Trojan.Wapomi.C

By CagedTech in Trojans

Threat Scorecard

Popularity Rank:	7,831
Threat Level:	80 % (High)
Infected Computers:	183

First Seen:	October 20, 2022
Last Seen:	February 12, 2026
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Wapomi.C
Signature status:	No Signature

Known Samples

MD5: da107cb7468da93536528c580f681bfb

SHA1: 64c5f9b368a0c34408180d14d965a0c13abc6420

SHA256: E26D120DAACCFD01E91B45087791830D51FB907400AC04AB412B13C8B79812B1

File Size: 173.76 KB, 173764 bytes

MD5: 693dbe96a83ccf646f8099f046a6fa9a

SHA1: 3563159555c6eea749df14beb21a9873c8b4e0aa

SHA256: 7066F57B73740618F7E1CE5403F1583A07D3653DB3FF1E969AAF187535E8EE13

File Size: 1.55 MB, 1550534 bytes

MD5: 3049084cd9d93e6562f5f90c9f6d876c

SHA1: 5a555f9d80547b87c141c771cf5b466e5431016b

SHA256: 1A247C686C08BD8C93E31E841980DFB9BBEFFE7C56BCEEC77877E5BB43480E94

File Size: 1.36 MB, 1364701 bytes

MD5: c100255b199220e8e47cfe52e84eb58c

SHA1: 6867d3e8912af52157b5d852da0076b92162f8de

SHA256: 44D5C436B36948821D66C871A38CBE8420776BEF00D8CDE8D777F30B36F0120F

File Size: 154.26 KB, 154265 bytes

MD5: b727e426eaba8876543294a6a9e630a9

SHA1: 5ee857f7971aa58e925869519285c2935e50b600

SHA256: 863062C3AAA24457A9A91831FBC969A51869B48CDC62A555AF6885DBF83075A6

File Size: 888.83 KB, 888832 bytes

MD5: b6ec3bc5333902a9756cbe6b6b8ce4f8

SHA1: 1d93d4f7ed532e5a74a18c1955b0a100cde5b862

SHA256: 3003FF174C1E53691A9D16F7D01BD575A94A8EFAEBB5047854A65C8994C45271

File Size: 1.32 MB, 1318912 bytes

MD5: 7b7aa011b132c782a153f27e5531b04f

SHA1: 70c82acd1f20e5f16d87b0007b4159edcded7a57

SHA256: B143B954787BDF76624C618CA0C40241B34E363FDA167749F4466491E69784A5

File Size: 2.64 MB, 2642944 bytes

MD5: 5a5361e067353812b833af659cf6800b

SHA1: 4836889cc6fc4fe871a0cb40d90210d8fc44ecd6

SHA256: 392F22830C2102EBC6B62E4068D96D032483A290F19D9677296C071F6B1D5F61

File Size: 198.75 KB, 198748 bytes

MD5: a94f2dde031aefd78a66c0faa5fb6bc8

SHA1: ba74756a9c12244ad74c9a64cb67e9ade2406e64

SHA256: 088A0D7C08CD70A825B1B083EC7849EBC9574655FCCA210925697715AF0B9D5F

File Size: 844.91 KB, 844907 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have resources
File doesn't have security information
File has exports table
File has TLS information
File is .NET application
File is 32-bit executable

File is 64-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Assembly Version	1.0.0.0
Company Name	PhoneProgramFix Tool Team
File Description	Eng Pereloader Flash Tool
File Version	1.00 1.0.0.0
Internal Name	Eng Pereloader Flash Tool.exe TJprojMain
Legal Copyright	Copyright © 2025
Original Filename	Eng Pereloader Flash Tool.exe TJprojMain.exe
Product Name	Eng Preloader Flash Tool Project1
Product Version	1.00 1.0.0.0

File Traits

.adata
.aspack
2+ executable sections
ASPack v2.12
HighEntropy
packed
x86

Block Information

Similar Families

Expiro.KA

Files Modified

File	Attributes
\device\namedpipe\dav rpc service	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\pshost.134123491862428751.6088.defaultappdomain.powershell	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\wkssvc	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\__psscriptpolicytest_hi4hjy5y.tju.psm1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_wh2d0zkv.p5q.ps1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\auta2d2.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\auta341.tmp	Generic Write,Read Attributes
c:\users\user\downloads\eng preloader flash tool.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\eng preloader flash tool.exe	Generic Write,Read Attributes
c:\users\user\downloads\eng preloader flash tool.exe	Synchronize,Write Attributes

c:\users\user\downloads\modified_scripts.ps1	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\modified_scripts.ps1	Generic Write,Read Attributes
c:\users\user\downloads\modified_scripts.ps1	Synchronize,Write Attributes

Registry Modifications

Key::Value	Data	API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	藽肚ǜ	RegNtPreCreateKey

Windows API Usage

Category	API
Other Suspicious	AdjustTokenPrivileges SetWindowsHookEx
User Data Access	GetComputerNameEx GetUserDefaultLocaleName GetUserName GetUserNameEx GetUserObjectInformation
Anti Debug	IsDebuggerPresent NtQuerySystemInformation
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAddAtomEx ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAllocateLocallyUniqueId ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket Show More ntdll.dll!NtCancelTimer2 ntdll.dll!NtCancelWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtCompareSigningLevels ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateKey ntdll.dll!NtCreateMutant ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDelayExecution ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFlushProcessWriteBuffers ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtFsControlFile ntdll.dll!NtGetCachedSigningLevel ntdll.dll!NtGetWriteWatch ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenSymbolicLinkObject ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryObject ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySymbolicLinkObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtQueueApcThreadEx2 ntdll.dll!NtReadFile ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtResetWriteWatch ntdll.dll!NtResumeThread ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationObject ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSetTimer2 ntdll.dll!NtSetTimerEx ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtTraceEvent 20 additional items are not displayed above.
Process Shell Execute	CreateProcess
Process Manipulation Evasion	NtUnmapViewOfSection
Encryption Used	BCryptOpenAlgorithmProvider

Shell Command Execution


							powershell.exe -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "c:\Users\user\downloads\Modified_Scripts.ps1"

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Wapomi.C

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Cruiseocean1.xyz

PUP.GameHack.IA

Trojan.Virut.IC

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

How to Fix 'macOS cannot verify that this app is...

Discord Shows Black Screen when Sharing Screen