General

  • Target

    7294e29167cf8ea40ec76fd33a174a43_JaffaCakes118

  • Size

    18.4MB

  • MD5

    7294e29167cf8ea40ec76fd33a174a43

  • SHA1

    69a651688b79a79edee75f6bec495372d0896f49

  • SHA256

    68b729d1c7e6b424b230931dc74db2c90c08d4923130582c80a295e144dba43f

  • SHA512

    6968f2fae0a6a4117f7b38be499ce4666da39c1c914a846679418e1d25817fe6d869a404dc9934cbee3f0f831ae8c15298de77630089b69bb5d1920c6fb49241

  • SSDEEP

    393216:mJTKHH8wh67fJQ61DjbR//rXefAzPnqQtuCUoy+0teV0C2bqw43:vc1C61NHUATn50jdUV0CQF4

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Unsigned PE 61 IoCs

    Checks for missing Authenticode signature.

Files

  • 7294e29167cf8ea40ec76fd33a174a43_JaffaCakes118
    .exe windows:5 windows x86 arch:x86

    32f3282581436269b3a75b6675fe3e08


    Code Sign

    Headers

    Imports

    Sections

  • $COMMONFILES/nProtect Shared/Engine/BWT.dll
    .dll windows:4 windows x86 arch:x86

    b16b05115529f7bbc3cb142f11ec7320


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $COMMONFILES/nProtect Shared/Engine/BWTTrustList.dat
  • $COMMONFILES/nProtect Shared/Engine/BwtTrust.dll
    .dll windows:4 windows x86 arch:x86

    03a1fe3fde0b98269544b8bec2d124a2


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $COMMONFILES/nProtect Shared/Engine/NpBWT.dll
    .dll windows:5 windows x86 arch:x86

    a60200e3067da2c9a407d52e73c19fac


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $COMMONFILES/nProtect Shared/Engine/NpHttpsLib.dll
    .dll windows:5 windows x86 arch:x86

    a7df12cc332635377ea71a48f8b49a32


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $COMMONFILES/nProtect Shared/Engine/TYAVPU_000.bin
  • $COMMONFILES/nProtect Shared/Engine/TYAVP_001.bin
  • $COMMONFILES/nProtect Shared/Engine/TYAVSU_000.bin
  • $COMMONFILES/nProtect Shared/Engine/TeCtrl.dll
    .dll windows:4 windows x86 arch:x86

    f2f04e8d6a48038cbe0d8f6678090077


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $COMMONFILES/nProtect Shared/Engine/TeCtrlu.dll
    .dll windows:4 windows x86 arch:x86

    5fc585f53e552845cbfa41093fe3bbe6


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $COMMONFILES/nProtect Shared/Engine/TySUtilu.dll
    .dll windows:4 windows x86 arch:x86

    a008632a5ab1b5de784efb061bb8f8e9


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $COMMONFILES/nProtect Shared/Engine/teexcept.dat
  • $COMMONFILES/nProtect Shared/Engine/tyav32u.dll
    .dll windows:4 windows x86 arch:x86

    021e6f8bb522faeb0c3bb252a119d5e3


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $COMMONFILES/nProtect Shared/Engine/tyavcuremap.dat
  • $COMMONFILES/nProtect Shared/Engine/tyavexcept.bin
    .dll windows:4 windows x86 arch:x86

    5c54715227e960c5019e7a45d4b9d02a


    Headers

    Imports

    Sections

  • $COMMONFILES/nProtect Shared/Engine/tyavexcept.dat
  • $PLUGINSDIR/GetVersion.dll
    .dll windows:5 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:5 windows x86 arch:x86


    Headers

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:5 windows x86 arch:x86

    039bcbc605477e8e87ec550c2e60e748


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UserInfo.dll
    .dll windows:5 windows x86 arch:x86

    45d25ca52c312b2254c60dbcb30342d1


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/npeNSISUtil.dll
    .dll windows:4 windows x86 arch:x86

    310dbe8c6167d088f05900d59f1b65ef


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsDialogs.dll
    .dll windows:5 windows x86 arch:x86

    9ea5bdc8c90dfcffe309465c26c89758


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsExec.dll
    .dll windows:5 windows x86 arch:x86

    8700d0ebbb41c81ea52718af1ab70a93


    Headers

    Imports

    Exports

    Sections

  • $PROGRAMFILES/INCAInternet UnInstall/nProtect Online Security/nProtectUninstaller.exe
    .exe windows:4 windows x86 arch:x86

    cdb95ccdd0343d1a67a51f7542a5f554


    Code Sign

    Headers

    Imports

    Sections

  • $PROGRAMFILES/INCAInternet UnInstall/nProtect Online Security/npcf_win_32u.dll
    .dll windows:4 windows x86 arch:x86

    e173053aab7169b17490d0773c9dff4a


    Headers

    Imports

    Sections

  • $PROGRAMFILES/INCAInternet UnInstall/nProtect Online Security/nppb.dll
    .dll windows:4 windows x86 arch:x86

    00db911b28a8cd6b64fe48e8520f85bb


    Code Sign

    Headers

    Imports

    Sections

  • $PROGRAMFILES/INCAInternet UnInstall/nProtect Online Security/npx/npcUnInstallPolicy.npx
  • $PROGRAMFILES/INCAInternet UnInstall/nProtect Online Security/npx/npluninstall.npx
  • $SYSDIR/TKCtrl2k.sys
    .sys windows:6 windows x86 arch:x86

    d4557be79e0f9831af3cca19a058f6a4


    Code Sign

    Headers

    Imports

    Sections

  • $SYSDIR/TKCtrl2k64.sys
    .sys windows:6 windows x64 arch:x64

    259b5a43f6cc111337444a7d5f8e265d


    Code Sign

    Headers

    Imports

    Sections

  • $SYSDIR/TKCtrlU.dll
    .dll windows:4 windows x86 arch:x86

    e497af0c2978c4c2c39fccc20650b253


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/TKFW.sys
    .sys windows:6 windows x86 arch:x86

