wd230net4[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

wd230net4.dll
Size

539KB
MD5

f49876f4a68fd5e3110a449e02fc2b33
SHA1

8cf2d6d9c7f7480e2be58aff3a6a8c68b30bc6bf
SHA256

f2067caaefdbd6cf4a20c05b76986f9273ba95f1b948922bfd29cd71a3b7ba5a
SHA512

c387311194c16e5c5f022e324875cd17dd1d74f700bbe1e7583e52e075686f3caeb006d9333fec2b17993bf9bfd5b9706acb5342ec0670dca0be46cad603a521
SSDEEP

12288:TYZc9cOfitB/joBOUymKFyToVlgkV4rxRU+/qmCNT1AZ0xd7zbs4bLlSwI0boYZR:EZaZ0xdTYYhG9vE

Score

1^/10

Malware Config

Signatures

Files

wd230net4.dll
.dll windows:5 windows x86 arch:x86

e8cd2efd4875be626d77f60e1201860f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9b
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

05/10/2017, 00:00

Not After

04/12/2019, 23:59

Subject

CN=PC SOFT INFORMATIQUE,OU=Quality Assurance,O=PC SOFT INFORMATIQUE,L=MONTPELLIER,ST=Hérault,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d3:24:4c:28:e3:89:b8:68:c4:8e:e3:5e:9a:93:e6:4a:86:fc:1c:9d
Signer

Actual PE Digest

d3:24:4c:28:e3:89:b8:68:c4:8e:e3:5e:9a:93:e6:4a:86:fc:1c:9d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\source\source.YB\103495\Release_wdnetexe_10\WX\CLR4\Win32\Release\wd230net4.pdb

Imports

kernel32

SetEndOfFile
SetFileValidData
SetLastError
SetErrorMode
CreateFileW
Sleep
GetTickCount
DeleteFileW
GetFileAttributesW
SetFileAttributesW
GetTempPathW
GetCurrentDirectoryW
GetTempFileNameW
GetFullPathNameW
GetDriveTypeW
FreeLibrary
FlushFileBuffers
GetModuleHandleW
GetCurrentProcess
GetVersionExA
CreateEventW
GetStartupInfoW
MulDiv
SetEvent
VirtualProtect
VirtualQuery
TlsAlloc
TlsFree
GetCurrentProcessId
TlsSetValue
TlsGetValue
GetCurrentThreadId
GetWindowsDirectoryW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
UnlockFileEx
UnlockFile
LockFileEx
LockFile
SetFilePointer
ReadFile
WriteFile
GetLastError
CloseHandle
LoadLibraryW
GetFileInformationByHandle
GetLogicalDriveStringsW
GetVolumeInformationW
GetProcAddress
GetLocalTime
DeleteCriticalSection
InitializeCriticalSection
InterlockedIncrement
MultiByteToWideChar
WideCharToMultiByte
LocalFree
FormatMessageW
InterlockedExchangeAdd
InterlockedDecrement
GetModuleFileNameW

user32

SetTimer
SetWindowTextW
SetWindowPos
SetWindowRgn
ReleaseDC
GetDC
SendMessageW
LoadBitmapW
LoadImageW
GetClientRect
DrawTextW
InvalidateRect
KillTimer
EndPaint
BeginPaint
DefWindowProcW
SetWindowLongW
GetWindowLongW
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageW
DispatchMessageW
GetDesktopWindow
IsWindow
DrawFocusRect
GetWindowThreadProcessId
CallWindowProcW
ShowWindow
SetRect
GetWindowRect
GetSystemMetrics
CreateWindowExW
CreateWindowExA
DestroyWindow
GetClassNameW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetClassInfoW
RegisterClassW
DefMDIChildProcW

gdi32

CreatePalette
GetDIBColorTable
SelectObject
CreateCompatibleDC
DeleteObject
SetTextAlign
SetMapMode
SetBkMode
SetTextColor
CreateFontIndirectW
DeleteDC
StretchBlt
RealizePalette
SelectPalette
Rectangle
CreatePen
CreateSolidBrush
PatBlt
GetStockObject
CreateCompatibleBitmap
GetObjectW
BitBlt
GetDeviceCaps
CreateHalftonePalette

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

msvcr100

__CxxRegisterExceptionObject
__CxxQueryExceptionSize
__CxxUnregisterExceptionObject
_cexit
__CxxDetectRethrow
__CxxExceptionFilter
strchr
_crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
bsearch
_lfind
_gcvt
wcstod
strtod
_wcstoui64
_strtoui64
_wtoi64
_atoi64
_ultow
_ultoa
__CxxFrameHandler3
_purecall
??3@YAXPAX@Z
??2@YAPAXI@Z
wcslen
wcscmp
strlen
memcpy
memset
free
strncpy
wcsncpy
malloc
strcpy
wcscpy
_wtoi
_swprintf
_wcsnicmp
atoi
wcsncmp
_snwprintf
abs
memmove
wcschr
wcsstr
strcat
wcscat
_wmakepath
wcspbrk
_wcsicmp
_ltow
towupper
_vsnprintf
_vsnwprintf
wcsrchr
realloc
_fcvt
iswspace
_vswprintf
qsort
_ltoa
__FrameUnwindFilter

mscoree

_CorDllMain

Exports

Exports

CommandeComposante
EXT_VMTerm
Execution
gpiGetManager
pQueryProxy

Sections

.text
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8cd2efd4875be626d77f60e1201860f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9bCertificate

Extended Key Usages

Key Usages

d3:24:4c:28:e3:89:b8:68:c4:8e:e3:5e:9a:93:e6:4a:86:fc:1c:9dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

msvcr100

mscoree

Exports

Exports

Sections

.text Size: 251KB - Virtual size: 250KB

.rdata Size: 218KB - Virtual size: 218KB

.data Size: 16KB - Virtual size: 19KB

.rsrc Size: 27KB - Virtual size: 27KB

.reloc Size: 20KB - Virtual size: 19KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9b
Certificate

d3:24:4c:28:e3:89:b8:68:c4:8e:e3:5e:9a:93:e6:4a:86:fc:1c:9d
Signer

.text
Size: 251KB - Virtual size: 250KB

.rdata
Size: 218KB - Virtual size: 218KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 20KB - Virtual size: 19KB