wtc02[.]rar | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

wtc02.rar
Size

6.6MB
MD5

4ee4dea87a5c3cca065ec8ab030eb17f
SHA1

8943e648093c2ba648c1dd8b79ffcf53ed4a3aa1
SHA256

bf3aa3de5daf374b5726b1658e1c2850f927056fd5ed1f5164a31528fb87a58b
SHA512

0b2d4ed24b920c3a5e4a21d8eca6d14c2a8447d5b7c781443f71a6aa537ba3f896444f45b7eb4313a065d5af00a75479f2de375dfd6ec2ef891c6b18f008c204
SSDEEP

196608:a8bgCWSV/x0WzkRDxe9MiRYDu62rvfHIvx+sqj24:BbgrKxF4RDx4lqybvfHIvAR64

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WTC02EFLC.exe
unpack001/WTC02IV.exe

Files

wtc02.rar
.rar

Password: dddd
Readme.txt
WTC02EFLC.exe
.exe windows:4 windows x86 arch:x86

Password: dddd

e45db0faa2d6ea8117244b8eeec66f7d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
GetVersionExA
GetVersion
CompareStringA
GetTimeZoneInformation
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
GetDriveTypeA
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetCommandLineA
GetStartupInfoA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
RemoveDirectoryA
MoveFileA
RtlUnwind
DeleteFileA
SetEnvironmentVariableA
CreateDirectoryA
HeapFree
HeapAlloc
HeapCompact
TerminateProcess
ExitProcess
GetFileAttributesA
SetFileAttributesA
GetCurrentProcess
MoveFileExA
GetModuleHandleA
FormatMessageA
CopyFileA
SetFileTime
OpenFile
SetErrorMode
GetPrivateProfileStringA
WritePrivateProfileStringA
GetTickCount
GetFullPathNameA
MultiByteToWideChar
WideCharToMultiByte
GetLocalTime
GetTempPathA
GetShortPathNameA
GetExitCodeProcess
CompareStringW
GetCurrentDirectoryA
SetCurrentDirectoryA
CreateProcessA
Sleep
lstrcatA
lstrlenA
WinExec
LoadLibraryA
GetProcAddress
FreeLibrary
GetDiskFreeSpaceA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CloseHandle
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetLastError
FindFirstFileA
FindClose
GetWindowsDirectoryA
IsBadWritePtr
GetSystemDirectoryA

user32

ExitWindowsEx
IsIconic
PostQuitMessage
DefWindowProcA
DialogBoxParamA
PostMessageA
EndDialog
CheckDlgButton
SetTimer
BringWindowToTop
GetLastActivePopup
FindWindowA
RegisterClassA
LoadCursorA
SendMessageA
GetWindow
AdjustWindowRectEx
LoadIconA
GetSysColor
ScreenToClient
GetWindowRect
GetDlgItem
EndPaint
BeginPaint
GetClientRect
FillRect
DrawTextA
GetSystemMetrics
KillTimer
SendDlgItemMessageA
GetFocus
GetDlgItemTextA
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
IsDlgButtonChecked
CheckRadioButton
SetFocus
GetParent
UpdateWindow
IsWindowVisible
InvalidateRect
CreateDialogParamA
RedrawWindow
PeekMessageA
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
SetDlgItemTextA
SetWindowTextA
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExA
GetWindowLongA
IsWindowEnabled
CallWindowProcA
ValidateRect
SetWindowLongA
GetClassNameA
MessageBoxA
EnableWindow
wsprintfA

gdi32

DeleteDC
GetDeviceCaps
GetSystemPaletteEntries
CreatePalette
DeleteObject
ExtTextOutA
CreateFontIndirectA
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
RealizePalette
SelectPalette
CreateHalftonePalette
CreateDIBPatternBrush
CreateSolidBrush
SetBrushOrgEx
SetStretchBltMode
StretchDIBits
SetTextColor
SetBkMode
AddFontResourceA
SetBkColor
GetStockObject
RemoveFontResourceA

comdlg32

GetOpenFileNameA

advapi32

RegDeleteKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegCreateKeyA
RegEnumKeyExA
RegCloseKey
RegDeleteValueA
RegOpenKeyA
RegSetValueExA
RegQueryValueA
RegOpenKeyExA
RegQueryValueExA

shell32

DragQueryFileA
DragFinish
ShellExecuteA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
DragAcceptFiles

ole32

CoGetMalloc
CoCreateInstance
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
VerFindFileA

comctl32

ord17

Sections

.text
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WTC02IV.exe
.exe windows:4 windows x86 arch:x86

