Static task
static1
General
-
Target
Wave.dll
-
Size
11.2MB
-
MD5
a625cdef16860630acdae42d81b038aa
-
SHA1
2d10e81c40d12c82f6487efc81303955c87d6af9
-
SHA256
a2a77138230ab1b3b8e28fd8a831e008cef4175a7a4b1136b0aa4bb8ae693f43
-
SHA512
8884d2f2764520fc856354b58ad813d0c98c6e1cdc85c5af67823a542b777a809c50b2c8b153a8b24a9f513c6104b2f5847fb710afa6f4b0887cbd419ab4d355
-
SSDEEP
196608:FwrTjpZX8km19WOmUnY/5iqgQFp4+HQVQvibzXEg/czc9WLVpuAvOwTGRcg1D5r:Fwr3ok2YOLY/5izQFpPQ+iH7/T9WpNmT
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Wave.dll
Files
-
Wave.dll.dll windows:6 windows x64 arch:x64
Password: oober
779c91be937043eae63090fc6f840b56
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
ws2_32
WSACloseEvent
WSAEventSelect
inet_pton
WSACreateEvent
WSAEnumNetworkEvents
WSAResetEvent
WSAWaitForMultipleEvents
closesocket
WSASetLastError
ntohs
inet_ntop
WSAStartup
WSACleanup
htons
bind
recvfrom
sendto
accept
getsockname
listen
WSAIoctl
htonl
__WSAFDIsSet
getpeername
gethostname
connect
getsockopt
ioctlsocket
freeaddrinfo
getaddrinfo
WSAGetLastError
socket
setsockopt
send
select
recv
advapi32
CryptAcquireContextA
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
kernel32
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleFileNameA
GetModuleHandleA
QueryFullProcessImageNameA
CreateToolhelp32Snapshot
Process32First
Process32Next
ReadFile
WriteFile
GetCurrentProcess
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GetVolumeInformationA
GetComputerNameA
QueryPerformanceCounter
QueryPerformanceFrequency
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WakeConditionVariable
WakeAllConditionVariable
GetLastError
WaitForSingleObject
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
MultiByteToWideChar
WideCharToMultiByte
GetTickCount
InitializeCriticalSectionEx
SetEvent
CreateEventW
GetSystemDirectoryW
FreeLibrary
GetModuleHandleW
LoadLibraryW
GetEnvironmentVariableA
CreateThreadpoolWork
FormatMessageW
MoveFileExW
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
WaitForSingleObjectEx
SleepEx
VerSetConditionMask
VerifyVersionInfoW
CreateFileW
GetFileSizeEx
GetACP
IsValidCodePage
SetEndOfFile
SetStdHandle
GetTimeZoneInformation
HeapReAlloc
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapAlloc
HeapFree
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetModuleFileNameW
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
RtlUnwind
OpenProcess
GetCurrentProcessId
Sleep
CloseHandle
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
DeleteFileW
HeapSize
WriteConsoleW
SetLastError
TerminateProcess
SetUnhandledExceptionFilter
LocalFree
FormatMessageA
GetLocaleInfoEx
TryAcquireSRWLockExclusive
GetCurrentThreadId
SleepConditionVariableSRW
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetFileInformationByHandle
AreFileApisANSI
CopyFileW
GetFileInformationByHandleEx
RtlPcToFileHeader
RaiseException
EncodePointer
DecodePointer
LCMapStringEx
GetSystemTimeAsFileTime
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
RegisterClipboardFormatA
GetWindowTextA
EnumWindows
GetWindowThreadProcessId
keybd_event
mouse_event
MapVirtualKeyA
GetSystemMetrics
GetForegroundWindow
GetClientRect
ClientToScreen
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
GetClipboardData
MessageBoxA
crypt32
CertOpenStore
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CryptStringToBinaryW
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
bcrypt
BCryptGenRandom
Sections
.text Size: - Virtual size: 2.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 408KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 72KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: - Virtual size: 500B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.K,, Size: - Virtual size: 5.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.=I@ Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.u[* Size: 11.2MB - Virtual size: 11.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 296B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 469B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