    6bacbf582b0e8a057bfab5b43a361842


    Code Sign

    Headers

    Imports

    Sections

  • $SYSDIR/TKFWFV.cat
  • $SYSDIR/TKFWFV.inf
  • $SYSDIR/TKFWFV.sys
    .sys windows:6 windows x86 arch:x86

    28159e3467957b64802a7f0e2bc2727a


    Code Sign

    Headers

    Imports

    Sections

  • $SYSDIR/TKFWFV64.cat
  • $SYSDIR/TKFWFV64.sys
    .sys windows:6 windows x64 arch:x64

    282629e63807b64dc1b2081f6cf30782


    Code Sign

    Headers

    Imports

    Sections

  • $SYSDIR/TKFWU.dll
    .dll windows:4 windows x86 arch:x86

    ec8aeccecc6a4f3ad1b2a8c83238261c


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/TKFsAv.sys
    .sys windows:6 windows x86 arch:x86

    fc808ac055b42537a527601e69fc124a


    Headers

    Imports

    Sections

  • $SYSDIR/TKFsAv64.sys
    .sys windows:6 windows x64 arch:x64

    197b7cac7a0e0e10d3ba3e98fe4da126


    Headers

    Imports

    Sections

  • $SYSDIR/TKFsFt.sys
    .sys windows:6 windows x86 arch:x86

    6a28edfa5c6de8f65372b27385104cc0


    Code Sign

    Headers

    Imports

    Sections

  • $SYSDIR/TKFsFt64.sys
    .sys windows:6 windows x64 arch:x64

    8800a239d236c089784b93c9e76eaeaf


    Code Sign

    Headers

    Imports

    Sections

  • $SYSDIR/TKIdsVt.sys
    .sys windows:6 windows x86 arch:x86

    0a7e0ecbd6ccb98296d7618457ac82b6


    Headers

    Imports

    Sections

  • $SYSDIR/TKIdsVt64.sys
    .sys windows:6 windows x64 arch:x64

    f223952fe7523417e724364b7f82853c


    Headers

    Imports

    Sections

  • $SYSDIR/TKPcFtCb.sys
    .sys windows:6 windows x86 arch:x86

    08b130c4919fce3888098ed6eebdd31f


    Code Sign

    Headers

    Imports

    Sections

  • $SYSDIR/TKPcFtCb64.sys
    .sys windows:6 windows x64 arch:x64

    3e4f96ca1877df42bb00ad1fef3003f4


    Headers

    Imports

    Sections

  • $SYSDIR/TKPcFtHk.sys
    .sys windows:6 windows x86 arch:x86

    67ce3513ca9715ab9163d0e087a177aa


    Headers

    Imports

    Sections

  • $SYSDIR/TKPcFtHk64.sys
    .sys windows:6 windows x64 arch:x64

    52a03f6d8335de264bd39ec87945a503


    Code Sign

    Headers

    Imports

    Sections

  • $SYSDIR/TKRgAc2k.sys
    .sys windows:6 windows x86 arch:x86

    18af0e4bd462a0c6150fb88eab1780f9


    Headers

    Imports

    Sections

  • $SYSDIR/TKRgAc2k64.sys
    .sys windows:6 windows x64 arch:x64

    39f5b716dfa8b43761734ba4fb230c44


    Headers

    Imports

    Sections

  • $SYSDIR/TKRgFt2k.sys
    .sys windows:6 windows x86 arch:x86

    763aace061cbd9816365c596e1891de9


    Code Sign

    Headers

    Imports

    Sections

  • $SYSDIR/TKRgFtXp.sys
    .sys windows:6 windows x86 arch:x86

    386d755c10fcc453c1d7110119ceeec7


    Headers

    Imports

    Sections

  • $SYSDIR/TKRgFtXp64.sys
    .sys windows:6 windows x64 arch:x64

    bd0a2c61a8c6a84206ead3cad2934d2d


    Headers

    Imports

    Sections

  • $SYSDIR/TKTool2k.sys
    .sys windows:6 windows x86 arch:x86

    d9a12bd346b9522bd63c7d74b98a85b2


    Code Sign

    Headers

    Imports

    Sections

  • $SYSDIR/TKTool2k64.sys
    .sys windows:6 windows x64 arch:x64

    2ca3150ee7102c46d43e4d7e618f906b


    Code Sign

    Headers

    Imports

    Sections

  • $SYSDIR/TKToolu.dll
    .dll windows:4 windows x86 arch:x86

    c19cf5ba61ddde0c28a963f5f3e3161d


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/noska.sys
    .sys windows:6 windows x86 arch:x86

    848f63553a9a79bfa946f6e3fd4cc6d8


    Headers

    Imports

    Sections

  • $SYSDIR/noskp.sys
    .sys windows:6 windows x86 arch:x86

    0b660f5cc3f1ba0a0f57e8cc78e08b99


    Headers

    Imports

    Sections

  • $SYSDIR/noskp64.sys
    .sys windows:6 windows x64 arch:x64

    9c88f4e55aeb3f2903de2a5331ce4896


    Headers

    Imports

    Sections

  • $SYSDIR/nosku.sys
    .sys windows:6 windows x86 arch:x86

    618f0d2cb74a4fd908dc9c421a239144


    Headers

    Imports

    Sections

  • $SYSDIR/nosku64.sys
    .sys windows:6 windows x64 arch:x64

    8550e6c402121795663b7087da3991d0


    Headers

    Imports

    Sections

  • $SYSDIR/np_ck32s.sys
    .sys windows:6 windows x86 arch:x86

    2429bd661b999e0ddeaef9e42eff057e


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/np_ck64s.sys
    .sys windows:6 windows x64 arch:x64

    a91fd37ae6dce75fc02368dc80bb0bcb


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/npkakl.sys
    .sys windows:6 windows x86 arch:x86

