WinKawaks[.]full[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

WinKawaks.full.zip
Size

1.5MB
MD5

fe7187156431787428fb54a76b1a432c
SHA1

ce0747fab9a293e5c6259486adeee62371673eab
SHA256

0ce6c33423a25435aa0c6ee5e35d5cedcd2aff636bc5a9518a9c3127e3789d3e
SHA512

273440f719aff95f17f1f1aa46ad485da5dbfd2a8177d89a7cdc0da15c718068f65d2e561dcce65094bb9e0b561a4e661d0d8565a2d8a154d3bf3909fd67067f
SSDEEP

24576:q1IxZdhbUvHYu3q3hl9cqgL1l5cGje++Wk1hCe4F/wFNNi0SrM:VHgfYkfqgLBDeZWk/34F/mMprM

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/WinKawaks/kailleraclient.dll	acprotect

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/WinKawaks/WinKawaks.exe	upx
static1/unpack001/WinKawaks/kaillera/kaillerasrv.exe	upx
static1/unpack001/WinKawaks/kailleraclient.dll	upx

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WinKawaks/WinKawaks.exe
unpack001/WinKawaks/kaillera/kaillerasrv.exe
unpack004/out.upx
unpack001/WinKawaks/kailleraclient.dll
unpack005/out.upx

Files

WinKawaks.full.zip
.zip .ps1 polyglot

Password: 12345667
WinKawaks/DefaultWinKawaksINI.zip
.zip

Password: 12345667
WinKawaks.ini
WinKawaks/WinKawaks.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 395KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ZC
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
WinKawaks/blend/ddsom.bld
WinKawaks/blend/ddtod.bld
WinKawaks/blend/sfa.bld
WinKawaks/defaultkeysCPS.ini
WinKawaks/defaultkeysMVS.ini
WinKawaks/eeprom/pzloop2.epm
WinKawaks/eeprom/pzloop2j.epm
WinKawaks/faq.txt
WinKawaks/kaillera/kaillerasrv.conf
WinKawaks/kaillera/kaillerasrv.exe
.exe windows:4 windows x86 arch:x86

Password: 12345667

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
WinKawaks/kaillera/kaillerasrv.txt
WinKawaks/kailleraclient.dll
.dll windows:4 windows x86 arch:x86

Password: 12345667

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

_kailleraChatSend@4
_kailleraEndGame@0
_kailleraGetVersion@4
_kailleraInit@0
_kailleraModifyPlayValues@8
_kailleraSelectServerDialog@4
_kailleraSetInfos@4
_kailleraShutdown@0

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinKawaks/lang/Arabic.lng
WinKawaks/lang/Brazilian Portuguese.lng
WinKawaks/lang/Bulgarian.lng
WinKawaks/lang/Catalan.lng
WinKawaks/lang/Charnego.lng
WinKawaks/lang/Chinese(Big5).lng
WinKawaks/lang/Chinese(Simp).lng
WinKawaks/lang/Czech.lng
WinKawaks/lang/Dutch.lng
WinKawaks/lang/English.lng
WinKawaks/lang/Finnish.lng
WinKawaks/lang/French.lng
WinKawaks/lang/German.lng
WinKawaks/lang/Greek.lng
WinKawaks/lang/Hebrew.lng
WinKawaks/lang/Italian.lng
WinKawaks/lang/Japanese.lng
WinKawaks/lang/Korean.lng
WinKawaks/lang/L33t.lng
WinKawaks/lang/Norwegian.lng
WinKawaks/lang/Polish.lng
WinKawaks/lang/Portuguese.lng
WinKawaks/lang/Russian.lng
WinKawaks/lang/Serbian.lng
WinKawaks/lang/Spanish.lng
WinKawaks/lang/Swedish.lng
WinKawaks/lang/Turkish.lng
WinKawaks/roms/neogeo/neogeo.zip
.zip

Password: 12345667
000-lo.lo
asia-s3.rom
neo-epo.bin
neo-po.bin
neodebug.rom
sfix.sfix
sm1.sm1
sp-e.sp1
sp-j2.rom
sp-s.sp1
sp-s2.sp1
sp1.jipan.1024
uni-bios_1_0.rom
uni-bios_1_1.rom
uni-bios_1_2.rom
uni-bios_1_2o.rom
uni-bios_1_3.rom
uni-bios_2_0.rom
uni-bios_2_1.rom
uni-bios_2_2.rom
uni-bios_2_3.rom
uni-bios_2_3o.rom
usa_2slt.bin
vs-bios.rom
WinKawaks/sample_ini_files.zip
.zip

Password: 12345667
sfz3jr1.ini
xmcota.ini
xmvsf.ini
WinKawaks/tracklst/19xx.dat
WinKawaks/tracklst/avsp.dat
WinKawaks/tracklst/batcirj.dat
WinKawaks/tracklst/captcomm.dat
WinKawaks/tracklst/csclubj.dat
WinKawaks/tracklst/cybotsj.dat
WinKawaks/tracklst/ddtod.dat
WinKawaks/tracklst/dstlk.dat
WinKawaks/tracklst/ecofghtr.dat
WinKawaks/tracklst/ffight.dat
WinKawaks/tracklst/kof94.dat
WinKawaks/tracklst/kof95.dat
WinKawaks/tracklst/kof96.dat
WinKawaks/tracklst/kof97.dat
WinKawaks/tracklst/kof98.dat
WinKawaks/tracklst/kof99.dat
WinKawaks/tracklst/msh.dat
WinKawaks/tracklst/mshvsf.dat
WinKawaks/tracklst/mvsc.dat
WinKawaks/tracklst/pbobblen.dat
WinKawaks/tracklst/ringdest.dat
WinKawaks/tracklst/sf2.dat
WinKawaks/tracklst/sf2ce.dat
WinKawaks/tracklst/sfa.dat
WinKawaks/tracklst/sfa2.dat
WinKawaks/tracklst/sfa3.dat
WinKawaks/tracklst/sgemf.dat
WinKawaks/tracklst/spf2t.dat
WinKawaks/tracklst/ssf2.dat
WinKawaks/tracklst/vsav.dat
WinKawaks/tracklst/vsav2.dat
WinKawaks/tracklst/wakuwak7.dat
WinKawaks/tracklst/xmcota.dat
WinKawaks/tracklst/xmvsf.dat
WinKawaks/whatsnew.txt

Sharing

General

Malware Config

Signatures

Files

Password: 12345667

Password: 12345667

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 4.5MB

UPX1 Size: 395KB - Virtual size: 396KB

.rsrc Size: 7KB - Virtual size: 8KB

ZC Size: 2KB - Virtual size: 8KB

Password: 12345667

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 44KB

UPX1 Size: 19KB - Virtual size: 20KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 33KB - Virtual size: 32KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 12KB

Password: 12345667

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 56KB

UPX1 Size: 27KB - Virtual size: 28KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 4KB

Password: 12345667

Password: 12345667

UPX0
Size: - Virtual size: 4.5MB

UPX1
Size: 395KB - Virtual size: 396KB

.rsrc
Size: 7KB - Virtual size: 8KB

ZC
Size: 2KB - Virtual size: 8KB

UPX0
Size: - Virtual size: 44KB

UPX1
Size: 19KB - Virtual size: 20KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 33KB - Virtual size: 32KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 12KB

UPX0
Size: - Virtual size: 56KB

UPX1
Size: 27KB - Virtual size: 28KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 4KB