Gridinsoft Logo
File Icon

AOMEI Partition Assistant Keygen.exe Trojan Wacapew Analysis

Updated 3 months ago
Checked by Malware Check
AOMEI Partition Assistant Keygen.exe

Technical Analysis

File Name AOMEI Partition Assistant Keygen.exe
File Type
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Scanner Version 1.0.227.174
Database Version 2025-10-11 13:00:17 UTC

Trojan.Win32.Wacapew.cl

Malware family: Wacapew

Wacapew belongs to a malware family with data exfiltration, system compromise, and payload deployment capabilities. It can introduce additional malicious components including ransomware to compromised systems.
N/A
Detection Rate
2,042,368
File Size (bytes)
2025-10-11
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
4ebfe56701297b5ef6d88afc325dc1dc
SHA1
78bf8325542e95f04b8cee7bae23ee158817a722
SHA256
310a27fc1bc663014b2663589254c1cb0b51dc391fa4b018de90c46f441d51aa
SHA512
ca114f816067f58234af1c98c16608751646bf6e983a73f7b27c6dcd851a45548d9abe81cdf764d686376d19ef24bb0de68bfc7528cacfde206980b1ccc149ea
ImpHash
52c223bdecac713696ea2f080076f722

PE Analysis

Basic Information

Icon
Hash: 9b0c13667ad8934280f510d33986251c
Fuzzy: 69b5b6ef46e2a1b4f917cd9728a35459
dHash: 000000d8d2010000
Image Base 0x00400000
Entry Point 0x00401000
Compilation Time 2025-06-09 11:34:30
Checksum 0x00000000 (Actual: 0x001f6c15)
OS Version 6.0
PEiD Signatures PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Digital Signature No valid SignedData structure was found.
Imports 13 libraries
Exports 12 functions
Resources 60 Resources
Sections 11 Sections

Version Information

CompanyName Jasi2169
FileDescription AOMEI Partition Assistant Keygen
FileVersion 1.0.0.0
LegalCopyright Copyrights 2012
LegalTrademarks All rights reserved
ProgramID com.embarcadero.AOMEI Partition Assistant Keygen
ProductName AOMEI Partition Assistant Keygen
ProductVersion 1.0.0.0
Comments AOMEI Partition Assistant Keygen By Jasi2169
Translation 0x0409 0x04e4

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
0x00001000 3,330,048 bytes 1,008,640 bytes 8.00 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5558B2AC5C05E0C0B8B4542F5FCFE357
0x0032e000 348,160 bytes 33,280 bytes 7.99 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE E2610BE423B56020B20C5DDC894EA985
0x00383000 4,096 bytes 1,024 bytes 0.03 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 91CCB28EB66F40FB9808FD088DA27BA6
0x00384000 4,096 bytes 512 bytes 0.21 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE CCD31736D0EF025D06C5FF4506C8E40F
0x00385000 16,384 bytes 14,336 bytes 7.99 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0BB895D89BB2859000FBE5E1203A8B14
0x00389000 4,096 bytes 1,536 bytes 7.86 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE AE6D27D17FF22E03768A8AFE2C4CC435
0x0038a000 4,096 bytes 512 bytes 4.39 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE B7BBDFCAB7615CB021D923B4F832B624
.rsrc 0x0038b000 733,184 bytes 611,840 bytes 8.00 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE B15799F88D39C4A1A378DCD38F932B9B
0x0043e000 266,240 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.data 0x0047f000 372,736 bytes 369,152 bytes 7.66 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 09DD69D1B7A1992766380D809A2E0EA7
.adata 0x004da000 4,096 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
Entropy Analysis Alert

6 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

Total Resources: 60 (726,102 bytes)
Resource Type Count Total Size Percentage
VCLSTYLE 1 167,296 bytes
23%
RT_CURSOR 8 2,464 bytes
0.3%
RT_ICON 4 31,968 bytes
4.4%
RT_STRING 27 24,520 bytes
3.4%
RT_RCDATA 9 496,846 bytes
68.4%
RT_GROUP_CURSOR 8 160 bytes
0%
RT_GROUP_ICON 1 62 bytes
0%
RT_VERSION 1 972 bytes
0.1%
RT_MANIFEST 1 1,814 bytes
0.2%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Trojan.Win32.Wacapew.cl Removal

Gridinsoft has the capability to identify and eliminate Trojan.Win32.Wacapew.cl without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for
/

Gridinsoft Anti-Malware

Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware

Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!

Gridinsoft Anti-Malware Download Now
Gridinsoft Anti-Malware