luzea9903 winactivate - Windows HWID KMS38 Activation Script[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

luzea9903 winactivate - Windows HWID KMS38 Activation Script.zip
Size

192KB
MD5

f84a0ef69ea91a98240bc44da64a8d7b
SHA1

172ba7b75207ff3be1159c61a9ac663c0f1503b8
SHA256

3fa0ea0b57df3b969ef9bcb62c5baef9f1ed6cd6e13995f5189e767db6f87591
SHA512

a93751516c0cd8f9ef7135cd1dc6068292bfc0f29883c036984450df462c5a77065ee94124d080048bc90335405a792f39946196a1f229b426095f8ae1367bdb
SSDEEP

6144:5L5AkLIjCjXwFcSqg79EMKXpi9Slup2I184jqgv6Bmr1Dj6k:15AksCjsMp+Slup208dgvl5

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/winactivate-master/gatherosstate.exe
unpack001/winactivate-master/slc.dll

Files

luzea9903 winactivate - Windows HWID KMS38 Activation Script.zip
.zip
winactivate-master/.editorconfig
winactivate-master/.gitattributes
winactivate-master/.gitiginore
winactivate-master/LICENSE
winactivate-master/README.md
winactivate-master/gatherosstate.exe
.exe windows:10 windows x86 arch:x86

de6c800823c77882b5d9888457698a55

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

GatherOsState.pdb

Imports

msvcrt

memcpy
memcmp
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_onexit
__dllonexit
memchr
wcschr
_unlock
_lock
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_purecall
malloc
free
wcsstr
_wcsicmp
memmove
_vsnwprintf
wprintf
memset

ntdll

RtlCaptureContext
RtlAllocateHeap
RtlFreeHeap

kernel32

DeviceIoControl
GlobalMemoryStatusEx
GetSystemDirectoryW
LoadLibraryExW
FreeLibrary
LoadLibraryExA
DelayLoadFailureHook
IsWow64Process
HeapFree
WriteFile
GetModuleHandleExW
GetModuleFileNameW
SetErrorMode
LocalAlloc
CreateFileW
GetFileAttributesW
CompareStringW
GetLastError
FileTimeToSystemTime
CloseHandle
HeapAlloc
GetProcAddress
LocalFree
GetProcessHeap
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
VirtualProtect
EnterCriticalSection
GetCurrentProcess
TerminateProcess
LeaveCriticalSection
GetSystemDefaultUILanguage
UnhandledExceptionFilter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetVersionExW
GetCurrentThread

advapi32

CryptDestroyHash
CryptReleaseContext
CryptHashData
CryptGetHashParam
CryptCreateHash
CryptAcquireContextW
GetCurrentHwProfileW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

Sections

.text
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winactivate-master/slc.dll
.dll windows:6 windows x86 arch:x86

b0081371faaf7c1ec54e9092fb40174c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

api-ms-win-crt-convert-l1-1-0

wcstoul

api-ms-win-crt-private-l1-1-0

wcschr

api-ms-win-crt-runtime-l1-1-0

exit

api-ms-win-crt-string-l1-1-0

wcscmp
wcscpy
wcslen
wcsncmp

api-ms-win-crt-time-l1-1-0

_time64

imagehlp

MapFileAndCheckSumW

user32

MessageBoxW

kernel32

CloseHandle
CopyFileExW
CreateFileW
DeleteFileW
GetFileAttributesW
GetFileSize
GetProcessHeap
GetProductInfo
HeapAlloc
HeapFree
HeapReAlloc
ReadFile
SetFilePointer
WriteFile

advapi32

RegGetValueW
RegOpenKeyExW

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf

Exports

Exports

PatchGatherosstate
SLClose
SLGetGenuineInformation
SLGetLicensingStatusInformation
SLGetPKeyInformation
SLGetProductSkuInformation
SLGetSLIDList
SLGetServiceInformation
SLGetWindowsInformationDWORD
SLOpen

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winactivate-master/winactivate.cmd
winactivate-master/winactivate.ps1
.ps1

Sharing

General

Malware Config

Signatures

Files

de6c800823c77882b5d9888457698a55

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

advapi32

Sections

.text Size: 315KB - Virtual size: 315KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 2KB

.didat Size: 512B - Virtual size: 144B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

b0081371faaf7c1ec54e9092fb40174c

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

imagehlp

user32

kernel32

advapi32

api-ms-win-crt-stdio-l1-1-0

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 4B

.reloc Size: 512B - Virtual size: 236B

.text
Size: 315KB - Virtual size: 315KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 2KB

.didat
Size: 512B - Virtual size: 144B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 4B

.reloc
Size: 512B - Virtual size: 236B