Static task
static1
General
-
Target
Wave.dll
-
Size
11.9MB
-
MD5
2bed889bca6300f09c8aa3f8499ebc90
-
SHA1
d4110011237cac4b04ae415057f7847c9d035ec4
-
SHA256
d6192a960d0e8662dd34889b53c430e21ec41414c659c7c322fea15517568239
-
SHA512
f7e700de204010fd85c6e3079e545ed584c523d0c1acd35bac9e3e1d7057a600a96a4842ecb14f3662c1fb69a22effb10f115be63fe9492ea9fa1ef7b381e104
-
SSDEEP
196608:0rbzxTOT/cSfa9q1mXpbG/CgvxQLEhroUsf7rw7xz8vUSuODX1h8wwXKgSaFzK+x:0t6TcSfaA1mXpUvxOEhMjrw7xz8vdX1s
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Wave.dll
Files
-
Wave.dll.dll windows:6 windows x64 arch:x64
a0d86c75add647658cb16883cd8b2376
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
ws2_32
WSACloseEvent
WSAEventSelect
inet_pton
WSACreateEvent
WSAEnumNetworkEvents
WSAResetEvent
WSAWaitForMultipleEvents
closesocket
WSASetLastError
ntohs
inet_ntop
WSAStartup
WSACleanup
htons
bind
recvfrom
sendto
accept
getsockname
listen
WSAIoctl
htonl
__WSAFDIsSet
getpeername
gethostname
connect
getsockopt
ioctlsocket
freeaddrinfo
getaddrinfo
WSAGetLastError
socket
setsockopt
send
select
recv
advapi32
CryptAcquireContextA
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
GetCurrentHwProfileA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
kernel32
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleFileNameA
GetModuleHandleA
QueryFullProcessImageNameA
CreateToolhelp32Snapshot
Process32First
Process32Next
ReadFile
WriteFile
GetCurrentProcess
GlobalAlloc
GlobalFree
GlobalUnlock
GlobalLock
QueryPerformanceCounter
QueryPerformanceFrequency
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WakeConditionVariable
WakeAllConditionVariable
GetLastError
WaitForSingleObject
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
MultiByteToWideChar
WideCharToMultiByte
GetTickCount
InitializeCriticalSectionEx
SetEvent
CreateEventW
GetSystemDirectoryW
FreeLibrary
GetModuleHandleW
LoadLibraryW
GetEnvironmentVariableA
SetLastError
CreateThreadpoolWork
MoveFileExW
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
WaitForSingleObjectEx
SleepEx
VerSetConditionMask
VerifyVersionInfoW
CreateFileW
GetFileSizeEx
GetACP
IsValidCodePage
SetEndOfFile
SetStdHandle
GetTimeZoneInformation
HeapReAlloc
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapAlloc
HeapFree
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetModuleFileNameW
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
OpenProcess
RtlUnwind
GetCurrentProcessId
Sleep
CloseHandle
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
DeleteFileW
HeapSize
WriteConsoleW
FormatMessageW
TerminateProcess
SetUnhandledExceptionFilter
LocalFree
FormatMessageA
GetLocaleInfoEx
TryAcquireSRWLockExclusive
GetCurrentThreadId
SleepConditionVariableSRW
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetFileInformationByHandle
AreFileApisANSI
CopyFileW
GetFileInformationByHandleEx
RtlPcToFileHeader
RaiseException
EncodePointer
DecodePointer
LCMapStringEx
GetSystemTimeAsFileTime
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
RegisterClipboardFormatA
GetWindowTextA
EnumWindows
GetWindowThreadProcessId
keybd_event
mouse_event
MapVirtualKeyA
GetSystemMetrics
GetForegroundWindow
GetClientRect
ClientToScreen
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
GetClipboardData
MessageBoxA
crypt32
CertCloseStore
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CryptStringToBinaryW
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertOpenStore
bcrypt
BCryptGenRandom
Sections
.text Size: - Virtual size: 1.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 430KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 37KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 72KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: - Virtual size: 500B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.H7, Size: - Virtual size: 6.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.\"d Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.I7a Size: 11.9MB - Virtual size: 11.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 296B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 469B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