    4f95daf21e35f87ace98e4852a8746d0


    Code Sign

    Headers

    Imports

    Sections

  • $SYSDIR/npkfxa.sys
    .sys windows:6 windows x86 arch:x86

    4f95daf21e35f87ace98e4852a8746d0


    Code Sign

    Headers

    Imports

    Sections

  • $SYSDIR/tkfwflt.sys
    .sys windows:5 windows x86 arch:x86

    9d97e8586178e7df479db7cdd3c6831d


    Code Sign

    Headers

    Imports

    Sections

  • $SYSDIR/tkfwfltU.dll
    .dll windows:4 windows x86 arch:x86

    705ded5385fdf03f707bae3ec273afa7


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/tkfwvt.sys
    .sys windows:6 windows x86 arch:x86

    11888564d7c6364446e49e59922c633c


    Headers

    Imports

    Sections

  • $SYSDIR/tkfwvt64.sys
    .sys windows:6 windows x64 arch:x64

    30f12997a2cd083809f9cf859612fd4b


    Headers

    Imports

    Sections

  • $SYSDIR/tkids.sys
    .sys windows:6 windows x86 arch:x86

    46956ab5c9fcc3e59373f44c449e4a43


    Code Sign

    Headers

    Imports

    Sections

  • $SYSDIR/tkidsxU.dll
    .dll windows:4 windows x86 arch:x86

    95b858b1f54e093e088ccc59c7be20fa


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/tknetcfg.exe
    .exe windows:4 windows x86 arch:x86

    cffbd3ad773e8cc9d466bf9b0e5392d6


    Code Sign

    Headers

    Imports

    Sections

  • $SYSDIR/tknetcfg64.exe
    .exe windows:4 windows x64 arch:x64

    faa7f8783341e73f56ccaa861494179f


    Code Sign

    Headers

    Imports

    Sections

  • $WINDIR/Downloaded Program Files/nosxplatform.ocx
    .dll regsvr32 windows:4 windows x86 arch:x86

    e46748afe32fa180042b0bd6b303bb05


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • 7z.dll
    .dll windows:4 windows x86 arch:x86

    6121a49841bf6f5b3700c1ebbb28be41


    Headers

    Imports

    Exports

    Sections

  • bsc20/npacr_32.dll
    .dll windows:5 windows x86 arch:x86

    134e4b91b6ab6bc4db4559bb43ae4bf1


    Code Sign

    Headers

    Imports

    Sections

  • bsc20/npacr_64.dll
    .dll windows:5 windows x64 arch:x64

    a3f4b91618b071889a3b007add5ddb7f


    Code Sign

    Headers

    Imports

    Sections

  • bsc20/npamgr_32.exe
    .exe windows:5 windows x86 arch:x86

    7b502ebc552937602727d4e9fcb444d3


    Code Sign

    Headers

    Imports

    Sections

  • bsc20/npamgr_64.exe
    .exe windows:5 windows x64 arch:x64

    5cab3c093f9e92e818b9472ac72c36b9


    Code Sign

    Headers

    Imports

    Sections

  • bsc20/npasdk.dll
    .dll windows:5 windows x86 arch:x86

    9b818049de3fee738069205eb82d6407


    Code Sign

    Headers

    Imports

    Sections

  • cert/cap.npb
  • cert/certmgr.exe
    .exe windows:6 windows x86 arch:x86

    7a7c6506fbb24dc5a3e42f717ca920c1


    Headers

    Imports

    Sections

  • cert/certutil.exe
    .exe windows:5 windows x86 arch:x86

    6cf98f135928791c62d2eab6fc3a77b3


    Code Sign

    Headers

    Imports

    Sections

  • cert/freebl3.dll
    .dll windows:5 windows x86 arch:x86

    3e4d9b447a2cb87a729730ab1bc25121


    Headers

    Imports

    Exports

    Sections

  • cert/libnspr4.dll
    .dll windows:5 windows x86 arch:x86

    a6e2b1f247cdd390d167c7adf25361a0


    Headers

    Imports

    Exports

    Sections

  • cert/libplc4.dll
    .dll windows:5 windows x86 arch:x86

    4186cd42be9b2afabef8dd72516938ad


    Headers

    Imports

    Exports

    Sections

  • cert/libplds4.dll
    .dll windows:5 windows x86 arch:x86

    b6d90a32750acf0af0a8655d5d0a030b


    Headers

    Imports

    Exports

    Sections

  • cert/nprotect-root_ca.cer
  • cert/nprotect-rootca.cer
  • cert/nss3.dll
    .dll windows:5 windows x86 arch:x86

    efa8fe274715a84c91d43a09226843bc


    Headers

    Imports

    Exports

    Sections

  • cert/nssckbi.dll
    .dll windows:4 windows x86 arch:x86

    de0b17169e4935cc5b411afde9f0b737


    Headers

    Imports

    Exports

    Sections

  • cert/nssdbm3.dll
    .dll windows:5 windows x86 arch:x86

    4ca60f6a5ff6fd16b9c793ebf3278574


    Headers

    Imports

    Exports

    Sections

  • cert/nssutil3.dll
    .dll windows:5 windows x86 arch:x86

    d4971a2a6e8d38336c0b6a933639b728


    Headers

    Imports

    Exports

    Sections

  • cert/smime3.dll
    .dll windows:5 windows x86 arch:x86

    8045583735bc5ff78d5914c02f8eecf4


    Headers

    Imports

    Exports

    Sections

  • cert/softokn3.dll
    .dll .ps1 windows:5 windows x86 arch:x86 polyglot

    3926cdf25d4f10ec170079b80f7ba563


    Headers

    Imports

    Exports

    Sections

  • cert/sqlite3.dll
    .dll windows:5 windows x86 arch:x86

    999e6953b3230df7248766f5074bf74c


    Headers

    Imports

    Exports

    Sections

  • cert/ssl3.dll
    .dll windows:4 windows x86 arch:x86

    498d1e8cf8af9f696cb1c2696df4c8f1


    Headers

    Imports

    Exports

    Sections

  • coredll/network/x64/TKCtrl2k64.sys
    .sys windows:6 windows x64 arch:x64

    259b5a43f6cc111337444a7d5f8e265d


    Code Sign

    Headers

    Imports

    Sections

  • coredll/network/x64/TKFWFV.inf
  • coredll/network/x64/TKFWFV64.cat
  • coredll/network/x64/TKFWFV64.sys
    .sys windows:6 windows x64 arch:x64

