28097a5953297846d70c3752eb375a1c9e1feaf9b89c533d945bb451f156eee2

Sharing

Copy URL Twitter E-mail

General

Target

28097a5953297846d70c3752eb375a1c9e1feaf9b89c533d945bb451f156eee2
Size

6.9MB
MD5

e6266192c50cf577e92e9880d363dfa8
SHA1

2861c7731915aad154eff14a84e20e3e3ac0d2d5
SHA256

28097a5953297846d70c3752eb375a1c9e1feaf9b89c533d945bb451f156eee2
SHA512

16baa55c0b9f4984e524d4b7cd1f9415673ab5461ca062083dc68813cebfe7c849f2403dd25964c4fb6c9b3c4bd547a37797d2ed0e1000da3c4151504feb0320
SSDEEP

196608:/c+qazRMmoYx20RhITNFBIcLH6nRvLOnMrNxThm9wzfo27arbJD9:/NqazejYxn3oNFBIcLudOMr7TJzd7aff

Score

8^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/Womcc_m/D3DX81ab.dll	aspack_v212_v242

Files

28097a5953297846d70c3752eb375a1c9e1feaf9b89c533d945bb451f156eee2
.rar
Womcc_m/ActiveXImmunity.ini
Womcc_m/Adv.dat
Womcc_m/Big5.dat
Womcc_m/Book.ico
Womcc_m/D3DX81ab.dll
.dll windows x86

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:c3:6c:b4:37:14:55:14:42:10:e5:08:4d:64:d2:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

19/10/2007, 00:00

Not After

18/10/2008, 23:59

Subject

CN=成都共软网络科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=成都共软网络科技有限公司,L=成都市,ST=四川省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

06:f1:21:4b:8a:99:29:15:10:e8:ec:78:7f:10:b6:f9:3c:14:4f:a3
Signer

Actual PE Digest

06:f1:21:4b:8a:99:29:15:10:e8:ec:78:7f:10:b6:f9:3c:14:4f:a3

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=成都共软网络科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=成都共软网络科技有限公司,L=成都市,ST=四川省,C=CN

