× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7836d631b6f922714c3bdb2b0dd0e77fe31c85486b1275bddcf24af165b27bf8
File name: WONHACK.exe
Detection ratio: 61 / 68
Analysis date: 2018-07-22 10:27:04 UTC ( 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Inject.AUZ 20180722
AegisLab Backdoor.W32.DarkKomet.tn2x 20180722
AhnLab-V3 Win-Trojan/Keylogger.679832 20180721
ALYac Trojan.Inject.AUZ 20180722
Antiy-AVL Trojan/Win32.VB 20180722
Arcabit Trojan.Inject.AUZ 20180722
Avast Win32:Malware-gen 20180722
AVG Win32:Malware-gen 20180722
Avira (no cloud) BDS/DarkKomet.GS 20180721
AVware Backdoor.Win32.Fynloski.A (v) 20180722
Baidu Win32.Backdoor.Agent.l 20180717
BitDefender Trojan.Inject.AUZ 20180722
Bkav W32.OnGamesLTKVPOK.Trojan 20180719
CAT-QuickHeal Backdoor.Fynloski.A9 20180721
ClamAV Win.Trojan.DarkKomet-1 20180722
CMC Backdoor.Win32.DarkKomet!O 20180722
Comodo Backdoor.Win32.Agent.XAB 20180722
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cybereason malicious.70fb2c 20180225
Cylance Unsafe 20180722
Cyren W32/Downloader.C.gen!Eldorado 20180722
DrWeb BackDoor.Tordev.976 20180722
Emsisoft Trojan.Fynloski (A) 20180722
Endgame malicious (high confidence) 20180711
ESET-NOD32 Win32/Fynloski.AA 20180722
F-Prot W32/Downloader.C.gen!Eldorado 20180722
Fortinet W32/Generic.AC.25E!tr 20180722
GData Trojan.Inject.AUZ 20180722
Ikarus Backdoor.Win32.DarkKomet 20180722
Sophos ML heuristic 20180717
Jiangmin Trojan/Generic.adygq 20180722
K7AntiVirus Backdoor ( 003b505d1 ) 20180722
K7GW Backdoor ( 003b505d1 ) 20180722
Kaspersky Backdoor.Win32.DarkKomet.xyk 20180722
Kingsoft Win32.Hack.HuigeziT.cz 20180722
Malwarebytes Backdoor.DarkComet 20180722
MAX malware (ai score=81) 20180722
McAfee Generic BackDoor.xa 20180722
McAfee-GW-Edition BehavesLike.Win32.Backdoor.th 20180722
Microsoft Backdoor:Win32/Fynloski.A 20180722
eScan Trojan.Inject.AUZ 20180722
NANO-Antivirus Trojan.Win32.DarkKomet.dtlfre 20180722
Panda Trj/Packed.B 20180722
Qihoo-360 QVM41.1.Malware.Gen 20180722
Rising Backdoor.Pontoeb!1.6637 (CLOUD) 20180722
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Troj/Backdr-ID 20180722
SUPERAntiSpyware Backdoor.Fynloski/Variant 20180722
Symantec Backdoor.Graybird 20180721
Tencent Backdoor.Win32.Darkkomet.a 20180722
TotalDefense Win32/Fynloski.A!generic 20180722
TrendMicro BKDR_FYNLOS.SMM 20180722
TrendMicro-HouseCall BKDR_FYNLOS.SMM 20180722
VBA32 Backdoor.Tordev 20180720
VIPRE Backdoor.Win32.Fynloski.A (v) 20180722
ViRobot Backdoor.Win32.Agent.674304.A 20180721
Webroot W32.Trojan.Gen 20180722
Yandex Trojan.Comet.Gen.LO 20180720
Zillya Backdoor.DarkKomet.Win32.30208 20180720
ZoneAlarm by Check Point Backdoor.Win32.DarkKomet.xyk 20180722
Zoner Trojan.Darkkomet 20180721
Alibaba 20180713
Avast-Mobile 20180722
Babable 20180406
eGambit 20180722
F-Secure 20180722
Palo Alto Networks (Known Signatures) 20180722
TACHYON 20180722
TheHacker 20180720
Trustlook 20180722
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 1999

