activate[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

activate.exe
Size

338.1MB
MD5

91bd0f913c999329aa3fa783a29b38f2
SHA1

99cada022ed2cb4edb1e779db2b38ebaeedf3e25
SHA256

656580ec5c7729e00ad4c874860a5b0647ebfce8d68024bafa4cba115793184d
SHA512

e0e3e914d2270deb37c0c8464c6ab54eb9e673ee63d4f5167d7bce82b576cab8fc79c6867a65ad3156b0e707615dec96fdef0287289c522f7f2f82e6931aabc1
SSDEEP

98304:CN9Lio6YSODkZPieUhPCm1n0UhMj5goE7tA9hVV937QM5w81pthQ7g81wyW3dTu:CNtGYyieEhke1JUX38AN1pPQ7rW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
activate.exe

Files

activate.exe
.exe windows:6 windows x86 arch:x86

77fb613f289235b54d224cc3b10c91dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

Sections

.text
Size: - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

[0]
Size: 332.6MB - Virtual size: 332.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.^#j
Size: - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.<cj
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sVg
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