aa279ffc0a0f1bb3c4670be998cf01ef

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1992-Jun-19 22:22:17
Detected languages English - United States
Comments This installation was built with Inno Setup.
CompanyName
FileDescription KMSnano 24 Setup
FileVersion 24
LegalCopyright ByELDI
ProductName KMSnano 24
ProductVersion 24

Plugin Output

Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Can access the registry:
  • RegQueryValueExA
  • RegOpenKeyExA
  • RegCloseKey
Possibly launches other programs:
  • CreateProcessA
Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
Functions related to the privilege level:
  • OpenProcessToken
  • AdjustTokenPrivileges
Can shut the system down or lock the screen:
  • ExitWindowsEx
Suspicious The file contains overlay data. 30532738 bytes of data starting at offset 0x66800.
The overlay data has an entropy of 7.99999 and is possibly compressed or encrypted.
Overlay data amounts for 98.6436% of the executable.
Malicious VirusTotal score: 7/68 (Scanned on 2022-05-29 16:37:42) Elastic: malicious (moderate confidence)
ClamAV: Win.Tool.Kmsactivator-9872170-0
Zillya: Adware.Agent.Win32.83075
McAfee-GW-Edition: Crack-KMS
Jiangmin: HackTool.KMSAuto.od
McAfee: Crack-KMS
Panda: HackingTool/AutoKMS

Hashes

MD5 aa279ffc0a0f1bb3c4670be998cf01ef
SHA1 c121d1cad0940ae339f79197e4725774d9a8d696
SHA256 c26d1bf1a7b048775f27e0f32badad8d1496a5bd45a4711f2d202692fe1f0d94
SHA3 91189a0bd98ba4332cef79e98c266d63e871cb99a62bfef29dab672f5646d442
SSDeep 786432:v8sF1erv0uCneDu2qVF+XlOs6mT0/EpDySFneF+s84LI6Veq:v8G1erMuCnGujVg1l6//YyS4n8UIceq
Imports Hash 4fb639b17a439bf0efa713bd4c6e715b

DOS Header

e_magic MZ
e_cblp 0x50
e_cp 0x2
e_crlc 0
e_cparhdr 0x4
e_minalloc 0xf
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0x1a
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 8
TimeDateStamp 1992-Jun-19 22:22:17
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0x9400
SizeOfInitializedData 0x5d000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00009C18 (Section: CODE)
BaseOfCode 0x1000
BaseOfData 0xb000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 1.0
ImageVersion 6.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x6d000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x4000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

CODE

MD5 31d14cee911dc9bbb2edaf1f6ddbce5a
SHA1 3593b2674710ab5bacd06a30be84e9a9e5b4eccd
SHA256 54272d83c63dc1142a569537d2cb1bc6321c4bcd529793f07eb1875e804ffbc6
SHA3 73983e855bf6765132b8f83f68e8b3cd68703cfc709017195d1652357c04d103
VirtualSize 0x933c
VirtualAddress 0x1000
SizeOfRawData 0x9400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.55729

DATA

MD5 fdfb9f186687342407d6f000cea90719
SHA1 7ef6ea0d44b434dbca8555ffd1eca8cdbfb13f46
SHA256 fe928253624efe8c02fcd5e342ab93adfc52c15b6c6082c6e13b387db47d7de0
SHA3 6be6a96b54f3946e80f2a392d8fbea85b804e9ec36923c378e107b732836217a
VirtualSize 0x24c
VirtualAddress 0xb000
SizeOfRawData 0x400
PointerToRawData 0x9800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.76799

BSS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0xe4c
VirtualAddress 0xc000
SizeOfRawData 0
PointerToRawData 0x9c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata

MD5 bb5485bf968b970e5ea81292af2acdba
SHA1 40a39d9e8c8cecd5356ab96745d82d2ebfe17cfb
SHA256 d9ea6e80cc1edfdffa8d534a8c61448b19b74d683845b94ad6d9a543e5ceb8cf
SHA3 09274dc071547ce3dc33528de99c9ad5a9eb119600e5a61b3127f74cde6dcfbf
VirtualSize 0x950
VirtualAddress 0xd000
SizeOfRawData 0xa00
PointerToRawData 0x9c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.43073

.tls

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x8
VirtualAddress 0xe000
SizeOfRawData 0
PointerToRawData 0xa600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata

MD5 9ba824905bf9c7922b6fc87a38b74366
SHA1 f43ee83e6afa1c343ff6db68e13efde43471cbb6
SHA256 ad44157821ba24c07dd44f66940dd75adee9d6919a0577c5a75aa502637dddaa
SHA3 370eba5499bce03a18d462f5b9e6ee4598126f2a2243cc5fa1590c7c7245c5d7
VirtualSize 0x18
VirtualAddress 0xf000
SizeOfRawData 0x200
PointerToRawData 0xa600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_SHARED
Entropy 0.204488

.reloc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x8b4
VirtualAddress 0x10000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_SHARED