    282629e63807b64dc1b2081f6cf30782


    Code Sign

    Headers

    Imports

    Sections

  • coredll/network/x64/TKIdsVt64.sys
    .sys windows:6 windows x64 arch:x64

    f223952fe7523417e724364b7f82853c


    Headers

    Imports

    Sections

  • coredll/network/x64/tkfwvt64.sys
    .sys windows:6 windows x64 arch:x64

    30f12997a2cd083809f9cf859612fd4b


    Headers

    Imports

    Sections

  • coredll/network/x86/TKCtrl2k.sys
    .sys windows:6 windows x86 arch:x86

    d4557be79e0f9831af3cca19a058f6a4


    Code Sign

    Headers

    Imports

    Sections

  • coredll/network/x86/TKCtrlU.dll
    .dll windows:4 windows x86 arch:x86

    e497af0c2978c4c2c39fccc20650b253


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • coredll/network/x86/TKFW.sys
    .sys windows:6 windows x86 arch:x86

    6bacbf582b0e8a057bfab5b43a361842


    Code Sign

    Headers

    Imports

    Sections

  • coredll/network/x86/TKFWFV.cat
  • coredll/network/x86/TKFWFV.inf
  • coredll/network/x86/TKFWFV.sys
    .sys windows:6 windows x86 arch:x86

    28159e3467957b64802a7f0e2bc2727a


    Code Sign

    Headers

    Imports

    Sections

  • coredll/network/x86/TKFWU.dll
    .dll windows:4 windows x86 arch:x86

    ec8aeccecc6a4f3ad1b2a8c83238261c


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • coredll/network/x86/TKIdsVt.sys
    .sys windows:6 windows x86 arch:x86

    0a7e0ecbd6ccb98296d7618457ac82b6


    Headers

    Imports

    Sections

  • coredll/network/x86/tkfwflt.sys
    .sys windows:5 windows x86 arch:x86

    9d97e8586178e7df479db7cdd3c6831d


    Code Sign

    Headers

    Imports

    Sections

  • coredll/network/x86/tkfwfltU.dll
    .dll windows:4 windows x86 arch:x86

    705ded5385fdf03f707bae3ec273afa7


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • coredll/network/x86/tkfwvt.sys
    .sys windows:6 windows x86 arch:x86

    11888564d7c6364446e49e59922c633c


    Headers

    Imports

    Sections

  • coredll/network/x86/tkids.sys
    .sys windows:6 windows x86 arch:x86

    46956ab5c9fcc3e59373f44c449e4a43


    Code Sign

    Headers

    Imports

    Sections

  • coredll/network/x86/tkidsxU.dll
    .dll windows:4 windows x86 arch:x86

    95b858b1f54e093e088ccc59c7be20fa


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • coredll/network/x86/tknetcfg.exe
    .exe windows:4 windows x86 arch:x86

    cffbd3ad773e8cc9d466bf9b0e5392d6


    Code Sign

    Headers

    Imports

    Sections

  • coredll/network/x86/tknetcfg64.exe
    .exe windows:4 windows x64 arch:x64

    faa7f8783341e73f56ccaa861494179f


    Code Sign

    Headers

    Imports

    Sections

  • coredll/protect/dll/TKFsAvMU.dll
    .dll windows:4 windows x86 arch:x86

    e4778084b51abbc495cb879793f9b094


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • coredll/protect/dll/TKFsFtMU.dll
    .dll windows:4 windows x86 arch:x86

    02364cdbc9c8df1d47becde436bb9178


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • coredll/protect/dll/TKPcFtU.dll
    .dll windows:4 windows x86 arch:x86

    c3e8bc028cef08f440c89a243f10ea87


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • coredll/protect/dll/TKRgAcu.dll
    .dll windows:4 windows x86 arch:x86

    afab5c4bb0975645a235b077175b885e


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • coredll/protect/dll/TKRgFtu.dll
    .dll windows:4 windows x86 arch:x86

    f59d6f975f23cdc31e0ca11de1867d0d


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • coredll/protect/x64/TKCtrl2k64.sys
    .sys windows:6 windows x64 arch:x64

