KMS_Autonet[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

KMS_Autonet.rar
Size

18.0MB
MD5

f617390bf284397979342097432bd9d3
SHA1

578d0ed488442f3abadcd53d000f2eab47a2c798
SHA256

ce387e2d4a8ca611ab808ef0c8d6589405dbf5938709a244ed1ebcc5fe4b2948
SHA512

e1254074a8a527f4979d6ebbbb19667d80d1afe04331906ef5dbf68ba8e5d90eebcc738e942ccb27b612277b3bd770b0049e14449ff184aab367669214b05caf
SSDEEP

393216:jWX4fRdLfr7R2LbhusBbINjYTOxWOibXhGDhSm+Y/2gItaOH9Dmg:juadjMLbhZuIuLibXmSbY/2gItaSD3

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/KMS_Autonet/KMSAuto++1.5.9(new)/activate.exe
unpack001/KMS_Autonet/KMSAuto-Lite-1.5.6/activate.exe
unpack001/KMS_Autonet/KMSAuto-Net-1.5.4/activate.exe

Files

KMS_Autonet.rar
.rar

Password: windows
KMS_Autonet/KMSAuto++1.5.9(new)/KMSAuto++.ini
KMS_Autonet/KMSAuto++1.5.9(new)/P4A.nfo
KMS_Autonet/KMSAuto++1.5.9(new)/activate.exe
.exe windows:6 windows x86 arch:x86

Password: windows

cc4d418dcfe8a887ed78a3c1e2af0b5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

Sections

.text
Size: - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

[0]
Size: 333.4MB - Virtual size: 333.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nKz
Size: - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.g_Z
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.uSV
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
KMS_Autonet/KMSAuto++1.5.9(new)/readme_en.txt
KMS_Autonet/KMSAuto++1.5.9(new)/readme_ru.txt
KMS_Autonet/KMSAuto++1.5.9(new)/windows - password for archive.txt
KMS_Autonet/KMSAuto-Lite-1.5.6/KMSAutoLite.ini
KMS_Autonet/KMSAuto-Lite-1.5.6/activate.exe
.exe windows:6 windows x86 arch:x86

Password: windows

cc4d418dcfe8a887ed78a3c1e2af0b5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

Sections

.text
Size: - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

[0]
Size: 333.4MB - Virtual size: 333.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nKz
Size: - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.g_Z
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.uSV
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
KMS_Autonet/KMSAuto-Lite-1.5.6/readme_bg.txt
KMS_Autonet/KMSAuto-Lite-1.5.6/readme_cn.txt
KMS_Autonet/KMSAuto-Lite-1.5.6/readme_en.txt
KMS_Autonet/KMSAuto-Lite-1.5.6/readme_ru.txt
KMS_Autonet/KMSAuto-Net-1.5.4/KMSAuto Net.exe
.exe windows:4 windows x86 arch:x86

Password: windows

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02/11/2016, 18:47

Not After

31/12/2039, 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1a:05:da:b8:f0:7a:e8:40:be:ad:78:fe:b2:55:a8:74
Certificate

Issuer

CN=WZTeam

Not Before

10/03/2017, 18:02

Not After

31/12/2039, 23:59

Subject

CN=WZTeam

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:2c:e0:f2:43:60:1f:40:57:b3:45:aa:47:45:c8:9a:96:0a:79:42:ef:a6:bb:79:5e:15:7c:8e:be:2e:c7:a4
Signer

Actual PE Digest

6b:2c:e0:f2:43:60:1f:40:57:b3:45:aa:47:45:c8:9a:96:0a:79:42:ef:a6:bb:79:5e:15:7c:8e:be:2e:c7:a4

Digest Algorithm

sha256

PE Digest Matches

true

21:78:39:ea:73:7e:39:7b:d1:46:d3:6f:cf:0b:cf:4d:b2:a5:bc:67
Signer

Actual PE Digest

21:78:39:ea:73:7e:39:7b:d1:46:d3:6f:cf:0b:cf:4d:b2:a5:bc:67

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 7.9MB - Virtual size: 7.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KMS_Autonet/KMSAuto-Net-1.5.4/KMSCleaner.exe
.exe windows:4 windows x86 arch:x86

Password: windows

65ef43de0bb5fdb404965b6ed08a8eae

Code Sign

08:a8:e8:26:95:0f:1a:99:40:26:25:89:fc:af:0b:8f
Certificate

Issuer

CN=WZT

Not Before

08/11/2015, 08:15

Not After

31/12/2039, 23:59

Subject

CN=WZT

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d3:46:1b:c5:fa:73:0d:15:e1:da:8c:64:b5:fd:06:7c:ef:4d:bc:3f
Signer

