Server Load
WIN7Activation.exe    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:WIN7Activation.exe
file type:EXEx86
Submission time:2018-10-11 21:00:45
Threat level:malicious
MD5:587c0e88bb254fd7cbe95bd182c1005f
sha256:14d4c01f684f671c63185a2a5effb6561f1a8503fb4e0b722e51a9c650413c6e
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Abnormal flow detection system:0
Hunting system:0
DGA domain name recognition system:0
Network behavior report
domains:0
dns:0
http:0
Document release report
file name:nst7EB6.tmp
file type:empty
file size:0
MD5:d41d8cd98f00b204e9800998ecf8427e
file name:ns5BAB.tmp
file type:PE32 executable (console) Intel 80386, for MS Windows
file size:6656
MD5:e2347a65b30ccc5b2c4230daaeefb897
file name:Play32.dat
file type:7-zip archive data, version 0.4
file size:2696906
MD5:6688f13264ebe2ebd8050a0e46f087dd
file name:win7activation.dat
file type:7-zip archive data, version 0.4
file size:6311451
MD5:4411c037f6012b959d64078ea076981a
file name:system.dll
file type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
file size:11776
MD5:b0c77267f13b2f87c084fd86ef51ccfc
file name:play3.dat
file type:7-zip archive data, version 0.4
file size:7335
MD5:bc7ad440f49bfcea18cb3c5fc864972e
file name:kmspico3.exe
file type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, RAR self-extracting archive
file size:713396
MD5:e1d3e20e41b850f35fb2c41715b690c5
file name:nsprocess.dll
file type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
file size:4096
MD5:05450face243b3a7472407b999b03a72
file name:play4.dat
file type:7-zip archive data, version 0.4
file size:13287
MD5:c6b59214c6abc60be59659756f154422
file name:nsexec.dll
file type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
file size:6656
MD5:1f49d8af9be9e915d54b2441c4a79adf
file name:7z.exe
file type:PE32 executable (console) Intel 80386, for MS Windows
file size:289792
MD5:83f9dac72ff0d23b011aa306c1e10c1c
file name:7z.dll
file type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
file size:1137152
MD5:bf9082a24138f8205f6115efec4fb1fb
file name:play6.dat
file type:7-zip archive data, version 0.4
file size:2167
MD5:20c433d70508da7b03e78bb9aba3ff8a
file name:win7activation.exe
file type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
file size:6326240
MD5:420b45049ea1686ea062cb87587036c8
file name:mwe4nm.sys
file type:PE32 executable (native) Intel 80386, for MS Windows
file size:56192
MD5:bf8f6af06da75b336f07e23aef97d93b
file name:play1.dat
file type:7-zip archive data, version 0.4
file size:36936
MD5:94cc01749136fb158483abb533385c26
file name:play7.dat
file type:7-zip archive data, version 0.4
file size:701178
MD5:40b1609187542d48d02b5bcb164e3442
file name:play32.dat
file type:7-zip archive data, version 0.4
file size:2696906
MD5:3ce8858966e5d200981df420bbcea843
file name:play5.dat
file type:7-zip archive data, version 0.4
file size:4599
MD5:86cbdc67b7f520c41df8193507cdaf43
file name:nsscm.dll
file type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
file size:5632
MD5:62efa7b730eb0523a026ea4325403b77
file name:play2.dat
file type:7-zip archive data, version 0.4
file size:28984
MD5:713c7b3aea6167f69457c8c9fe1cbc93
File process number report
Process details:0
Document behavior signature report
api:NtCreateFile
category:file
type:call
api:NtCreateFile
category:file
type:call
api:NtCreateFile
category:file
type:call
api:NtCreateFile
category:file
type:call
api:NtCreateFile
category:file
type:call
api:NtCreateFile
category:file
type:call
api:NtCreateFile
category:file
type:call
api:NtCreateFile
category:file
type:call
api:NtCreateFile
category:file
type:call
api:NtCreateFile
category:file
type:call
api:NtCreateFile
category:file
type:call
api:NtCreateFile
category:file
type:call
api:NtCreateFile
category:file
type:call
category:file
ioc:C:UsersvbccsbAppDataLocalTemp sd861F.tmp
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTempPlay4.dat
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTempPlay3.dat
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTempWIN7Activation.exe
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTemp sd919A.tmp s3DF1.tmp
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTemp sa904B.tmp sExec.dll
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTempPlay32.dat.tmp
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTempPlay5.dat
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTemp sd919A.tmp s9DEF.tmp
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTemp sa904B.tmp s5BAB.tmp
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTemp sd919A.tmp
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTemp sa904B.tmpSystem.dll
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTemp sa904B.tmp sProcess.dll
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTemp sd919A.tmp sA961.tmp
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTemp sd919A.tmp sExec.dll
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTempPlay1.dat
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTemp st7EB6.tmp
