分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-app02-1 | 2017-02-15 18:10:34 | 2017-02-15 18:12:59 | 145 秒 |
文件名 | KMSpico_setup.exe |
---|---|
文件大小 | 3229424 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | a02164371a50c5ff9fa2870ef6e8cfa3 |
SHA1 | 060614723f8375ecaad8b249ff07e3be082d7f25 |
SHA256 | 64c731adbe1b96cb5765203b1e215093dcf268d020b299445884a4ae62ed2d3a |
SHA512 | 6c6903f3a3092fd3d63c373189f2c06e12de032ee4fd6b80a15f58eaeb2079f3ae8a8bcdac85a358b1f9070b192b1c8260f9aa127d009b5afce475f966e91326 |
CRC32 | 683A3351 |
Ssdeep | 98304:CgbTbhBxCLS0Kx/XRCsFlPsKh9ApbeicTkxchy6pA32b7SuzWl:rxBxCLS3xZCsFyBzxcE6pAGbq |
Yara | 登录查看Yara规则 |
样本下载 提交误报 |
无主机纪录.
无域名信息.
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x0040a5f8 |
声明校验值 | 0x0031d950 |
实际校验值 | 0x0031d950 |
最低操作系统版本要求 | 1.0 |
编译时间 | 1992-06-20 06:22:17 |
载入哈希 | 884310b1928934402ea6fec1dbd3cf5e |
图标 | |
图标精确哈希值 | 8bbb0a9939e7f4c93cd1e12408db5986 |
图标相似性哈希值 | bf664f70c0e768f7575f91389633fed5 |
LegalCopyright | |
---|---|
FileVersion | |
CompanyName | |
Comments | |
ProductName | |
ProductVersion | |
FileDescription | |
Translation |
SHA1 | 时间戳 | 有效性 | 错误 |
---|---|---|---|
ecdb1e014a239cdc88c979a99c1afd33dd44e7ac | Tue Jan 12 06:37:14 2016 | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. |
证书链 | Certificate Chain 1 |
发行给 | @ByELDI Certificate Authority |
发行人 | @ByELDI Certificate Authority |
有效期 | Fri Jan 12 063319 2046 |
SHA1 哈希 | 1195a4224762e500a4e7e1ee8b4c709e2063c2a6 |
证书链 | Certificate Chain 2 |
发行给 | @ByELDI |
发行人 | @ByELDI Certificate Authority |
有效期 | Fri Jan 12 063320 2046 |
SHA1 哈希 | eaaf9045685acd5ad5846a5e9ee125d7aeac21c2 |
证书链 | Timestamp Chain 1 |
发行给 | Thawte Timestamping CA |
发行人 | Thawte Timestamping CA |
有效期 | Fri Jan 01 075959 2021 |
SHA1 哈希 | be36a4562fb2ee05dbb3d32323adf445084ed656 |
证书链 | Timestamp Chain 2 |
发行给 | Symantec Time Stamping Services CA - G2 |
发行人 | Thawte Timestamping CA |
有效期 | Thu Dec 31 075959 2020 |
SHA1 哈希 | 6c07453ffdda08b83707c09b82fb3d15f35336b1 |
证书链 | Timestamp Chain 3 |
发行给 | Symantec Time Stamping Services Signer - G4 |
发行人 | Symantec Time Stamping Services CA - G2 |
有效期 | Wed Dec 30 075959 2020 |
SHA1 哈希 | 65439929b67973eb192d6ff243e6767adf0834e4 |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
CODE | 0x00001000 | 0x00009d30 | 0x00009e00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.63 |
DATA | 0x0000b000 | 0x00000250 | 0x00000400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 2.75 |
BSS | 0x0000c000 | 0x00000e8c | 0x00000000 | IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
.idata | 0x0000d000 | 0x00000950 | 0x00000a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.43 |
.tls | 0x0000e000 | 0x00000008 | 0x00000000 | IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
.rdata | 0x0000f000 | 0x00000018 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ | 0.20 |
.reloc | 0x00010000 | 0x000008c4 | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ | 0.00 |
.rsrc | 0x00011000 | 0x00005aa4 | 0x00005c00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ | 5.05 |
偏移量 | 0x00010e00 |
大小 | 0x003038f0 |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
RT_ICON | 0x000112c4 | 0x00004228 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.48 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 0, next used block 0 |
RT_STRING | 0x00015ed8 | 0x000000ae | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.05 | data |
