wrapper[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

wrapper.dll
Size

383KB
MD5

92c26b2ac4a7835f2fdafbf7653113f2
SHA1

11460407026c8bb0f2a189785e98bb5d23886786
SHA256

31047fadfe50412ba8e0fd4620216d0197f2f90b2d69ce906c2f8ef640d22615
SHA512

22a65b847bf6eddeb580d13cbf952c96d9edd40cc9275d8eabc50ddad1e0c52768328ea0f9e4f3fc9f0ad74eb6a88a498d30e57a9a0ef105b8f35221030a9f07
SSDEEP

6144:78/nEESn5h2MexDvVjYpOQAYm/8GcJ9kmsNoHepCsh8Alyt5JUzBJX:78/EBn5h2MIDv6AYmkpk1N6epCsiAlyg

Score

1^/10

Malware Config

Signatures

Files

wrapper.dll
.dll windows x86

ca44dcfec92493fc4fc13c8bde5c24b9

Code Sign

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/03/2016, 00:00

Not After

16/03/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

64:69:10:70:7e:ca:0e:06:6a:ca:95:e7
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Not Before

03/06/2020, 07:32

Not After

05/07/2022, 02:42

Subject

CN=He Fei Yun Biao Xin Xi Ke Ji You Xian Gong Si,O=He Fei Yun Biao Xin Xi Ke Ji You Xian Gong Si,L=Hefei,ST=Anhui,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:47:c8:86:4e:dd:1a:93:8e:a3:8d:0c:54:49:5d:83:ab:a4:fc:69
Signer

Actual PE Digest

36:47:c8:86:4e:dd:1a:93:8e:a3:8d:0c:54:49:5d:83:ab:a4:fc:69

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFileTime
WriteFile
WideCharToMultiByte
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
GetCurrentDirectoryW
LocalFileTimeToFileTime
GetModuleHandleW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetTempPathW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetVersionExW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GlobalAlloc
LoadLibraryW
GetProcAddress
FreeLibrary
SetUnhandledExceptionFilter
GetSystemTime
GetCurrentThreadId
SetFileAttributesW
GetFileAttributesExW
GetFileSize
FindFirstFileW
FindClose
CopyFileW
FileTimeToSystemTime
DeleteFileW
FlushInstructionCache
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
RaiseException
CreateDirectoryW
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
InterlockedPushEntrySList
SetEnvironmentVariableA
CompareStringW
GetProcessHeap
SetStdHandle
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
IsValidCodePage
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
SystemTimeToFileTime
SetFilePointer
InterlockedDecrement
InterlockedIncrement
CloseHandle
GetLastError
GetModuleFileNameW
Sleep
ExitProcess
HeapSize
IsProcessorFeaturePresent
LCMapStringW
HeapReAlloc
GetTimeZoneInformation
GetCPInfo
RtlUnwind
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
HeapDestroy
HeapCreate
TlsFree
SetLastError
CreateMutexW
TlsSetValue
TlsGetValue
TlsAlloc
GetLocaleInfoW
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetCommandLineA
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetStdHandle

user32

SetTimer
wsprintfW
FindWindowW
SendMessageW
SetWindowLongW
GetWindowLongW
CreateWindowExW
DestroyWindow
PostMessageW
IsWindow
DefWindowProcW
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
CallWindowProcW
PeekMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
UnregisterClassA

advapi32

CryptGetHashParam
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptAcquireContextW

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW
ShellExecuteW

winhttp

WinHttpQueryDataAvailable
WinHttpCloseHandle
WinHttpOpen
WinHttpCheckPlatform
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpReadData
WinHttpQueryHeaders
WinHttpAddRequestHeaders

iphlpapi

GetAdaptersInfo

ws2_32

gethostbyname
WSAStartup
inet_ntoa

Exports

Exports

Channel
LoadEntry
RunDllEntry
StartupEntry
Version

Sections

.text
Size: 289KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca44dcfec92493fc4fc13c8bde5c24b9

Code Sign

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

64:69:10:70:7e:ca:0e:06:6a:ca:95:e7Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

36:47:c8:86:4e:dd:1a:93:8e:a3:8d:0c:54:49:5d:83:ab:a4:fc:69Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

winhttp

iphlpapi

ws2_32

Exports

Exports

Sections

.text Size: 289KB - Virtual size: 288KB

.rdata Size: 55KB - Virtual size: 55KB

.data Size: 9KB - Virtual size: 17KB

.reloc Size: 21KB - Virtual size: 21KB

.rsrc Size: 1024B - Virtual size: 880B

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

64:69:10:70:7e:ca:0e:06:6a:ca:95:e7
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

36:47:c8:86:4e:dd:1a:93:8e:a3:8d:0c:54:49:5d:83:ab:a4:fc:69
Signer

.text
Size: 289KB - Virtual size: 288KB

.rdata
Size: 55KB - Virtual size: 55KB

.data
Size: 9KB - Virtual size: 17KB

.reloc
Size: 21KB - Virtual size: 21KB

.rsrc
Size: 1024B - Virtual size: 880B