    259b5a43f6cc111337444a7d5f8e265d


    Code Sign

    Headers

    Imports

    Sections

  • coredll/protect/x64/TKFsAv64.sys
    .sys windows:6 windows x64 arch:x64

    197b7cac7a0e0e10d3ba3e98fe4da126


    Headers

    Imports

    Sections

  • coredll/protect/x64/TKFsFt64.sys
    .sys windows:6 windows x64 arch:x64

    8800a239d236c089784b93c9e76eaeaf


    Code Sign

    Headers

    Imports

    Sections

  • coredll/protect/x64/TKPcFtCb64.sys
    .sys windows:6 windows x64 arch:x64

    3e4f96ca1877df42bb00ad1fef3003f4


    Headers

    Imports

    Sections

  • coredll/protect/x64/TKPcFtHk64.sys
    .sys windows:6 windows x64 arch:x64

    52a03f6d8335de264bd39ec87945a503


    Code Sign

    Headers

    Imports

    Sections

  • coredll/protect/x64/TKRgAc2k64.sys
    .sys windows:6 windows x64 arch:x64

    39f5b716dfa8b43761734ba4fb230c44


    Headers

    Imports

    Sections

  • coredll/protect/x64/TKRgFtXp64.sys
    .sys windows:6 windows x64 arch:x64

    bd0a2c61a8c6a84206ead3cad2934d2d


    Headers

    Imports

    Sections

  • coredll/protect/x64/TKTool2k64.sys
    .sys windows:6 windows x64 arch:x64

    2ca3150ee7102c46d43e4d7e618f906b


    Code Sign

    Headers

    Imports

    Sections

  • coredll/protect/x86/TKFsAv.sys
    .sys windows:6 windows x86 arch:x86

    fc808ac055b42537a527601e69fc124a


    Headers

    Imports

    Sections

  • coredll/protect/x86/TKFsFt.sys
    .sys windows:6 windows x86 arch:x86

    6a28edfa5c6de8f65372b27385104cc0


    Code Sign

    Headers

    Imports

    Sections

  • coredll/protect/x86/TKPcFtCb.sys
    .sys windows:6 windows x86 arch:x86

    08b130c4919fce3888098ed6eebdd31f


    Code Sign

    Headers

    Imports

    Sections

  • coredll/protect/x86/TKPcFtHk.sys
    .sys windows:6 windows x86 arch:x86

    67ce3513ca9715ab9163d0e087a177aa


    Headers

    Imports

    Sections

  • coredll/protect/x86/TKRgAc2k.sys
    .sys windows:6 windows x86 arch:x86

    18af0e4bd462a0c6150fb88eab1780f9


    Headers

    Imports

    Sections

  • coredll/protect/x86/TKRgFt2k.sys
    .sys windows:6 windows x86 arch:x86

    763aace061cbd9816365c596e1891de9


    Code Sign

    Headers

    Imports

    Sections

  • coredll/protect/x86/TKRgFtXp.sys
    .sys windows:6 windows x86 arch:x86

    386d755c10fcc453c1d7110119ceeec7


    Headers

    Imports

    Sections

  • coredll/protect/x86/TKTool2k.sys
    .sys windows:6 windows x86 arch:x86

    d9a12bd346b9522bd63c7d74b98a85b2


    Code Sign

    Headers

    Imports

    Sections

  • coredll/protect/x86/TKToolu.dll
    .dll windows:4 windows x86 arch:x86

    c19cf5ba61ddde0c28a963f5f3e3161d


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • coredll/rtd/BWT.dll
    .dll windows:4 windows x86 arch:x86

    b16b05115529f7bbc3cb142f11ec7320


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • coredll/rtd/BwtTrust.dll
    .dll windows:4 windows x86 arch:x86

    03a1fe3fde0b98269544b8bec2d124a2


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • coredll/rtd/NpBWT.dll
    .dll windows:5 windows x86 arch:x86

    a60200e3067da2c9a407d52e73c19fac


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • coredll/rtd/NpHttpsLib.dll
    .dll windows:5 windows x86 arch:x86

    a7df12cc332635377ea71a48f8b49a32


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • coredll/rtd/TYAVPU_000.bin
  • coredll/rtd/TYAVP_001.bin
  • coredll/rtd/TYAVSU_000.bin
  • coredll/rtd/TeCtrl.dll
    .dll windows:4 windows x86 arch:x86

    f2f04e8d6a48038cbe0d8f6678090077


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • coredll/rtd/TeCtrlu.dll
    .dll windows:4 windows x86 arch:x86

    5fc585f53e552845cbfa41093fe3bbe6


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • coredll/rtd/TySUtilu.dll
    .dll windows:4 windows x86 arch:x86

    a008632a5ab1b5de784efb061bb8f8e9


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • coredll/rtd/teexcept.dat
  • coredll/rtd/tyav32u.dll
    .dll windows:4 windows x86 arch:x86

    021e6f8bb522faeb0c3bb252a119d5e3


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • coredll/rtd/tyavcuremap.dat
  • coredll/rtd/tyavexcept.bin
    .dll windows:4 windows x86 arch:x86

    5c54715227e960c5019e7a45d4b9d02a


    Headers

    Imports

    Sections

  • coredll/rtd/tyavexcept.dat
  • nosApsData.npb
  • nos_launcher.exe
    .exe windows:4 windows x86 arch:x86

    baa93d47220682c04d92f7797d9224ce


    Code Sign

    Headers

    Imports

    Sections

  • nos_param.dat
  • nosapp.dll
    .dll windows:4 windows x86 arch:x86

    6dff77951608ec4f864ddb6ef6ab8739


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • nosscanner.npe
    .exe windows:4 windows x86 arch:x86

    cb1a2b590f3883cce13dded5f8181c21


    Code Sign

    Headers

    Imports

    Sections

  • nossdk.npd
    .dll windows:4 windows x86 arch:x86

    1e144e3ac8b4894bab59569fcbe750e4


    Code Sign

    Headers

    Imports

    Sections

  • nosstarter.npe
    .exe windows:4 windows x86 arch:x86

    baa93d47220682c04d92f7797d9224ce


    Code Sign

    Headers

    Imports

    Sections

  • nossvc.exe
    .exe windows:4 windows x86 arch:x86

    baa93d47220682c04d92f7797d9224ce


    Code Sign

    Headers

    Imports

    Sections

  • npUpdateC.exe
    .exe windows:4 windows x86 arch:x86

    98c000aeceae5324c5d9d2fdb904dd0d


    Code Sign

    Headers

    Imports

    Sections

  • npcf_win_32u.dll
    .dll windows:4 windows x86 arch:x86

    e173053aab7169b17490d0773c9dff4a


    Headers

    Imports

    Sections

  • npeUpdate.xml
  • npealert.npd
    .dll windows:4 windows x86 arch:x86

    11e80d783924802e6cd9440934cb980c


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • npebsc20.npd
    .dll windows:4 windows x86 arch:x86

    d7b982bd5b1c96f920297a33bc140e3d


    Code Sign

    Headers

    Imports

    Sections

  • npefsav.npd
    .dll windows:4 windows x86 arch:x86

    35ae1131bb210c35f49af1a747e80263


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • npefw.npd
    .dll windows:4 windows x86 arch:x86