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTemp sd919A.tmpBase64.dll
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTempPlay2.dat
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTemp sd919A.tmpSystem.dll
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTemp7z.exe
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTemp7z.dll
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTempPlay6.dat
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTempKMSpico3.exe
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTempPlay7.dat
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTempWIN7Activation.dat
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTemp sd919A.tmp s31D3.tmp
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTempPlay32.dat
type:ioc
category:file
ioc:C:WindowsSystem32MWE4Nm.sys
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTemp sa904B.tmp
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTemp sd919A.tmp sSCM.dll
type:ioc
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
category:file
ioc:C:UsersvbccsbAppDataLocalTempPlay32.dat
type:ioc
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
category:url
ioc:http://nsis.sf.net/NSIS_Error
type:ioc
category:url
ioc:http://win3.zhfcxd.com/ws10-200-
type:ioc
category:url
ioc:http://win3.zhfcxd.com/bs10-300-
type:ioc
category:url
ioc:http://win3.zhfcxd.com/bs10-404-
type:ioc
category:url
ioc:http://www.2345.com/?35176
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTemp sa904B.tmpSystem.dll
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTemp sa904B.tmp sProcess.dll
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTemp sd919A.tmpSystem.dll
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTemp sd919A.tmp sExec.dll
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTemp7z.exe
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTemp7z.dll
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTempWIN7Activation.exe
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTemp sa904B.tmp sExec.dll
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTemp sd919A.tmp sSCM.dll
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTempKMSpico3.exe
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTemp sd919A.tmpBase64.dll
type:ioc
api:SetFileAttributesW
category:file
type:call
api:SetFileAttributesW
category:file
type:call
api:SetFileAttributesW
category:file
type:call
api:LookupPrivilegeValueW
category:system
type:call
api:LookupPrivilegeValueW
category:system
type:call
api:LookupPrivilegeValueW
category:system
type:call
api:LookupPrivilegeValueW
category:system
type:call
api:LookupPrivilegeValueW
category:system
type:call
api:LookupPrivilegeValueW
category:system
type:call
api:LookupPrivilegeValueW
category:system
type:call
api:LookupPrivilegeValueW
category:system
type:call
api:LookupPrivilegeValueW
category:system
type:call
api:LookupPrivilegeValueW
category:system
type:call
api:LookupPrivilegeValueW
category:system
type:call
api:LookupPrivilegeValueW
category:system
type:call
category:0
ioc:0
type:generic
category:0
ioc:0
type:generic
category:0
ioc:0
type:generic
category:0
ioc:0
type:generic
category:0
ioc:0
type:generic
category:0
ioc:0
type:generic
category:0
ioc:0
type:generic
category:0
ioc:0
type:generic
category:0
ioc:0
type:generic
category:0
ioc:0
type:generic
Static information
PE section table information
Section name:.text
Virtual address:0x00001000
Physical address:0x00000400
Physical size:0x00006000
Section permissions:R-E
Section name:.rdata
Virtual address:0x00007000
Physical address:0x00006400
Physical size:0x00001400
Section permissions:R--
Section name:.data
Virtual address:0x00009000
Physical address:0x00007800
Physical size:0x00000600
Section permissions:RW-
Section name:.ndata
Virtual address:0x0002f000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:RW-
Section name:.rsrc
Virtual address:0x00038000
Physical address:0x00007e00
Physical size:0x00011400
Section permissions:R--
PE basic information
import_hash:b76363e9cb88bf9390860da8e50999d2
time_stamp:2016-04-02 11:20:13
entry_point_section:.text
entry_point_section:.text
image_base:0x400000
entry_point:0x312a
PE resource information
name:RT_ICON
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x000381c0
size:0x00010828
name:RT_ICON
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x000489e8
size:0x00000128
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x00048b10
size:0x00000202
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x00048d18
size:0x000000f8
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x00048e10
size:0x000000ee
name:RT_GROUP_ICON
language:LANG_ENGLISH
filetype:MS Windows icon resource - 1 icon
sublanguage:SUBLANG_ENGLISH_US
offset:0x00048f00
size:0x00000022
name:RT_MANIFEST
language:LANG_ENGLISH
filetype:XML document text
sublanguage:SUBLANG_ENGLISH_US
offset:0x00048f28
size:0x000003be

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

京公网安备 11010802020746号