KMSAuto Lite x64 1[.]8[.]6[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

KMSAuto Lite x64 1.8.6.exe
Size

6.3MB
MD5

7b3563b8dae4dc736c16716eb88a3a37
SHA1

639455f16ad599cdaef71f906cea414ab73bb68b
SHA256

c085209c5b01d2a516a40e18cefdf5b4bdf5131f3a7f66bf91762cc151169a60
SHA512

b36a1d8698b8aaf21ec58212afd2b7ff41d3c6a4e2cb9e5f75cf84e6e58d37cb5b8c742f0f4d8ed487c8815d1db9f965dabf3ca83095df933d0baa78058f3ef0
SSDEEP

98304:vUfwPRIkF+DywzlCbj/TSYDExAdmcROSdT7RX1:vUfaRTFzwzehoAwI7h1

Score

1^/10

Malware Config

Signatures

Files

KMSAuto Lite x64 1.8.6.exe
.exe windows:5 windows x64 arch:x64

Password: kmsauto

ac953301a7380d140d57b8b52d7f43a2

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02/11/2016, 18:47

Not After

31/12/2039, 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:bc:d1:0a:64:a0:c8:4c:4a:0b:df:f6:02:28:90:1d:4d:a9:b3:71:c6:c0:3e:9e:89:da:ee:b2:0a:1e:58:2f
Signer

Actual PE Digest

1a:bc:d1:0a:64:a0:c8:4c:4a:0b:df:f6:02:28:90:1d:4d:a9:b3:71:c6:c0:3e:9e:89:da:ee:b2:0a:1e:58:2f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memset
setlocale
memcpy
log10
_wfopen
fseek
fclose
wcslen
wcscpy
malloc
free
memcmp
memmove
strncmp
isdigit
wcscmp
wcscat
_stricmp
sscanf
sprintf
strcpy
strlen
strcat
_wstat
_wcsdup
strcmp
fread
longjmp
setjmp
ftell
strncpy
_wcsnicmp
_wcsicmp
wcsncmp
wcsncpy
_snwprintf
tolower
floor
_localtime64
_mktime64
sqrtf
abs
sinf
cosf
fmodf
pow
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
wcsstr
swscanf
_close
calloc
_errno
_lseeki64
realloc
_snprintf
abort
_wopen
_setmode
exit
wcschr
_open_osfhandle
_strdup
strrchr
wctomb
_get_osfhandle
_open
toupper
mbstowcs
strchr
frexp
modf
fopen
strerror
atof
_gmtime64
fflush
fwrite
_fdopen
__iob_func
strtol
strtoul
_time64
qsort
fputs
strstr
strpbrk
atoi
_stat64
_access
_read
_write
memchr
fputc
strspn
strcspn
getenv
fgets
isupper
_vsnwprintf
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__C_specific_handler
ceil

kernel32

GetModuleHandleW
HeapCreate
GetEnvironmentVariableW
CreateSemaphoreW
GetLastError
CloseHandle
HeapDestroy
ExitProcess
GetCurrentThreadId
Sleep
CreateToolhelp32Snapshot
GetCurrentProcess
OpenProcess
TerminateProcess
CreateProcessW
GetExitCodeThread
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
CreateThread
TerminateThread
HeapAlloc
HeapFree
FreeLibrary
LoadLibraryW
GetProcAddress
GetCurrentProcessId
MultiByteToWideChar
GetModuleFileNameW
GetCommandLineW
DuplicateHandle
CreatePipe
GetStdHandle
PeekNamedPipe
GetExitCodeProcess
ReadFile
SetEnvironmentVariableW
HeapReAlloc
CreateFileW
GetFileSize
SetFilePointer
SetEndOfFile
WriteFile
DeleteFileW
TlsAlloc
TlsSetValue
GetTickCount
TlsGetValue
GetVersionExW
SetLastError
GetDriveTypeW
FindFirstFileW
FindClose
GetFileAttributesW
FindNextFileW
SetFileAttributesW
RemoveDirectoryW
SetCurrentDirectoryW
CreateDirectoryW
GetCurrentDirectoryW
CopyFileW
GetTempPathW
MulDiv
GetLocalTime
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
HeapSize
TlsFree
DeleteCriticalSection
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetFileType
GetFileInformationByHandle
GetFileAttributesA
CreateFileA
GetFullPathNameW
GetModuleHandleA
LoadLibraryA
GetSystemDirectoryA
VerSetConditionMask
VerifyVersionInfoA
QueryPerformanceFrequency
SleepEx
QueryPerformanceCounter
ExpandEnvironmentStringsA
FormatMessageA
GetFileSizeEx
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject

user32

SendMessageW
OemToCharW
GetSysColor
UpdateWindow
GetDlgCtrlID
CallWindowProcW
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
FillRect
GetClassNameW
GetWindow
SetWindowPos
InvalidateRect
GetKeyState
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SystemParametersInfoW
LockSetForegroundWindow
AllowSetForegroundWindow
SetForegroundWindow
IsIconic
ShowWindow
EnableWindow
RedrawWindow
CallNextHookEx
IsWindowEnabled
SetClassLongPtrW
GetClassLongPtrW
PeekMessageW
TranslateMessage
DispatchMessageW
GetWindowRect
OffsetRect
IsRectEmpty
MapWindowPoints
SubtractRect
IsWindow
GetParent
GetDC
ReleaseDC
BeginPaint
EndPaint
DefWindowProcW
GetAsyncKeyState
KillTimer
GetCursorPos
ScreenToClient
SetTimer
DrawTextW
FrameRect
InflateRect
SetWindowsHookExW
UnhookWindowsHookEx
FindWindowW
FindWindowExW
DrawFrameControl
GetWindowTextW
CharToOemW
LoadIconW
RegisterClassExW
CreateWindowExW
MessageBoxW
GetWindowTextLengthW
DestroyWindow
SetFocus
UnregisterClassW
LoadCursorW
GetSystemMetrics
CreateAcceleratorTableW
BringWindowToTop
GetMessageW
TranslateAcceleratorW
IsDialogMessageW
DestroyAcceleratorTable
IsWindowVisible
EnumWindows
SetMenu
DestroyMenu
EnableMenuItem
TrackPopupMenu
GetMenuItemInfoW
ModifyMenuW
SetMenuItemInfoW
CreatePopupMenu
AppendMenuW
SetWindowTextW
MoveWindow
IntersectRect
ValidateRect
GetUpdateRect
GetSysColorBrush
PostMessageW
GetIconInfo
DrawStateW
GetFocus
DrawFocusRect
RemovePropW
GetPropW
SetPropW
SetScrollPos
GetWindowDC
SetRect
GetWindowLongW
SetCursor
GetMessagePos
ReleaseCapture
SetCapture
ClipCursor
GetCapture
ChildWindowFromPointEx
ClientToScreen
EnumPropsExW
SetActiveWindow
DestroyIcon
MsgWaitForMultipleObjects
GetActiveWindow
IsZoomed
GetMenu
AdjustWindowRectEx
RegisterClassW
DefFrameProcW
EnumChildWindows
IsChild
RegisterWindowMessageW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
DrawIconEx
CopyImage
CreateIconFromResourceEx
CreateIconFromResource
CharUpperW
CharLowerW

gdi32

CreatePen
CreateSolidBrush
SelectObject
DeleteDC
DeleteObject
CreatePatternBrush
CreateRoundRectRgn
GetPixel
CreateCompatibleDC
SelectClipRgn
BitBlt
GetStockObject
RoundRect
SetBkMode
SetTextColor
SetDCBrushColor
SetBrushOrgEx
CreateFontIndirectW
CreateCompatibleBitmap
OffsetViewportOrgEx
SetViewportOrgEx
GetTextExtentPoint32W
SetBkColor
CreateRectRgn
GetObjectW
GetObjectType
ExcludeClipRect
CreateRectRgnIndirect
TextOutW
MoveToEx
LineTo
CreateDIBSection
GdiGetBatchLimit
GdiSetBatchLimit
CreateDCW
GetClipRgn
ExtSelectClipRgn
GetDeviceCaps
GetDIBits
SetTextAlign
SetStretchBltMode
StretchBlt
SelectPalette
RealizePalette
SetPixelV
Rectangle
Ellipse
StretchDIBits
SetROP2
ExtFloodFill
GetTextMetricsW
CreateBitmap
SetPixel
GetObjectA
CreateFontW

