AOMEI_OneKey_Recovery_1[.]7[.]1__Crack[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

AOMEI_OneKey_Recovery_1.7.1__Crack.zip
Size

30.5MB
MD5

86bff912cf2e7eea3c5a0d08551e5a26
SHA1

af707858bf9a4c0e6ff490d6833aa904dc0c4750
SHA256

05ba4982a8aa6e8eb8b244c31378ee2b451425ebebcff387a1a76ce832de0723
SHA512

afc93216d529733ec9b1b94f1b2e8fb256666345ad6ea2fc627477b806ed49bde94062e3082814d530125db2e57a9e2e0de40d15794ff9fe29260258d737e222
SSDEEP

786432:G4v1+E4yRlvro2jN3n+zAVzcXUHWi094t+/do8:j1o2jNn+MlWx4ts

Score

N/A

Malware Config

Signatures

Files

AOMEI_OneKey_Recovery_1.7.1__Crack.zip
.zip
Crack/Crack.zip
.zip
Professional/OneKey.exe
.exe windows x86

58c41d9c49c748c060398d3909617cc0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

okfunclogic

GetOneKeyObj

ntdll

atoi

qtcore4

??1QDir@@QAE@XZ

qtgui4

??0QPen@@QAE@XZ

urlmon

URLDownloadToFileA

comn

CreateObjectBootQuickCfg

qtnetwork4

??1QNetworkRequest@@QAE@XZ

rpcrt4

UuidCreate

qtwebkit4

??1QWebView@@UAE@XZ

user32

GetParent

comdlg32

GetOpenFileNameW

advapi32

RegEnumKeyW

shell32

ShellExecuteA

ole32

CoInitialize

oleaut32

VariantClear

pe

IsSupportMakeWinPE

msvcp80

?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB

msvcr80

exit

ws2_32

WSAGetLastError

wininet

InternetOpenA

wtsapi32

WTSFreeMemory

version

VerQueryValueW

winhttp

WinHttpOpen

Exports

Exports

FormatExtFs

Sections

.MPRESS1
Size: 1.7MB - Virtual size: 20.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 403KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Technician/OneKey.exe
.exe windows x86

58c41d9c49c748c060398d3909617cc0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

okfunclogic

GetOneKeyObj

ntdll

atoi

qtcore4

??1QDir@@QAE@XZ

qtgui4

??0QPen@@QAE@XZ

urlmon

URLDownloadToFileA

comn

CreateObjectBootQuickCfg

qtnetwork4

??1QNetworkRequest@@QAE@XZ

rpcrt4

UuidCreate

qtwebkit4

??1QWebView@@UAE@XZ

user32

GetParent

comdlg32

GetOpenFileNameW

advapi32

RegEnumKeyW

shell32

ShellExecuteA

ole32

CoInitialize

oleaut32

VariantClear

pe

IsSupportMakeWinPE

msvcp80

?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB

msvcr80

exit

ws2_32

WSAGetLastError

wininet

InternetOpenA

wtsapi32

WTSFreeMemory

version

VerQueryValueW

winhttp

WinHttpOpen

Exports

Exports

FormatExtFs

Sections

.MPRESS1
Size: 1.7MB - Virtual size: 20.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 403KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HaxNode.CoM.url
.url
Read Me.txt
Setup/Setup.exe
.exe windows x86

483f0c4259a9148c34961abbda6146c1

Code Sign

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-12-2014 00:00

Not After

02-12-2029 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:5d:8d:48:1d:99:c6:e4:65:78:64:d0:51:5e:e5:4a
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

05-11-2019 00:00

Not After

04-11-2022 23:59

Subject

SERIALNUMBER=2543798,CN=AOMEI International Network Limited,OU=Research Development Centre,O=AOMEI International Network Limited,POSTALCODE=610000,STREET=Rm 83 3/F Yau Lee ctr,L=Hong Kong,ST=Hong Kong,C=HK,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302484b

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:18:54:86:00:00:00:00:00:24
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-04-2011 22:06

Not After

11-04-2021 22:16

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-12-2014 00:00

Not After

02-12-2029 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:5d:8d:48:1d:99:c6:e4:65:78:64:d0:51:5e:e5:4a
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

05-11-2019 00:00

Not After

04-11-2022 23:59

Subject

SERIALNUMBER=2543798,CN=AOMEI International Network Limited,OU=Research Development Centre,O=AOMEI International Network Limited,POSTALCODE=610000,STREET=Rm 83 3/F Yau Lee ctr,L=Hong Kong,ST=Hong Kong,C=HK,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302484b

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:18:54:86:00:00:00:00:00:24
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-04-2011 22:06

Not After

11-04-2021 22:16

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f8:41:be:6c:46:15:25:c5:a2:0f:33:d1:39:b9:52:2c:3b:97:b1:be:42:ba:74:19:93:52:d3:d7:07:04:65:8f
Signer