.rsrc

MD5 8de5b0a62ab098eeec35adfb8d75ea41
SHA1 8812f95d2021cb22a6d4166ba542161847f4a407
SHA256 c8a30906f4103f873662b8f7e48be1c0acb5b219e8de4509acceec2098783aaa
SHA3 315b3c2c80e223786898403b7d31749030556d57116350e456885a843003cf52
VirtualSize 0x5be20
VirtualAddress 0x11000
SizeOfRawData 0x5c000
PointerToRawData 0xa800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_SHARED
Entropy 4.33832

Imports

kernel32.dll DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
WideCharToMultiByte
TlsSetValue
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
GetLastError
GetCommandLineA
WriteFile
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetSystemTime
GetFileType
ExitProcess
CreateFileA
CloseHandle
user32.dll MessageBoxA
oleaut32.dll VariantChangeTypeEx
VariantCopyInd
VariantClear
SysStringLen
SysAllocStringLen
advapi32.dll RegQueryValueExA
RegOpenKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
kernel32.dll (#2) DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
WideCharToMultiByte
TlsSetValue
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
GetLastError
GetCommandLineA
WriteFile
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetSystemTime
GetFileType
ExitProcess
CreateFileA
CloseHandle
user32.dll (#2) MessageBoxA
comctl32.dll InitCommonControls
advapi32.dll (#2) RegQueryValueExA
RegOpenKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.87516
MD5 6325646d0245f744730f30f61c769afa
SHA1 bee8e0f4afc20cc6a116164c51ad75fc6bd1c2a1
SHA256 7a75637ccf38e5e03cd228468d0fc9de5a371ddcb2ccc67654ccc6b45dc35f1c
SHA3 146e89a180699f78524de24e5d8289e2cbc6d9fe580e9829861f27854f0d784f

2

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.68115
MD5 620171487c3f3caac29af29f5c8bab16
SHA1 cdaf344896ef65473280f64bc097cf762473c504
SHA256 6d117a8baa7e902fbe5dcb3f10091a89ae44e633ba4a13f302a05cfd233ef870
SHA3 5f1a4bf425d9f31cd6f345c3bea49d980174c1d1bbe3531f1396b6842a54c892

3

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.5143
MD5 8b3b627db425785bfd273b9219a9f04c
SHA1 64098f01dfb6f195486279145f723b58dc03b210
SHA256 ec43fcfbee1e38cac84105c546337363d30adc5bc45afec9b00e33b368c3a652
SHA3 564e4ecceb7e54a83becbf4d55acb0e1b3ee3026efccb5a1cde2a8c915d4b2e2

4

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.47637
MD5 8b4aa9e8658019005fbb393d73169e79
SHA1 fc5269e13301cd7eb25ac0bfcb1ba960da4f812c
SHA256 84a592d712627baf65d4f3de3c7c166fca1fb9df7f802f64e85503fb627b21e0
SHA3 01f85f26e5d6a56f628960b5128147d65c518bc5c901eb28805b9c245014e783

5

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x10828
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.34164
MD5 0f5a4777ad7345ad99cb17404223c4ea
SHA1 8ba726610135d92c8d60c0567781ef927d36afdb
SHA256 3771165bc5eb3991b0a5b4797c6b8f8efd2713181b731ecc38c472d2f1e3c625
SHA3 7e22f69ba4c476ac7089547aba637540883de272dd611c874c9f23a736bfdb4e

6

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x42028
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.20521
MD5 f25927a85b38874ae8dce04341fbc7c4
SHA1 8d9acc8c7050fcf78ad433d713dd2feab51cfcef
SHA256 b202fc9dc67a4163532235b9d92a535b5ef197dbff1f4c60db264961c48ba04b
SHA3 44f25b9aba48c0e2add018d73e5735e137c0a818af5226331fd8950bff1c1a55

4089

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x2f2
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.21823
MD5 bbf4b644f9dd284b35eb31573d0df2f7
SHA1 4f9885ae629e83464e313af5254ef86f01accd0b
SHA256 2c0d32398e3c95657a577c044cc32fe24fa058d0c32e13099b26fd678de8354f
SHA3 ebed2e4a929600c1460761d462143feb092840986b31c9748d3aeb8174d4205e

4090

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x30c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.31515
MD5 ac2a0551cb90f91d779ee8622682dfb1
SHA1 ff0db7d2f48d85ceb3539b21ebe9d0ca3443f1da
SHA256 840989e0a92f2746ae60b8e3efc1a39bcca17e82df3634c1643d76141fc75bb3
SHA3 58a85f5c53df73aa79e5f5a36aa151ca0d9da4d450ebc2975a3ee827b46342a5

4091

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x2ce
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.25024
MD5 c99b474c52df3049dfb38b5308f2827d
SHA1 7375e693629ce6bbd1a0419621d094bcd2c67bb7
SHA256 26bda4da3649a575157a6466468a0a86944756643855954120fd715f3c9c7f78
SHA3 c6013febd14dd876e3b81111ec17dd2724dbf4147b0ad7be9d03259bcb59fef3