24/11/2022, 14:54
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

D3DXAssembleShader
D3DXAssembleShaderFromFileA
D3DXAssembleShaderFromFileW
D3DXAssembleShaderFromResourceA
D3DXAssembleShaderFromResourceW
D3DXBoxBoundProbe
D3DXCheckCubeTextureRequirements
D3DXCheckTextureRequirements
D3DXCheckVolumeTextureRequirements
D3DXCleanMesh
D3DXColorAdjustContrast
D3DXColorAdjustSaturation
D3DXComputeBoundingBox
D3DXComputeBoundingSphere
D3DXComputeNormalMap
D3DXComputeNormals
D3DXComputeTangent
D3DXConvertMeshSubsetToSingleStrip
D3DXConvertMeshSubsetToStrips
D3DXCreateBox
D3DXCreateBuffer
D3DXCreateCubeTexture
D3DXCreateCubeTextureFromFileA
D3DXCreateCubeTextureFromFileExA
D3DXCreateCubeTextureFromFileExW
D3DXCreateCubeTextureFromFileInMemory
D3DXCreateCubeTextureFromFileInMemoryEx
D3DXCreateCubeTextureFromFileW
D3DXCreateCubeTextureFromResourceA
D3DXCreateCubeTextureFromResourceExA
D3DXCreateCubeTextureFromResourceExW
D3DXCreateCubeTextureFromResourceW
D3DXCreateCylinder
D3DXCreateEffect
D3DXCreateEffectFromFileA
D3DXCreateEffectFromFileW
D3DXCreateEffectFromResourceA
D3DXCreateEffectFromResourceW
D3DXCreateFont
D3DXCreateFontIndirect
D3DXCreateMatrixStack
D3DXCreateMesh
D3DXCreateMeshFVF
D3DXCreatePMeshFromStream
D3DXCreatePolygon
D3DXCreateRenderToEnvMap
D3DXCreateRenderToSurface
D3DXCreateSPMesh
D3DXCreateSkinMesh
D3DXCreateSkinMeshFVF
D3DXCreateSkinMeshFromMesh
D3DXCreateSphere
D3DXCreateSprite
D3DXCreateTeapot
D3DXCreateTextA
D3DXCreateTextW
D3DXCreateTexture
D3DXCreateTextureFromFileA
D3DXCreateTextureFromFileExA
D3DXCreateTextureFromFileExW
D3DXCreateTextureFromFileInMemory
D3DXCreateTextureFromFileInMemoryEx
D3DXCreateTextureFromFileW
D3DXCreateTextureFromResourceA
D3DXCreateTextureFromResourceExA
D3DXCreateTextureFromResourceExW
D3DXCreateTextureFromResourceW
D3DXCreateTorus
D3DXCreateVolumeTexture
D3DXCreateVolumeTextureFromFileA
D3DXCreateVolumeTextureFromFileExA
D3DXCreateVolumeTextureFromFileExW
D3DXCreateVolumeTextureFromFileInMemory
D3DXCreateVolumeTextureFromFileInMemoryEx
D3DXCreateVolumeTextureFromFileW
D3DXCreateVolumeTextureFromResourceA
D3DXCreateVolumeTextureFromResourceExA
D3DXCreateVolumeTextureFromResourceExW
D3DXCreateVolumeTextureFromResourceW
D3DXDeclaratorFromFVF
D3DXFVFFromDeclarator
D3DXFillCubeTexture
D3DXFillTexture
D3DXFillVolumeTexture
D3DXFilterTexture
D3DXFresnelTerm
D3DXGeneratePMesh
D3DXGetErrorStringA
D3DXGetErrorStringW
D3DXGetFVFVertexSize
D3DXGetImageInfoFromFileA
D3DXGetImageInfoFromFileInMemory
D3DXGetImageInfoFromFileW
D3DXGetImageInfoFromResourceA
D3DXGetImageInfoFromResourceW
D3DXIntersect
D3DXIntersectSubset
D3DXIntersectTri
D3DXLoadMeshFromX
D3DXLoadMeshFromXInMemory
D3DXLoadMeshFromXResource
D3DXLoadMeshFromXof
D3DXLoadSkinMeshFromXof
D3DXLoadSurfaceFromFileA
D3DXLoadSurfaceFromFileInMemory
D3DXLoadSurfaceFromFileW
D3DXLoadSurfaceFromMemory
D3DXLoadSurfaceFromResourceA
D3DXLoadSurfaceFromResourceW
D3DXLoadSurfaceFromSurface
D3DXLoadVolumeFromFileA
D3DXLoadVolumeFromFileInMemory
D3DXLoadVolumeFromFileW
D3DXLoadVolumeFromMemory
D3DXLoadVolumeFromResourceA
D3DXLoadVolumeFromResourceW
D3DXLoadVolumeFromVolume
D3DXMatrixAffineTransformation
D3DXMatrixInverse
D3DXMatrixLookAtLH
D3DXMatrixLookAtRH
D3DXMatrixMultiply
D3DXMatrixMultiplyTranspose
D3DXMatrixOrthoLH
D3DXMatrixOrthoOffCenterLH
D3DXMatrixOrthoOffCenterRH
D3DXMatrixOrthoRH
D3DXMatrixPerspectiveFovLH
D3DXMatrixPerspectiveFovRH
D3DXMatrixPerspectiveLH
D3DXMatrixPerspectiveOffCenterLH
D3DXMatrixPerspectiveOffCenterRH
D3DXMatrixPerspectiveRH
D3DXMatrixReflect
D3DXMatrixRotationAxis
D3DXMatrixRotationQuaternion
D3DXMatrixRotationX
D3DXMatrixRotationY
D3DXMatrixRotationYawPitchRoll
D3DXMatrixRotationZ
D3DXMatrixScaling
D3DXMatrixShadow
D3DXMatrixTransformation
D3DXMatrixTranslation
D3DXMatrixTranspose
D3DXMatrixfDeterminant
D3DXPlaneFromPointNormal
D3DXPlaneFromPoints
D3DXPlaneIntersectLine
D3DXPlaneNormalize
D3DXPlaneTransform
D3DXQuaternionBaryCentric
D3DXQuaternionExp
D3DXQuaternionInverse
D3DXQuaternionLn
D3DXQuaternionMultiply
D3DXQuaternionNormalize
D3DXQuaternionRotationAxis
D3DXQuaternionRotationMatrix
D3DXQuaternionRotationYawPitchRoll
D3DXQuaternionSlerp
D3DXQuaternionSquad
D3DXQuaternionSquadSetup
D3DXQuaternionToAxisAngle
D3DXSaveMeshToX
D3DXSaveSurfaceToFileA
D3DXSaveSurfaceToFileW
D3DXSaveTextureToFileA
D3DXSaveTextureToFileW
D3DXSaveVolumeToFileA
D3DXSaveVolumeToFileW
D3DXSimplifyMesh
D3DXSphereBoundProbe
D3DXSplitMesh
D3DXTessellateNPatches
D3DXValidMesh
D3DXVec2BaryCentric
D3DXVec2CatmullRom
D3DXVec2Hermite
D3DXVec2Normalize
D3DXVec2Transform
D3DXVec2TransformCoord
D3DXVec2TransformNormal
D3DXVec3BaryCentric
D3DXVec3CatmullRom
D3DXVec3Hermite
D3DXVec3Normalize
D3DXVec3Project
D3DXVec3Transform
D3DXVec3TransformCoord
D3DXVec3TransformNormal
D3DXVec3Unproject
D3DXVec4BaryCentric
D3DXVec4CatmullRom
D3DXVec4Cross
D3DXVec4Hermite
D3DXVec4Normalize
D3DXVec4Transform
D3DXWeldVertices

