Overview

overview

3

Static

static

3

!wp505f.js

windows7-x64

1

!wp505f.js

windows10-2004-x64

1

!wp506f.js

windows7-x64

1

!wp506f.js

windows10-2004-x64

1

MiniProxer.exe

windows7-x64

1

MiniProxer.exe

windows10-2004-x64

1

WP507F.exe

windows7-x64

1

WP507F.exe

windows10-2004-x64

3

dll/FastMM4.js

windows7-x64

1

dll/FastMM4.js

windows10-2004-x64

1

dll/source...l0.dll

windows7-x64

3

dll/source...l0.dll

windows10-2004-x64

3

dll/source...l5.dll

windows7-x64

3

dll/source...l5.dll

windows10-2004-x64

3

dll/source/tstdll5.js

windows7-x64

1

dll/source/tstdll5.js

windows10-2004-x64

1

dll/tstdll0.dll

windows7-x64

3

dll/tstdll0.dll

windows10-2004-x64

3

dll/tstdll5.dll

windows7-x64

3

dll/tstdll5.dll

windows10-2004-x64

3

dll/tstdll5.js

windows7-x64

1

dll/tstdll5.js

windows10-2004-x64

1

doc/WP (Wa...dex.js

windows7-x64

1

doc/WP (Wa...dex.js

windows10-2004-x64

1

attachment-59.js

windows7-x64

1

attachment-59.js

windows10-2004-x64

1

attachment-60.js

windows7-x64

1

attachment-60.js

windows10-2004-x64

1

attachment-61.js

windows7-x64

1

attachment-61.js

windows10-2004-x64

1

attachment-62.js

windows7-x64

1

attachment-62.js

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    4f7c8a8a84c5c88a8566f6f50c5c2a9a

  • Size

    3.2MB

  • MD5

    4f7c8a8a84c5c88a8566f6f50c5c2a9a

  • SHA1

    a8cef4601f2e28b3a4db243525a706b9ea5221d5

  • SHA256

    2bd5ef07bcb2293e41654fc18c18b50adbe5588f9570789191615e7639bddbd9

  • SHA512

    bfd0db22c644c19817226f55cbebfff48a34c1bc004cd5b5e09c9e7694bcff4da658c4d6324f500fd7b97ba326b29a0e4aa1fc71f40bf70b0d8050ca2d706db8

  • SSDEEP

    49152:i7fsAoCUjrrInFEZ3aDKHjy/23wV5zbujXP4MRPKpfff8tCa/avy5di45rP4PcZq:OELzIqgD6y/zKzTKpnktf/d5BrwMCrbL

Score
3/10

Malware Config

Signatures

  • Unsigned PE 6 IoCs

    Checks for missing Authenticode signature.

Files

  • 4f7c8a8a84c5c88a8566f6f50c5c2a9a
    .rar
  • !readme.txt
  • !wp505f.txt
    .js
  • !wp506f.txt
    .js
  • !wp507f.txt
  • MPcfg.ini
  • MiniProxer.exe
    .exe windows:4 windows x86 arch:x86

    7926c3261c7df15783629dc05c3f5f08


    Headers

    Imports

    Sections

  • ScriptTester.txt
  • WP507F.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • data/filter.ini
  • data/packets/T2ItemsID.ini
  • data/packets/T2SkillsID.ini
  • data/packets/T2SysMsgID.ini
  • data/packets/T2misc.ini
  • data/packets/T2packets.fsc
  • data/packets/T2packets.xml
    .xml
  • data/packets/T2packetsC4.ini
  • data/packets/T2packetsC5.ini
  • data/packets/T2packetsCI.ini
  • data/packets/T3packets.fsc
  • data/packets/T3packets.ini
  • data/packets/pckinfo.ini
  • data/shost.ini
  • data/shost.ini~
  • data/sipn.dat
  • data/slist.ini
  • data/slist.ini~
  • dll/FastMM4.pas
    .js
  • dll/FastMM4Messages.pas
  • dll/FastMM4Options.inc
  • dll/FastMM4_FAQ.txt
  • dll/FastMM4_Readme.txt
  • dll/gDLL-ex1.fsc
  • dll/source/tstdll0.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • dll/source/tstdll0.dpr
  • dll/source/tstdll5.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • dll/source/tstdll5.dpr
    .js
  • dll/tstdll0.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • dll/tstdll0.dpr
  • dll/tstdll5.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • dll/tstdll5.dpr
    .js
  • doc/!readme
  • doc/WP (Walker Patcher) - что и как (c) Sauron.htm
    .html .js polyglot
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/Sauron100x89.JPG
    .jpg
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/aa.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/ac.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/banner-88x31-rambler-black2.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/btm_base.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/cat_top_ls.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/cat_top_rs.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/center_header.jpg
    .jpg
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/collapse_thead.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/footer_ls.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/footer_rs.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/iSkin_Black_x.css
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/index.php
    .js
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/left_header.jpg
    .jpg
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/menu_open.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/mode_hybrid.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/mode_linear.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/mode_threaded.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/nav_cal.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/nav_cp.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/nav_faq.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/nav_home.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/nav_ls.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/nav_members.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/nav_menu.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/nav_rs.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/nav_rs_end.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/nav_search.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/navbits_finallink.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/navbits_start.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/post_old.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/post_thanks.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/printer.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/rating_1.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/rating_2.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/rating_3.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/rating_4.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/rating_5.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/reputation.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/right_header.jpg
    .jpg
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/sendtofriend.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/subscribe.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/threadclosed.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/top100.gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/user_offline.gif
    .gif
  • doc/WP (Walker Patcher) - что и как (c) Sauron_files/wp8831.gif
    .gif
  • doc/[!] PPC User-Manual - 1.mht
    .eml