Actual PE Digest

d3:46:1b:c5:fa:73:0d:15:e1:da:8c:64:b5:fd:06:7c:ef:4d:bc:3f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
wcsstr
wcsncmp
memmove
wcsncpy
_wcsnicmp
_wcsdup
free
wcslen
wcscpy
wcscat
wcscmp
strlen
strcpy
strcat
memcmp
_stricmp
memcpy
_wfopen
longjmp
_setjmp3
fclose
malloc
_snwprintf
sprintf
strcmp
tolower
_wcsicmp
gmtime
localtime
mktime
_itow
fabs
ceil
floor
pow
frexp
modf
_CIpow
fwrite
fflush
exit
__p__iob
fprintf
ferror
getenv
sscanf
_vsnwprintf
fmod
sin
cos
abs

kernel32

GetModuleHandleW
HeapCreate
GetEnvironmentVariableW
HeapDestroy
ExitProcess
SystemTimeToFileTime
LocalFileTimeToFileTime
FindResourceW
LoadResource
LockResource
SizeofResource
CreateToolhelp32Snapshot
CloseHandle
GetLogicalDriveStringsW
QueryDosDeviceW
FileTimeToLocalFileTime
FileTimeToSystemTime
ExpandEnvironmentStringsW
GetCurrentProcess
GetUserDefaultLangID
GetSystemDefaultLangID
MultiByteToWideChar
GetProcAddress
CreateRemoteThread
WaitForSingleObject
GetExitCodeThread
GetCurrentProcessId
OpenProcess
GetLastError
FormatMessageW
GetVolumeInformationW
FindFirstFileW
FindNextFileW
FindClose
WideCharToMultiByte
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
CreateProcessW
Beep
CreateFileW
CreateSemaphoreW
DeviceIoControl
GetCommandLineW
GetComputerNameW
GetDateFormatW
GetDiskFreeSpaceExW
GetExitCodeProcess
GetFileTime
GetPrivateProfileStringW
GetShortPathNameW
GetSystemDirectoryW
GetSystemPowerStatus
GetTimeZoneInformation
GetUserDefaultLCID
GetWindowsDirectoryW
GlobalMemoryStatus
LocalFree
Process32FirstW
Process32NextW
QueryPerformanceCounter
QueryPerformanceFrequency
SetComputerNameW
SetFileTime
SetSystemTime
SetVolumeLabelW
Sleep
TerminateProcess
WritePrivateProfileStringW
HeapAlloc
HeapFree
GetCurrentThreadId
InitializeCriticalSection
DuplicateHandle
CreatePipe
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
PeekNamedPipe
SetEnvironmentVariableW
GetModuleFileNameW
HeapReAlloc
ReadFile
SetFilePointer
SetEndOfFile
WriteFile
GetFileSize
FreeLibrary
LoadLibraryA
GetTickCount
LoadLibraryW
DeleteFileW
GetVersionExA
SetLastError
MulDiv
GetDriveTypeW
GetFileAttributesW
SetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateDirectoryW
RemoveDirectoryW
CopyFileW
GetTempPathW
MoveFileW
GetLocalTime
TlsAlloc
TlsSetValue
GetVersionExW
HeapSize
DeleteCriticalSection
lstrlenA

winspool.drv

ClosePrinter
DeletePrinter
OpenPrinterW
SetPrinterW

user32

OemToCharW
SendMessageW
ReleaseDC
EnumWindows
GetWindowThreadProcessId
FindWindowExW
FindWindowW
GetCursorPos
GetForegroundWindow
SetCursorPos
AnimateWindow
AttachThreadInput
BlockInput
ChangeDisplaySettingsW
CharToOemW
CreateWindowExW
DrawMenuBar
EnableMenuItem
EnableWindow
EnumDisplaySettingsW
ExitWindowsEx
FlashWindow
GetClassNameW
GetDC
GetDesktopWindow
GetFocus
GetKeyState
GetLastInputInfo
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindow
GetWindowLongW
GetWindowRect
GetWindowTextW
IsWindow
IsWindowEnabled
KillTimer
LoadCursorW
LockWorkStation
MessageBeep
PostMessageW
RegisterHotKey
RemoveMenu
SetClassLongW
SetFocus
SetForegroundWindow
SetTimer
SetWindowLongW
SetWindowPos
ShowWindow
UnregisterHotKey
UpdateWindow
WaitForInputIdle
keybd_event
mouse_event
CharUpperW
CharLowerW
MessageBoxW
IsWindowVisible
DestroyWindow
GetWindowTextLengthW
SetWindowTextW
SetScrollPos
GetPropW
SetPropW
GetParent
InflateRect
GetWindowDC
CallWindowProcW
RemovePropW
RedrawWindow
ScreenToClient
GetIconInfo
InvalidateRect
ReleaseCapture
BeginPaint
DrawStateW
EndPaint
SetCapture
GetSysColorBrush
DefWindowProcW
SetActiveWindow
UnregisterClassW
DestroyAcceleratorTable
LoadIconW
RegisterClassW
AdjustWindowRectEx
CreateAcceleratorTableW
PeekMessageW
MsgWaitForMultipleObjects
GetMessageW
GetActiveWindow
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
GetClientRect
FillRect
EnumChildWindows
DefFrameProcW
IsChild
RegisterWindowMessageW
DestroyIcon
CopyImage
DrawIconEx

