分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64 | 2016-09-14 14:21:17 | 2016-09-14 14:23:33 | 136 秒 |
文件名 | KMS8 V3.1.exe |
---|---|
文件大小 | 1025536 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | 7cf4fb3265b4faaaa1774f5493d69fbc |
SHA1 | 64138b1797a05f93bda9258427cb8ef5bb1ecff9 |
SHA256 | dc457322d941de70c95826df3536581aeb983d932fc5be2f976329a3d4bb9a61 |
SHA512 | ac06445ad4e98ca3069b3eba90de04c74666294cdf5304d294f7930748d9cabf570f5918bc3dbfcaab81156675cf315c61c1743037d145709cdb55a796639e58 |
CRC32 | FF91370F |
Ssdeep | 24576:w9EhuGKLvEe2cjS8ZmeN7Wp9BSr9IBShKVzh3G2FEnWX:w9EhuG+ETcjTmo7seRYGw3G2L |
Yara | 登录查看Yara规则 |
样本下载 提交误报 |
无主机纪录.
无域名信息.
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x0074a001 |
声明校验值 | 0x00000000 |
实际校验值 | 0x000fc197 |
最低操作系统版本要求 | 5.0 |
编译时间 | 2014-07-06 19:16:46 |
图标 | |
图标精确哈希值 | a1ae3b3cfb10378e86f791bca85721eb |
图标相似性哈希值 | c410277f1c47f0c709ad38fd4109d7a6 |
导出DLL库名称 | KMS8.exe |
FileVersion | |
---|---|
ProductVersion | |
Translation |
[u'ASProtect V2.X DLL -> Alexey Solodovnikov'] |
[u'ASPack v2.12 -> Alexey Solodovnikov'] |
[u'ASPack v2.12 -> Alexey Solodovnikov'] |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.text | 0x00001000 | 0x00211000 | 0x0008c600 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 8.00 |
.itext | 0x00212000 | 0x00002000 | 0x00000c00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.55 |
.data | 0x00214000 | 0x00014000 | 0x00003e00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.92 |
.bss | 0x00228000 | 0x000057bc | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
.idata | 0x0022e000 | 0x00004000 | 0x00001200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.82 |
.didata | 0x00232000 | 0x00001000 | 0x00000400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.19 |
.edata | 0x00233000 | 0x00001000 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 1.04 |
.tls | 0x00234000 | 0x00000040 | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
.rdata | 0x00235000 | 0x00001000 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.21 |
.reloc | 0x00236000 | 0x0002e000 | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
.rsrc | 0x00264000 | 0x000e6000 | 0x00056200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.99 |
.ap | 0x0034a000 | 0x00012000 | 0x00011600 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 6.71 |
.adata | 0x0035c000 | 0x00001000 | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
COR | 0x00267a2c | 0x00003600 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.99 | data |
COR | 0x00267a2c | 0x00003600 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.99 | data |
DAT | 0x002dbbac | 0x00002c7c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
DAT | 0x002dbbac | 0x00002c7c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
DAT | 0x002dbbac | 0x00002c7c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
PRO | 0x00331c28 | 0x00001000 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
PRO | 0x00331c28 | 0x00001000 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
PRO | 0x00331c28 | 0x00001000 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
PRO | 0x00331c28 | 0x00001000 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
PRO | 0x00331c28 | 0x00001000 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
PRO | 0x00331c28 | 0x00001000 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
XM | 0x00332c28 | 0x00000aab | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
RT_CURSOR | 0x00333e0c | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
RT_CURSOR | 0x00333e0c | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
RT_CURSOR | 0x00333e0c | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
RT_CURSOR | 0x00333e0c | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
RT_CURSOR | 0x00333e0c | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
RT_CURSOR | 0x00333e0c | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
RT_CURSOR | 0x00333e0c | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
RT_ICON | 0x0034b894 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.17 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0034b894 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.17 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0034b894 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.17 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0034b894 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.17 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0034b894 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.17 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0034b894 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.17 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0034b894 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.17 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0034b894 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.17 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0034b894 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.17 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0034b894 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.17 | GLS_BINARY_LSB_FIRST |
RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
RT_RCDATA | 0x00348710 | 0x00000956 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
RT_RCDATA | 0x00348710 | 0x00000956 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
RT_RCDATA | 0x00348710 | 0x00000956 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
RT_RCDATA | 0x00348710 | 0x00000956 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
RT_GROUP_CURSOR | 0x003490e0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
RT_GROUP_CURSOR | 0x003490e0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
RT_GROUP_CURSOR | 0x003490e0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
RT_GROUP_CURSOR | 0x003490e0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
RT_GROUP_CURSOR | 0x003490e0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
RT_GROUP_CURSOR | 0x003490e0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
RT_GROUP_CURSOR | 0x003490e0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
RT_GROUP_ICON | 0x0034b800 | 0x00000092 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.90 | MS Windows icon resource - 10 icons, 48x48, 16-colors |
RT_VERSION | 0x0034b6c0 | 0x00000140 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.00 | MIPSEB-LE MIPS-III ECOFF executable not stripped - version 0.79 |
RT_MANIFEST | 0x0034b3c4 | 0x000002fb | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.16 | XML document text |
序列 | 地址 | 名称 |
---|---|---|
1 | 0x4613cc | TMethodImplementationIntercept |
防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
---|---|---|
Bkav | W32.Clod413.Trojan.ba40 | 20160913 |
MicroWorld-eScan | Application.Tool.SIV | 20160914 |
nProtect | 未发现病毒 | 20160914 |
CMC | 未发现病毒 | 20160912 |
CAT-QuickHeal | (Suspicious) - DNAScan | 20160913 |
McAfee | Generic.dx!7CF4FB3265B4 | 20160914 |
Malwarebytes | HackTool.KMS | 20160914 |
Zillya | Trojan.Agent.Win32.584192 | 20160912 |
TheHacker | 未发现病毒 | 20160911 |
BitDefender | Application.Tool.SIV | 20160914 |
K7GW | Unwanted-Program ( 004bf4e51 ) | 20160914 |
K7AntiVirus | Unwanted-Program ( 004bf4e51 ) | 20160913 |
TrendMicro | TROJ_SPNR.29H714 | 20160914 |
Baidu | 未发现病毒 | 20160913 |
F-Prot | 未发现病毒 | 20160914 |
Symantec | Trojan.Gen.2 | 20160914 |
TotalDefense | 未发现病毒 | 20160907 |
TrendMicro-HouseCall | TROJ_SPNR.29H714 | 20160914 |
Avast | 未发现病毒 | 20160914 |
ClamAV | Win.Tool.Spnr-5 | 20160913 |
Kaspersky | not-a-virus:RiskTool.Win32.ProcPatcher.aat | 20160914 |
Alibaba | 未发现病毒 | 20160913 |
NANO-Antivirus | Riskware.Win64.HackKMS.eaczdd | 20160913 |
ViRobot | Trojan.Win32.S.Agent.1025536.A[h] | 20160913 |
SUPERAntiSpyware | Trojan.Agent/Generic | 20160914 |
Rising | Malware.Heuristic!ET (rdm+) | 20160914 |
Ad-Aware | Application.Tool.SIV | 20160914 |
Sophos | KMS Activator (PUA) | 20160914 |
Comodo | UnclassifiedMalware | 20160912 |
F-Secure | Application.Tool.SIV | 20160914 |
DrWeb | 未发现病毒 | 20160914 |
VIPRE | Trojan.Win32.Generic!BT | 20160914 |
Invincea | generic.a | 20160912 |
McAfee-GW-Edition | BehavesLike.Win32.Fujacks.fc | 20160913 |
Emsisoft | 未发现病毒 | 20160914 |
Cyren | W32/Trojan.SHMM-9220 | 20160914 |
Jiangmin | RiskTool.ProcPatcher.q | 20160914 |
Avira | 未发现病毒 | 20160914 |
Antiy-AVL | Trojan/Win32.TSGeneric | 20160914 |
Kingsoft | 未发现病毒 | 20160914 |
Microsoft | 未发现病毒 | 20160914 |
Arcabit | Application.Tool.SIV | 20160914 |
AegisLab | Patched3.C.Gen|2|103!c | 20160914 |
GData | Application.Tool.SIV | 20160914 |
AhnLab-V3 | Trojan/Win32.Agent.R114193 | 20160913 |
ALYac | 未发现病毒 | 20160914 |
AVware | Trojan.Win32.Generic!BT | 20160914 |
VBA32 | 未发现病毒 | 20160913 |
Zoner | 未发现病毒 | 20160914 |
ESET-NOD32 | a variant of Win32/HackKMS.P potentially unsafe | 20160914 |
Tencent | 未发现病毒 | 20160914 |
Yandex | 未发现病毒 | 20160913 |
Ikarus | Trojan.Hijacker | 20160913 |
Fortinet | 未发现病毒 | 20160914 |
AVG | Patched4_c.KSH | 20160914 |
Panda | 未发现病毒 | 20160913 |
CrowdStrike | malicious_confidence_70% (W) | 20160725 |
Qihoo-360 | Win32/Trojan.d54 | 20160914 |
无主机纪录.
无TCP连接纪录.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.69 | 52766 | 192.168.122.1 | 53 |
192.168.122.69 | 58396 | 192.168.122.1 | 53 |
192.168.122.69 | 63333 | 192.168.122.1 | 53 |
192.168.122.69 | 64810 | 192.168.122.1 | 53 |
192.168.122.69 | 65401 | 192.168.122.1 | 53 |
无域名信息.
无TCP连接纪录.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.69 | 52766 | 192.168.122.1 | 53 |
192.168.122.69 | 58396 | 192.168.122.1 | 53 |
192.168.122.69 | 63333 | 192.168.122.1 | 53 |
192.168.122.69 | 64810 | 192.168.122.1 | 53 |
192.168.122.69 | 65401 | 192.168.122.1 | 53 |
未发现HTTP请求.
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
No TLS
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 17813 |
---|---|
Mongo ID | 57d8ecef4d3bd045a8f49d93 |
Cuckoo release | 1.4-Maldun |