home

WinKawaks.exe

WinKawaks Application

This is a setup program which is used to install the application.
Product:
WinKawaks Application

Description:
Kawaks

Version:
1, 0, 0, 1

MD5:
6ea44ac6259469a2894dbf8098bc272e

SHA-1:
8a3dacebaf9fa8c23f793bfa3bf29bbfd4d7ceb2

SHA-256:
5638919f46b42eb216311500eaa1fcbcb0545796dcd95cba03e54948a0673297

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/24/2024 2:05:05 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Packed/ExeStealth
7.1.1

Bkav FE
HW32.Packed
1.3.0.7383

Dr.Web
Trojan.MulDrop2.37212
9.0.1.023

F-Prot
W32/SuspPack.DF.gen
v6.4.7.1.166

File size:
375.6 KB (384,589 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright (C) 2001

Original file name:
WinKawaks.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
12/21/2006 9:00:13 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:ncJ7LrkFo0dF1izzdV6xYXmKy8f0U2T19hOS2x+eQBeBoEc9MK/axDZEVu4YfN:cJ7Lr8HLcxVD10Upx+nBe7c9vED/5

Entry address:
0x376060

Entry point:
50, 51, 52, 53, 54, 55, 56, 57, E8, 00, 00, 00, 00, 5D, 81, ED, 1E, 1C, 40, 00, B9, 7B, 09, 00, 00, 8D, BD, 66, 1C, 40, 00, 8B, F7, AC, F9, 02, C1, 2A, C1, 34, 4A, C0, C0, 04, 04, 85, EB, 01, C2, C0, C0, 8F, C0, C8, 94, F8, EB, 01, C2, EB, 01, C2, 2A, C1, F9, EB, 01, C2, 2A, C1, EB, 01, E9, 34, 25, 2A, C1, 04, 53, C0, C0, 4B, AA, E2, CC, 57, EE, F0, EB, DD, F7, 52, B5, 25, A6, 80, 33, 9F, E7, A3, 95, 97, 71, 59, 37, F2, 81, F3, 58, 21, 4F, C9, C3, 07, 17, 40, 3B, 35, 11, 78, 88, E5, 27, 11, ED, 64, E2, C1...
 
[+]

Entropy:
7.9827  (probably packed)

Code size:
368 KB (376,832 bytes)

The file WinKawaks.exe has been seen being distributed by the following URL.

temp:WinKawaks.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to shut.the.fuck.up-bitch.com  (216.189.101.117:80)

Scan WinKawaks.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.