gdi32

CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
GetPixel
GetStockObject
GetTextExtentPoint32W
ExcludeClipRect
GetObjectType
GetObjectW
DeleteObject
SetBkColor
SetTextColor
CreateSolidBrush
GetDeviceCaps
CreateFontW
GdiSetBatchLimit
GdiGetBatchLimit
CreateDIBSection
GetDIBits
CreateBitmap
SetPixel
SetBkMode
SetTextAlign
TextOutW
SetStretchBltMode
SetBrushOrgEx
StretchBlt
CreateFontIndirectW
GetTextMetricsW

advapi32

RegOpenKeyExW
RegOpenKeyW
RegConnectRegistryW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
LookupAccountNameW
IsValidSid
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyW
AdjustTokenPrivileges
ChangeServiceConfigW
CloseServiceHandle
ControlService
CryptAcquireContextW
CryptCreateHash
CryptDeriveKey
CryptDestroyHash
CryptDestroyKey
CryptEncrypt
CryptHashData
CryptReleaseContext
GetUserNameW
ImpersonateLoggedOnUser
LogonUserW
LookupPrivilegeValueW
OpenProcessToken
OpenSCManagerW
OpenServiceW
QueryServiceStatus
RegEnumValueW
RevertToSelf
StartServiceW

comctl32

InitCommonControlsEx

oleaut32

SafeArrayGetDim
SafeArrayGetUBound
SafeArrayGetElement

ole32

CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoCreateGuid
CoInitialize
StringFromGUID2
RevokeDragDrop

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
ExtractIconExW
ExtractIconW
IsNetDrive
RealDriveType
SHAddToRecentDocs
SHFileOperationW
SHFormatDrive
SHGetFileInfoW
ShellAboutW
Shell_NotifyIconW
ShellExecuteExW

wsock32

WSAStartup
gethostbyname
WSACleanup
gethostbyaddr
inet_addr
closesocket
gethostname
htons
select
__WSAFDIsSet
ioctlsocket
recvfrom
connect
socket
bind
recv

winmm

timeBeginPeriod

icmp

IcmpCloseHandle
IcmpCreateFile
IcmpSendEcho

imagehlp

MakeSureDirectoryPathExists

iphlpapi

GetAdaptersInfo
GetNetworkParams

msi

MsiEnumProductsW
MsiGetProductInfoW

netapi32

NetApiBufferFree
NetLocalGroupAdd
NetLocalGroupDel
NetLocalGroupEnum
NetUserDel
NetUserGetInfo
NetUserSetInfo

setupapi

SetupIterateCabinetW

urlmon

URLDownloadToFileW
UrlMkSetSessionOption

userenv

GetDefaultUserProfileDirectoryW

wininet

DeleteUrlCacheEntryW
InternetCloseHandle
InternetGetConnectedState
InternetOpenUrlW
InternetOpenW
InternetReadFile
UnlockUrlCacheEntryFileW

Sections

.code
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 225KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
KMS_Autonet/KMSAuto-Net-1.5.4/activate.exe
.exe windows:6 windows x86 arch:x86

Password: windows

cc4d418dcfe8a887ed78a3c1e2af0b5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

Sections

.text
Size: - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

[0]
Size: 333.4MB - Virtual size: 333.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nKz
Size: - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.g_Z
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.uSV
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: windows

Password: windows

cc4d418dcfe8a887ed78a3c1e2af0b5d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: - Virtual size: 108KB