Sections

.text
Size: 229KB - Virtual size: 508KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 31KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Womcc_m/Devs.Dat
Womcc_m/Empty.ico
Womcc_m/JEDEC.dat
Womcc_m/LIGHTMAP.PNG
.png
Womcc_m/Malicious.dat
Womcc_m/MonV.Dat
Womcc_m/PortsList.inf
Womcc_m/SPLib.dat
Womcc_m/SelfRegChg.ini
Womcc_m/Set.ini
Womcc_m/UpdateServer.ini
Womcc_m/Wopti.url
.url
Womcc_m/WoptiAntiHook.dll
.dll windows x86

fffa4bfef345d8a799d7b9b9c853fa42

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA

kernel32

LocalReAlloc
DeleteCriticalSection
TlsFree
SetErrorMode
WritePrivateProfileStringA
GlobalFlags
InterlockedIncrement
GetVersionExA
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
WriteFile
SetFilePointer
FlushFileBuffers
GetThreadLocale
GetCurrentProcess
GetCPInfo
GetOEMCP
VirtualAlloc
HeapReAlloc
GetCommandLineA
RtlUnwind
ExitProcess
RaiseException
HeapSize
TlsSetValue
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetACP
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetFileInformationByHandle
HeapAlloc
GetProcessHeap
ReadFile
HeapFree
CloseHandle
TerminateProcess
GetSystemDirectoryA
GetModuleFileNameA
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
GetLastError
CompareStringA
GetVersion
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFree
GlobalUnlock
FormatMessageA
LocalFree
GetCurrentProcessId
GlobalAddAtomA
GetProcAddress
InterlockedDecrement
GetModuleFileNameW
SetLastError
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
FindResourceA
LoadResource
LockResource
SizeofResource
GlobalLock
lstrcmpA
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
GetModuleHandleA

user32

ShowWindow
GetSysColorBrush
LoadCursorA
DestroyMenu
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetSysColor
ReleaseDC
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
GetWindowTextA
SetWindowTextA
UnregisterClassA
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
PostQuitMessage
PostMessageA
UnhookWindowsHookEx
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
SendMessageA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
GetWindow

shlwapi

PathFindFileNameA
PathFindExtensionA

oleacc

LresultFromObject
CreateStdAccessibleObject

gdi32

SetTextColor
SetMapMode
GetClipBox
PtVisible
RectVisible
SetBkColor
RestoreDC
SaveDC
DeleteObject
GetDeviceCaps
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
CreateBitmap

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

AntiHook
GetKernelExportRVA

Sections

.text
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Womcc_m/WoptiCDRomContmenu.dll
.dll regsvr32 windows x86

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:c3:6c:b4:37:14:55:14:42:10:e5:08:4d:64:d2:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

19/10/2007, 00:00

Not After

18/10/2008, 23:59

Subject

CN=成都共软网络科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=成都共软网络科技有限公司,L=成都市,ST=四川省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