Password: dddd

e45db0faa2d6ea8117244b8eeec66f7d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
GetVersionExA
GetVersion
CompareStringA
GetTimeZoneInformation
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
GetDriveTypeA
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetCommandLineA
GetStartupInfoA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
RemoveDirectoryA
MoveFileA
RtlUnwind
DeleteFileA
SetEnvironmentVariableA
CreateDirectoryA
HeapFree
HeapAlloc
HeapCompact
TerminateProcess
ExitProcess
GetFileAttributesA
SetFileAttributesA
GetCurrentProcess
MoveFileExA
GetModuleHandleA
FormatMessageA
CopyFileA
SetFileTime
OpenFile
SetErrorMode
GetPrivateProfileStringA
WritePrivateProfileStringA
GetTickCount
GetFullPathNameA
MultiByteToWideChar
WideCharToMultiByte
GetLocalTime
GetTempPathA
GetShortPathNameA
GetExitCodeProcess
CompareStringW
GetCurrentDirectoryA
SetCurrentDirectoryA
CreateProcessA
Sleep
lstrcatA
lstrlenA
WinExec
LoadLibraryA
GetProcAddress
FreeLibrary
GetDiskFreeSpaceA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CloseHandle
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetLastError
FindFirstFileA
FindClose
GetWindowsDirectoryA
IsBadWritePtr
GetSystemDirectoryA

user32

ExitWindowsEx
IsIconic
PostQuitMessage
DefWindowProcA
DialogBoxParamA
PostMessageA
EndDialog
CheckDlgButton
SetTimer
BringWindowToTop
GetLastActivePopup
FindWindowA
RegisterClassA
LoadCursorA
SendMessageA
GetWindow
AdjustWindowRectEx
LoadIconA
GetSysColor
ScreenToClient
GetWindowRect
GetDlgItem
EndPaint
BeginPaint
GetClientRect
FillRect
DrawTextA
GetSystemMetrics
KillTimer
SendDlgItemMessageA
GetFocus
GetDlgItemTextA
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
IsDlgButtonChecked
CheckRadioButton
SetFocus
GetParent
UpdateWindow
IsWindowVisible
InvalidateRect
CreateDialogParamA
RedrawWindow
PeekMessageA
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
SetDlgItemTextA
SetWindowTextA
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExA
GetWindowLongA
IsWindowEnabled
CallWindowProcA
ValidateRect
SetWindowLongA
GetClassNameA
MessageBoxA
EnableWindow
wsprintfA

gdi32

DeleteDC
GetDeviceCaps
GetSystemPaletteEntries
CreatePalette
DeleteObject
ExtTextOutA
CreateFontIndirectA
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
RealizePalette
SelectPalette
CreateHalftonePalette
CreateDIBPatternBrush
CreateSolidBrush
SetBrushOrgEx
SetStretchBltMode
StretchDIBits
SetTextColor
SetBkMode
AddFontResourceA
SetBkColor
GetStockObject
RemoveFontResourceA

comdlg32

GetOpenFileNameA

advapi32

RegDeleteKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegCreateKeyA
RegEnumKeyExA
RegCloseKey
RegDeleteValueA
RegOpenKeyA
RegSetValueExA
RegQueryValueA
RegOpenKeyExA
RegQueryValueExA

shell32

DragQueryFileA
DragFinish
ShellExecuteA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
DragAcceptFiles

ole32

CoGetMalloc
CoCreateInstance
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
VerFindFileA

comctl32

ord17

Sections

.text
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: dddd

Password: dddd

e45db0faa2d6ea8117244b8eeec66f7d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

version

comctl32

Sections

.text Size: 136KB - Virtual size: 132KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 24KB - Virtual size: 24KB

.rsrc Size: 12KB - Virtual size: 10KB

Password: dddd

e45db0faa2d6ea8117244b8eeec66f7d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

version

comctl32

Sections

.text Size: 136KB - Virtual size: 132KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 24KB - Virtual size: 24KB

.rsrc Size: 12KB - Virtual size: 10KB

.text
Size: 136KB - Virtual size: 132KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 12KB - Virtual size: 10KB

.text
Size: 136KB - Virtual size: 132KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 12KB - Virtual size: 10KB