WD230grf[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

WD230grf.dll
Size

894KB
MD5

e10e600b2358bf619853a36272a2f38c
SHA1

c72ad8845d79068146133eb0961bca8a598cda62
SHA256

100aafdbc99833baf72dfde1154f3aba9d873fb8d706e3a94f1fde0f9a2ffcda
SHA512

c5f6c3fe0cb4d183c6977d6e98f6b65e3e004ef7fb3b9555fc16fb20fc5644ba8a1a6b5db12982fe1757ce735218899d87b20372d89fe27b20be8a022ecceb92
SSDEEP

24576:mDDxtJmluaR35QQw+g7a2yNiL/MPDSk1Y:mPxtUuaRjiwDSMY

Score

1^/10

Malware Config

Signatures

Files

WD230grf.dll
.dll windows:5 windows x86 arch:x86

028845dab1f8634f3054a6a030a8e6c7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9b
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

05/10/2017, 00:00

Not After

04/12/2019, 23:59

Subject

CN=PC SOFT INFORMATIQUE,OU=Quality Assurance,O=PC SOFT INFORMATIQUE,L=MONTPELLIER,ST=Hérault,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

55:73:87:b4:b5:6c:c4:30:d5:3a:d3:df:ef:39:02:05:8a:00:e6:6f
Signer

Actual PE Digest

55:73:87:b4:b5:6c:c4:30:d5:3a:d3:df:ef:39:02:05:8a:00:e6:6f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

B:\source\source.AV\103503\Release_wdgrf_84\WX\Desktop_x86_32\Release\wd230grf.pdb

Imports

comctl32

ord17

gdiplus

GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipGetWorldTransform
GdipDisposeImage
GdipTransformMatrixPoints
GdipDeleteMatrix
GdipCreateMatrix
GdipAlloc
GdipFree

kernel32

GlobalUnlock
CreateFileW
_lwrite
CloseHandle
GetCurrentDirectoryW
SetCurrentDirectoryW
GlobalFree
InterlockedExchange
Sleep
MultiByteToWideChar
HeapAlloc
GetProcessHeap
WideCharToMultiByte
HeapFree
FreeLibrary
GetProfileStringW
GetDateFormatW
GetSystemTime
GetLastError
GetCurrentThreadId
FormatMessageW
LocalFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WriteFile
GlobalLock
FlushFileBuffers
SetErrorMode
SetLastError
GetFileAttributesW
CreateDirectoryW
FindClose
GetTempPathW
GetCurrentProcess
EncodePointer
TerminateProcess
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GlobalDeleteAtom
GlobalAddAtomW
WriteConsoleW
InterlockedExchangeAdd
InterlockedIncrement
GetTickCount
GetModuleHandleW
GetProcAddress
LoadLibraryW
MulDiv
InterlockedDecrement
RaiseException
InterlockedFlushSList
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetFileType
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetStringTypeW
GetACP
DecodePointer
HeapReAlloc
GetStdHandle
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
GetConsoleCP
GetConsoleMode
SetFilePointerEx

user32

ModifyMenuW
GetMenuState
GetMenuItemID
DestroyMenu
DeleteMenu
EnableMenuItem
CheckMenuItem
GetSubMenu
CreateMenu
CreatePopupMenu
AppendMenuW
GetMenuItemCount
SetMenuItemInfoW
GetActiveWindow
InvalidateRect
FillRect
GetPropW
DestroyWindow
IsWindow
CreateWindowExW
LoadCursorW
SetCursor
IntersectRect
SetRect
GetAsyncKeyState
EndPaint
GetSysColor
GetMenuItemInfoW
BeginPaint
PtInRect
GetWindowLongW
ClientToScreen
GetClientRect
MessageBoxW
GetWindowRect
DrawTextW
GetDesktopWindow
ReleaseDC
GetDC
SendMessageW

gdi32

PatBlt
CreateCompatibleBitmap
BitBlt
GetPixel
DeleteObject
ExtTextOutW
GetTextExtentPoint32W
SetTextAlign
SetBkColor
SetTextColor
SelectObject
SetMapMode
DeleteDC
CreateDIBSection
CreateCompatibleDC
GetDeviceCaps
CreateFontW
CreateFontIndirectW
Polygon
Arc
Polyline
CreateMetaFileW
Pie
MoveToEx
GetMetaFileBitsEx
DeleteMetaFile
CreateEnhMetaFileW
CloseEnhMetaFile
DeleteEnhMetaFile
SetWindowOrgEx
SetViewportOrgEx
SetWindowExtEx
SetViewportExtEx
StartDocW
StartPage
EndPage
EndDoc
SetBkMode
SelectPalette
RealizePalette
GetObjectW
GetNearestColor
GetDIBits
LineTo
LPtoDP
CloseMetaFile
Ellipse
CreateSolidBrush
GetStockObject
CreatePen

comdlg32

PrintDlgW
ChooseFontW
GetSaveFileNameW

Exports

Exports

CheckVersion
CommandeComposante
Execution
ExternalTermLibrary
InfoComposante
bExternalInitLibrary
bInitWLConvFromVM
pQueryProxy

Sections

.text
Size: 587KB - Virtual size: 587KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

028845dab1f8634f3054a6a030a8e6c7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9bCertificate

Extended Key Usages

Key Usages

55:73:87:b4:b5:6c:c4:30:d5:3a:d3:df:ef:39:02:05:8a:00:e6:6fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

gdiplus

kernel32

user32

gdi32

comdlg32

Exports

Exports

Sections

.text Size: 587KB - Virtual size: 587KB

.rdata Size: 152KB - Virtual size: 151KB

.data Size: 3KB - Virtual size: 7KB

.gfids Size: 512B - Virtual size: 280B

.rsrc Size: 116KB - Virtual size: 116KB

.reloc Size: 28KB - Virtual size: 27KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9b
Certificate

55:73:87:b4:b5:6c:c4:30:d5:3a:d3:df:ef:39:02:05:8a:00:e6:6f
Signer

.text
Size: 587KB - Virtual size: 587KB

.rdata
Size: 152KB - Virtual size: 151KB

.data
Size: 3KB - Virtual size: 7KB

.gfids
Size: 512B - Virtual size: 280B

.rsrc
Size: 116KB - Virtual size: 116KB

.reloc
Size: 28KB - Virtual size: 27KB