wd230ole[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

wd230ole.dll
Size

238KB
MD5

bc301272a54b568e5ad009e42ed9b9e2
SHA1

211c5f20cb02149ff45c24fbad7f0b7abe67b74d
SHA256

4bcf3d9379c38f8a0d8ea200d63fff109821784275e1d654151a7b66b471134a
SHA512

d8079aab3671c1e82e79cd0411831e10976f29e2c3a417c1aa38ec58783a54cd9c6407096696481332fa00af6dc2be7ffbb81af2b1abfa76040277803376cdc9
SSDEEP

3072:e85skaksnYpEpgpAqXDX1ON+ODYSW6w65x9iG6TOi41+u4gi+h+Nq5qb2CNGwbPc:e85skafY+OdDlONFYSfxeThBtUA63

Score

1^/10

Malware Config

Signatures

Files

wd230ole.dll
.dll windows:5 windows x86 arch:x86

e77ed1e1a7f33ff9ea32fd3b8733dc14

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9b
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

05/10/2017, 00:00

Not After

04/12/2019, 23:59

Subject

CN=PC SOFT INFORMATIQUE,OU=Quality Assurance,O=PC SOFT INFORMATIQUE,L=MONTPELLIER,ST=Hérault,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:f9:bf:41:ec:58:29:23:4b:1f:98:af:21:7e:be:02:ff:f8:f1:98
Signer

Actual PE Digest

65:f9:bf:41:ec:58:29:23:4b:1f:98:af:21:7e:be:02:ff:f8:f1:98

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

B:\source\source.YB\101872\Release_wdole_66\WX\Desktop_x86_32\Release\wd230ole.pdb

Imports

kernel32

LocalFree
GetCurrentThreadId
GetLastError
FlushFileBuffers
SetLastError
FindClose
GetModuleHandleW
GetCurrentProcess
DecodePointer
SetFilePointerEx
FormatMessageW
GetConsoleCP
HeapSize
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
HeapReAlloc
SetStdHandle
LCMapStringW
GetStringTypeW
GetStdHandle
GetACP
HeapAlloc
HeapFree
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
GetFileType
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
InterlockedFlushSList
RaiseException
EncodePointer
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetTickCount
lstrcpynW
MulDiv
GlobalSize
GetThreadLocale
FreeLibrary
GlobalDeleteAtom
GlobalAddAtomW
WideCharToMultiByte
LoadLibraryW
SetErrorMode
GetProfileIntW
GlobalFree
GlobalAlloc
SetFilePointer
CloseHandle
GlobalUnlock
GlobalLock
CreateFileW
ReadFile
WriteFile
Sleep
GetProcAddress
InterlockedExchangeAdd
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
GetConsoleMode
GetCurrentProcessId
QueryPerformanceCounter
WriteConsoleW

user32

wsprintfW
PeekMessageW
TranslateMessage
DispatchMessageW
GetPropW
SetPropW
RemovePropW
MessageBoxW
SetWindowPos
IsWindowVisible
GetDC
ReleaseDC
IsWindow
CopyRect
RegisterWindowMessageW
CallWindowProcW
SendMessageW
GetWindowLongW
SetWindowLongW
RegisterClipboardFormatW
PtInRect
IsRectEmpty
InflateRect
OffsetRect
GetDlgItem
GetTopWindow
GetWindow
GetWindowDC
GetClientRect
InvalidateRect
ScreenToClient
ReleaseCapture
GetCapture
SetCapture
GetActiveWindow
GetCursorPos
IsClipboardFormatAvailable
GetKeyState

gdi32

SelectClipRgn
CreateRectRgnIndirect
SetROP2
GetStockObject
GetMapMode
CopyMetaFileW
GetTextColor
GetBkColor
GetDeviceCaps
GetObjectW
LPtoDP
SetMapMode
DeleteObject
PatBlt
SetBkColor
SetTextColor
SelectObject
CreatePatternBrush
CreateBitmap
DPtoLP

advapi32

RegQueryValueExW
RegCloseKey
RegQueryValueW
RegEnumKeyExW
RegOpenKeyExW

ole32

CoCreateInstance
OleRun
CLSIDFromString
OleSetContainedObject
OleSave
OleCreateFromData
OleCreateFromFile
OleCreate
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleDraw
CoTaskMemFree
ReleaseStgMedium
GetHGlobalFromILockBytes
OleConvertOLESTREAMToIStorage
OleLoad
StgOpenStorageOnILockBytes
CoGetClassObject
OleGetAutoConvert
RevokeDragDrop
CoLockObjectExternal
OleSetClipboard
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleGetClipboard
CoGetMalloc
ProgIDFromCLSID
CreateBindCtx
CoTaskMemAlloc
OleDuplicateData
CLSIDFromProgID
OleUninitialize
CoUninitialize
OleInitialize
CoInitializeEx

oleaut32

VariantInit
VariantClear
OleCreatePropertyFrame
SysFreeString
SafeArrayPtrOfIndex
SafeArrayCreate
SafeArrayUnlock
SafeArrayLock
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantCopy
VariantChangeType
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
SysStringLen
SysAllocStringLen
GetActiveObject

Exports

Exports

?WndProcFrame@@YGJPAUHWND__@@IIJ@Z
CheckVersion
CommandeComposante
Execution
ExternalTermLibrary
InfoComposante
bExternalInitLibrary
bInitWLConvFromVM
pQueryProxy

Sections

.text
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e77ed1e1a7f33ff9ea32fd3b8733dc14

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9bCertificate

Extended Key Usages

Key Usages

65:f9:bf:41:ec:58:29:23:4b:1f:98:af:21:7e:be:02:ff:f8:f1:98Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 151KB - Virtual size: 150KB

.rdata Size: 59KB - Virtual size: 58KB

.data Size: 6KB - Virtual size: 9KB

.gfids Size: 512B - Virtual size: 232B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 13KB - Virtual size: 12KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9b
Certificate

65:f9:bf:41:ec:58:29:23:4b:1f:98:af:21:7e:be:02:ff:f8:f1:98
Signer

.text
Size: 151KB - Virtual size: 150KB

.rdata
Size: 59KB - Virtual size: 58KB

.data
Size: 6KB - Virtual size: 9KB

.gfids
Size: 512B - Virtual size: 232B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 12KB