    • http://x33.ru/saur/for/index.php

    • http://x33.ru/saur/for/showthread.php?t=1#

    • http://x33.ru/saur/for/forumdisplay.php?f=1

    • http://x33.ru/saur/for/forumdisplay.php?f=2

    • http://x33.ru/saur/for/showthread.php?t=1

    • http://x33.ru/saur/for/private.php

    • http://x33.ru/saur/for/usercp.php

    • http://x33.ru/saur/for/faq.php

    • http://x33.ru/saur/for/memberlist.php

    • Show all
  • attachment-10
    .gif
  • attachment-11
    .gif
  • attachment-12
    .gif
  • attachment-13
    .gif
  • attachment-14
    .gif
  • attachment-15
    .gif
  • attachment-16
    .gif
  • attachment-17
    .gif
  • attachment-18
    .gif
  • attachment-19
    .gif
  • attachment-2
    .gif
  • attachment-20
    .gif
  • attachment-21
    .gif
  • attachment-22
    .gif
  • attachment-23
    .gif
  • attachment-24
    .gif
  • attachment-25
    .gif
  • attachment-26
    .gif
  • attachment-27
  • attachment-28
    .gif
  • attachment-29
    .gif
  • attachment-3
    .gif
  • attachment-30
    .gif
  • attachment-31
    .gif
  • attachment-32
    .gif
  • attachment-33
    .gif
  • attachment-34
    .gif
  • attachment-35
    .gif
  • attachment-36
    .gif
  • attachment-37
    .gif
  • attachment-38
    .gif
  • attachment-39
    .gif
  • attachment-4
    .gif
  • attachment-40
    .gif
  • attachment-41
    .gif
  • attachment-42
    .gif
  • attachment-43
    .gif
  • attachment-44
    .gif
  • attachment-45
    .gif
  • attachment-46
    .gif
  • attachment-47
    .gif
  • attachment-48
    .gif
  • attachment-49
    .gif
  • attachment-5
    .gif
  • attachment-50
    .gif
  • attachment-51
    .gif
  • attachment-52
    .gif
  • attachment-53
    .gif
  • attachment-54
    .gif
  • attachment-55
    .gif
  • attachment-56
    .gif
  • attachment-57
    .gif
  • attachment-58
  • attachment-59
    .js
  • attachment-6
    .gif
  • attachment-60
    .js
  • attachment-61
    .js
  • attachment-62
    .js
  • attachment-63
    .js
  • attachment-64
    .js
  • attachment-65
    .js
  • attachment-66
    .js
  • attachment-7
  • attachment-8
    .gif
  • attachment-9
    .gif
  • email-html-1.txt
    .html .js polyglot
  • doc/[!] PPC User-Manual - 2.mht
    .eml .js polyglot
  • doc/[] Гайд про Wp Ppc (самое начало) - Forums.mht
    .eml .js polyglot
  • doc/[] Пакетный уровень RF Online для новичков - x33 Forums.mht
    .eml .js polyglot
  • doc/k12.gif
  • doc/k13.gif
    .gif
  • token.wp
  • token.~wp
  • wpcfg.ini
  • wpcfg.ini~
  • wpinfo.dat
  • wpsc/DEMO/LA2/!LS1em.xml.txt
  • wpsc/DEMO/LA2/LS1em.xml
    .xml
  • wpsc/DEMO/LA2/demo1.sc
  • wpsc/DEMO/LA2/demo2.sc
  • wpsc/DEMO/LA2/demo3.sc
  • wpsc/DEMO/LA2/demoFS2.fsc
  • wpsc/DEMO/LA2/demoReklam.fsc
  • wpsc/DEMO/LA2/demo_la2-endecGS-4.fsc
    .js
  • wpsc/DEMO/LA2/demo_la2-endecGS-5.fsc
  • wpsc/DEMO/LA2/dropitem1.sc
  • wpsc/DEMO/LA2/fs-demochat1.fsc
  • wpsc/DEMO/LA2/target_attacker.sc
  • wpsc/DEMO/LA2/target_radar.sc
  • wpsc/DEMO/RFO/RFO-GetChars-1.fsc
  • wpsc/DEMO/d5-delay.sc
  • wpsc/DEMO/demoFS1.fsc
  • wpsc/DEMO/gDLL-ex1.fsc
  • wpsc/socks5.sc
  • wpstr.ini