win10key.exe

First submission 2024-10-15 18:43:03

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 6078.5 KB (6224384 bytes)
Compile time: 2020-11-22 12:33:03
MD5: 11205f15a2dc7c76c9bd555d4163f80d
SHA1: 01c1f0debf7c81562c9ca48994793ae94b251117
SHA256: 98fe499fc7070f2c91b721739c81055a52be7cc0ad664e69cd52a4d131a1e8b6
Import Hash : afcdf79be1557326c854b6e20cb900a7
Sections 5 .text .rdata .data .rsrc .reloc
Directories 4 import resource debug relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 52/79 VT report date: 2024-08-05 14:00:59
Malware Type 3 hacktool trojan pua
Threat Type 3 kmsactivator hackkms kmsauto

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://101.34.82.183/win10key.exe VirusTotal Report 101.34.82.183 VirusTotal Report 2024-10-15 18:43:03

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x8dd2e 581120 6ca4f81d951a00335345adcc6c9699211bfef144 c2c2260508750422d20cd5cbb116b146
.rdata 0x8f000 0x2e10e 188928 57b47ecaac29f80d8daf40951c7d7f4f16ac6d05 4513b58651e3d8d87c81a396e5b2f1d1
.data 0xbe000 0x8f74 20992 bd045801410191cce6558498902a89353b03fcb6 c2de4a3d214eae7e87c7bfc06bd79775
.rsrc 0xc7000 0x527050 5403136 c744ace9f619639857e092846b32c13ec7f725a6 dcb875a2284a24215228359e6e32e75d
.reloc 0x5ef000 0x7130 29184 55df6e389cdefeadf102dce6c3b142530d4153c5 1254908a9a03d2bcf12045d49cd572b9

PE Resources 6

Name Language Sublanguage Offset Size Data
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_UK 0x10cb80 1128
RT_STRING LANG_ENGLISH SUBLANG_ENGLISH_UK 0x10f158 344
RT_RCDATA LANG_NEUTRAL SUBLANG_NEUTRAL 0x10f2b0 5104543