WSDApi[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

WSDApi.dll
Size

448KB
MD5

73f6c5223f7e9b5780dd4a6c30fcf569
SHA1

5b37f0a8ff3a5aa787f8c0ad906aafd84765fc08
SHA256

121a361a572efc6ac964300da93bf28dc11e55ddca29a7c6e6fd12955fba68b8
SHA512

df462b33694d04f96d953c0b66ce4805831b3d68ed4a7945b53bb3fc5ab2e1225056895877e8086e58e34e595c66b3c52e32438e3073105893649c29bad2c664
SSDEEP

6144:n54KapF9ZLlXB6qtSLs/X8CZLBQxUN1em8xWErMv3m6U8I1woGxcQitv9iCk:iKOjZLlX/8cX8CZLBWs2N6E1tGxcLtN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WSDApi.dll

Files

WSDApi.dll
.dll windows:6 windows x86 arch:x86

fc2db695b97010ee85a0aba5fc30dfa4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WSDApi.pdb

Imports

msvcrt

_except_handler4_common
??3@YAXPAX@Z
_initterm
_XcptFilter
wcstok_s
time
iswdigit
_wtol
_stricmp
strncmp
vfwprintf_s
fclose
_get_errno
_wcserror
_wfsopen
fwprintf_s
_strnicmp
memmove_s
_vsnprintf
_purecall
tolower
wcsstr
_vsnwprintf
_wcsdup
towlower
memcpy
_time64
_localtime64
wcsncmp
_wcsnicmp
_wcsicmp
memset
malloc
free
wcschr
??2@YAPAXI@Z
_amsg_exit

ntdll

EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
EtwTraceMessage
RtlIpv6StringToAddressExW
RtlIpv4StringToAddressExW
EtwGetTraceEnableLevel

rpcrt4

UuidCreate
UuidFromStringA

ws2_32

getsockname
WSADuplicateSocketW
WSASocketW
setsockopt
WSASendTo
WSARecvFrom
WSAIoctl
shutdown
bind
closesocket
WSACleanup
WSAStartup
WSAAddressToStringW
WSAGetLastError
GetAddrInfoW
FreeAddrInfoW
ntohs
htons
socket
freeaddrinfo
WSAStringToAddressW
getaddrinfo

iphlpapi

GetAdaptersAddresses
ConvertInterfaceGuidToLuid
CancelMibChangeNotify2
NotifyUnicastIpAddressChange
GetBestRoute2

webservices

WsWriteStartAttribute
WsWriteChars
WsWriteEndAttribute
WsStartWriterCanonicalization
WsEndWriterCanonicalization
WsGetWriterPosition
WsMoveWriter
WsMoveReader
WsReadStartElement
WsReadEndElement
WsReadNode
WsStartReaderCanonicalization
WsEndReaderCanonicalization
WsSkipNode
WsReadBytes
WsFindAttribute
WsReadStartAttribute
WsWriteEndElement
WsReadChars
WsReadToStartElement
WsSetInput
WsSetOutputToBuffer
WsGetWriterProperty
WsCreateHeap
WsCreateXmlBuffer
WsFreeHeap
WsFreeWriter
WsCreateReader
WsSetInputToBuffer
WsCreateWriter
WsSetOutput
WsGetReaderNode
WsCopyNode
WsFreeReader
WsWriteBytes
WsWriteStartElement
WsWriteEndStartElement
WsWriteXmlnsAttribute
WsWriteText
WsWriteCharsUtf8
WsWriteValue
WsReadEndAttribute
WsSetWriterPosition

nsi

NsiGetParameter

firewallapi

IcfChangeNotificationCreate
IcfAddrChangeNotificationCreate
IcfChangeNotificationDestroy
FWClosePolicyStore
FWFreeFirewallRules
FWQueryFirewallRules
FWGetConfig
IsFirewallInCoExistanceMode
FWOpenPolicyStore
FWGetGlobalConfig

api-ms-win-core-localregistry-l1-1-0

RegOpenKeyExA
RegCloseKey

kernel32

DelayLoadFailureHook
DisableThreadLibraryCalls
GetModuleFileNameW
InterlockedDecrement
GetProcAddress
GetLastError
FreeLibrary
InterlockedCompareExchange
LoadLibraryExA
InterlockedIncrement
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
WaitForThreadpoolWorkCallbacks
ResetEvent
DuplicateHandle
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
TrySubmitThreadpoolCallback
SetThreadpoolThreadMinimum
CancelThreadpoolIo
StartThreadpoolIo
CreateThreadpoolIo
CloseThreadpoolIo
WaitForThreadpoolIoCallbacks
CancelIoEx
InitializeCriticalSection
GlobalFree
CancelIo
WaitForMultipleObjects
OutputDebugStringW
MultiByteToWideChar
ReleaseSemaphore
QueueUserWorkItem
WideCharToMultiByte
GetCurrentProcessId
CloseThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
LoadLibraryW
CreateThreadpoolWait
SleepEx
UnregisterWaitEx
SetWaitableTimer
RegisterWaitForSingleObject
CreateWaitableTimerW
SetEvent
CloseHandle
CreateSemaphoreW
WaitForSingleObject
Sleep
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
CloseThreadpool
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CreateThreadpool
SetThreadpoolThreadMaximum
CreateThreadpoolCleanupGroup
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeSRWLock
CreateEventW

Exports

Exports

WSDAddFirewallCheck
WSDAllocateLinkedMemory
WSDAttachLinkedMemory
WSDCancelNetworkChangeNotify
WSDCompareEndpoints
WSDCopyEndpoint
WSDCopyNameList
WSDCreateDeviceHost
WSDCreateDeviceHost2
WSDCreateDeviceHostAdvanced
WSDCreateDeviceProxy
WSDCreateDeviceProxy2
WSDCreateDeviceProxyAdvanced
WSDCreateDiscoveryProvider
WSDCreateDiscoveryProvider2
WSDCreateDiscoveryPublisher
WSDCreateDiscoveryPublisher2
WSDCreateHttpAddress
WSDCreateHttpMessageParameters
WSDCreateHttpTransport
WSDCreateMetadataAgent
WSDCreateOutboundAttachment
WSDCreateUdpAddress
WSDCreateUdpMessageParameters
WSDCreateUdpTransport
WSDDetachLinkedMemory
WSDFreeLinkedMemory
WSDGenerateFault
WSDGenerateFaultEx
WSDGenerateRandomDelay
WSDGetConfigurationOption
WSDNotifyNetworkChange
WSDProcessFault
WSDRemoveFirewallCheck
WSDSetConfigurationOption
WSDUriDecode
WSDUriEncode
WSDXMLAddChild
WSDXMLAddSibling
WSDXMLBuildAnyForSingleElement
WSDXMLCleanupElement
WSDXMLCompareNames
WSDXMLCreateContext
WSDXMLGetNameFromBuiltinNamespace
WSDXMLGetValueFromAny

Sections

.text
Size: 414KB - Virtual size: 413KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc2db695b97010ee85a0aba5fc30dfa4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

rpcrt4

ws2_32

iphlpapi

webservices

nsi

firewallapi

api-ms-win-core-localregistry-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 414KB - Virtual size: 413KB

.data Size: 7KB - Virtual size: 9KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 24KB - Virtual size: 23KB

.text
Size: 414KB - Virtual size: 413KB

.data
Size: 7KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 24KB - Virtual size: 23KB