General

  • Target

    96229d47f3f7edff90b2e8d8f104da4eb48fd59baafd028352d37298af0d42f5

  • Size

    4.4MB

  • MD5

    9566968abbb253e9bece35d10e4e288f

  • SHA1

    cdc925491f4e90b88a4cd6c065285741b55b1de1

  • SHA256

    96229d47f3f7edff90b2e8d8f104da4eb48fd59baafd028352d37298af0d42f5

  • SHA512

    2f8f0d3aa61f8ec438977e286d7975f9b424c644629d8b9f1c8ae08fe2f84075a103b8a644f3e6c1c9848d24a20e2839affcc008ff9040065d6983cbb38819b0

  • SSDEEP

    98304:roqPQph0G4Z4ifmiMoVrrVGD2tfvKIoj8fK9l0GPVAPkYje+mU8n:UyQph0G4Z4SVl0atqjjfL0+VAcYatU8n

Score
7/10

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • One or more HTTP URLs in qr code identified

    Detects presence of HTTP links in QR codes.

  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • 96229d47f3f7edff90b2e8d8f104da4eb48fd59baafd028352d37298af0d42f5
    .zip
  • HEU_KMS_Activator_v41.0.0/????.txt
  • HEU_KMS_Activator_v41.0.0/?????.url
    .url
  • HEU_KMS_Activator_v41.0.0/????????.jpg
    .jpg
    • http://weixin.qq.com/r/AiiutiXEk3jsrWHV930Q

  • HEU_KMS_Activator_v41.0.0/HEU4100_Debug.txt
  • HEU_KMS_Activator_v41.0.0/HEU_KMS_Activator_41.0.0.exe
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • HEU_KMS_Activator_v41.0.0/J?? - ??????????.url
    .url