1. #1
    tom982's Avatar
    Join Date
    May 2012
    Location
    Southampton, England
    Age
    23
    Posts
    4,071
    • specs System Specs
      • Manufacturer:
        Custom
      • Model Number:
        Custom
      • Motherboard:
        ASUS P8Z77-V PRO
      • CPU:
        Intel Core i7 3770K @4.5GHz
      • Memory:
        Corsair Vengeance 2x4GB 1600MHz LP - White
      • Graphics:
        Gigabyte HD 7850 2GB @1050MHz
      • Sound Card:
        Stock
      • Hard Drives:
        Seagate Barracuda 2TB 7200rpm [Internal], 2x500GB Seagate FreeAgent (External)
      • Disk Drives:
      • Power Supply:
        Corsair TX650W V2 80+ Bronze
      • Case:
        NZXT Phantom 410 White
      • Cooling:
        Corsair H100 CPU Water Cooler, 1x140mm stock fan and 1x120mm stock fan
      • Display:
        LG 23" IPS Monitor (1920*1080)
      • Operating System:
        Windows 10

    Wana Decryptor 2.0 Dummy

    With the recent WannaCry outbreak, I decided to conduct a little test on my family to see if they would open an email attachment from me with a .docx.exe 'extension'. I knocked together a quick Wana Decrypt0r 2.0 clone that would display a message after 10 seconds, which should be long enough for the panic to set in without them doing anything drastic.





    It has a Word 2017 icon so it should look the part.

    Not sure if anyone else here will find a need for this, but I'm sharing it in case someone wants it. It's 100% safe, just a GUI and nothing else.

    Attachment 26321
    WanaTest.exe.zip

    Will post the results tomorrow :)

    Edit: Underestimated the protections in Outlook, could be a bit harder to do this. I'll update this post when I fix it.
    Last edited by tom982; 05-24-2017 at 10:32 PM.
    Having problems with SFC or Windows Update? Start a new thread in the Windows Update forum!

    Haven't heard from us in a while? Post Here to remind us.

    Have we helped you? Help us help others and Donate!


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2
    AceInfinity's Avatar
    Join Date
    Feb 2012
    Location
    Canada
    Posts
    1,699

    Re: Wana Decryptor 2.0 Dummy

    Nice, I think there needs to be an outbreak of tests like this to prepare the average user for things like this because email-based viruses have been around for ages and unfortunately are still (apparently) a reliable method of spreading viruses.
    \n\n

    Automation Programmer
    Development Site: aceinfinity.net

  3. #3
    tom982's Avatar
    Join Date
    May 2012
    Location
    Southampton, England
    Age
    23
    Posts
    4,071
    • specs System Specs
      • Manufacturer:
        Custom
      • Model Number:
        Custom
      • Motherboard:
        ASUS P8Z77-V PRO
      • CPU:
        Intel Core i7 3770K @4.5GHz
      • Memory:
        Corsair Vengeance 2x4GB 1600MHz LP - White
      • Graphics:
        Gigabyte HD 7850 2GB @1050MHz
      • Sound Card:
        Stock
      • Hard Drives:
        Seagate Barracuda 2TB 7200rpm [Internal], 2x500GB Seagate FreeAgent (External)
      • Disk Drives:
      • Power Supply:
        Corsair TX650W V2 80+ Bronze
      • Case:
        NZXT Phantom 410 White
      • Cooling:
        Corsair H100 CPU Water Cooler, 1x140mm stock fan and 1x120mm stock fan
      • Display:
        LG 23" IPS Monitor (1920*1080)
      • Operating System:
        Windows 10

    Re: Wana Decryptor 2.0 Dummy

    Don't suppose you have a spare 0-day?

    Haven't yet tested this, but hope to this week. I didn't realise Outlook blocked .exe files, so I've had to make a spreadsheet with a macro to download and execute the file from my server. Windows Defender only catches the exe (Heuristic Win32/Fuery.A!cl) after it's executed... great protection huh. Any future time the macro is run, the exe is deleted before being executed.

    Just need to come up with something to fill the spreadsheet with to convince them to click the "Enable editing" and "Run macros" buttons, without being at all targeting.
    Having problems with SFC or Windows Update? Start a new thread in the Windows Update forum!

    Haven't heard from us in a while? Post Here to remind us.

    Have we helped you? Help us help others and Donate!

Similar Threads

  1. Hackers Replace Ransomware with Dummy File
    By JMH in forum Security News
    Replies: 0
    Last Post: 05-06-2016, 09:13 PM

Log in

Log in