Product Remote Service Application
Original name MSRSAAP.EXE
Internal name MSRSAAPP
File version 1, 0, 0, 1
Description Remote Service Application
Comments Remote Service Application
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-06-07 15:59:53
Entry Point 0x0008F888
Number of sections 9
PE sections
PE imports
capGetDriverDescriptionA
SHEmptyRecycleBinA
SHGetFolderPathA
URLDownloadToFileA
WSAIoctl
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
OpenServiceA
RegQueryValueExA
AdjustTokenPrivileges
ControlService
LookupAccountSidA
RegCreateKeyExA
DeleteService
RegCreateKeyA
GetSidSubAuthorityCount
RegFlushKey
RegOpenKeyA
OpenProcessToken
CreateServiceA
QueryServiceStatus
LookupPrivilegeDisplayNameA
RegOpenKeyExA
RegDeleteValueA
GetTokenInformation
CloseServiceHandle
IsValidSid
GetSidIdentifierAuthority
OpenThreadToken
GetUserNameA
GetSidSubAuthority
LookupPrivilegeNameA
RegEnumKeyExA
RegQueryInfoKeyA
EnumServicesStatusA
GetCurrentHwProfileA
RegSetValueExA
StartServiceA
RegEnumValueA
OpenSCManagerA
ImageList_Write
ImageList_Read
ImageList_BeginDrag
ImageList_Destroy
_TrackMouseEvent
ImageList_SetBkColor
ImageList_GetImageCount
ImageList_Draw
ImageList_GetIconSize
ImageList_Remove
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DrawEx
ImageList_GetBkColor
ImageList_Add
ImageList_SetIconSize
ImageList_Create
ImageList_DragEnter
ImageList_EndDrag
GetBrushOrgEx
GetDIBColorTable
DeleteEnhMetaFile
GetWindowOrgEx
PatBlt
GetClipBox
GetRgnBox
SaveDC
GetCurrentPositionEx
GdiFlush
GetTextMetricsA
MaskBlt
CreateBrushIndirect
SetStretchBltMode
GetEnhMetaFilePaletteEntries
GetPixel
BitBlt
GetObjectA
ExcludeClipRect
LineTo
DeleteDC
RestoreDC
SetBkMode
GetSystemPaletteEntries
SetPixel
CreateSolidBrush
IntersectClipRect
CreateHalftonePalette
CreateDIBSection
CopyEnhMetaFileA
RealizePalette
SetTextColor
GetDeviceCaps
MoveToEx
SetEnhMetaFileBits
CreateDCA
CreateBitmap
RectVisible
CreatePalette
GetStockObject
CreateDIBitmap
SetViewportOrgEx
SelectPalette
ExtTextOutA
UnrealizeObject
GetDIBits
GetEnhMetaFileBits
SetBrushOrgEx
GetDCOrgEx
PlayEnhMetaFile
StretchBlt
GetBitmapBits
CreateCompatibleDC
SetROP2
CreateFontIndirectA
SelectObject
GetTextExtentPoint32A
GetWinMetaFileBits
SetDIBColorTable
GetEnhMetaFileHeader
GetPaletteEntries
SetWindowOrgEx
SetBkColor
SetWinMetaFileBits
DeleteObject
CreateCompatibleBitmap
CreatePenIndirect
GdipSetInterpolationMode
GdipSaveImageToStream
GdiplusShutdown
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipGetImageGraphicsContext
GdiplusStartup
GdipGetImagePixelFormat
GdipDrawImageRectI
GdipFree
GdipDeleteGraphics
SetThreadLocale
GetStdHandle
FileTimeToDosDateTime
FileTimeToSystemTime
CreateFileMappingA
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
SetErrorMode
GetThreadContext
GetFullPathNameA
GetFileTime
GetTempPathA
WideCharToMultiByte
InterlockedExchange
WriteFile
GetDiskFreeSpaceA
SetFileAttributesA
SetEvent
MoveFileA
ResumeThread
GetExitCodeProcess
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
FormatMessageA
SetLastError
VerLanguageNameA
GetEnvironmentVariableA
WriteProcessMemory
Beep
GlobalFindAtomA
HeapAlloc
GetModuleFileNameA
EnumCalendarInfoA
GetVolumeInformationA
LoadLibraryExA
SetThreadPriority
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetSystemPowerStatus
CreateMutexA
GetModuleHandleA
CreateThread
CreatePipe
GetExitCodeThread
GlobalAddAtomA
MulDiv
ExitThread
SetThreadContext
WaitForMultipleObjectsEx
GlobalMemoryStatus
VirtualQuery
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
HeapFree
EnterCriticalSection
PeekNamedPipe
FreeLibrary
QueryPerformanceCounter
GetTickCount
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetSystemDirectoryA
CreateRemoteThread
GetStartupInfoA
GetDateFormatA
GetFileSize
GetUserDefaultLangID
OpenProcess
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
ReadProcessMemory
GetProcAddress
VirtualProtectEx
GetProcessHeap
FindFirstFileA
lstrcpyA
EnumResourceNamesA
CompareStringA
GetComputerNameA
FindNextFileA
TerminateProcess
GlobalLock
CreateEventA
CopyFileA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
DosDateTimeToFileTime
GlobalDeleteAtom
VirtualAllocEx
lstrlenA
GlobalFree
GetThreadLocale
GlobalUnlock
GlobalAlloc
WinExec
FileTimeToLocalFileTime
SizeofResource
VirtualFreeEx
GetCurrentProcessId
LockResource
SetFileTime
GetCPInfo
