Actual PE Digest

da:a1:7f:76:d9:49:a0:38:f7:35:6a:24:e5:72:52:18:6b:82:69:8b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 8.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 9.4MB - Virtual size: 9.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.code
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 594KB - Virtual size: 594KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16.1MB - Virtual size: 16.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.modplug
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1fbf9aa972ca7be66adef3d6d50a683e

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

1a:05:da:b8:f0:7a:e8:40:be:ad:78:fe:b2:55:a8:74Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

c5:43:17:5c:27:6f:50:56:c4:20:ac:f5:2a:f2:37:a0:30:10:7c:61:97:90:30:0e:de:5d:43:50:e4:af:43:edSigner

c5:7a:49:61:9e:06:7b:5e:92:81:d0:70:8d:8b:12:c2:bd:e0:25:f1Signer

Headers

File Characteristics

Imports

msvcrt

kernel32

gdiplus

winspool.drv

user32

gdi32

advapi32

comctl32

oleaut32

shell32

ole32

wsock32

winmm

icmp

imagehlp

iphlpapi

msi

netapi32

setupapi

urlmon

userenv

wininet

Sections

.code Size: 78KB - Virtual size: 77KB

.text Size: 456KB - Virtual size: 455KB

.rdata Size: 103KB - Virtual size: 102KB

.data Size: 33.8MB - Virtual size: 33.8MB

.rsrc Size: 105KB - Virtual size: 104KB

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

1a:05:da:b8:f0:7a:e8:40:be:ad:78:fe:b2:55:a8:74Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

b7:3c:f2:ec:ea:8b:06:36:d8:02:98:e1:24:0a:b4:9b:27:28:eb:61:a3:d6:c2:44:f5:b6:ec:9c:4d:a5:8b:83Signer

5e:75:5d:bd:ef:8a:bf:ef:07:3a:f5:e9:74:96:09:8c:4a:29:83:05Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.4MB

UPX1 Size: 1.4MB - Virtual size: 1.4MB

.rsrc Size: 69KB - Virtual size: 72KB

Headers

File Characteristics

Sections

.code Size: 192KB - Virtual size: 191KB

.text Size: 547KB - Virtual size: 546KB

.rdata Size: 140KB - Virtual size: 140KB

.pdata Size: 25KB - Virtual size: 24KB

.data Size: 1.8MB - Virtual size: 1.8MB

.rsrc Size: 68KB - Virtual size: 67KB

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

1a:05:da:b8:f0:7a:e8:40:be:ad:78:fe:b2:55:a8:74
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

c5:43:17:5c:27:6f:50:56:c4:20:ac:f5:2a:f2:37:a0:30:10:7c:61:97:90:30:0e:de:5d:43:50:e4:af:43:ed
Signer

c5:7a:49:61:9e:06:7b:5e:92:81:d0:70:8d:8b:12:c2:bd:e0:25:f1
Signer

.code
Size: 78KB - Virtual size: 77KB

.text
Size: 456KB - Virtual size: 455KB

.rdata
Size: 103KB - Virtual size: 102KB

.data
Size: 33.8MB - Virtual size: 33.8MB

.rsrc
Size: 105KB - Virtual size: 104KB

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

1a:05:da:b8:f0:7a:e8:40:be:ad:78:fe:b2:55:a8:74
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

b7:3c:f2:ec:ea:8b:06:36:d8:02:98:e1:24:0a:b4:9b:27:28:eb:61:a3:d6:c2:44:f5:b6:ec:9c:4d:a5:8b:83
Signer

5e:75:5d:bd:ef:8a:bf:ef:07:3a:f5:e9:74:96:09:8c:4a:29:83:05
Signer

UPX0
Size: - Virtual size: 1.4MB

UPX1
Size: 1.4MB - Virtual size: 1.4MB

.rsrc
Size: 69KB - Virtual size: 72KB

.code
Size: 192KB - Virtual size: 191KB

.text
Size: 547KB - Virtual size: 546KB

.rdata
Size: 140KB - Virtual size: 140KB

.pdata
Size: 25KB - Virtual size: 24KB

.data
Size: 1.8MB - Virtual size: 1.8MB

.rsrc
Size: 68KB - Virtual size: 67KB

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

1a:05:da:b8:f0:7a:e8:40:be:ad:78:fe:b2:55:a8:74
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

cf:a3:e1:ee:88:fc:28:a6:8f:59:4a:b8:a5:b6:21:e2:48:e0:76:34:41:90:32:55:0c:7f:ed:7f:d5:a9:8e:ca
Signer

c0:b2:19:c0:bc:3e:cf:49:cb:66:30:82:52:cb:c5:d3:f8:7d:fe:3e
Signer

UPX0
Size: - Virtual size: 1.4MB

UPX1
Size: 3.6MB - Virtual size: 3.6MB

.rsrc
Size: 46KB - Virtual size: 48KB

.code
Size: 283KB - Virtual size: 282KB

.text
Size: 806KB - Virtual size: 806KB

.rdata
Size: 206KB - Virtual size: 206KB

.pdata
Size: 39KB - Virtual size: 38KB

.data
Size: 3.7MB - Virtual size: 3.7MB

.rsrc
Size: 45KB - Virtual size: 44KB

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

1a:05:da:b8:f0:7a:e8:40:be:ad:78:fe:b2:55:a8:74
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

a7:8a:84:aa:17:cf:c6:ca:b5:49:b9:9b:68:f9:22:d7:66:ab:3d:df:78:3d:00:3d:f1:30:32:42:01:d8:ea:91
Signer

da:a1:7f:76:d9:49:a0:38:f7:35:6a:24:e5:72:52:18:6b:82:69:8b
Signer

UPX0
Size: - Virtual size: 8.2MB

UPX1
Size: 9.4MB - Virtual size: 9.4MB

.rsrc
Size: 84KB - Virtual size: 88KB

.code
Size: 191KB - Virtual size: 190KB

.text
Size: 594KB - Virtual size: 594KB

.rdata
Size: 114KB - Virtual size: 113KB

.data
Size: 16.1MB - Virtual size: 16.6MB

.rsrc
Size: 83KB - Virtual size: 82KB

.modplug
Size: - Virtual size: 20KB