Overview

overview

7

Static

static

5

HEU_KMS_Ac...��.url

windows7-x64

1

HEU_KMS_Ac...��.url

windows10-2004-x64

1

HEU_KMS_Ac....0.exe

windows7-x64

7

HEU_KMS_Ac....0.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    8fc7a36cc60ebb0e0c490b7d5126105054c35d0679cf1fc06a4d6d2d29d564f8

  • Size

    4.4MB

  • MD5

    e7d9070f2998cd818e0dc08844b6822b

  • SHA1

    1f226985381df1d2b2dec6dfe32f20022cf1e01a

  • SHA256

    8fc7a36cc60ebb0e0c490b7d5126105054c35d0679cf1fc06a4d6d2d29d564f8

  • SHA512

    727192dd282854b242fa6a9ceb94bbcc84a23bd9d8bd2cba898e2600655c990d96b66d0cdeb73a3ce6fd6c3d424cc67f3168b07f58009b16d50c779747f59d90

  • SSDEEP

    98304:79Gp1JjKPfu7PJdJuGE//W4TCHdMB8gqlFQJiEM6Eq24KuR:ilKPcJfuGE/VegqlF7EM6MXuR

Score
5/10
qrlinkupx

Malware Config

Signatures

  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • One or more HTTP URLs in qr code identified

    Detects presence of HTTP links in QR codes.

    qrlink
  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • 8fc7a36cc60ebb0e0c490b7d5126105054c35d0679cf1fc06a4d6d2d29d564f8
    .zip
  • HEU_KMS_Activator_v42.2.0/!关注微信 - 更多福利.png
    .png

    • http://weixin.qq.com/r/wii4oJjEU8UsrdzD933Q

  • HEU_KMS_Activator_v42.2.0/!果核剥壳 - 全网更新最快.url
    .url
  • HEU_KMS_Activator_v42.2.0/HEU_KMS_Activator_v42.2.0.exe
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections