WD230pdf[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

WD230pdf.dll
Size

4.6MB
MD5

ddff20927bc57a37e575f2195bf0b81a
SHA1

77e32ef262025ca7548020a96a777208a259ee70
SHA256

64ecb027120e01d346cf1e79235ef03febe9af14778a77920eca2d36f96a4ea6
SHA512

e53b8b2d5f1907871e6ee1753f923b43d1f851f8d9cde19ff51bab1333dd2f9e79a5b56178e9068fbb585c7ef5587e1cad4113fccfd4076a0643f5c1f8f72da7
SSDEEP

98304:4UMIRW+tteiEMHJNA/T46GJKWLwnOFCYCeaD2gTq:pfqijjAUF5CYCeaD2gm

Score

1^/10

Malware Config

Signatures

Files

WD230pdf.dll
.dll windows:6 windows x86 arch:x86

04ddba529ef14346aac1affac45a1a5a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9b
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

05/10/2017, 00:00

Not After

04/12/2019, 23:59

Subject

CN=PC SOFT INFORMATIQUE,OU=Quality Assurance,O=PC SOFT INFORMATIQUE,L=MONTPELLIER,ST=Hérault,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

20:e5:e7:d8:af:06:e8:17:c8:94:78:77:9b:81:7a:fa:39:64:64:43
Signer

Actual PE Digest

20:e5:e7:d8:af:06:e8:17:c8:94:78:77:9b:81:7a:fa:39:64:64:43

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

B:\source\source.AV\103307\Release_wdpdf_136\WX\Desktop_x86_32\Release\wd230pdf.pdb

Imports

gdiplus

GdipBitmapGetPixel
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImagePixelFormat
GdipGetImageFlags
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectRect
GdipGetDpiY
GdipGetDpiX
GdipGetPageScale
GdipSetPageScale
GdipSetPageUnit
GdipSetInterpolationMode
GdipSetImageAttributesRemapTable
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipBitmapSetResolution
GdipGetImageVerticalResolution
GdipGetImageHorizontalResolution
GdipCreateBitmapFromGdiDib
GdipCreateBitmapFromStream
GdipImageRotateFlip
GdipSetImagePalette
GdipCreateBitmapFromScan0
GdipCloneImage
GdipDrawImageI
GdipResetWorldTransform
GdipSetWorldTransform
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipTranslateMatrix
GdipDeleteMatrix
GdipCreateMatrix2
GdipAlloc
GdipFree

kernel32

DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FindResourceW
LoadResource
LockResource
SizeofResource
FormatMessageW
LocalFree
SetLastError
GetSystemTime
LocalAlloc
GetVersionExW
GetModuleHandleW
GetLastError
GetFileInformationByHandle
GetLogicalDriveStringsW
GetVolumeInformationW
WriteFile
ReadFile
SetFilePointer
LockFile
LockFileEx
UnlockFile
UnlockFileEx
FlushFileBuffers
SetEndOfFile
SetFileValidData
SetErrorMode
SystemTimeToFileTime
FileTimeToSystemTime
CreateFileW
Sleep
DeleteFileW
MoveFileW
CopyFileW
GetFileAttributesW
CreateDirectoryW
FindFirstFileW
FindClose
SetFileAttributesW
InitializeCriticalSection
GetTempFileNameW
GetFullPathNameW
GetDriveTypeW
FileTimeToLocalFileTime
HeapAlloc
GetProcessHeap
HeapFree
FreeLibrary
ResetEvent
SetEvent
WaitForMultipleObjects
WaitForSingleObject
CreateEventW
GetCurrentThreadId
CompareStringW
GetTimeZoneInformation
CreateSemaphoreW
ReleaseSemaphore
GetCurrentProcess
GetFullPathNameA
GetCurrentProcessId
FindNextFileA
GetModuleFileNameA
LoadLibraryA
SwitchToThread
RaiseException
FindFirstFileExA
GetWindowsDirectoryA
VirtualAlloc
VirtualFree
CreateFileA
GetFileSizeEx
SetFilePointerEx
GetSystemDirectoryA
IsWow64Process
GetProcAddress
LoadLibraryW
InterlockedExchange
GlobalReAlloc
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
ReleaseMutex
CloseHandle
CreateMutexW
GetTickCount
MultiByteToWideChar
GetCurrentDirectoryW
GetProfileStringA
MulDiv
GetLocalTime
GetProfileStringW
WideCharToMultiByte
InterlockedExchangeAdd
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
RtlUnwind
LoadLibraryExW
InterlockedFlushSList
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
HeapReAlloc
GetStdHandle
GetConsoleMode
ReadConsoleW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
GetConsoleCP
HeapSize
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
GetTempPathW
GetACP

user32

IntersectRect
GetSysColor
FillRect
ReleaseDC
GetDC
InvalidateRect
IsWindowVisible
SetPropW
RemovePropW
GetPropW
SetTimer
KillTimer
LoadImageW
OffsetRect

gdi32

GetPaletteEntries
CreateSolidBrush
GetDeviceCaps
SetDIBits
CreateBitmap
GetStockObject
GetPixel
CreateCompatibleBitmap
SetTextColor
SetBkColor
GetObjectType
GetDIBits
RealizePalette
SelectPalette
CreateFontIndirectW
SetMapMode
BitBlt
CreateDIBSection
DeleteObject
DeleteDC
CreatePalette
GetDIBColorTable
SelectObject
CreateCompatibleDC
GetObjectW
CreateFontA
EnumFontFamiliesExA
GetTextMetricsW
GetTextFaceA
CreateFontIndirectA
GetOutlineTextMetricsW
GetFontData
GetCharWidthW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegEnumValueA
RegCloseKey

Exports

Exports

CheckVersion
CommandeComposante
Execution
ExternalTermLibrary
InfoComposante
bExternalInitLibrary
bInitWLConvFromVM
pQueryProxy
pQueryProxyEx
pclQueryIMGFactory

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 224KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04ddba529ef14346aac1affac45a1a5a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9bCertificate

Extended Key Usages

Key Usages

20:e5:e7:d8:af:06:e8:17:c8:94:78:77:9b:81:7a:fa:39:64:64:43Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 2.0MB - Virtual size: 2.0MB

.data Size: 224KB - Virtual size: 242KB

.gfids Size: 1024B - Virtual size: 540B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 109KB - Virtual size: 109KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9b
Certificate

20:e5:e7:d8:af:06:e8:17:c8:94:78:77:9b:81:7a:fa:39:64:64:43
Signer

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 2.0MB - Virtual size: 2.0MB

.data
Size: 224KB - Virtual size: 242KB

.gfids
Size: 1024B - Virtual size: 540B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 109KB - Virtual size: 109KB