Wave[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Wave.dll
Size

11.1MB
MD5

4f73c9d1757028c7483acff89d3c9bbf
SHA1

d558e5531ee99960bebb3998cfcd340aff34ca24
SHA256

5737d3f83d38130146dd6a02ebe62116b1839790d66b1652d1bfa0f8b742bb7e
SHA512

b9312554a73efd2358d5b1da3ee5a8af92f149140bcd08627aa0d06c35658467622e50b0868e31d303900fe04cc46dfa84604259e7c167420ef8d09585d4e466
SSDEEP

196608:dw+qKZSRBq/XZqnRihL6eVlXuB00+dIkjKJFVd9LPjkyEAmJLTivTgi:dwDKMRg/XiRihL6osB00+d/0V7LPg3LI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Wave.dll

Files

Wave.dll
.dll windows:6 windows x64 arch:x64

Password: infe

a192f0d04d16ff850ebb92047542858b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

zstd

ZSTD_decompress
ZSTD_compress

lz4

LZ4_decompress_safe
LZ4_compressBound
LZ4_compress_default

xxhash

XXH32

wolfssl

wc_RNG_GenerateBlock
wc_InitSha384
wc_Sha384Update
wc_AesFree
wc_Sha384Final
wc_AesCbcDecrypt
wc_AesCbcEncrypt
wc_AesSetKey
wc_FreeRng
wc_AesInit
wc_InitRng

ws2_32

bind
connect
accept
ioctlsocket
__WSAFDIsSet
WSAIoctl
htonl
htons
WSACleanup
closesocket
inet_ntop
WSASetLastError
ntohs
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
getsockopt
inet_pton
getpeername
getsockname
WSAStartup
listen
recv
freeaddrinfo
getaddrinfo
WSAGetLastError
socket
setsockopt
send
select

advapi32

RegCloseKey
GetCurrentHwProfileA
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
RegOpenKeyExA
RegQueryValueExA

kernel32

GetFileInformationByHandle
GetFileAttributesExW
SetFileInformationByHandle
AreFileApisANSI
CopyFileW
CloseHandle
Sleep
GetCurrentProcessId
OpenProcess
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleFileNameA
GetModuleHandleA
K32GetModuleFileNameExA
Process32First
Process32Next
CreateFileA
ReadFile
GetCurrentProcess
GlobalAlloc
GlobalFree
GlobalUnlock
GlobalLock
QueryPerformanceCounter
QueryPerformanceFrequency
GetProcAddress
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
MultiByteToWideChar
WideCharToMultiByte
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
GetLastError
GetEnvironmentVariableA
SetLastError
FormatMessageW
MoveFileExA
WaitForSingleObjectEx
SleepEx
VerSetConditionMask
VerifyVersionInfoW
GetFileSizeEx
GetFileInformationByHandleEx
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentThreadId
GetSystemTimeAsFileTime
CreateToolhelp32Snapshot
LocalFree
FormatMessageA
GetLocaleInfoEx
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
InitializeSListHead
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

RegisterClipboardFormatA
GetWindowTextA
EnumWindows
GetWindowThreadProcessId
keybd_event
mouse_event
MapVirtualKeyA
GetSystemMetrics
GetForegroundWindow
GetClientRect
ClientToScreen
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
GetClipboardData
MessageBoxA

msvcp140

_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_signal
?_Throw_Cpp_error@std@@YAXH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bios_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?_Xout_of_range@std@@YAXPEBD@Z
?width@ios_base@std@@QEAA_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xbad_function_call@std@@YAXXZ
_Query_perf_counter
_Query_perf_frequency
?setf@ios_base@std@@QEAAHHH@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?_Random_device@std@@YAIXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xinvalid_argument@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?width@ios_base@std@@QEBA_JXZ

vcruntime140

__std_exception_copy
__std_exception_destroy
_CxxThrowException
memcpy
__std_type_info_destroy_list
__C_specific_handler
__current_exception_context
__current_exception
strstr
strrchr
strchr
memset
memmove
memcmp
memchr
__std_terminate
_purecall

