Server Load
KMSpico_setup.exe    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis
Basic Information
file name:KMSpico_setup.exe
file type:EXEx86
Submission time:2018-08-23 08:54:53
Threat level:malicious
MD5:a02164371a50c5ff9fa2870ef6e8cfa3
sha256:64c731adbe1b96cb5765203b1e215093dcf268d020b299445884a4ae62ed2d3a
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Abnormal flow detection system:0
Hunting system:0
DGA domain name recognition system:0
Network behavior report
domains:0
dns:0
http:0
Document release report
File release report not detected
File process number report
Process details:0
Document behavior signature report
api:IsDebuggerPresent
category:system
type:call
api:LoadResource
category:resource
type:call
api:FindResourceExW
category:resource
type:call
category:BSS
ioc:0x00000000
type:ioc
category:.tls
ioc:0x00000000
type:ioc
category:.reloc
ioc:0x00000000
type:ioc
api:NtCreateFile
category:file
type:call
api:NtCreateFile
category:file
type:call
api:NtCreateFile
category:file
type:call
api:NtCreateFile
category:file
type:call
api:NtCreateFile
category:file
type:call
api:NtCreateFile
category:file
type:call
api:NtCreateFile
category:file
type:call
api:NtProtectVirtualMemory
category:process
type:call
api:NtProtectVirtualMemory
category:process
type:call
api:NtProtectVirtualMemory
category:process
type:call
api:NtProtectVirtualMemory
category:process
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
Static information
PE section table information
Section name:CODE
Virtual address:0x00001000
Physical address:0x00000400
Physical size:0x00009e00
Section permissions:R-E
Section name:DATA
Virtual address:0x0000b000
Physical address:0x0000a200
Physical size:0x00000400
Section permissions:RW-
Section name:BSS
Virtual address:0x0000c000
Physical address:0x0000a600
Physical size:0x00000000
Section permissions:RW-
Section name:.idata
Virtual address:0x0000d000
Physical address:0x0000a600
Physical size:0x00000a00
Section permissions:RW-
Section name:.tls
Virtual address:0x0000e000
Physical address:0x0000b000
Physical size:0x00000000
Section permissions:RW-
Section name:.rdata
Virtual address:0x0000f000
Physical address:0x0000b000
Physical size:0x00000200
Section permissions:R--
Section name:.reloc
Virtual address:0x00010000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:R--
Section name:.rsrc
Virtual address:0x00011000
Physical address:0x0000b200
Physical size:0x00005c00
Section permissions:R--
PE basic information
import_hash:884310b1928934402ea6fec1dbd3cf5e
time_stamp:1992-06-20 06:22:17
entry_point_section:CODE
entry_point_section:CODE
image_base:0x400000
entry_point:0xa5f8
PE resource information
name:RT_ICON
language:LANG_ENGLISH
filetype:dBase IV DBT of 200.DBF, blocks size 64, block length 16896, next free block index 40, 1st item \"377377377\001377377377\001377377377\001377377377\001377377377\001377377377\001377377377\001377377377\001377377377\001377377377\001377377377\001377377377\001377377377\001377377377\001377377377\001377377377\"
sublanguage:SUBLANG_ENGLISH_US
offset:0x000112c4
size:0x00004228
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00015ed8
size:0x000000ae
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00015ed8
size:0x000000ae
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00015ed8
size:0x000000ae
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00015ed8
size:0x000000ae
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00015ed8
size:0x000000ae
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00015ed8
size:0x000000ae
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00015f88
size:0x0000002c
name:RT_GROUP_ICON
language:LANG_ENGLISH
filetype:MS Windows icon resource - 1 icon
sublanguage:SUBLANG_ENGLISH_US
offset:0x00015fb4
size:0x00000014
name:RT_VERSION
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x00015fc8
size:0x000004f4
name:RT_MANIFEST
language:LANG_ENGLISH
filetype:XML document text
sublanguage:SUBLANG_ENGLISH_US
offset:0x000164bc
size:0x000005e8

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

京公网安备 11010802020746号