    2d0001485ee091b39819f934a61641bb


    Code Sign

    Headers

    Imports

    Sections

  • npertd.npd
    .dll windows:4 windows x86 arch:x86

    27eac47c7a2c7c8e5d1e4fc0f3155d65


    Code Sign

    Headers

    Imports

    Sections

  • npeurlmon.npd
    .dll windows:4 windows x86 arch:x86

    61f39e02b0b2fb28a74f120503373225


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • npk/INICRYPTOSDK.dll
    .dll windows:4 windows x86 arch:x86

    2702bc403da1fe9704553a4d4c0969fd


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • npk/noska.sys
    .sys windows:6 windows x86 arch:x86

    848f63553a9a79bfa946f6e3fd4cc6d8


    Headers

    Imports

    Sections

  • npk/noskcp.dll
    .dll windows:4 windows x86 arch:x86

    5725f9cfa32a9055e5ee66de9b62eca8


    Code Sign

    Headers

    Imports

    Sections

  • npk/noskcv.dll
    .dll windows:4 windows x86 arch:x86

    55e7f58250c447b99a1a9cfd4f0ae289


    Code Sign

    Headers

    Imports

    Sections

  • npk/noskcv64.dll
    .dll windows:4 windows x64 arch:x64

    99e1a801ef9b18f828cc824550c160a2


    Code Sign

    Headers

    Imports

    Sections

  • npk/noske64.exe
    .exe windows:4 windows x64 arch:x64

    5c92c477f1f8e4e759097df007461402


    Code Sign

    Headers

    Imports

    Sections

  • npk/noskes.dll
    .dll windows:4 windows x86 arch:x86

    fd30f5a0daf8f1aaf0e47b1d71f772c7


    Code Sign

    Headers

    Imports

    Sections

  • npk/noskes64.dll
    .dll windows:4 windows x64 arch:x64

    9ee45cead6d222ea4516075a4d6bfa50


    Code Sign

    Headers

    Imports

    Sections

  • npk/noskfx.dll
    .dll windows:4 windows x86 arch:x86

    79962220dca5f30a298ab30455572a15


    Code Sign

    Headers

    Imports

    Sections

  • npk/noskfx64.dll
    .dll windows:4 windows x64 arch:x64

    9067c44528b02cd63c1c85386c05be6a


    Code Sign

    Headers

    Imports

    Sections

  • npk/noskm.dll
    .dll windows:4 windows x86 arch:x86

    bdf8e8bf13550296d1d3b847d2c2e570


    Code Sign

    Headers

    Imports

    Sections

  • npk/noskne.dll
    .dll windows:4 windows x86 arch:x86

    2c3b5dfddf482859ff80e2482f5966a3


    Code Sign

    Headers

    Imports

    Sections

  • npk/noskne64.dll
    .dll windows:4 windows x64 arch:x64

    1094f8d8f4ced5bbf565a396b75c277f


    Code Sign

    Headers

    Imports

    Sections

  • npk/noskp.sys
    .sys windows:6 windows x86 arch:x86

    0b660f5cc3f1ba0a0f57e8cc78e08b99


    Headers

    Imports

    Sections

  • npk/noskp64.sys
    .sys windows:6 windows x64 arch:x64

    9c88f4e55aeb3f2903de2a5331ce4896


    Headers

    Imports

    Sections

  • npk/noskre.dll
    .dll windows:4 windows x86 arch:x86

    a773eb457b984598fca17e185657df43


    Code Sign

    Headers

    Imports

    Sections

  • npk/noskre64.dll
    .dll windows:4 windows x64 arch:x64

    1c118dbf344c75032b4de41243ea9ceb


    Code Sign

    Headers

    Imports

    Sections

  • npk/nosksdk.dll
    .dll windows:4 windows x86 arch:x86

    cd5680f53d819127124ea7d4fe61409f


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • npk/nosksdk64.dll
    .dll windows:4 windows x64 arch:x64

    a4021df40f58f29d5d9b5ed5a0b3e5b2


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • npk/nosku.sys
    .sys windows:6 windows x86 arch:x86

    618f0d2cb74a4fd908dc9c421a239144


    Headers

    Imports

    Sections

  • npk/nosku64.sys
    .sys windows:6 windows x64 arch:x64

    8550e6c402121795663b7087da3991d0


    Headers

    Imports

    Sections

  • npk/np_ck32s.sys
    .sys windows:6 windows x86 arch:x86

    2429bd661b999e0ddeaef9e42eff057e


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • npk/np_ck64s.sys
    .sys windows:6 windows x64 arch:x64

    a91fd37ae6dce75fc02368dc80bb0bcb


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • npk/npcf_win_32u.dll
    .dll windows:4 windows x86 arch:x86

    e173053aab7169b17490d0773c9dff4a


    Headers

    Imports

    Sections

  • npk/npkakl.sys
    .sys windows:6 windows x86 arch:x86

    4f95daf21e35f87ace98e4852a8746d0


    Code Sign

    Headers

    Imports

    Sections

  • npk/npkfxa.sys
    .sys windows:6 windows x86 arch:x86

    4f95daf21e35f87ace98e4852a8746d0


    Code Sign

    Headers

    Imports

    Sections

  • nppb.dll
    .dll windows:4 windows x86 arch:x86

    00db911b28a8cd6b64fe48e8520f85bb


    Code Sign

    Headers

    Imports

    Sections

  • nprotect_install.exe
    .exe windows:5 windows x86 arch:x86

    32f3282581436269b3a75b6675fe3e08


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:5 windows x86 arch:x86

    039bcbc605477e8e87ec550c2e60e748


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/nsDialogs.dll
    .dll windows:5 windows x86 arch:x86

