wiretap-1[.]8[.]0[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

wiretap-1.8.0.dll
Size

427KB
MD5

d5d9b110f735c7789fdc453e1574a1ca
SHA1

f5d4791322e590d3d3d1ac3fd2d8d3eca093e1d6
SHA256

657c215af84f023ab69878ffddcb12ec15d177a84ec2820992f1821639ed2063
SHA512

12901c75cc065863f5ecc5137157415f281adc0bfe31f63bfeb4541d6a352f78ee1d80b3b5f6b0d58a215ee81a2cafcd6a1a2553605d339880163ee3fff03a2c
SSDEEP

6144:vApEBfxyXGp88jZiTOW68oF44wQKienIV9aeEeAscqhh3sw/P/eTMmmbpFw:vrjQTm418AscC8yaT4pq

Score

1^/10

Malware Config

Signatures

Files

wiretap-1.8.0.dll
.dll windows:5 windows x64

67e45ec2f905fa99101e863b48c0d625

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:8f:0a:ff:bf:03:3f:f6:39:e0:a2:88:e2:0a:65:19
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

24/07/2012, 00:00

Not After

24/07/2013, 23:59

Subject

CN=Wireshark Foundation,O=Wireshark Foundation,POSTALCODE=94105,STREET=199 Fremont,L=San Francisco,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c7:bf:a6:67:ae:f6:6f:33:fc:3f:83:9f:35:f7:84:2d:27:1c:59:11
Signer

Actual PE Digest

c7:bf:a6:67:ae:f6:6f:33:fc:3f:83:9f:35:f7:84:2d:27:1c:59:11

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

libglib-2.0-0

g_hash_table_foreach
g_malloc
g_strdup
g_free
g_realloc
g_log
g_hash_table_new
g_strlcpy
g_malloc_n
g_hash_table_insert
g_snprintf
g_hash_table_destroy
g_hash_table_foreach_remove
g_hash_table_lookup
g_array_append_vals
g_array_new
g_assertion_message
g_assertion_message_expr
g_array_prepend_vals
g_ptr_array_new
g_malloc0
g_slist_free
g_strfreev
g_strsplit
g_slist_append
g_try_malloc
g_ptr_array_foreach
g_strerror
g_ptr_array_free
g_array_free
g_strndup
g_list_append
g_list_foreach
g_list_free
g_strdup_printf
g_str_equal
g_str_hash
g_direct_equal
g_direct_hash
g_malloc0_n
g_memdup
g_ascii_xdigit_value
g_ptr_array_add
g_ascii_strcasecmp

libwsutil

crc32_ccitt_seed
ws_stdio_stat64
ws_stdio_unlink
ws_stdio_fopen
ws_stdio_open
ascii_strup_inplace
ascii_strdown_inplace
mpa_padding
mpa_samples
mpa_frequency
mpa_bitrate
mpa_layer
mpa_version

zlib1

inflateInit2_
crc32
inflateSetDictionary
inflatePrime
inflateReset
inflate
inflateEnd
deflateInit2_
deflateReset
deflate
deflateEnd

msvcr100

_lseek
_fdopen
_read
strchr
_fileno
__crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__CppXcptFilter
__C_specific_handler
_amsg_exit
_encoded_null
_initterm_e
_initterm
_malloc_crt
strftime
realloc
fprintf
exit
malloc
free
strtol
ftell
asctime
_gmtime64
islower
memchr
strrchr
_lseeki64
fclose
fwrite
ferror
fflush
__iob_func
_fstat64
_dup
_setmode
_close
getenv
toupper
isxdigit
tolower
isspace
_localtime64
sscanf
isalnum
isdigit
atoi
strstr
_errno
fseek
_tzset
_time64
memcmp
_mktime64
strtoul
_write
strcmp
strlen
memset
memmove
memcpy
strncmp

kernel32

UnhandledExceptionFilter
DecodePointer
Sleep
DisableThreadLibraryCalls
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
EncodePointer
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount

Exports

Exports

buffer_append
buffer_assure_space
buffer_free
buffer_init
buffer_remove_start
file_eof
file_error
file_getc
file_gets
file_read
file_seek
file_tell
wtap_buf_ptr
wtap_cleareof
wtap_close
wtap_default_file_extension
wtap_dump
wtap_dump_can_compress
wtap_dump_can_open
wtap_dump_can_write_encap
wtap_dump_can_write_encaps
wtap_dump_close
wtap_dump_fdopen
wtap_dump_fdopen_ng
wtap_dump_file_encap_type
wtap_dump_flush
wtap_dump_open
wtap_dump_open_ng
wtap_dump_set_addrinfo_list
wtap_encap_short_string
wtap_encap_string
wtap_fdclose
wtap_fdreopen
wtap_file_encap
wtap_file_get_idb_info
wtap_file_get_shb_info
wtap_file_size
wtap_file_tsprecision
wtap_file_type
wtap_file_type_short_string
wtap_file_type_string
wtap_free_file_extensions_list
wtap_fstat
wtap_get_bytes_dumped
wtap_get_file_extensions_list
wtap_get_num_encap_types
wtap_get_num_file_types
wtap_get_savable_file_types
wtap_iscompressed
wtap_open_offline
wtap_pcap_encap_to_wtap_encap
wtap_phdr
wtap_pseudoheader
wtap_read
wtap_read_so_far
wtap_register_encap_type
wtap_register_file_type
wtap_register_open_routine
wtap_seek_read
wtap_sequential_close
wtap_set_bytes_dumped
wtap_set_cb_new_ipv4
wtap_set_cb_new_ipv6
wtap_short_string_to_encap
wtap_short_string_to_file_type
wtap_snapshot_length
wtap_strerror
wtap_write_shb_comment
wtap_wtap_encap_to_pcap_encap

Sections

.text
Size: 328KB - Virtual size: 328KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67e45ec2f905fa99101e863b48c0d625

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

0c:8f:0a:ff:bf:03:3f:f6:39:e0:a2:88:e2:0a:65:19Certificate

Extended Key Usages

Key Usages

c7:bf:a6:67:ae:f6:6f:33:fc:3f:83:9f:35:f7:84:2d:27:1c:59:11Signer

Headers

DLL Characteristics

File Characteristics

Imports

libglib-2.0-0

libwsutil

zlib1

msvcr100

kernel32

Exports

Exports

Sections

.text Size: 328KB - Virtual size: 328KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 57KB - Virtual size: 378KB

.pdata Size: 7KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

0c:8f:0a:ff:bf:03:3f:f6:39:e0:a2:88:e2:0a:65:19
Certificate

c7:bf:a6:67:ae:f6:6f:33:fc:3f:83:9f:35:f7:84:2d:27:1c:59:11
Signer

.text
Size: 328KB - Virtual size: 328KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 57KB - Virtual size: 378KB

.pdata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB