Threat Database Trojans Trojan.Dropper.Dinwod.A

Trojan.Dropper.Dinwod.A

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 3,240
Threat Level: 80 % (High)
Infected Computers: 561
First Seen: April 18, 2018
Last Seen: April 17, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Dropper.Dinwod.A
Packers: ASPack v2.12
Signature status: No Signature

Known Samples

MD5: 8c9bcf774eb868981e922af76205013d
SHA1: d1784c333debf553bbbb4359a1c3aaceafde6251
SHA256: 195B02D994ED45D6E20655E3705BA134A9523AB26655BED194C27247DBA3EBF1
File Size: 6.20 MB, 6197760 bytes
MD5: 93b2c8bfce4d9ea37cfe550189da226d
SHA1: a46c1c073612de6622f0c6a3181299f9a979f467
SHA256: 6C3769CE6A896CC0C4AC3AA033D1EBFD4DDDFC0359CA7FB40FC1A0CAF508F7AA
File Size: 1.65 MB, 1650176 bytes
MD5: 00f3f1bc54581dccde0f59ec2edf712e
SHA1: e5f2d2ff6d43a07a1558f8eccacb98826c081c8a
SHA256: 71166C599A418AD339A3677734ED8B9D54DBE15409EA8A9D0CE3E9BFF5FE12BF
File Size: 4.02 MB, 4021760 bytes
MD5: 7fd3e4d6113611594a5959ad0689d56a
SHA1: 77aedeb31f547f024c3a9fba9b76d906ddba3537
SHA256: C4C5648DE56667596AC4CA55F602BF60133EF805E9E8B00F609C3F8043A5B9FF
File Size: 568.32 KB, 568320 bytes
MD5: c78aaaa0e7c82aa7f429aa57834b8eaa
SHA1: 3300093f0458027edbd017126222408da9984dd9
SHA256: 80512D37E68FA4E9186956ED46207CCF6B21B0E59F90BB00CF67669100A71373
File Size: 3.58 MB, 3584000 bytes
Show More
MD5: bd8a20ff9fc139a7cdee647faf995421
SHA1: 03558e18add1795b4e7f5e069e05c661b8e4abbb
SHA256: 294E74EFA59A3208667C2D75B7D140A9B10C752145A6DB0B46A88BA6AF515F42
File Size: 5.01 MB, 5009408 bytes
MD5: 43f8d94ed6e91e96f3fe37920efeaccf
SHA1: 58acce2660f0f2cc2985d94c35b6dfe216611a73
SHA256: 9489EE7030CF25892CC3839F7885D258574D35FDE26D02060A99F8E63392195A
File Size: 434.18 KB, 434176 bytes
MD5: 713e4ea4c62f7d818b4748e402c7549c
SHA1: 73aab38080e5ff41e5fb06cc465ab3876cfe2f55
SHA256: 2167F45244FB4C49E74224722607BAAC8595CA998E26787CCD17CDDD90DA5095
File Size: 5.29 MB, 5292032 bytes
MD5: cb115e7ba22ade4e78d7999f23a28980
SHA1: a7cd27360c7fc895c784ae1e4dc4f6338047faab
SHA256: C51270374774A86B4F2077BC09AAE2842AF373D6AFBB27DABB89070BF318D3DB
File Size: 1.03 MB, 1032192 bytes
MD5: b1c59d2686990ee55ac151b12cddd313
SHA1: 5cc22da9216dd0ebce10f49f80064694adc7cea6
SHA256: 381D561DA171B0E0C12230FC73484C457752B138FE905CAD1F7FF7358D1A17C5
File Size: 53.72 KB, 53720 bytes
MD5: 433702cba06f8e73ca5bfdf9a0b31c37
SHA1: da002d2f4a37dd5fd844c230894115751db952ba
SHA256: C5D8F7F16D4E7F299E3CC83CE09FE74A90DDA3AC1B81F05C89B0A62F671218AD
File Size: 3.39 MB, 3385344 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments
  • Copyright (C) 2014 - 2016 Yamato Ryou Inc.
  • PCB抄板软件 HXPCB 是深圳专心科技自主开发的一款它集现有的EAD软件的优点,去除不常用命令。功能强大,简单易用。
  • Windows/Office激活工具V3
  • Windows应用程序
  • zysys
  • 北京深思洛克数据保护中心
  • 本程序使用易语言编写(http://www.eyuyan.com)
  • 简易浏览器
Company Name
  • Alec
  • Octopus Studio
  • Yamato Ryou Inc.
  • 清扬小新
File Description
  • PCB设计
  • SETUP 基础类驱动应用程序
  • trafficxia_jicheng
  • Windows/Office激活工具V3
  • Windows应用程序
  • zysys
  • 下载VX视频号的小工具
  • 易语言程序
  • 程序包验证
  • 简易浏览器
File Version
  • 5.3.0.0
  • 3.2.0.0
  • 1.99.20.7
  • 1.0.0.48
  • 1.0.0.0
Legal Copyright
  • Alec 版权所有
  • Copyright(C) 2013-2025 版权所有
  • Copyright (C) 2014 - 2016 Yamato Ryou Inc.
  • Octopus Studio
  • 作者版权所有 请尊重并使用正版
  • 清扬小新 版权所有
  • 简易浏览器
Product Name
  • HXPCB
  • NBA 2K12 Fantasy Genius
  • SenseIV动态库
  • trafficxia
  • Windows/Office激活工具V3
  • Windows应用程序
  • zysys
  • 小白点视频号工具
  • 程序包验证
  • 简易浏览器
Product Version
  • 5.3.0.0
  • 3.2.0.0
  • 1.99.20.7
  • 1.0.0.48
  • 1.0.0.0