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_cexit
_initterm
_initterm_e
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_configure_narrow_argv
_errno
_seh_filter_dll
abort
_invalid_parameter_noinfo_noreturn
exit
__sys_nerr
__sys_errlist
_beginthreadex
terminate
_initialize_narrow_environment

api-ms-win-crt-heap-l1-1-0

_callnewh
calloc
free
malloc
realloc

api-ms-win-crt-utility-l1-1-0

rand
qsort
srand

api-ms-win-crt-math-l1-1-0

_dclass
tan
ceilf
ldexp
round
acos
asin
atan
atan2
ceil
cos
cosh
frexp
sqrt
_dsign
exp
floor
sinh
modf
sin
floorf
pow
_fdopen
tanh
log2
log10
log
fmod

api-ms-win-crt-stdio-l1-1-0

setvbuf
ungetc
fwrite
_fseeki64
__stdio_common_vsprintf
fsetpos
fread
__acrt_iob_func
_close
fputc
fgetpos
fgets
fgetc
ftell
_get_stream_buffer_pointers
fflush
fclose
fputs
__stdio_common_vsnprintf_s
fopen
fseek
feof
_fileno
__stdio_common_vsscanf
_open

api-ms-win-crt-filesystem-l1-1-0

_unlink
_lock_file
_access
_stat64
_unlock_file
_fstat64

api-ms-win-crt-time-l1-1-0

_difftime64
_gmtime64
_gmtime64_s
_localtime64_s
clock
_time64
strftime

api-ms-win-crt-locale-l1-1-0

localeconv
___lc_codepage_func

api-ms-win-crt-string-l1-1-0

isdigit
strcmp
isalnum
tolower
isspace
isxdigit
ispunct
strcspn
isupper
strncat
_strdup
isgraph
iscntrl
strncmp
strspn
strnlen
strpbrk
toupper
strncpy
isalpha
islower

api-ms-win-crt-convert-l1-1-0

strtol
atoi
strtoul
wcstombs
strtoull
strtod
strtoll

zlib1

inflateInit2_
inflate
inflateInit_
zlibVersion
inflateEnd

crypt32

CertFreeCertificateContext
CryptDecodeObjectEx
CertEnumCertificatesInStore
CertCloseStore
CertAddCertificateContextToStore
CryptStringToBinaryA
PFXImportCertStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertFindCertificateInStore
CertOpenStore

bcrypt

BCryptGenRandom

Sections

.text
Size: - Virtual size: 998KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.femboys
Size: - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.femboys
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.femboys
Size: 11.1MB - Virtual size: 11.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infe

a192f0d04d16ff850ebb92047542858b

Headers

DLL Characteristics

File Characteristics

Imports

zstd

lz4

xxhash

wolfssl

ws2_32

advapi32

kernel32

user32

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

zlib1

crypt32

bcrypt

Sections

.text Size: - Virtual size: 998KB

.rdata Size: - Virtual size: 270KB

.data Size: - Virtual size: 28KB

.pdata Size: - Virtual size: 47KB

.femboys Size: - Virtual size: 5.9MB

.femboys Size: 4KB - Virtual size: 4KB

.femboys Size: 11.1MB - Virtual size: 11.1MB

.reloc Size: 512B - Virtual size: 284B

.rsrc Size: 512B - Virtual size: 469B

.text
Size: - Virtual size: 998KB

.rdata
Size: - Virtual size: 270KB

.data
Size: - Virtual size: 28KB

.pdata
Size: - Virtual size: 47KB

.femboys
Size: - Virtual size: 5.9MB

.femboys
Size: 4KB - Virtual size: 4KB

.femboys
Size: 11.1MB - Virtual size: 11.1MB

.reloc
Size: 512B - Virtual size: 284B

.rsrc
Size: 512B - Virtual size: 469B