Actual PE Digest

f8:41:be:6c:46:15:25:c5:a2:0f:33:d1:39:b9:52:2c:3b:97:b1:be:42:ba:74:19:93:52:d3:d7:07:04:65:8f

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=2543798,CN=AOMEI International Network Limited,OU=Research Development Centre,O=AOMEI International Network Limited,POSTALCODE=610000,STREET=Rm 83 3/F Yau Lee ctr,L=Hong Kong,ST=Hong Kong,C=HK,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302484b

01-12-2022 14:34
Valid: false

79:82:f7:4e:17:f0:40:bd:59:f3:f5:9f:d1:00:2e:ae:e4:3c:36:96
Signer

Actual PE Digest

79:82:f7:4e:17:f0:40:bd:59:f3:f5:9f:d1:00:2e:ae:e4:3c:36:96

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=2543798,CN=AOMEI International Network Limited,OU=Research Development Centre,O=AOMEI International Network Limited,POSTALCODE=610000,STREET=Rm 83 3/F Yau Lee ctr,L=Hong Kong,ST=Hong Kong,C=HK,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302484b

08-12-2021 08:43
Valid: true

Chain 1

SERIALNUMBER=2543798,CN=AOMEI International Network Limited,OU=Research Development Centre,O=AOMEI International Network Limited,POSTALCODE=610000,STREET=Rm 83 3/F Yau Lee ctr,L=Hong Kong,ST=Hong Kong,C=HK,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302484b

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
TranslateMessage
SetWindowLongW
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
GetSystemMetrics
ExitWindowsEx
DispatchMessageW
DestroyWindow
CharUpperBuffW
CallWindowProcW

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
SizeofResource
SignalObjectAndWait
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
RemoveDirectoryW
ReadFile
MultiByteToWideChar
LockResource
LoadResource
LoadLibraryW
LeaveCriticalSection
InitializeCriticalSection
GetWindowsDirectoryW
GetVersionExW
GetUserDefaultLangID
GetThreadLocale
GetSystemInfo
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeProcess
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentProcess
GetCommandLineW
GetCPInfo
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateProcessW
CreateFileW
CreateEventW
CreateDirectoryW
CompareStringW
CloseHandle
Sleep

comctl32

InitCommonControls

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58c41d9c49c748c060398d3909617cc0

Headers

File Characteristics

Imports

kernel32

okfunclogic

ntdll

qtcore4

qtgui4

urlmon

comn

qtnetwork4

rpcrt4

qtwebkit4

user32

comdlg32

advapi32

shell32

ole32

oleaut32

pe

msvcp80

msvcr80

ws2_32

wininet

wtsapi32

version

winhttp

Exports

Exports

Sections

.MPRESS1 Size: 1.7MB - Virtual size: 20.9MB

.MPRESS2 Size: 4KB - Virtual size: 4KB

.rsrc Size: 403KB - Virtual size: 402KB

58c41d9c49c748c060398d3909617cc0

Headers

File Characteristics

Imports

kernel32

okfunclogic

ntdll

qtcore4

qtgui4

urlmon

comn

qtnetwork4

rpcrt4

qtwebkit4

user32

comdlg32

advapi32

shell32

ole32

oleaut32

pe

msvcp80

msvcr80

ws2_32

wininet

wtsapi32

version

winhttp

Exports

Exports

Sections

.MPRESS1 Size: 1.7MB - Virtual size: 20.9MB

.MPRESS2 Size: 4KB - Virtual size: 4KB

.rsrc Size: 403KB - Virtual size: 402KB

483f0c4259a9148c34961abbda6146c1

Code Sign

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1Certificate

Extended Key Usages

Key Usages

41:5d:8d:48:1d:99:c6:e4:65:78:64:d0:51:5e:e5:4aCertificate

Extended Key Usages

.MPRESS1
Size: 1.7MB - Virtual size: 20.9MB

.MPRESS2
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 403KB - Virtual size: 402KB

.MPRESS1
Size: 1.7MB - Virtual size: 20.9MB

.MPRESS2
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 403KB - Virtual size: 402KB

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

41:5d:8d:48:1d:99:c6:e4:65:78:64:d0:51:5e:e5:4a
Certificate

61:18:54:86:00:00:00:00:00:24
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

41:5d:8d:48:1d:99:c6:e4:65:78:64:d0:51:5e:e5:4a
Certificate

61:18:54:86:00:00:00:00:00:24
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

f8:41:be:6c:46:15:25:c5:a2:0f:33:d1:39:b9:52:2c:3b:97:b1:be:42:ba:74:19:93:52:d3:d7:07:04:65:8f
Signer

01-12-2022 14:34
Valid: false

79:82:f7:4e:17:f0:40:bd:59:f3:f5:9f:d1:00:2e:ae:e4:3c:36:96
Signer

08-12-2021 08:43
Valid: true

.text
Size: 81KB - Virtual size: 80KB

.itext
Size: 3KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 21KB

.idata
Size: 4KB - Virtual size: 3KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.rsrc
Size: 44KB - Virtual size: 44KB