    9ea5bdc8c90dfcffe309465c26c89758


    Headers

    Imports

    Exports

    Sections

  • nos_launcher.exe
    .exe windows:4 windows x86 arch:x86

    baa93d47220682c04d92f7797d9224ce


    Code Sign

    Headers

    Imports

    Sections

  • nps/bar_bg.npi
  • nps/bar_full.npi
    .gif
  • nps/bgBottom.npi
    .png
  • nps/bi.npi
    .jpg
  • nps/close.npi
  • nps/imgWarn.npi
    .jpg
  • nps/logo.npi
  • nps/nphapsie_eng.nph
  • nps/nphapsie_kor.nph
  • nps/npicommon.npi
    .png
  • nps/npimain_conf.npi
    .png
  • nps/npimsg1.npi
    .png
  • nps/npimsg2.npi
    .png
  • nps/npimsg3.npi
    .png
  • nps/npimsg5.npi
    .png
  • nps/npimsg6.npi
    .png
  • nps/npimsg7.npi
    .png
  • nps/npinpnmini.npi
    .png
  • nps/npiui.npi
    .png
  • npslm20.npd
    .dll windows:4 windows x86 arch:x86

    5968ee0bfa638ed531c98b20e5fa170d


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • npx/nosinfo.npx
  • npx/npcIdsrule.npx
  • npx/npcaddon.npx
  • npx/npcbscallow.npx
  • npx/npcbscmsgbox.npx
  • npx/npccheckdom.npx
  • npx/npcfdsdom.npx
  • npx/npcfsavantirootkitlist.npx
  • npx/npcfsavmsgbox.npx
  • npx/npcfwallow.npx
  • npx/npcfwmsgbox.npx
  • npx/npcfwother.npx
  • npx/npchfm.npx
  • npx/npchtsgarak_wooribank.npx
  • npx/npcnpkdom.npx
  • npx/npcnpnbank_KFCC.npx
  • npx/npcnpnbank_bankcomm.npx
  • npx/npcnpnbank_bnk.npx
  • npx/npcnpnbank_charm.npx
  • npx/npcnpnbank_cu.npx
  • npx/npcnpnbank_cufilesystem.npx
  • npx/npcnpnbank_dmd.npx
  • npx/npcnpnbank_fsb.npx
  • npx/npcnpnbank_hanasavings.npx
  • npx/npcnpnbank_ibk.npx
  • npx/npcnpnbank_ibkinternet.npx
  • npx/npcnpnbank_jbbank.npx
  • npx/npcnpnbank_kbsavings.npx
  • npx/npcnpnbank_kebbank.npx
  • npx/npcnpnbank_kfb.npx
  • npx/npcnpnbank_knbank.npx
  • npx/npcnpnbank_moaloan.npx
  • npx/npcnpnbank_moastockloan.npx
  • npx/npcnpnbank_osb.npx
  • npx/npcnpnbank_peper.npx
  • npx/npcnpnbank_wooribank.npx
  • npx/npcnpncard_bccardhome.npx
  • npx/npcnpncard_bluewalnut.npx
  • npx/npcnpncard_hyundaicard.npx
  • npx/npcnpncard_hyundaicardhome.npx
  • npx/npcnpncard_lottecard.npx
  • npx/npcnpncard_nhcard.npx
  • npx/npcnpncard_samsungcard.npx
  • npx/npcnpncard_samsungcardhome.npx
  • npx/npcnpncard_shinhancard.npx
  • npx/npcnpncard_shinhancardhome.npx
  • npx/npcnpncommon_preview.npx
  • npx/npcnpncompany_KRP.npx
  • npx/npcnpncompany_benzfinancial.npx
  • npx/npcnpncompany_bestlg.npx
  • npx/npcnpncompany_bithumb.npx
  • npx/npcnpncompany_deliveryCar.npx
  • npx/npcnpncompany_hanacapital.npx
  • npx/npcnpncompany_hyundaicapital.npx
  • npx/npcnpncompany_hyundaicapital_AP.npx
  • npx/npcnpncompany_hyundaicapitalautodigital.npx
  • npx/npcnpncompany_hyundaicommercial.npx
  • npx/npcnpncompany_konai.npx
  • npx/npcnpncompany_lensa.npx
  • npx/npcnpncompany_lpoint.npx
  • npx/npcnpncompany_nhcapital.npx
  • npx/npcnpncompany_nowrms.npx
  • npx/npcnpncompany_shinmyung.npx
  • npx/npcnpncompany_ticketmonster.npx
  • npx/npcnpncompany_vwfs.npx
  • npx/npcnpncompany_withcapital.npx
  • npx/npcnpncompany_xlgames.npx
  • npx/npcnpndom.npx
  • npx/npcnpngarak_wooribank.npx
  • npx/npcnpngov_anyang.npx
  • npx/npcnpngov_barotalk.npx
  • npx/npcnpngov_childcare.npx
  • npx/npcnpngov_credit4u.npx
  • npx/npcnpngov_customs.npx
  • npx/npcnpngov_cwcl.npx
  • npx/npcnpngov_cyberpolice.npx
  • npx/npcnpngov_cyberseoulshinbo.npx
  • npx/npcnpngov_d2b.npx
  • npx/npcnpngov_diais.npx
  • npx/npcnpngov_dynamicebusan.npx
  • npx/npcnpngov_eminwon.goyang.npx
  • npx/npcnpngov_eminwonmolit.npx
  • npx/npcnpngov_emmskogas.npx
