Wave[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Wave.dll
Size

13.2MB
MD5

0067b279a7efe8371ca8cd2cfbd0e38a
SHA1

5b2b1b25342d8f14273684e02d0e9e6a416e598d
SHA256

c1312af9a3c4f333e992a5b95e5e655b7da1f4de4f0963b648357a0c20fb94dd
SHA512

525565659ef233c9df2c395b1953a426ce21cd2bed44e6fc1e2b895723a01fb7fe05a7ba713654e7ce4394f0bb6dabda3af18cd012f26e462e18de8fdefb4dd8
SSDEEP

196608:jkpTC07hlz+pUyhTv5vdf+I7qW14TXU85mNuCMvFhW7YG3MGl1QyQtqv8ULXySr:2vg7RhkIl14TXoAiYo3Qy58yyS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Wave.dll

Files

Wave.dll
.dll windows:6 windows x64 arch:x64

d40942cfec57aa5c839f02ba73c16230

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

zstd

ZSTD_decompress
ZSTD_compress

lz4

LZ4_compressBound
LZ4_decompress_safe
LZ4_compress_default

xxhash

XXH32

wolfssl

wc_InitSha384
wc_Sha384Update
wc_Sha384Final
wc_AesFree
wc_AesInit
wc_AesCbcDecrypt
wc_AesCbcEncrypt
wc_AesSetKey
wc_FreeRng
wc_RNG_GenerateBlock
wc_InitRng

ws2_32

recv
connect
select
send
setsockopt
socket
WSAGetLastError
inet_pton
getsockopt
WSACloseEvent
closesocket
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
ioctlsocket
WSAWaitForMultipleEvents
ntohs
WSASetLastError
inet_ntop
WSAStartup
WSACleanup
htons
htonl
WSAIoctl
__WSAFDIsSet
accept
bind
getsockname
listen
getpeername
WSAResetEvent
getaddrinfo
freeaddrinfo

advapi32

RegCloseKey
GetCurrentHwProfileA
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
RegOpenKeyExA
RegQueryValueExA

kernel32

GetFileInformationByHandle
GetFileAttributesExW
SetFileInformationByHandle
AreFileApisANSI
CopyFileW
CloseHandle
Sleep
GetCurrentProcessId
OpenProcess
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleFileNameA
GetModuleHandleA
K32GetModuleFileNameExA
Process32First
Process32Next
CreateFileA
ReadFile
GetCurrentProcess
GlobalAlloc
GlobalFree
GlobalUnlock
GlobalLock
QueryPerformanceCounter
QueryPerformanceFrequency
GetProcAddress
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
MultiByteToWideChar
WideCharToMultiByte
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
GetLastError
GetEnvironmentVariableA
SetLastError
FormatMessageW
MoveFileExA
WaitForSingleObjectEx
SleepEx
VerSetConditionMask
VerifyVersionInfoW
GetFileSizeEx
GetFileInformationByHandleEx
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentThreadId
GetSystemTimeAsFileTime
CreateToolhelp32Snapshot
LocalFree
FormatMessageA
GetLocaleInfoEx
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
InitializeSListHead
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

RegisterClipboardFormatA
GetWindowTextA
EnumWindows
GetWindowThreadProcessId
keybd_event
mouse_event
MapVirtualKeyA
GetSystemMetrics
GetForegroundWindow
GetClientRect
ClientToScreen
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
GetClipboardData
MessageBoxA

msvcp140

_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_signal
?_Throw_Cpp_error@std@@YAXH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bios_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
?_Xout_of_range@std@@YAXPEBD@Z
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Xbad_function_call@std@@YAXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
_Query_perf_counter
_Query_perf_frequency
?setf@ios_base@std@@QEAAHHH@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xinvalid_argument@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?flags@ios_base@std@@QEBAHXZ

vcruntime140

__std_exception_copy
__std_exception_destroy
_CxxThrowException
memcpy
_purecall
__std_terminate
memchr
__std_type_info_destroy_list
__C_specific_handler
__current_exception_context
__current_exception
strstr
strrchr
strchr
memset
memmove
memcmp