RT_STRING | 0x00015ed8 | 0x000000ae | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.05 | data |
RT_STRING | 0x00015ed8 | 0x000000ae | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.05 | data |
RT_STRING | 0x00015ed8 | 0x000000ae | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.05 | data |
RT_STRING | 0x00015ed8 | 0x000000ae | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.05 | data |
RT_STRING | 0x00015ed8 | 0x000000ae | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.05 | data |
RT_RCDATA | 0x00015f88 | 0x0000002c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.57 | data |
RT_GROUP_ICON | 0x00015fb4 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 1.92 | MS Windows icon resource - 1 icon, 64x64 |
RT_VERSION | 0x00015fc8 | 0x000004f4 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.59 | data |
RT_MANIFEST | 0x000164bc | 0x000005e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.12 | XML 1.0 document, ASCII text, with CRLF line terminators |
防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
---|---|---|
Bkav | W32.HfsAdware.216A | 20170214 |
MicroWorld-eScan | Application.Crack.PEU | 20170215 |
nProtect | 未发现病毒 | 20170214 |
CMC | 未发现病毒 | 20170214 |
CAT-QuickHeal | Hacktool.Autokms | 20170214 |
McAfee | Crack-KMS | 20170215 |
Malwarebytes | 未发现病毒 | 20170214 |
VIPRE | Trojan.Win32.Generic!BT | 20170214 |
SUPERAntiSpyware | 未发现病毒 | 20170215 |
K7AntiVirus | Unwanted-Program ( 004b92a41 ) | 20170214 |
K7GW | Unwanted-Program ( 004b92a41 ) | 20170214 |
TheHacker | 未发现病毒 | 20170211 |
Baidu | 未发现病毒 | 20170214 |
Cyren | W32/Application.YUNX-5147 | 20170214 |
Symantec | Trojan.Gen.2 | 20170214 |
ESET-NOD32 | a variant of MSIL/HackTool.IdleKMS.E potentially unsafe | 20170215 |
TrendMicro-HouseCall | 未发现病毒 | 20170215 |
Avast | 未发现病毒 | 20170215 |
ClamAV | 未发现病毒 | 20170215 |
Kaspersky | not-a-virus:NetTool.Win64.RPCHook.a | 20170215 |
BitDefender | Application.Crack.PEU | 20170215 |
NANO-Antivirus | 未发现病毒 | 20170214 |
AegisLab | Nettool.Win64.Rpchook!c | 20170214 |
Tencent | 未发现病毒 | 20170215 |
Endgame | malicious (moderate confidence) | 20170208 |
Sophos | KMS Activator (PUA) | 20170215 |
Comodo | Application.Win32.Amtar.amu | 20170214 |
F-Secure | Application.Crack.PEU | 20170214 |
DrWeb | Trojan.DownLoader23.22047 | 20170214 |
Zillya | 未发现病毒 | 20170214 |
Invincea | virus.win32.sality.at | 20170203 |
McAfee-GW-Edition | Crack-KMS | 20170214 |
Emsisoft | Application.Crack.PEU (B) | 20170214 |
F-Prot | 未发现病毒 | 20170215 |
Jiangmin | 未发现病毒 | 20170214 |
Webroot | Malicious | 20170215 |
Avira | 未发现病毒 | 20170215 |
Antiy-AVL | 未发现病毒 | 20170215 |
Kingsoft | 未发现病毒 | 20170215 |
Microsoft | HackTool:Win32/AutoKMS | 20170213 |
Arcabit | Application.Crack.PEU | 20170214 |
ViRobot | HackTool.3229424[h] | 20170214 |
GData | Application.Crack.PEU | 20170215 |
AVG | Generic37.BHCI | 20170214 |
AhnLab-V3 | HackTool/Win32.Crack.C509549 | 20170214 |
ALYac | 未发现病毒 | 20170215 |
AVware | Trojan.Win32.Generic!BT | 20170214 |
Ad-Aware | Application.Crack.PEU | 20170215 |
Zoner | 未发现病毒 | 20170214 |
Rising | 未发现病毒 | 20170215 |
Yandex | Riskware.NetTool! | 20170214 |
Ikarus | HackTool.Win32.AutoKMS | 20170214 |
Fortinet | Riskware/RPCHook | 20170214 |
VBA32 | 未发现病毒 | 20170214 |
Panda | 未发现病毒 | 20170214 |
CrowdStrike | 未发现病毒 | 20170130 |
Qihoo-360 | 未发现病毒 | 20170215 |
无主机纪录.
