wsc[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

wsc.rar
Size

382KB
MD5

e7ab61b6475bc691bfe9f3010e1c2f65
SHA1

44b0740e97391fea36a686388bc6727c26f83858
SHA256

d63d11b3e2b2962edbc95794d00c5739d84370efa08b76c73cb42238f23c3ada
SHA512

d937d37865d9d1de2a7d537494e0ef3c66f8635f898a0e29ca4cc806615fb118f679a1cde76606e17f5560f691d5ed13bdf7323c4b6af6c215db8e1f0bcb3a17
SSDEEP

6144:xb/tN+Cq7qXsocxZ62eZGLHnFJTiRhLJQ4DpjX/lg0wTM+eR4VKjzAOVqORiYsz7:9+CSxZ1jOQ45lgvL15kqORi9TL

Score

N/A

Malware Config

Signatures

Files

wsc.rar
.rar

Password: hidd3npassw0rd
wsc.dll
.dll windows x64

Password: hidd3npassw0rd

e789853d49d84cf72ec4d0ee524a328a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
Sleep
TlsGetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_errno
_fileno
_initterm
_lock
_setjmp
_setmode
_unlock
abort
calloc
exit
fflush
fputc
free
fwrite
localeconv
longjmp
malloc
memcpy
memset
realloc
signal
strerror
strlen
strncmp
vfprintf
wcslen

Exports

Exports

NimMain
run

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 348KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 74KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wsc.exe
.exe windows x64

Password: hidd3npassw0rd

8e16a7c1f3d79bd7588af2c0e958008a

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:ec:0c:90:15:07:9f:ab:8a:6f:3f:c9:f8:39:31:1c
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/01/2020, 00:00

Not After

20/10/2022, 12:00

Subject

CN=AVG Technologies USA\, LLC,OU=RE 999,O=AVG Technologies USA\, LLC,L=Newton,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:34:99:e1:10:4f:5e:75:e7:21:a7:f1:54:73:bb:1f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16/10/2019, 00:00

Not After

20/10/2022, 12:00

Subject

CN=AVG Technologies USA\, LLC,OU=RE 999,O=AVG Technologies USA\, LLC,L=Newton,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d1:f5:21:fb:fa:58:1d:1b:c2:88:b5:d8:c2:02:5b:3a:09:ed:4b:f5:33:b8:72:f0:3f:81:b3:cb:db:c6:92:27
Signer

Actual PE Digest

d1:f5:21:fb:fa:58:1d:1b:c2:88:b5:d8:c2:02:5b:3a:09:ed:4b:f5:33:b8:72:f0:3f:81:b3:cb:db:c6:92:27

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=AVG Technologies USA\, LLC,OU=RE 999,O=AVG Technologies USA\, LLC,L=Newton,ST=North Carolina,C=US

12/04/2021, 07:47
Valid: true

Chain 1

CN=AVG Technologies USA\, LLC,OU=RE 999,O=AVG Technologies USA\, LLC,L=Newton,ST=North Carolina,C=US

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

ee:77:44:37:53:5b:8b:26:92:0f:24:22:0a:90:da:47:3b:35:0c:14
Signer

Actual PE Digest

ee:77:44:37:53:5b:8b:26:92:0f:24:22:0a:90:da:47:3b:35:0c:14

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=AVG Technologies USA\, LLC,OU=RE 999,O=AVG Technologies USA\, LLC,L=Newton,ST=North Carolina,C=US

12/04/2021, 07:47
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCommandLineW
GetLastError
LoadLibraryW
GetProcAddress
ExitProcess
GetModuleHandleW
FreeLibrary
SetDllDirectoryW

Sections

.text
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 902B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: hidd3npassw0rd

Password: hidd3npassw0rd

e789853d49d84cf72ec4d0ee524a328a

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 66KB - Virtual size: 66KB

.data Size: 512B - Virtual size: 336B

.rdata Size: 348KB - Virtual size: 348KB

.eh_fram Size: 512B - Virtual size: 4B

.pdata Size: 4KB - Virtual size: 3KB

.xdata Size: 3KB - Virtual size: 3KB

.bss Size: - Virtual size: 74KB

.edata Size: 512B - Virtual size: 80B

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 1024B - Virtual size: 552B

.reloc Size: 512B - Virtual size: 104B

Password: hidd3npassw0rd

8e16a7c1f3d79bd7588af2c0e958008a

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

03:ec:0c:90:15:07:9f:ab:8a:6f:3f:c9:f8:39:31:1cCertificate

Extended Key Usages

Key Usages

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

07:34:99:e1:10:4f:5e:75:e7:21:a7:f1:54:73:bb:1fCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

d1:f5:21:fb:fa:58:1d:1b:c2:88:b5:d8:c2:02:5b:3a:09:ed:4b:f5:33:b8:72:f0:3f:81:b3:cb:db:c6:92:27Signer

Signature Validations

Verification

12/04/2021, 07:47 Valid: true

Chain 1

ee:77:44:37:53:5b:8b:26:92:0f:24:22:0a:90:da:47:3b:35:0c:14Signer

Signature Validations

Verification

12/04/2021, 07:47 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 512B - Virtual size: 200B

.rdata Size: 1024B - Virtual size: 902B

.pdata Size: 512B - Virtual size: 24B

.rsrc Size: 86KB - Virtual size: 85KB

.text
Size: 66KB - Virtual size: 66KB

.data
Size: 512B - Virtual size: 336B

.rdata
Size: 348KB - Virtual size: 348KB

.eh_fram
Size: 512B - Virtual size: 4B

.pdata
Size: 4KB - Virtual size: 3KB

.xdata
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 74KB

.edata
Size: 512B - Virtual size: 80B

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 1024B - Virtual size: 552B

.reloc
Size: 512B - Virtual size: 104B

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

61:20:4d:b4:00:00:00:00:00:27
Certificate

03:ec:0c:90:15:07:9f:ab:8a:6f:3f:c9:f8:39:31:1c
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

07:34:99:e1:10:4f:5e:75:e7:21:a7:f1:54:73:bb:1f
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

d1:f5:21:fb:fa:58:1d:1b:c2:88:b5:d8:c2:02:5b:3a:09:ed:4b:f5:33:b8:72:f0:3f:81:b3:cb:db:c6:92:27
Signer

12/04/2021, 07:47
Valid: true

ee:77:44:37:53:5b:8b:26:92:0f:24:22:0a:90:da:47:3b:35:0c:14
Signer

12/04/2021, 07:47
Valid: false

.text
Size: 512B - Virtual size: 200B

.rdata
Size: 1024B - Virtual size: 902B

.pdata
Size: 512B - Virtual size: 24B

.rsrc
Size: 86KB - Virtual size: 85KB