Digital Signatures

Signer Root Status
Yamato Ryou (代码或文件签名) Yamato Ryou (代码或文件签名) Self Signed

File Traits

  • .adata
  • .aspack
  • 2+ executable sections
  • ASPack v2.12
  • HighEntropy
  • Installer Version
  • MPRESS
  • MPRESS Win32
  • Native MPRESS x86
  • No Version Info
Show More
  • packed
  • WinZip SFX
  • x86
  • ZIP (In Overlay)
  • ZIPinO

Block Information

Total Blocks: 5,383
Potentially Malicious Blocks: 541
Whitelisted Blocks: 2,680
Unknown Blocks: 2,162

Visual Map

x 0 0 0 ? ? x 0 x 0 0 x x x x x x ? x 0 ? ? 0 x ? ? x 0 0 ? 0 ? ? x 0 ? x x ? x ? ? ? x x ? x x ? ? ? x x ? x ? x ? x ? ? x ? 0 0 ? ? ? 0 ? ? ? x ? ? 0 ? x ? ? 0 x 0 0 0 x ? ? ? ? ? x ? ? ? ? x ? 0 ? 0 ? x 0 ? x ? ? x x x x ? 0 ? ? ? 0 x ? 0 ? x 0 ? 0 x x ? x ? ? ? ? x ? ? ? x ? ? ? ? ? ? 0 0 x x x 0 x ? x ? x x ? x x ? ? x ? ? x x x ? ? ? ? 0 ? 0 0 ? ? ? 0 x x ? ? ? ? x ? ? x ? ? ? ? ? ? ? x ? ? ? ? x 0 x ? 0 x ? 0 ? 0 0 0 0 x ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? 0 ? x ? ? x x ? ? ? ? ? ? 0 ? ? ? ? x 0 ? ? x 0 x ? x ? ? x ? 0 ? x ? x ? 0 ? ? 0 ? ? ? x x ? ? 0 x ? ? x ? 0 ? 0 ? 0 ? ? x ? x x x ? ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? x 0 ? x 0 ? ? ? ? x 0 ? x ? ? ? ? ? x ? 0 x x x 0 ? 0 ? ? x ? x x x x 0 ? x 0 ? x ? ? 0 ? ? ? ? ? x 0 ? ? x ? ? x ? 0 ? 0 ? ? 0 ? ? 0 ? x ? ? x ? x 0 0 ? 0 x x ? 0 ? ? x ? ? ? 0 0 ? x ? ? ? 0 0 ? ? x 0 ? ? 0 x 0 ? 0 x x ? ? 0 0 ? ? x x x ? ? ? x ? ? x x x x ? ? ? ? ? x ? ? ? ? ? x ? 0 ? ? x x x ? ? x x ? ? 0 ? ? x ? ? ? 0 ? ? x ? x x x 0 0 ? x x ? ? ? ? ? ? ? ? ? ? ? ? x x ? ? ? ? 0 ? ? 0 0 ? 0 0 x ? x ? ? ? ? 0 0 ? ? ? 0 0 ? x ? x x ? x ? ? ? 0 ? x 0 x ? ? 0 0 ? ? ? ? 0 ? ? x ? ? ? x ? ? 0 x 0 x ? ? 0 ? ? ? ? x ? ? ? x x ? x x ? x ? ? ? x ? ? x ? ? x ? ? ? ? ? ? ? ? 0 ? ? ? ? ? 0 x ? 