GetCommandLineA
GetCurrentThread
RaiseException
MapViewOfFile
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetVersion
FreeResource
CreateProcessA
UnmapViewOfFile
VirtualFree
Sleep
IsBadReadPtr
FindResourceA
VirtualAlloc
ResetEvent
acmStreamClose
acmStreamOpen
acmStreamUnprepareHeader
acmStreamPrepareHeader
acmStreamConvert
acmStreamSize
acmStreamReset
NetShareEnum
NetApiBufferFree
NetShareGetInfo
Netbios
NtUnmapViewOfSection
NtQuerySystemInformation
ProgIDFromCLSID
CoUninitialize
CoInitialize
CoCreateInstance
CLSIDFromProgID
StringFromCLSID
IsEqualGUID
CoTaskMemFree
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
GetActiveObject
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
GetErrorInfo
SysFreeString
VariantInit
SHGetFileInfoA
ShellExecuteExA
SHGetSpecialFolderLocation
DragQueryFileA
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
RedrawWindow
GetMessagePos
EnableScrollBar
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
VkKeyScanA
SetMenuItemInfoA
CharUpperBuffA
WindowFromPoint
DrawIcon
SetActiveWindow
GetMenuItemID
GetCursorPos
ReleaseDC
GetClassInfoA
LockWorkStation
SendMessageW
UnregisterClassA
GetWindowTextLengthA
SendMessageA
GetClientRect
ToAscii
CharLowerBuffA
SetScrollPos
CallNextHookEx
IsClipboardFormatAvailable
GetSysColor
GetKeyboardState
ClientToScreen
GetTopWindow
EnumClipboardFormats
MsgWaitForMultipleObjects
ScrollWindow
GetWindowTextA
GetKeyState
PtInRect
GetMessageA
GetParent
UpdateWindow
SetPropA
EqualRect
EnumWindows
DefMDIChildProcA
ShowWindow
SetClassLongA
GetPropA
GetDesktopWindow
PeekMessageW
TranslateMDISysAccel
EnableWindow
SetWindowPlacement
PeekMessageA
GetClipboardData
TranslateMessage
IsWindowEnabled
GetWindow
ActivateKeyboardLayout
EnumDisplayDevicesA
InsertMenuItemA
CreatePopupMenu
GetIconInfo
LoadStringA
SetParent
SetClipboardData
CharLowerA
IsZoomed
GetWindowPlacement
GetKeyboardLayoutList
DrawMenuBar
IsIconic
RegisterClassA
GetMenuItemCount
GetWindowLongA
SetTimer
OemToCharA
GetActiveWindow
ShowOwnedPopups
FillRect
EnumThreadWindows
CharNextA
GetSysColorBrush
IsWindowUnicode
GetWindowLongW
DestroyWindow
IsChild
IsDialogMessageA
SetFocus
MapVirtualKeyA
GetKeyboardLayoutNameA
PostMessageA
BeginPaint
OffsetRect
GetScrollPos
keybd_event
KillTimer
GetMonitorInfoA
RegisterWindowMessageA
DefWindowProcA
MapWindowPoints
GetSystemMetrics
SetWindowLongW
SetScrollRange
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
EnumChildWindows
GetScrollRange
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
GetSubMenu
GetLastActivePopup
DrawIconEx
CreateWindowExA
ScreenToClient
GetClassLongA
InsertMenuA
FindWindowExA
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuStringA
GetMenuState
IsDialogMessageW
GetSystemMenu
GetDC
SetForegroundWindow
ExitWindowsEx
OpenClipboard
EmptyClipboard
DrawTextA
IntersectRect
GetScrollInfo
GetKeyboardLayout
GetCapture
WaitMessage
FindWindowA
RemoveMenu
GetWindowThreadProcessId
ShowScrollBar
GetLastInputInfo
GetMenu
DestroyIcon
DrawFrameControl
UnhookWindowsHookEx
RegisterClipboardFormatA
CallWindowProcA
MessageBoxA
GetClassNameA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
mouse_event
LoadKeyboardLayoutA
MsgWaitForMultipleObjectsEx
SetScrollInfo
GetMenuItemInfoA
SystemParametersInfoA
EnableMenuItem
EnumDisplayMonitors
GetKeyNameTextA
IsWindowVisible
CharToOemA
SetCursorPos
GetDCEx
DrawEdge
DispatchMessageW
FrameRect
SetRect
DeleteMenu
InvalidateRect
DefFrameProcA
CreateIcon
IsRectEmpty
GetCursor
GetFocus
CreateMenu
CloseClipboard
GetKeyboardType
SetMenu
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
InternetOpenUrlA
FtpPutFileA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA
HttpQueryInfoA
waveInOpen
waveInPrepareHeader
waveInAddBuffer
PlaySoundA
waveInClose
waveInUnprepareHeader
waveInStart
mciSendStringA
waveInReset
shutdown
accept
ioctlsocket
WSAStartup
connect
getsockname
htons
select
gethostname
closesocket
inet_addr
send
ntohs
WSAGetLastError
gethostbyaddr
listen
__WSAFDIsSet
WSACleanup
gethostbyname
inet_ntoa
recv
socket
bind
sendto
getservbyname
Number of PE resources by type
RT_STRING 14
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 3
DBIND 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 17
ENGLISH US 14
NEUTRAL SYS DEFAULT 1
FRENCH 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
Remote Service Application