4093

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x68
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.86149
MD5 aec4e28ea9db1361160cde225d158108
SHA1 249013a10cde021c713ba2dc8912f9e05be35735
SHA256 d786490af7fe66042fb4a7d52023f5a1442f9b5e65d067b9093d1a128a6af34c
SHA3 a067c4d88d719ed8d568951acb776bd798b691a8b153f8d94ba0574ede1fbf4c

4094

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xb4
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.20731
MD5 c76a8843204c0572bca24ada35abe8c7
SHA1 066052030d0a32310da8cb5a51d0590960a65f32
SHA256 00a0794f0a493c167f64ed8b119d49bdc59f76bb35e5c295dc047095958ee2fd
SHA3 07523cf88b3803ea41acfeb3c9c0c4b5b4b9fb6f9a3232802491d8de1b6c9166

4095

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xae
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.04592
MD5 4bd4f3f6d918ba49d8800ad83d277a86
SHA1 1f5e4c73965fea1d1f729efbe7568dcd081a2168
SHA256 34973a8a33b90ec734bd328198311f579666d5aeb04c94f469ebb822689de3c3
SHA3 2d01c56a5bf0b390addf4fb5b6ae02f9a64bd03ffd300d3763615bbb8ec911fe

11111

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x2c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.64917
MD5 357d89400083e578af6e77ad85add215
SHA1 ad5cda175bd50e48f233238c77ebb25bb942f44b
SHA256 44acb631e719c0b34e7a30f0f3eba1fc33b9900c39f75d0d8ce2891c2c28398a
SHA3 e1f91ee19cb364a4f9706ab6cdbbf556805e133e3e485ab14b49573a07a44312

MAINICON

Type RT_GROUP_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x5a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.55883
Detected Filetype Icon file
MD5 449480a90ad0a839859d412484d67bdc
SHA1 2531dd9720b0e88ab7fa0ed0ee725b6085a531cb
SHA256 178d2854b39b395fc6ece8e40cd897ff470a3c3d6c8c73705520d3a718ede8cb
SHA3 4a75bee8c4b0d7cc01b1add6430f9caf218f209e39461e444bf14b7691cfe09c

1 (#2)

Type RT_VERSION
Language English - United States
Codepage Latin 1 / Western European
Size 0x4b8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.60404
MD5 47d2fca1d3472bbb679b71337e60ba1a
SHA1 6d663130c138da7ce5b82bdad218602408c70a9e
SHA256 1de684d29fd463ce9e23df3ddf0571156acddb1ce1162377fddeea2e00efc920
SHA3 58d155b614b5295d15f2a98ace59911d1bec44d31f2ab38664ef8d873389865e

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x560
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.05007
MD5 8d7accca43bc3864983dbbb9af490005
SHA1 07ae72350bcbfedb5015a78efd74fcfd3bab11ac
SHA256 ec233469005d39f4f2673be991a0415318631a59c5976c35d4dd22db45226fd0
SHA3 d340127cbdd815e5c2dd4b44e8755c28512ad5e969b757cfcec6612b00e9d186

String Table contents

'%s' is not a valid integer value
'%s' is not a valid floating point value
'%s' is not a valid date
'%s' is not a valid time
'%s' is not a valid date and time
Invalid argument to time encode
Invalid argument to date encode
Out of memory
I/O error %d
File not found
Invalid filename
Too many open files
File access denied
Read beyond end of file
Disk full
Invalid numeric input
Division by zero
Range check error
Integer overflow
Invalid floating point operation
Floating point division by zero
Floating point overflow
Floating point underflow
Invalid pointer operation
Invalid class typecast
Access violation at address %p. %s of address %p
Stack overflow
Control-C hit
Privileged instruction
Operation aborted
Exception %s in module %s at %p.
%s%s
Application Error
Format '%s' invalid or incompatible with argument
No argument for format '%s'
Invalid variant type conversion
Invalid variant operation
Variant method calls not supported
Read
Write
Format result longer than 4096 characters
Format string too long
Error creating variant array
Variant is not an array
Variant array index out of bounds
External exception %x
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
January
February
March
April
May
June
July
August
September
October
November
December
Sun
Mon
Tue
Wed
Thu
Fri
Sat
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 24.0.0.0
ProductVersion 24.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments This installation was built with Inno Setup.
CompanyName
FileDescription KMSnano 24 Setup
FileVersion (#2) 24
LegalCopyright ByELDI
ProductName KMSnano 24
ProductVersion (#2) 24
Resource LangID English - United States

TLS Callbacks

StartAddressOfRawData 0x40e000
EndAddressOfRawData 0x40e008
AddressOfIndex 0x40c3d0
AddressOfCallbacks 0x40f010
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks (EMPTY)

Load Configuration

RICH Header

Errors

[*] Warning: directory 5 has a size of 0! This PE may have been manually crafted! [!] Error: Could not reach the requested directory (offset=0x0). [*] Warning: Section BSS has a size of 0! [*] Warning: Section .tls has a size of 0! [*] Warning: Section .reloc has a size of 0!
<-- -->