Resubmissions
28-09-2024 18:31
240928-w57d6azelr 3Static task
static1
General
-
Target
Wave.dll
-
Size
16.3MB
-
MD5
4b02f90beafcda6661ef7cd648c93b56
-
SHA1
53f73ae064bfa1aeb565fb919a263ce8c32cf6c5
-
SHA256
12163ecc11b58658eacf17c1a462ecda8ba0f2bb6014f96b75c6e2466770f85c
-
SHA512
83a36c11fe2c8b1fe686962da6495ffa90bf8eb7dab0d2a3ae55d707fd0cc8156f2929fddab1ab81fb1475838efc97b20434ff158e1998bbb2c6906ac6c60b00
-
SSDEEP
393216:LrqEz6I36Zk21ZlJT6dm4Yzo6zjn0ags+LYxHrmz:LF6/1ZlJudfYzo6zb0zszhrm
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Wave.dll
Files
-
Wave.dll.dll windows:6 windows x64 arch:x64
60e3fa19285ba9e7bd48bd980651021a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
ws2_32
getsockopt
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
WSASetLastError
inet_pton
ntohs
WSAStartup
WSACleanup
WSAIoctl
htons
__WSAFDIsSet
accept
bind
getsockname
htonl
listen
recvfrom
sendto
getpeername
gethostname
inet_ntop
freeaddrinfo
getaddrinfo
WSAGetLastError
socket
setsockopt
send
select
recv
ioctlsocket
connect
closesocket
advapi32
RegQueryValueExA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegOpenKeyExA
RegCloseKey
kernel32
GetCurrentProcess
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GetVolumeInformationA
GetComputerNameA
QueryPerformanceCounter
QueryPerformanceFrequency
GetProcAddress
VirtualAlloc
VirtualQuery
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WakeConditionVariable
WakeAllConditionVariable
GetLastError
WaitForSingleObject
MultiByteToWideChar
WideCharToMultiByte
VerSetConditionMask
FreeLibrary
LoadLibraryA
GetLocaleInfoA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetTickCount
InitializeCriticalSectionEx
SetEvent
CreateEventW
GetSystemDirectoryW
GetModuleHandleW
LoadLibraryW
SetLastError
FormatMessageW
MoveFileExW
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
VerifyVersionInfoW
GetModuleFileNameA
GetFileSizeEx
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
SubmitThreadpoolWork
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapAlloc
HeapFree
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetModuleFileNameW
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
RtlUnwindEx
WriteFile
ReadFile
Process32Next
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
FindNextFileA
FindFirstFileA
Process32First
CreateToolhelp32Snapshot
QueryFullProcessImageNameA
SleepEx
GetModuleHandleA
WriteConsoleW
HeapSize
DeleteFileW
CreateFileW
CloseThreadpoolWork
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FreeEnvironmentStringsW
GetStringTypeW
GetCPInfo
CompareStringEx
GetSystemTimeAsFileTime
LCMapStringEx
DecodePointer
CreateThreadpoolWork
OpenProcess
GetCurrentProcessId
Sleep
CloseHandle
HeapReAlloc
GetTimeZoneInformation
SetStdHandle
SetEndOfFile
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
LCMapStringW
RtlUnwind
GetProcessHeap
SetEnvironmentVariableW
LocalFree
FormatMessageA
GetLocaleInfoEx
TryAcquireSRWLockExclusive
GetCurrentThreadId
SleepConditionVariableSRW
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetFileInformationByHandle
AreFileApisANSI
CopyFileW
GetFileInformationByHandleEx
InitOnceBeginInitialize
InitOnceComplete
RtlPcToFileHeader
RaiseException
EncodePointer
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
RegisterClipboardFormatA
GetWindowTextA
EnumWindows
GetWindowThreadProcessId
keybd_event
mouse_event
MapVirtualKeyA
GetSystemMetrics
GetForegroundWindow
GetClientRect
ClientToScreen
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
GetClipboardData
MessageBoxA
CallWindowProcA
GetWindowRect
SetWindowLongPtrA
FindWindowW
GetKeyboardLayout
TrackMouseEvent
GetMessageExtraInfo
GetKeyState
GetCapture
SetCapture
ReleaseCapture
LoadCursorA
ScreenToClient
GetCursorPos
SetCursor
SetCursorPos
IsWindowUnicode
d3d11
D3D11CreateDeviceAndSwapChain
imm32
ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow
d3dcompiler_47
D3DCompile
crypt32
PFXImportCertStore
CryptDecodeObjectEx
CertOpenSystemStoreA
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CryptStringToBinaryW
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
bcrypt
BCryptGenRandom
Sections
.text Size: - Virtual size: 2.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 572KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 315KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 110KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.;)l Size: - Virtual size: 8.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.`Sa Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.*Zl Size: 16.3MB - Virtual size: 16.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 272B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 469B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