9e:01:fa:65:25:5d:bb:b6:e4:18:fb:ba:0a:e2:59:28:63:35:5a:17
Signer

Actual PE Digest

9e:01:fa:65:25:5d:bb:b6:e4:18:fb:ba:0a:e2:59:28:63:35:5a:17

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=成都共软网络科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=成都共软网络科技有限公司,L=成都市,ST=四川省,C=CN

24/11/2022, 14:54
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 175B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Womcc_m/WoptiClean.chm
.chm
Womcc_m/WoptiClean.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 16KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Womcc_m/WoptiClean.sys
.exe windows x86

4d2510fd638171b8843655e36a0f3979

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlCompareString
RtlInitString
RtlInitUnicodeString
KeServiceDescriptorTable
ExFreePool
_stricmp
strrchr
ExAllocatePoolWithTag
ZwQuerySystemInformation
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwReadFile
MmIsAddressValid
ZwQueryDirectoryFile
ZwCreateFile
ZwSetInformationFile
ZwTerminateProcess
ZwSetSecurityObject
ZwEnumerateValueKey
ZwQueryValueKey
ZwSetValueKey
ZwReplaceKey
ZwRestoreKey
ZwCreateKey
ZwEnumerateKey
ZwOpenKey
ZwOpenFile
ZwDeleteValueKey
IofCompleteRequest
InterlockedIncrement
InterlockedDecrement
IoDeleteDevice
IoUnregisterShutdownNotification
IoDeleteSymbolicLink
wcsrchr
wcslen
wcsstr
IoRegisterShutdownNotification
IoCreateSymbolicLink
IoCreateDevice
PsGetVersion
RtlCopyUnicodeString
ZwCreateSection
ZwMapViewOfSection
ZwDeleteKey
ZwClose
RtlAnsiCharToUnicodeChar

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Womcc_m/WoptiCleanDll.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

CleanNextBoot

Sections

CODE
Size: 422KB - Virtual size: 421KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 15KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 82B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Womcc_m/WoptiDecryption.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 394KB - Virtual size: 394KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 17KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Womcc_m/WoptiDefragVista.dll
.dll regsvr32 windows x86

de4cb74dbe0ad5e9771ff9f632db70b0

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:c3:6c:b4:37:14:55:14:42:10:e5:08:4d:64:d2:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

19/10/2007, 00:00

Not After

18/10/2008, 23:59

Subject

CN=成都共软网络科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=成都共软网络科技有限公司,L=成都市,ST=四川省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

27:1c:7f:3d:f3:63:e3:71:35:22:23:89:04:84:8c:90:24:2a:b6:a5
Signer

Actual PE Digest

27:1c:7f:3d:f3:63:e3:71:35:22:23:89:04:84:8c:90:24:2a:b6:a5

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=成都共软网络科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=成都共软网络科技有限公司,L=成都市,ST=四川省,C=CN

24/11/2022, 14:54
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
FlushFileBuffers
GetCurrentProcess
GetCPInfo
GetOEMCP
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
ExitThread
CreateThread
GetCommandLineA
GetProcessHeap
ExitProcess
HeapSize
WriteFile
GetStdHandle
GetFileType
GetStartupInfoA
VirtualFree
HeapDestroy
HeapCreate
GetACP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
SetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
ReadFile
GlobalFindAtomA
lstrcmpW
GetVersionExA
GlobalFlags
WritePrivateProfileStringA
GlobalGetAtomNameA
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetModuleFileNameW
GetCurrentProcessId
GlobalAddAtomA
ResumeThread
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
lstrcmpA
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
SetThreadPriority
CreateEventA
CompareStringA
GetVersion
InterlockedExchange
GetThreadLocale
SetThreadLocale
GetProcAddress
GetLogicalDrives
FindFirstVolumeA
GetDriveTypeA
GetVolumeNameForVolumeMountPointA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDiskFreeSpaceA
FindNextVolumeA
FindVolumeClose
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameA
GetModuleHandleA
LoadLibraryExA
FreeLibrary
IsDBCSLeadByte
InterlockedDecrement
InterlockedIncrement
lstrcmpiA
lstrlenA
ReleaseSemaphore
LocalFree
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
MultiByteToWideChar
ResetEvent
FindFirstFileA
Sleep
FindNextFileA
FindClose
CreateFileA
CloseHandle
WideCharToMultiByte
DeviceIoControl
WaitForSingleObject
SetEvent
FindResourceA
LoadResource
LockResource
SetHandleCount
SizeofResource

