WPDSp[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

WPDSp.dll
Size

342KB
MD5

7df45a1e1a4aafdeeff2ca8f8200f37b
SHA1

3a446b89e0a1d34bff8f4e3063cf0f5e0340c68e
SHA256

b5fdd39f12b753a11a118aa37d053bfaf0a97c3f4d51658d99cc9603c4877e00
SHA512

0accf7550ba20c62e59e48670954c7bb2e8bc9269914dee7dd594e152b4d55f9600bfa378893beb0f50ab3c8ca685468cf7d2e50e4863715f2254bbde2c181a0
SSDEEP

6144:vyBkf9J/UoLO/NUqqYSoYyTLCIepQSZawN3+KEfYwFaTCD:zJnO/NUqjSJyTLJeEwNuLpD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WPDSp.dll

Files

WPDSp.dll
.dll regsvr32 windows:6 windows x86 arch:x86

bbc39043927d0601141628d90527e4ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WPDSp.pdb

Imports

msvcrt

memset
_vsnwprintf
malloc
_initterm
_amsg_exit
??1type_info@@UAE@XZ
_except_handler4_common
_wcsicmp
realloc
_errno
_unlock
__dllonexit
_lock
_onexit
free
wcsncpy_s
_purecall
_XcptFilter
_ftol2
??_V@YAXPAX@Z
_CxxThrowException
memcpy_s
memmove_s
wcsstr
_wcslwr_s
__CxxFrameHandler3
memcpy
_snwscanf
iswspace
??2@YAPAXI@Z
??_U@YAPAXI@Z
calloc
wcscpy_s
wcscat_s
_vscwprintf
vswprintf_s
_wtoi
ceil
??3@YAXPAX@Z

advapi32

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
TraceEvent
TraceMessage
RegQueryValueExW

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
InterlockedCompareExchange
Sleep
lstrlenA
GetSystemTimeAsFileTime
InterlockedExchange
GetVersionExA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
LoadLibraryExA
GetThreadLocale
SetThreadLocale
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
OutputDebugStringA
DeviceIoControl
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetDiskFreeSpaceA
GlobalMemoryStatus
GetLocalTime
HeapDestroy
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
GetLastError
K32GetModuleBaseNameW
GetCurrentProcess
lstrlenW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
LoadLibraryW
GetProcAddress
GetModuleHandleW
lstrcmpiW
QueryPerformanceFrequency
QueryPerformanceCounter
SetEvent
CloseHandle
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
CreateEventW
CreateFileW
CreateThread
ExpandEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
DisableThreadLibraryCalls

user32

CharNextW
LoadImageW
UnregisterClassA

oleaut32

LoadTypeLi
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayGetElemsize
RegisterTypeLi
UnRegisterTypeLi
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SysAllocString
SafeArrayCreateVector
VarUI4FromStr
SysStringLen
SysAllocStringLen
SysFreeString

shlwapi

StrToIntW
StrStrW
StrCmpW
StrCmpNW

ole32

CLSIDFromString
StringFromCLSID
PropVariantCopy
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoWaitForMultipleHandles
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
PropVariantClear
StringFromGUID2

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiOpenDevRegKey

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 301KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bbc39043927d0601141628d90527e4ad

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

user32

oleaut32

shlwapi

ole32

setupapi

Exports

Exports

Sections

.text Size: 301KB - Virtual size: 301KB

.data Size: 9KB - Virtual size: 74KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 301KB - Virtual size: 301KB

.data
Size: 9KB - Virtual size: 74KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 18KB - Virtual size: 18KB