archive[.]wtf by encorscheets[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

archive.wtf by encorscheets.zip
Size

1.4MB
MD5

75336cdf822a88e2422ff7eed6849ebf
SHA1

9ff138c53be4107145f14bf1c49b021a1fa7459d
SHA256

40dae7958a3c9cf570ee455cce9a1feba046f0473adc9035b0d19d5fdb72891b
SHA512

3018fb59bf7d5f43c4f953cb7b4b438f6b59db7ebe268a87f66e3733ca973a11942130cb1effaadbc023fc9397b20346c2a58732d96980755cf01ba026decdb5
SSDEEP

24576:RsZBlTLQxczp07vZORwm24kXqgKdfDjIzQW8bY03OGOkfOyYCdDvOFXx+T+hNLKC:RQT3zxRj24kXGdfDEzQW10UkfOyYCRm7

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/archive.wtf by encorscheets/Archive.dll
unpack001/archive.wtf by encorscheets/injector.exe

Files

archive.wtf by encorscheets.zip
.zip
archive.wtf by encorscheets/Archive.dll
.dll windows:6 windows x64

add15e2de54a773b973752381f2e2203

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

QueryPerformanceFrequency
QueryPerformanceCounter
WriteConsoleW
SetEndOfFile
HeapReAlloc
HeapSize
CreateFileW
GetStringTypeW
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GlobalUnlock
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
FlushFileBuffers
LCMapStringW
GlobalLock
GlobalFree
GetTickCount
GlobalAlloc
WideCharToMultiByte
OutputDebugStringA
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetCurrentProcess
ExitProcess
TerminateProcess
GetModuleHandleExW
ReadFile
GetModuleFileNameW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetStdHandle
GetFileType
MultiByteToWideChar
HeapFree
HeapAlloc
WriteFile
GetConsoleOutputCP
GetFileSizeEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree

user32

ScreenToClient
GetCapture
ClientToScreen
IsChild
GetForegroundWindow
LoadCursorW
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
OpenClipboard
GetKeyState
EmptyClipboard
GetClipboardData
SetClipboardData
CallWindowProcW
GetWindowRect
GetSystemMetrics
GetAsyncKeyState
MessageBoxA
SetWindowLongPtrA
FindWindowA
GetCursorPos
CloseClipboard

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

d3dcompiler_47

D3DCompile

Sections

.text
Size: 387KB - Virtual size: 387KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
archive.wtf by encorscheets/font.ttf
archive.wtf by encorscheets/injector.exe
.exe windows:6 windows x64

41d47768be27a1b9dc153c47ae3e0cb7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryA
CloseHandle
VirtualProtectEx
GetProcAddress
VirtualAllocEx
ReadProcessMemory
CreateRemoteThread
VirtualFreeEx
GetLastError
GetCurrentProcess
GetFileAttributesW
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
IsWow64Process
GetCurrentProcessId
Sleep
RtlAddFunctionTable
GetExitCodeProcess
WriteProcessMemory
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetModuleHandleW
QueryPerformanceCounter

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW

msvcp140

?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception
_CxxThrowException
__current_exception_context
__std_terminate
__std_exception_copy
__std_exception_destroy
memcpy
__C_specific_handler
memset
memmove

api-ms-win-crt-stdio-l1-1-0

setvbuf
ungetc
__p__commode
fwrite
_set_fmode
_get_stream_buffer_pointers
_fseeki64
fgetc
fclose
fflush
fsetpos
fputc
fread
__stdio_common_vfprintf
__acrt_iob_func
fgetpos

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
free
_callnewh

api-ms-win-crt-string-l1-1-0

_wcsicmp

api-ms-win-crt-runtime-l1-1-0

exit
_exit
_invalid_parameter_noinfo_noreturn
system
__p___wargv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_configure_wide_argv
_initterm
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_initialize_wide_environment
terminate
_get_initial_wide_environment
_set_app_type
_seh_filter_exe
__p___argc

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-convert-l1-1-0

mbstowcs_s

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

add15e2de54a773b973752381f2e2203

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

imm32

d3dcompiler_47

Sections

.text Size: 387KB - Virtual size: 387KB

.rdata Size: 105KB - Virtual size: 104KB

.data Size: 5KB - Virtual size: 19KB

.pdata Size: 16KB - Virtual size: 16KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 2KB - Virtual size: 2KB

41d47768be27a1b9dc153c47ae3e0cb7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 1024B - Virtual size: 888B

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 512B - Virtual size: 140B

.text
Size: 387KB - Virtual size: 387KB

.rdata
Size: 105KB - Virtual size: 104KB

.data
Size: 5KB - Virtual size: 19KB

.pdata
Size: 16KB - Virtual size: 16KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 1024B - Virtual size: 888B

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 512B - Virtual size: 140B