Overview

overview

10

Static

static

10

Microsoft-...12.ps1

windows7-x64

3

Microsoft-...12.ps1

windows10-2004-x64

8

Microsoft-...f8.ps1

windows7-x64

3

Microsoft-...f8.ps1

windows10-2004-x64

8

Microsoft-...12.cmd

windows7-x64

1

Microsoft-...12.cmd

windows10-2004-x64

1

Microsoft-...F8.cmd

windows7-x64

1

Microsoft-...F8.cmd

windows10-2004-x64

1

Microsoft-...on.cmd

windows7-x64

1

Microsoft-...on.cmd

windows10-2004-x64

1

Microsoft-...on.cmd

windows7-x64

1

Microsoft-...on.cmd

windows10-2004-x64

1

Microsoft-...on.cmd

windows7-x64

1

Microsoft-...on.cmd

windows10-2004-x64

1

Microsoft-...on.cmd

windows7-x64

1

Microsoft-...on.cmd

windows10-2004-x64

1

Microsoft-...bs.cmd

windows7-x64

1

Microsoft-...bs.cmd

windows10-2004-x64

1

Microsoft-...mi.cmd

windows7-x64

4

Microsoft-...mi.cmd

windows10-2004-x64

4

Microsoft-...er.cmd

windows7-x64

1

Microsoft-...er.cmd

windows10-2004-x64

1

Microsoft-...ey.cmd

windows7-x64

1

Microsoft-...ey.cmd

windows10-2004-x64

1

Microsoft-...ot.cmd

windows7-x64

1

Microsoft-...ot.cmd

windows10-2004-x64

1

Microsoft-...e.html

windows7-x64

3

Microsoft-...e.html

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    bb4e1c65a5bb1a712ddf7c7eace0e7ee67bac639dba582ea807a7bd9bd6fc699

  • Size

    286KB

  • MD5

    4d969eb9b9710bfac64c50a68c1ede03

  • SHA1

    8650b7c8f556b5478888f7b322af0203904aca0f

  • SHA256

    bb4e1c65a5bb1a712ddf7c7eace0e7ee67bac639dba582ea807a7bd9bd6fc699

  • SHA512

    7644f810e7ae6d0ac8adbd552766a772efd405327bca6e9f41325ee1b9d77b4580f41a5621a1e3dbb5f8edab3fcaf231e71a847d03064e0374df1525906b68f9

  • SSDEEP

    6144:iMlwkzlThbmE6pMRDZDB73ICbF/wY5mHbdam8PkP1JSeH0pAHlabl2GS:iulGRqL3ICbzWdZ8sWeH0mHIbg

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://gitlab.com/miaoyitian233/Microsoft-Activation-Scripts-CNTranslated/-/raw/master/MAS/All-In-One-Version/MAS_AIO_GB2312.cmd
exe.dropper

https://cdn.jsdelivr.net/gh/Myitian/Microsoft-Activation-Scripts-CNTranslated@master/MAS/All-In-One-Version/MAS_AIO_GB2312.cmd
exe.dropper

https://raw.githubusercontent.com/Myitian/Microsoft-Activation-Scripts-CNTranslated/master/MAS/All-In-One-Version/MAS_AIO_GB2312.cmd
exe.dropper

https://gitlab.com/massgrave/microsoft-activation-scripts/-/raw/master/MAS/All-In-One-Version/MAS_AIO.cmd
exe.dropper

https://raw.githubusercontent.com/massgravel/Microsoft-Activation-Scripts/master/MAS/All-In-One-Version/MAS_AIO.cmd

Extracted

Language
ps1
Source
URLs
exe.dropper

https://gitlab.com/miaoyitian233/Microsoft-Activation-Scripts-CNTranslated/-/raw/master/MAS/All-In-One-Version/MAS_AIO_UTF8.cmd
exe.dropper

https://cdn.jsdelivr.net/gh/Myitian/Microsoft-Activation-Scripts-CNTranslated@master/MAS/All-In-One-Version/MAS_AIO_UTF8.cmd
exe.dropper

https://raw.githubusercontent.com/Myitian/Microsoft-Activation-Scripts-CNTranslated/master/MAS/All-In-One-Version/MAS_AIO_UTF8.cmd
exe.dropper

https://gitlab.com/massgrave/microsoft-activation-scripts/-/raw/master/MAS/All-In-One-Version/MAS_AIO.cmd
exe.dropper

https://raw.githubusercontent.com/massgravel/Microsoft-Activation-Scripts/master/MAS/All-In-One-Version/MAS_AIO.cmd

Signatures

Files

  • bb4e1c65a5bb1a712ddf7c7eace0e7ee67bac639dba582ea807a7bd9bd6fc699
    .zip
  • Microsoft-Activation-Scripts-ZH-Hans-master/.gitattributes
  • Microsoft-Activation-Scripts-ZH-Hans-master/IRM/get_gb2312.ps1
    .ps1
  • Microsoft-Activation-Scripts-ZH-Hans-master/IRM/get_utf8.ps1
    .ps1
  • Microsoft-Activation-Scripts-ZH-Hans-master/MAS/All-In-One-Version/MAS_AIO_GB2312.cmd
    .cmd .vbs
  • Microsoft-Activation-Scripts-ZH-Hans-master/MAS/All-In-One-Version/MAS_AIO_UTF8.cmd
    .cmd .vbs
  • Microsoft-Activation-Scripts-ZH-Hans-master/MAS/Separate-Files-Version/Activators/HWID_Activation.cmd
    .cmd .vbs
  • Microsoft-Activation-Scripts-ZH-Hans-master/MAS/Separate-Files-Version/Activators/KMS38_Activation.cmd
    .cmd .vbs
  • Microsoft-Activation-Scripts-ZH-Hans-master/MAS/Separate-Files-Version/Activators/Online_KMS_Activation.cmd
    .cmd .vbs
  • Microsoft-Activation-Scripts-ZH-Hans-master/MAS/Separate-Files-Version/Change_Edition.cmd
    .cmd .ps1
  • Microsoft-Activation-Scripts-ZH-Hans-master/MAS/Separate-Files-Version/Check-Activation-Status-vbs.cmd
    .cmd .vbs
  • Microsoft-Activation-Scripts-ZH-Hans-master/MAS/Separate-Files-Version/Check-Activation-Status-wmi.cmd
    .cmd .vbs
  • Microsoft-Activation-Scripts-ZH-Hans-master/MAS/Separate-Files-Version/Extract_OEM_Folder.cmd
    .cmd .vbs
  • Microsoft-Activation-Scripts-ZH-Hans-master/MAS/Separate-Files-Version/Install_HWID_Key.cmd
    .cmd .vbs
  • Microsoft-Activation-Scripts-ZH-Hans-master/MAS/Separate-Files-Version/Troubleshoot.cmd
    .cmd .vbs
  • Microsoft-Activation-Scripts-ZH-Hans-master/MAS/Separate-Files-Version/_ReadMe.html
    .html
  • Microsoft-Activation-Scripts-ZH-Hans-master/README.md