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_cexit
_initterm
_initterm_e
_crt_atexit
_execute_onexit_table
_register_onexit_function
_errno
_initialize_onexit_table
_configure_narrow_argv
exit
_seh_filter_dll
abort
_invalid_parameter_noinfo_noreturn
__sys_nerr
__sys_errlist
_beginthreadex
_initialize_narrow_environment
terminate

api-ms-win-crt-heap-l1-1-0

malloc
realloc
free
calloc
_callnewh

api-ms-win-crt-utility-l1-1-0

rand
srand
qsort

api-ms-win-crt-convert-l1-1-0

strtod
strtoll
strtoul
wcstombs
atoi
strtoull
strtol

api-ms-win-crt-math-l1-1-0

ceil
_dsign
log
fmod
floor
log10
exp
log2
cosh
pow
cos
sin
modf
sinh
atan2
atan
sqrt
tan
frexp
tanh
ceilf
ldexp
floorf
_fdopen
round
acos
asin

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
_get_stream_buffer_pointers
_close
_fileno
fclose
fflush
fgets
ftell
fgetc
_open
fopen
fseek
feof
__stdio_common_vsscanf
__stdio_common_vsnprintf_s
fputs
fgetpos
fputc
fread
fsetpos
_fseeki64
fwrite
setvbuf
ungetc
__stdio_common_vsprintf

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file
_stat64
_fstat64
_access
_unlink

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_localtime64_s
strftime
_gmtime64
_time64
_difftime64
clock

api-ms-win-crt-locale-l1-1-0

localeconv
___lc_codepage_func

api-ms-win-crt-string-l1-1-0

isdigit
isupper
isalpha
isxdigit
ispunct
isgraph
toupper
strncpy
strpbrk
strnlen
strspn
strncmp
isalnum
_strdup
strcmp
tolower
isspace
islower
iscntrl
strncat
strcspn

zlib1

inflate
zlibVersion
inflateEnd
inflateInit_
inflateInit2_

crypt32

CertFreeCertificateContext
CryptDecodeObjectEx
CertEnumCertificatesInStore
CertCloseStore
CertAddCertificateContextToStore
CryptStringToBinaryA
PFXImportCertStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertFindCertificateInStore
CertOpenStore

bcrypt

BCryptGenRandom

Sections

.text
Size: - Virtual size: 1001KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.\o\
Size: - Virtual size: 7.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.2 n
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.14/
Size: 13.2MB - Virtual size: 13.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d40942cfec57aa5c839f02ba73c16230

Headers

DLL Characteristics

File Characteristics

Imports

zstd

lz4

xxhash

wolfssl

ws2_32

advapi32

kernel32

user32

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

zlib1

crypt32

bcrypt

Sections

.text Size: - Virtual size: 1001KB

.rdata Size: - Virtual size: 271KB

.data Size: - Virtual size: 28KB

.pdata Size: - Virtual size: 47KB

.\o\ Size: - Virtual size: 7.1MB

.2 n Size: 4KB - Virtual size: 4KB

.14/ Size: 13.2MB - Virtual size: 13.2MB

.reloc Size: 512B - Virtual size: 284B

.rsrc Size: 512B - Virtual size: 469B

.text
Size: - Virtual size: 1001KB

.rdata
Size: - Virtual size: 271KB

.data
Size: - Virtual size: 28KB

.pdata
Size: - Virtual size: 47KB

.\o\
Size: - Virtual size: 7.1MB

.2 n
Size: 4KB - Virtual size: 4KB

.14/
Size: 13.2MB - Virtual size: 13.2MB

.reloc
Size: 512B - Virtual size: 284B

.rsrc
Size: 512B - Virtual size: 469B