user32

ShowWindow
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
wsprintfA
GetSysColor
CharNextA
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
SetWindowTextA
ClientToScreen
DestroyMenu
SetForegroundWindow
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
PostQuitMessage
PostMessageA
CheckMenuItem
EnableMenuItem
ModifyMenuA
SendMessageA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindowTextA
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColorBrush
UnregisterClassA
UnhookWindowsHookEx
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
CopyRect

gdi32

ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutA
RectVisible
PtVisible
GetClipBox
SetMapMode
CreatePen
CreateSolidBrush
DeleteObject
Rectangle
GetStockObject
SelectObject
LineTo
MoveToEx
BitBlt
ExtTextOutA
SetBkColor
SetTextColor
SetBkMode
CreateCompatibleDC
CreateDIBSection
DeleteDC
GetDeviceCaps
CreateBitmap
SaveDC
RestoreDC

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegEnumKeyA
RegQueryValueExA
RegOpenKeyA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
InitializeSecurityDescriptor
AllocateAndInitializeSid
SetEntriesInAclA
SetSecurityDescriptorDacl
FreeSid
GetSecurityDescriptorDacl

shlwapi

PathFindExtensionA
PathFindFileNameA

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
SysFreeString
SysAllocStringLen
VarUI4FromStr
SysStringLen
LoadRegTypeLi
LoadTypeLi
SysAllocString
UnRegisterTypeLi
RegisterTypeLi
VariantInit
VariantClear
SysAllocStringByteLen
SysStringByteLen
VariantChangeType

rpcrt4

NdrStubCall2
NdrStubForwardingFunction
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 216KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 267B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Womcc_m/WoptiEncrypt.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 842KB - Virtual size: 841KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 18KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Womcc_m/WoptiEncryptModule.dll
.dll regsvr32 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 439KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 9KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 178B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Womcc_m/WoptiHWDetect.sys
.exe windows x86

60a2fba979aaa0d0ccd09c12ca3d9e57

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
_except_handler3
MmUnmapIoSpace
MmMapIoSpace
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 384B - Virtual size: 278B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 128B - Virtual size: 90B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Womcc_m/WoptiHelp.chm
.chm
Womcc_m/WoptiP2P.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetPort2ProcessList
WomTerminateProFromName
WomTerminateProcess

Sections

CODE
Size: 324KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 11KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 147B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Womcc_m/WoptiProcess.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 926KB - Virtual size: 926KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 221KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Womcc_m/WoptiUpdate.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Womcc_m/WoptiUpdateModule.dll
.dll windows x86

bb4643b00f619a027678b1c7c24ac7cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetReadFile
HttpQueryInfoA
HttpSendRequestA
InternetSetOptionA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetCloseHandle

shell32

SHCreateDirectoryExA

user32

TranslateMessage
wsprintfA
PostThreadMessageA
PeekMessageA
GetMessageA

shlwapi

PathFileExistsA

kernel32

HeapDestroy
SetEndOfFile
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
CloseHandle
CreateEventA
ResetEvent
SetEvent
WaitForSingleObject
GetLastError
GetTickCount
CreateFileA
SetFilePointer
WriteFile
MoveFileExA
DeleteFileA
Sleep
FindFirstFileA
lstrlenA
lstrcpyA
lstrcatA
TerminateThread
GetModuleFileNameA
FindClose
HeapFree
HeapAlloc
HeapReAlloc
ExitThread
ResumeThread
CreateThread
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
MultiByteToWideChar
ReadFile
HeapSize
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
FlushFileBuffers

Exports

Exports

??0CUpdateModule@@QAE@XZ
??4CUpdateModule@@QAEAAV0@ABV0@@Z
?fnUpdateModule@@YAHXZ
?nUpdateModule@@3HA
Check
Down
GetFileMD5
Stop
TerminateStop

Sections

.text
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1010B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Womcc_m/WoptiUtils.dll
.dll windows x86

d66086fd0875362b9ac8fc9e0fcacc47

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExA
GetLengthSid
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegOpenKeyA

setupapi

CM_Get_DevNode_Status
SetupDiGetDeviceInstanceIdA
SetupDiClassNameFromGuidA
SetupDiGetDeviceInstallParamsA
SetupDiGetDriverInfoDetailA
SetupDiGetDeviceRegistryPropertyA
SetupDiOpenDevRegKey
SetupDiSetDeviceInstallParamsA
SetupDiGetClassDescriptionA
SetupDiBuildDriverInfoList
SetupDiSetClassInstallParamsA
CM_Get_Device_IDA
SetupDiGetDeviceInfoListDetailA
CM_Reenumerate_DevNode
CM_Locate_DevNodeA
SetupDiSetDriverInstallParamsA
SetupDiGetDriverInstallParamsA
SetupDiGetSelectedDriverA
SetupDiCallClassInstaller
SetupDiSetSelectedDevice
SetupDiGetINFClassA
SetupDiBuildClassInfoList
SetupCloseFileQueue
SetupScanFileQueueA
SetupDiInstallDriverFiles
SetupOpenFileQueue
SetupDiSetSelectedDriverA
SetupDiOpenDeviceInfoA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiDestroyDriverInfoList
SetupDiEnumDriverInfoA

rpcrt4

UuidToStringA
UuidFromStringA

newdev

UpdateDriverForPlugAndPlayDevicesA

kernel32

InterlockedDecrement
GlobalAddAtomA
GetCurrentProcessId
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
SetErrorMode
GlobalGetAtomNameA
GetThreadLocale
InterlockedIncrement
WritePrivateProfileStringA
GlobalFlags
lstrcmpW
GlobalFindAtomA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
GetModuleFileNameW
SetEndOfFile
CreateFileA
GetCPInfo
GetOEMCP
HeapFree
HeapAlloc
VirtualAlloc
HeapReAlloc
GetCommandLineA
GetProcessHeap
RtlUnwind
RaiseException
ExitProcess
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
Sleep
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
GetLocaleInfoA
GlobalDeleteAtom
GlobalLock
GlobalUnlock
FormatMessageA
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetVersion
CompareStringA
InterlockedExchange
SetLastError
CreateProcessA
LocalFree
CloseHandle
GetCurrentProcess
GetSystemDirectoryA
GetModuleHandleA
GetPrivateProfileSectionA
GetPrivateProfileStringA
FindClose
FindNextFileA
CopyFileA
CreateDirectoryA
FindFirstFileA
OutputDebugStringA
lstrcmpA
WideCharToMultiByte
MultiByteToWideChar
GetFileAttributesA
GetFullPathNameA
FreeLibrary
GetProcAddress
LoadLibraryA
lstrlenA
GlobalAlloc
GlobalFree
GetLastError
GetWindowsDirectoryA

user32

RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CopyRect
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
GetWindow
GetDlgCtrlID
GetClassNameA
PtInRect
SetWindowTextA
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
UnregisterClassA
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
EnableWindow
MessageBoxA
SetCursor
DestroyMenu
ShowWindow
AdjustWindowRectEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
WaitForInputIdle
GetWindowRect
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
keybd_event
SetForegroundWindow
SendMessageA
GetWindowTextA
IsWindowEnabled
GetSysColorBrush

gdi32

CreateBitmap
DeleteObject
SaveDC
RestoreDC
SetBkColor
SetTextColor
SetMapMode
GetClipBox
GetDeviceCaps
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

shell32

SHFileOperationA

shlwapi

StrTrimA
PathFindFileNameA
PathFindExtensionA

oleaut32

VariantChangeType
VariantInit
VariantClear

Exports

Exports

ClearTracksForVista
DeleteDriver
EnumDeviceDriversInfo
EnumDriverFiles
GetClassGuidList
GetDirverInfFilePaths
GetInfDirverFiles
GetInfFileDriverInfo
GetInfSignerInfo
InstallDriver
InstallHookMonitorWindowShow
ResumeDriver
UninstallMonitorWindowHook
UpdateDirectoryAllFileName
UpdateDriver

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Womcc_m/WoptiVulnRepair.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 780KB - Virtual size: 779KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 7KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Womcc_m/WoptiWipe.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 481KB - Virtual size: 481KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 11KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Womcc_m/Woptiglobe.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

