WinKawaks[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

WinKawaks.zip
Size

1.4MB
MD5

d0640050cb949a2a6a804d5b1c5d8b3c
SHA1

722e0bd1a34b8d4a6fbb5fed64296d641674d85c
SHA256

5d567f0df4e5e36358d22a0eeac98925cf5e49a27ff8c0f61c1d76c924e13d19
SHA512

a2fd57accd97b36c1e143d39f4689ede04c632fd0a2a081f0714647b7d1cd8a06bd6b0c3c0ab712dafff87a39eef1c772b892447b9f70b45aee3ccc889f27ee2
SSDEEP

24576:p1IxZdhbUvHYu3q3hl9cqgL1l5cGje++Wk1hCe4F/wFNNi0Srw:UHgfYkfqgLBDeZWk/34F/mMprw

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/WinKawaks/kailleraclient.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/WinKawaks/WinKawaks.exe	upx
static1/unpack001/WinKawaks/kailleraclient.dll	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WinKawaks/WinKawaks.exe
unpack001/WinKawaks/kailleraclient.dll
unpack004/out.upx

Files

WinKawaks.zip
.zip
WinKawaks/DefaultWinKawaksINI.zip
.zip
WinKawaks.ini
WinKawaks/WinKawaks.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 395KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ZC
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
WinKawaks/blend/ddsom.bld
WinKawaks/blend/ddtod.bld
WinKawaks/blend/sfa.bld
WinKawaks/defaultkeysCPS.ini
WinKawaks/defaultkeysMVS.ini
WinKawaks/eeprom/pzloop2.epm
WinKawaks/eeprom/pzloop2j.epm
WinKawaks/faq.txt
WinKawaks/kailleraclient.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

_kailleraChatSend@4
_kailleraEndGame@0
_kailleraGetVersion@4
_kailleraInit@0
_kailleraModifyPlayValues@8
_kailleraSelectServerDialog@4
_kailleraSetInfos@4
_kailleraShutdown@0

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinKawaks/lang/Arabic.lng
WinKawaks/lang/Brazilian Portuguese.lng
WinKawaks/lang/Bulgarian.lng
WinKawaks/lang/Catalan.lng
WinKawaks/lang/Charnego.lng
WinKawaks/lang/Chinese(Big5).lng
WinKawaks/lang/Chinese(Simp).lng
WinKawaks/lang/Czech.lng
WinKawaks/lang/Dutch.lng
WinKawaks/lang/English.lng
WinKawaks/lang/Finnish.lng
WinKawaks/lang/French.lng
WinKawaks/lang/German.lng
WinKawaks/lang/Greek.lng
WinKawaks/lang/Hebrew.lng
WinKawaks/lang/Italian.lng
WinKawaks/lang/Japanese.lng
WinKawaks/lang/Korean.lng
WinKawaks/lang/L33t.lng
WinKawaks/lang/Norwegian.lng
WinKawaks/lang/Polish.lng
WinKawaks/lang/Portuguese.lng
WinKawaks/lang/Russian.lng
WinKawaks/lang/Serbian.lng
WinKawaks/lang/Spanish.lng
WinKawaks/lang/Swedish.lng
WinKawaks/lang/Turkish.lng
WinKawaks/roms/neogeo/neogeo.zip
.zip
000-lo.lo
asia-s3.rom
neo-epo.bin
neo-po.bin
neodebug.rom
sfix.sfix
sm1.sm1
sp-e.sp1
sp-j2.rom
sp-s.sp1
sp-s2.sp1
sp1.jipan.1024
uni-bios_1_0.rom
uni-bios_1_1.rom
uni-bios_1_2.rom
uni-bios_1_2o.rom
uni-bios_1_3.rom
uni-bios_2_0.rom
uni-bios_2_1.rom
uni-bios_2_2.rom
uni-bios_2_3.rom
uni-bios_2_3o.rom
usa_2slt.bin
vs-bios.rom
WinKawaks/sample_ini_files.zip
.zip
sfz3jr1.ini
xmcota.ini
xmvsf.ini
WinKawaks/tracklst/19xx.dat
WinKawaks/tracklst/avsp.dat
WinKawaks/tracklst/batcirj.dat
WinKawaks/tracklst/captcomm.dat
WinKawaks/tracklst/csclubj.dat
WinKawaks/tracklst/cybotsj.dat
WinKawaks/tracklst/ddtod.dat
WinKawaks/tracklst/dstlk.dat
WinKawaks/tracklst/ecofghtr.dat
WinKawaks/tracklst/ffight.dat
WinKawaks/tracklst/kof94.dat
WinKawaks/tracklst/kof95.dat
WinKawaks/tracklst/kof96.dat
WinKawaks/tracklst/kof97.dat
WinKawaks/tracklst/kof98.dat
WinKawaks/tracklst/kof99.dat
WinKawaks/tracklst/msh.dat
WinKawaks/tracklst/mshvsf.dat
WinKawaks/tracklst/mvsc.dat
WinKawaks/tracklst/pbobblen.dat
WinKawaks/tracklst/ringdest.dat
WinKawaks/tracklst/sf2.dat
WinKawaks/tracklst/sf2ce.dat
WinKawaks/tracklst/sfa.dat
WinKawaks/tracklst/sfa2.dat
WinKawaks/tracklst/sfa3.dat
WinKawaks/tracklst/sgemf.dat
WinKawaks/tracklst/spf2t.dat
WinKawaks/tracklst/ssf2.dat
WinKawaks/tracklst/vsav.dat
WinKawaks/tracklst/vsav2.dat
WinKawaks/tracklst/wakuwak7.dat
WinKawaks/tracklst/xmcota.dat
WinKawaks/tracklst/xmvsf.dat
WinKawaks/whatsnew.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 4.5MB

UPX1 Size: 395KB - Virtual size: 396KB

.rsrc Size: 7KB - Virtual size: 8KB

ZC Size: 2KB - Virtual size: 8KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 56KB

UPX1 Size: 27KB - Virtual size: 28KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 4.5MB

UPX1
Size: 395KB - Virtual size: 396KB

.rsrc
Size: 7KB - Virtual size: 8KB

ZC
Size: 2KB - Virtual size: 8KB

UPX0
Size: - Virtual size: 56KB

UPX1
Size: 27KB - Virtual size: 28KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 4KB