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Remote Service Application

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Unicode

InitializedDataSize
1155072

EntryPoint
0x8f888

OriginalFileName
MSRSAAP.EXE

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 1999

FileVersion
1, 0, 0, 1

TimeStamp
2012:06:07 16:59:53+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
MSRSAAPP

ProductVersion
4, 0, 0, 0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corp.

CodeSize
586752

ProductName
Remote Service Application

ProductVersionNumber
4.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 83fff1d70fb2c0ff605949ac8e1d9018
SHA1 c286fd3f16cb116d6f41fb71800d3bf8673d6e9d
SHA256 7836d631b6f922714c3bdb2b0dd0e77fe31c85486b1275bddcf24af165b27bf8
ssdeep
24576:WZ1xuVVjfFoynPaVBUR8f+kN10EBkvZ1xuVVjfFoynPaVBUR8f+kN10EBPzgjMA3:mQDgok305QDgok30njM5jMCKjU4

authentihash 060a3befe9092f47ec6863491a3b3d1ad8d5c16010f639bed3f4542c3704782d
imphash e5b4359a3773764a372173074ae9b6bd
File size 1.7 MB ( 1742848 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (46.3%)
Win32 Executable Delphi generic (15.2%)
Windows screen saver (14.0%)
DOS Borland compiled Executable (generic) (10.7%)
Win32 Executable (generic) (4.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-22 10:27:04 UTC ( 6 months ago )
Last submission 2018-07-22 10:27:04 UTC ( 6 months ago )
File names MSRSAAP.EXE
WONHACK.exe
MSRSAAPP
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Terminated processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections