kmsindir[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

kmsindir.zip
Size

46.9MB
MD5

6063fc24c51291a398d422862c3a39c2
SHA1

411f8ca44c9f59780207b1b5c6d4fe77326d983f
SHA256

3512f94596a4ff6b85b7a6e4a63f0e849b16d7857e7b828686d575439e5cc69d
SHA512

213739573500f5bdaa6b1d8a4522d2edc00086831ff2b353d7bc081742f16509fadce400e721051aa8485ab03885f428478d9893b6b69b94aa8704a3d0225567
SSDEEP

786432:zfOSDOj19n+lp6yF5wId+PrYCHVefMTWAaQqL9fLQYd0xYICXL5cjQClv:rvDwX+7rK0+kCEEwLRMOK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/kmsindir/KMSpico_Setup.exe

Files

kmsindir.zip
.zip

Password: infected
kmsindir/KMSPico'yu Nasıl Kurarım.txt
kmsindir/KMSpico_Setup.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
kmsindir/kmspicoindir.com.url
kmsindir/parola_123456