  • npx/npcnpngov_epost.npx
  • npx/npcnpngov_epostbank.npx
  • npx/npcnpngov_epostmall.npx
  • npx/npcnpngov_excard.npx
  • npx/npcnpngov_forest.npx
  • npx/npcnpngov_fss.npx
  • npx/npcnpngov_fuel.npx
  • npx/npcnpngov_gimpo.npx
  • npx/npcnpngov_gsnd.npx
  • npx/npcnpngov_guri.npx
  • npx/npcnpngov_happylife.npx
  • npx/npcnpngov_hf.npx
  • npx/npcnpngov_hipassdongtan.npx
  • npx/npcnpngov_icheon.npx
  • npx/npcnpngov_icl.npx
  • npx/npcnpngov_iros.npx
  • npx/npcnpngov_issi.npx
  • npx/npcnpngov_jindo.npx
  • npx/npcnpngov_kdic.npx
  • npx/npcnpngov_keris.npx
  • npx/npcnpngov_keris_childneis.npx
  • npx/npcnpngov_kipo.npx
  • npx/npcnpngov_kodit.npx
  • npx/npcnpngov_learninganyang.npx
  • npx/npcnpngov_mailknoc.npx
  • npx/npcnpngov_mailkogas.npx
  • npx/npcnpngov_mhisseoul.npx
  • npx/npcnpngov_nationsubsidy.npx
  • npx/npcnpngov_neis_keris.npx
  • npx/npcnpngov_nonghyup_hers.npx
  • npx/npcnpngov_nskkhealth.npx
  • npx/npcnpngov_nyjdreamcall.npx
  • npx/npcnpngov_oc.npx
  • npx/npcnpngov_police.npx
  • npx/npcnpngov_policemail.npx
  • npx/npcnpngov_postfc.npx
  • npx/npcnpngov_reunionunikorea.npx
  • npx/npcnpngov_sbhosp.npx
  • npx/npcnpngov_spo.npx
  • npx/npcnpngov_unikorea.npx
  • npx/npcnpngov_wetax.npx
  • npx/npcnpnins_allianzlife.npx
  • npx/npcnpnins_axageneralins.npx
  • npx/npcnpnins_chubb.npx
  • npx/npcnpnins_dgbfnlife.npx
  • npx/npcnpnins_hana_life.npx
  • npx/npcnpnins_heungkukfire.npx
  • npx/npcnpnins_heungkukfirecyber.npx
  • npx/npcnpnins_heungkuklife.npx
  • npx/npcnpnins_hi.npx
  • npx/npcnpnins_hisales.npx
  • npx/npcnpnins_histock.npx
  • npx/npcnpnins_hwgeneral.npx
  • npx/npcnpnins_hyundailife.npx
  • npx/npcnpnins_hyundailifega.npx
  • npx/npcnpnins_kdblife.npx
  • npx/npcnpnins_loveageplan.npx
  • npx/npcnpnins_mggeneralins.npx
  • npx/npcnpnins_miraeassetlife.npx
  • npx/npcnpnins_miraeassetonline.npx
  • npx/npcnpnins_pcalife.npx
  • npx/npcnpnins_pensionheungkuklife.npx
  • npx/npcnpnins_pensionkdblife.npx
  • npx/npcnpnins_samsungfire.npx
  • npx/npcnpnins_samsungfire_home.npx
  • npx/npcnpnorg_eleckareabar.npx
  • npx/npcnpnorg_kftc.npx
  • npx/npcnpnorg_khealth.npx
  • npx/npcnpnorg_knia.npx
  • npx/npcnpnorg_kscfc.npx
  • npx/npcnpnorg_ksd.npx
  • npx/npcnpnorg_kukmin.npx
  • npx/npcnpnorg_sejonguni.npx
  • npx/npcnpnorg_tta.npx
  • npx/npcnpnpg_kcp.npx
  • npx/npcnpnpg_kicc.npx
  • npx/npcnpnpg_vp.npx
  • npx/npcnpnpreview.npx
  • npx/npcnpnstock_dashinstock.npx
  • npx/npcnpnstock_hana.npx
  • npx/npcnpnstock_hanahts.npx
  • npx/npcnpnstock_hdable.npx
  • npx/npcnpnstock_kdbdw.npx
  • npx/npcnpnstock_nhfutures.npx
  • npx/npcnpnstock_samsungcnt.npx
  • npx/npcnpnstock_shinhaninvest.npx
  • npx/npcnpnstock_sks.npx
  • npx/npcnpnstock_wtskoscom.npx
  • npx/npcprotectpidallowlist.npx
  • npx/npcrtddriver.npx
  • npx/npcrtdmsgbox.npx
  • npx/npcrtdrunregistry.npx
  • npx/npcrtdscandll.npx
  • npx/npcrtdscanfolder.npx
  • npx/npcscanner.npx
  • npx/npcscanoption.npx
  • npx/npcslm20.npx
  • npx/npcstt.npx
  • npx/npcsttmsgbox.npx
  • npx/npcstttray.npx
  • npx/npcsvc.npx
  • npx/npcurlmon.npx
  • npx/npcvmchk.npx
  • npx/nplbsc.npx
  • npx/nplfsav.npx
  • npx/nplfw.npx
  • npx/nplnpn.npx
  • npx/nplrtd.npx
  • npx/nplscanner.npx
  • npx/nplstt.npx
  • npx/nplsttnmmsg.npx
  • npx/nplsvc.npx
  • npx/npsmsgbox.npx
  • npx/npsnpninca.npx
  • npx/npsscanner.npx
  • npx/npsstt.npx
  • npx/npssttmsgbox.npx
  • sqlite3.dll
    .dll windows:4 windows x86 arch:x86

    06a9fae96a016b6f74249f46cea153f9


    Code Sign

    Headers

    Imports

    Exports

    Sections