无TCP连接纪录.
无UDP连接纪录.
无域名信息.
无TCP连接纪录.
无UDP连接纪录.
未发现HTTP请求.
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
No TLS
No Suricata HTTP
文件名 | Setup Log 2016-10-18 #001.txt |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Temp\Setup Log 2016-10-18 #001.txt
|
文件大小 | 750 字节 |
文件类型 | ASCII text, with CRLF line terminators |
MD5 | 6b37065586623f28ab28f06091bb4ba8 |
SHA1 | 62fb3af251458bffebbaffdec4cb62befe0dc2e9 |
SHA256 | 22ce9d1ca717cdd6490fbbd3be9524789d36f8f73a3df64e48e3f40daea5c9a9 |
CRC32 | 0CF6B558 |
Ssdeep | 12:n+SXd4XjRmNdsXJZ/Qddj0/kFdjBOBOvCQpdc1wmdeMHhdOMrF1mVM6Q:n+cd4XMNdsHIddgmdjBOBOvpduNdeWhP |
下载 提交魔盾安全分析 显示文本 | |
2016-10-18 18:10:37.569 Log opened. (Time zone: UTC+08:00) 2016-10-18 18:10:37.584 Setup version: Inno Setup version 5.5.5 (a) 2016-10-18 18:10:37.584 Original Setup EXE: C:\Users\test\AppData\Local\Temp\KMSpico_setup.exe 2016-10-18 18:10:37.584 Setup command line: /SL5="$1015E,2952592,69120,C:\Users\test\AppData\Local\Temp\KMSpico_setup.exe" 2016-10-18 18:10:37.584 Windows version: 6.1.7601 SP1 (NT platform: Yes) 2016-10-18 18:10:37.584 64-bit Windows: Yes 2016-10-18 18:10:37.584 Processor architecture: x64 2016-10-18 18:10:37.584 User privileges: Administrative 2016-10-18 18:10:37.600 64-bit install mode: Yes 2016-10-18 18:10:37.631 Created temporary directory: C:\Users\test\AppData\Local\Temp\is-AU226.tmp |
文件名 | _setup64.tmp |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Temp\is-AU226.tmp\_isetup\_setup64.tmp
|
文件大小 | 6144 字节 |
文件类型 | PE32+ executable (console) x86-64, for MS Windows |
MD5 | 526426126ae5d326d0a24706c77d8c5c |
SHA1 | 68baec323767c122f74a269d3aa6d49eb26903db |
SHA256 | b20a8d88c550981137ed831f2015f5f11517aeb649c29642d9d61dea5ebc37d1 |
CRC32 | 21A57303 |
Ssdeep | 48:SvrzfWvPcXegCPUo1vlZQrAxoONfHFZONfH3d1xCWMBFNL2piSS4k+bkg6j0KHc:+fkcXegaJ/ZAYNzcld1xaX12pTSKvkc |
Yara |
|
下载 提交魔盾安全分析 |
文件名 | KMSpico_setup.tmp |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Temp\is-ASH21.tmp\KMSpico_setup.tmp
|
文件大小 | 720384 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | 1778c1f66ff205875a6435a33229ab3c |
SHA1 | 5b6189159b16c6f85feed66834af3e06c0277a19 |
SHA256 | 95c06acac4fe4598840e5556f9613d43aa1039c52dac64536f59e45a70f79da6 |
CRC32 | 4C871BD7 |
Ssdeep | 12288:0QszP8NRMXpc/rPx37/zHBA66pE+4p1YR71CERdH6rN9by7HaOMebmx9Ru:0QQP8YXpc/rPx37/zHBA6plp+51CErzf |
Yara |
|
下载 提交魔盾安全分析 |
文件名 | _shfoldr.dll |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Temp\is-AU226.tmp\_isetup\_shfoldr.dll
|
文件大小 | 23312 字节 |
文件类型 | PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
CRC32 | AE2C3EC2 |
Ssdeep | 384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4 |
魔盾安全分析结果 | 1.5 分析时间:2016-11-12 22:58:52 查看分析报告 |
下载 提交魔盾安全分析 |
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 83225 |
---|---|
Mongo ID | 58a429ca0d98260f2c7bb7fd |
Cuckoo release | 1.4-Maldun |