0 ? ? x ? x ? ? x ? ? 0 ? 0 ? x ? 0 0 0 0 0 0 0 x ? x 0 ? x 0 x ? 0 0 x x ? 0 x 0 x 0 0 0 ? x ? ? ? ? 0 0 0 ? ? 0 0 0 ? ? 0 x 0 x ? x 0 0 ? ? 0 0 x x 0 x x ? 0 x x 0 0 x 0 ? ? ? ? x x 0 0 0 ? 0 0 x x 0 ? ? x ? x x 0 ? ? ? ? ? ? x x ? x 0 x x ? 0 0 x 0 ? x x ? x ? x x 0 x ? x ? x x x x ? x x x x x x x 0 x 0 x x 0 0 0 x x x x x x 0 x x 0 x x x x x x x x x x x 0 0 x x 0 x x x x 0 0 x 0 x 0 x x x x x x x x x x x 0 x x x x x x x x 0 x x 0 x x x 0 x x x x 0 x x x x 0 x x x x x x x x x x x x x 0 x x x x x 0 x x x x x 0 0 x 0 0 x 0 0 x x 0 0 x x x 0 0 0 0 x 0 0 x x x x x x 0 0 x 0 0 x 0 x x x 0 x x x x x 0 x 0 x x x x x x x x x x x x x x 0 x x x x x x 0 0 x x 0 x x 0 0 0 0 x x x x 0 0 0 x 0 x x x x x x x x x x x x x x x x x x x 0 0 x 0 0 x x 0 x 0 x 0 0 0 x x x x x x 0 0 x x x x x x 0 0 0 x 0 0 x x x x x x x 0 x x 0 x x x x 0 x x 0 x x x x 0 x x 0 x 0 x 0 0 0 x 0 x x x 0 0 0 x x x x x x x x x x x x x x x x 0 0 0 x x 0 x x 0 x x 0 0 x x 0 0 x 0 0 x x 0 0 x x 0 0 x 0 0 0 x x 0 0 0 x x 0 x 0 0 x x x 0 x 0 0 x x 0 x 0 0 0 0 0 x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 x 0 0 0 x 0 x x x 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 1 0 1 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Bitcoinminer.FD
  • FlyStudio.CA
  • Trojan.Downloader.Gen.CG
  • Trojan.Downloader.Gen.DO
  • Trojan.Downloader.Gen.EY
Show More
  • Trojan.Downloader.Gen.HL

Registry Modifications

Key::Value Data API Name
HKLM\software\microsoft\systemcertificates\root\certificates\be36a4562fb2ee05dbb3d32323adf445084ed656::blob \Ѐ볝蚽㾜ࠛ컯퇄춈ᔻᰘ兘槹镹⍋ .Thawte Timestamping CA  ਰࠆثԁ܅ࠃ㚾嚤눯׮돛⏓괣䗴丈囖晿煺硩騠ᑑ莝⃚ꗨ뺘芄ﺎ炮ᔑ㔁뉶 ʥ RegNtPreCreateKey

Windows API Usage

Category API
Network Winsock2
  • WSAStartup
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext

Trending

Most Viewed

Loading...