41f1efb756883e22c68f70b6dce0afa7

Sharing

Copy URL Twitter E-mail

General

Target

41f1efb756883e22c68f70b6dce0afa7
Size

437KB
MD5

41f1efb756883e22c68f70b6dce0afa7
SHA1

65e9b54dfb859444a0dc96cc39f7b36cf1eac298
SHA256

c854b092252fc22ac1f1f7da4c6b7b7fabe24e8f5e832bff3acffd8d098dbcbb
SHA512

1bed48e5c07bc725f51b037d5cd207882fd0c2d0dd0c0dba396e4433b64640e57b089f92b1c2059be71ab96b4792c71f9f0e3ce2d27fabbd81f8e6771739ec8a
SSDEEP

12288:XXW5Zqz5o2ZMlLv/AIKvc/VuBQC/nUBOSLetwsqE:XG5QzqJvBKvcduBmLkwsf

Score

7^/10

aspackv2 upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/kailleraclient.dll	acprotect

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/WinKawaks.exe	aspack_v212_v242

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/kailleraclient.dll	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WinKawaks.exe
unpack001/kailleraclient.dll
unpack003/out.upx
unpack001/os.dll

Files

41f1efb756883e22c68f70b6dce0afa7
.rar
DefaultWinKawaksINI.zip
.zip
WinKawaks.ini
WinKawaks.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 308KB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 7KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

asr
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

asr
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
blend/ddsom.bld
blend/ddtod.bld
blend/sfa.bld
blend/新云软件.url
.url
defaultkeysCPS.ini
defaultkeysMVS.ini
eeprom/pzloop2.epm
eeprom/pzloop2j.epm
faq.txt
gamelist/gamenahh.ini
kailleraclient.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

_kailleraChatSend@4
_kailleraEndGame@0
_kailleraGetVersion@4
_kailleraInit@0
_kailleraModifyPlayValues@8
_kailleraSelectServerDialog@4
_kailleraSetInfos@4
_kailleraShutdown@0

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
os.dll
.dll windows:4 windows x86 arch:x86

22615750349b3d7528881d3c9e6cca5f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord2554
ord4080
ord4622
ord4424
ord3738
ord815
ord1168
ord561
ord825
ord800
ord798
ord2764
ord5465
ord532
ord540
ord823
ord2725
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord4486
ord6375
ord3079
ord4274
ord269
ord826
ord600
ord1578
ord6467
ord1116

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
_mbscmp
__CxxFrameHandler

kernel32

LocalFree
GetModuleFileNameA
LocalAlloc

Exports

Exports

GetGameName
GetOldName

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sample_ini_files.zip
.zip
sfz3jr1.ini
xmcota.ini
xmvsf.ini
tracklst/19xx.dat
tracklst/avsp.dat
tracklst/batcirj.dat
tracklst/captcomm.dat
tracklst/csclubj.dat
tracklst/cybotsj.dat
tracklst/ddtod.dat
tracklst/dstlk.dat
tracklst/ecofghtr.dat
tracklst/ffight.dat
tracklst/kof94.dat
tracklst/kof95.dat
tracklst/kof96.dat
tracklst/kof97.dat
tracklst/kof98.dat
tracklst/kof99.dat
tracklst/msh.dat
tracklst/mshvsf.dat
tracklst/mvsc.dat
tracklst/pbobblen.dat
tracklst/ringdest.dat
tracklst/sf2.dat
tracklst/sf2ce.dat
tracklst/sfa.dat
tracklst/sfa2.dat
tracklst/sfa3.dat
tracklst/sgemf.dat
tracklst/spf2t.dat
tracklst/ssf2.dat
tracklst/vsav.dat
tracklst/vsav2.dat
tracklst/wakuwak7.dat
tracklst/xmcota.dat
tracklst/xmvsf.dat
whatsnew.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

Size: 308KB - Virtual size: 3.2MB

Size: 7KB - Virtual size: 372KB

Size: 512B - Virtual size: 8KB

Size: 512B - Virtual size: 8KB

Size: 1KB - Virtual size: 4KB

.rsrc Size: 39KB - Virtual size: 340KB

asr Size: 512B - Virtual size: 4KB

asr Size: 512B - Virtual size: 4KB

.data Size: 10KB - Virtual size: 12KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 56KB

UPX1 Size: 27KB - Virtual size: 28KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 4KB

22615750349b3d7528881d3c9e6cca5f

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 848B

.reloc Size: 1024B - Virtual size: 548B

.rsrc
Size: 39KB - Virtual size: 340KB

asr
Size: 512B - Virtual size: 4KB

asr
Size: 512B - Virtual size: 4KB

.data
Size: 10KB - Virtual size: 12KB

.adata
Size: - Virtual size: 4KB

UPX0
Size: - Virtual size: 56KB

UPX1
Size: 27KB - Virtual size: 28KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 848B

.reloc
Size: 1024B - Virtual size: 548B