.rdata Size: - Virtual size: 57KB

.data Size: - Virtual size: 6.3MB

[0] Size: 333.4MB - Virtual size: 333.4MB

.nKz Size: - Virtual size: 2.8MB

.g_Z Size: 1KB - Virtual size: 1KB

.uSV Size: 4.9MB - Virtual size: 4.9MB

.reloc Size: 1024B - Virtual size: 616B

.rsrc Size: 5KB - Virtual size: 5KB

Password: windows

cc4d418dcfe8a887ed78a3c1e2af0b5d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: - Virtual size: 108KB

.rdata Size: - Virtual size: 57KB

.data Size: - Virtual size: 6.3MB

[0] Size: 333.4MB - Virtual size: 333.4MB

.nKz Size: - Virtual size: 2.8MB

.g_Z Size: 1KB - Virtual size: 1KB

.uSV Size: 4.9MB - Virtual size: 4.9MB

.reloc Size: 1024B - Virtual size: 616B

.rsrc Size: 5KB - Virtual size: 5KB

Password: windows

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

1a:05:da:b8:f0:7a:e8:40:be:ad:78:fe:b2:55:a8:74Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

6b:2c:e0:f2:43:60:1f:40:57:b3:45:aa:47:45:c8:9a:96:0a:79:42:ef:a6:bb:79:5e:15:7c:8e:be:2e:c7:a4Signer

21:78:39:ea:73:7e:39:7b:d1:46:d3:6f:cf:0b:cf:4d:b2:a5:bc:67Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 7.9MB - Virtual size: 7.9MB

.rsrc Size: 47KB - Virtual size: 47KB

.reloc Size: 512B - Virtual size: 12B

Password: windows

65ef43de0bb5fdb404965b6ed08a8eae

Code Sign

08:a8:e8:26:95:0f:1a:99:40:26:25:89:fc:af:0b:8fCertificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

d3:46:1b:c5:fa:73:0d:15:e1:da:8c:64:b5:fd:06:7c:ef:4d:bc:3fSigner

Headers

File Characteristics

Imports

msvcrt

kernel32

winspool.drv

.text
Size: - Virtual size: 108KB

.rdata
Size: - Virtual size: 57KB

.data
Size: - Virtual size: 6.3MB

[0]
Size: 333.4MB - Virtual size: 333.4MB

.nKz
Size: - Virtual size: 2.8MB

.g_Z
Size: 1KB - Virtual size: 1KB

.uSV
Size: 4.9MB - Virtual size: 4.9MB

.reloc
Size: 1024B - Virtual size: 616B

.rsrc
Size: 5KB - Virtual size: 5KB

.text
Size: - Virtual size: 108KB

.rdata
Size: - Virtual size: 57KB

.data
Size: - Virtual size: 6.3MB

[0]
Size: 333.4MB - Virtual size: 333.4MB

.nKz
Size: - Virtual size: 2.8MB

.g_Z
Size: 1KB - Virtual size: 1KB

.uSV
Size: 4.9MB - Virtual size: 4.9MB

.reloc
Size: 1024B - Virtual size: 616B

.rsrc
Size: 5KB - Virtual size: 5KB

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

1a:05:da:b8:f0:7a:e8:40:be:ad:78:fe:b2:55:a8:74
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

6b:2c:e0:f2:43:60:1f:40:57:b3:45:aa:47:45:c8:9a:96:0a:79:42:ef:a6:bb:79:5e:15:7c:8e:be:2e:c7:a4
Signer

21:78:39:ea:73:7e:39:7b:d1:46:d3:6f:cf:0b:cf:4d:b2:a5:bc:67
Signer

.text
Size: 7.9MB - Virtual size: 7.9MB

.rsrc
Size: 47KB - Virtual size: 47KB

.reloc
Size: 512B - Virtual size: 12B

08:a8:e8:26:95:0f:1a:99:40:26:25:89:fc:af:0b:8f
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

d3:46:1b:c5:fa:73:0d:15:e1:da:8c:64:b5:fd:06:7c:ef:4d:bc:3f
Signer

.code
Size: 32KB - Virtual size: 31KB

.text
Size: 227KB - Virtual size: 227KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 225KB - Virtual size: 227KB

.rsrc
Size: 62KB - Virtual size: 61KB

.text
Size: - Virtual size: 108KB

.rdata
Size: - Virtual size: 57KB

.data
Size: - Virtual size: 6.3MB

[0]
Size: 333.4MB - Virtual size: 333.4MB

.nKz
Size: - Virtual size: 2.8MB

.g_Z
Size: 1KB - Virtual size: 1KB

.uSV
Size: 4.9MB - Virtual size: 4.9MB

.reloc
Size: 1024B - Virtual size: 616B

.rsrc
Size: 5KB - Virtual size: 5KB