WoptiChkFileIsOK
WoptiCtrlHomepage
WoptiSetMaxthon

Sections

CODE
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Womcc_m/woptiinfo.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetMac
SendInfo

Sections

CODE
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Womcc_m/中国破解联盟－木蚂蚁社区.url
.url
Womcc_m/优化大师使用说明序列号.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Womcc_m/免费上传图片50G空间.url
.url
Womcc_m/动画教程.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Womcc_m/磁盘碎片整理.bat

Sharing

General

Malware Config

Signatures

Files

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

6b:c3:6c:b4:37:14:55:14:42:10:e5:08:4d:64:d2:81Certificate

Extended Key Usages

Key Usages

06:f1:21:4b:8a:99:29:15:10:e8:ec:78:7f:10:b6:f9:3c:14:4f:a3Signer

Signature Validations

Verification

24/11/2022, 14:54 Valid: false

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 229KB - Virtual size: 508KB

.rdata Size: 48KB - Virtual size: 48KB

.data Size: 31KB - Virtual size: 92KB

.data1 Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 11KB - Virtual size: 20KB

.aspack Size: 5KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

fffa4bfef345d8a799d7b9b9c853fa42

Headers

File Characteristics

Imports

advapi32

kernel32

user32

shlwapi

oleacc

gdi32

winspool.drv

oleaut32

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 121KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 12KB - Virtual size: 24KB

.rsrc Size: 16KB - Virtual size: 14KB

.reloc Size: 20KB - Virtual size: 18KB

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

6b:c3:6c:b4:37:14:55:14:42:10:e5:08:4d:64:d2:81Certificate

Extended Key Usages

Key Usages

9e:01:fa:65:25:5d:bb:b6:e4:18:fb:ba:0a:e2:59:28:63:35:5a:17Signer

Signature Validations

Verification

24/11/2022, 14:54 Valid: false

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 103KB - Virtual size: 103KB

DATA Size: 2KB - Virtual size: 1KB

BSS Size: - Virtual size: 2KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

6b:c3:6c:b4:37:14:55:14:42:10:e5:08:4d:64:d2:81
Certificate

06:f1:21:4b:8a:99:29:15:10:e8:ec:78:7f:10:b6:f9:3c:14:4f:a3
Signer

24/11/2022, 14:54
Valid: false

.text
Size: 229KB - Virtual size: 508KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 31KB - Virtual size: 92KB

.data1
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 11KB - Virtual size: 20KB

.aspack
Size: 5KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 124KB - Virtual size: 121KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 12KB - Virtual size: 24KB

.rsrc
Size: 16KB - Virtual size: 14KB

.reloc
Size: 20KB - Virtual size: 18KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

6b:c3:6c:b4:37:14:55:14:42:10:e5:08:4d:64:d2:81
Certificate

9e:01:fa:65:25:5d:bb:b6:e4:18:fb:ba:0a:e2:59:28:63:35:5a:17
Signer

24/11/2022, 14:54
Valid: false

CODE
Size: 103KB - Virtual size: 103KB

DATA
Size: 2KB - Virtual size: 1KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 175B

.reloc
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 8KB - Virtual size: 8KB

CODE
Size: 1.0MB - Virtual size: 1.0MB

DATA
Size: 11KB - Virtual size: 10KB

BSS
Size: - Virtual size: 16KB

.idata
Size: 13KB - Virtual size: 12KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 59KB - Virtual size: 59KB

.rsrc
Size: 177KB - Virtual size: 177KB

.text
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 328B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

CODE
Size: 422KB - Virtual size: 421KB

DATA
Size: 8KB - Virtual size: 8KB

BSS
Size: - Virtual size: 15KB

.idata
Size: 9KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 82B

.reloc
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 18KB - Virtual size: 18KB

CODE
Size: 394KB - Virtual size: 394KB

DATA
Size: 8KB - Virtual size: 8KB

BSS
Size: - Virtual size: 17KB

.idata
Size: 8KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 26KB - Virtual size: 25KB

.rsrc
Size: 43KB - Virtual size: 43KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

6b:c3:6c:b4:37:14:55:14:42:10:e5:08:4d:64:d2:81
Certificate

27:1c:7f:3d:f3:63:e3:71:35:22:23:89:04:84:8c:90:24:2a:b6:a5
Signer