File a09e1814358a26642fd7a5080553d3f09aeccf99bcacb39d7cdf2e8453bad508 Summary
Like

Analyse score

4 / 14

4 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0xd0cf9bbf

MD5

a9568d43ae35af375764d9502356272d

Magic

PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

SHA1

16190394f652022d547363b50de2267083301675

SHA256

a09e1814358a26642fd7a5080553d3f09aeccf99bcacb39d7cdf2e8453bad508

SHA512

da0a5a73f88ef4bf13655512fe6a9e09b88bb22fdf0b8afcf701c12a17a22fdfe28029213fa36fd1cfa0dea777bf075e4632b9c5ce13b6c2e81661a3be2bc69c

SSDeep

98304:Q+S9bgfBprGf3oVqFP/rCNqQ5jNEmQoVMRuT7mGfVmH68EeOq8:zMcXrGf3oYR2zjCoVLnmKVma8xP8

Size

4.58MB

Packer
  • PE: packer: UPX(3.91)[NRV,brute]
  • PE: library: AutoIt(-)[-]
  • PE: linker: Microsoft Linker(14.16, Visual Studio 2017 15.9*)[EXE32,admin]
TrID
  • 39.1% (.EXE) UPX compressed Win32 Executable (27066/9/6)
  • 38.3% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4)
  • 7.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 6.5% (.EXE) Win32 Executable (generic) (4505/5/1)
  • 2.9% (.EXE) OS/2 Executable (generic) (2029/13)
Tags

ExifTool File Metadata

CharacterSet

Unicode

CodeSize

376.00KB

Comments

KMS/数字权利/KMS38/OEM激活

CompanyName

知彼而知己

EntryPoint

0x51cd80

ExifToolVersionNumber

12.64

FileDescription

HEU KMS Activator™

FileFlags

(none)

FileFlagsMask

0x0000

FileOs

Win32

FileSize

4.8 MB

FileSubtype

0

FileType

Win32 EXE

FileTypeExtension

exe

FileVersion

41.1.0.0

FileVersionNumber

41.1.0.0

ImageFileCharacteristics

Executable, Large address aware, 32-bit

ImageVersion

0.0

InitializedDataSize

4.22MB

InternalName

HEU_KMS_Activator_v41.1.0

LanguageCode

Chinese (Simplified)

LegalCopyright

知彼而知己

LinkerVersion

14.16

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

ObjectFileType

Unknown

OriginalFileName

HEU_KMS_Activator_v41.1.0

OsVersion

5.1

PeType

PE32

ProductVersion

41.1.0.0

ProductVersionNumber

41.1.0.0

Productname

HEU KMS Activator

Subsystem

Windows GUI

SubsystemVersion

5.1

UninitializedDataSize

4976640

Show all

Submissions

Published Name Source Country
系统与office激活.exe web CA

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!