advapi32

OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegOpenKeyExW
RegOpenKeyW
RegConnectRegistryW
RegQueryValueExW
RegCloseKey
QueryServiceStatus
RegSetValueExW
RegDeleteKeyW
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash

ole32

CoInitialize
CoCreateInstance
CoUninitialize
RevokeDragDrop

shell32

ShellExecuteExW

ws2_32

closesocket
WSACleanup
WSAStartup
socket
inet_addr
gethostbyname
htons
ioctlsocket
connect
select
__WSAFDIsSet
recvfrom
recv
bind
send
sendto
WSAGetLastError
ntohs
WSASetLastError
getsockopt
setsockopt
getpeername
getsockname
WSAIoctl
getaddrinfo
freeaddrinfo
htonl
listen
accept
gethostname
ntohl

crypt32

CertFreeCertificateContext
CertOpenStore
CryptStringToBinaryA
CertFindCertificateInStore
CertCloseStore
CertEnumCertificatesInStore
CertCreateCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateChain
CryptQueryObject
CertAddCertificateContextToStore
CertGetNameStringA

winmm

timeBeginPeriod

gdiplus

GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY
GdiplusStartup
GdipCreateFontFromDC
GdipCreateFromHDC
GdipCreatePath
GdipCreateMatrix
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipAlloc
GdipCloneBrush
GdipCloneStringFormat
GdipStringFormatGetGenericTypographic
GdipGetStringFormatFlags
GdipScaleMatrix
GdipSetCompositingMode
GdipSetStringFormatFlags
GdipSetInterpolationMode
GdipSetPageUnit
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipTranslateWorldTransform
GdipTranslateMatrix
GdipStartPathFigure
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHICON
GdipCreateBitmapFromGdiDib
GdipCreateImageAttributes
GdipDisposeImage
GdipDisposeImageAttributes
GdipCloneImage
GdipDrawImageRectRect
GdipGetImageBounds
GdipGetImageHeight
GdipGetImageWidth
GdipImageRotateFlip
GdipSetImageAttributesColorMatrix
GdipVectorTransformMatrixPoints
GdipCreateFontFromLogfontA
GdipCreateFont
GdipDeleteFontFamily
GdipGetFamily
GdipGetFontSize
GdipGetFontStyle
GdipInvertMatrix
GdipMultiplyMatrix
GdipMultiplyWorldTransform
GdipTransformPath
GdipTransformMatrixPoints
GdipSetMatrixElements

uxtheme

SetWindowTheme

comctl32

InitCommonControlsEx
_TrackMouseEvent
ImageList_Replace
ImageList_Add
ImageList_ReplaceIcon
ImageList_Remove
ImageList_AddMasked
ImageList_Destroy
ImageList_Create

Sections

.code
Size: 384KB - Virtual size: 383KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 992KB - Virtual size: 991KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: kmsauto

ac953301a7380d140d57b8b52d7f43a2

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

1a:bc:d1:0a:64:a0:c8:4c:4a:0b:df:f6:02:28:90:1d:4d:a9:b3:71:c6:c0:3e:9e:89:da:ee:b2:0a:1e:58:2fSigner

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

advapi32

ole32

shell32

ws2_32

crypt32

winmm

gdiplus

uxtheme

comctl32

Sections

.code Size: 384KB - Virtual size: 383KB

.text Size: 992KB - Virtual size: 991KB

.rdata Size: 268KB - Virtual size: 268KB

.pdata Size: 50KB - Virtual size: 49KB

.data Size: 4.6MB - Virtual size: 4.6MB

.rsrc Size: 45KB - Virtual size: 45KB

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

1a:bc:d1:0a:64:a0:c8:4c:4a:0b:df:f6:02:28:90:1d:4d:a9:b3:71:c6:c0:3e:9e:89:da:ee:b2:0a:1e:58:2f
Signer

.code
Size: 384KB - Virtual size: 383KB

.text
Size: 992KB - Virtual size: 991KB

.rdata
Size: 268KB - Virtual size: 268KB

.pdata
Size: 50KB - Virtual size: 49KB

.data
Size: 4.6MB - Virtual size: 4.6MB

.rsrc
Size: 45KB - Virtual size: 45KB