Wave[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Wave.exe
Size

54.0MB
MD5

5f4c9f3fc681ac6be5be6681396545ab
SHA1

e3d67195899364eebfb27d7d8b050a25040466b9
SHA256

63bd5de0406b8b5db7c853bfbf3c1970519bc068d88902edee744e6b9a99ba61
SHA512

5b2065e212bbbd12420022b69ae77252cf80c5b44de24b32be6107a6252405084f174df65aab411df870f347a13d54f404aa25aedfab221c999d8fc73c4beaf7
SSDEEP

393216:59nqYllR13C29oiF0U1vFEgcfn52W3K+AbcsCSmggoKlQnAliXUxR0rHa93WhlUk:Dfl6e0OBG6ZC/Lwi8rj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Wave.exe

Files

Wave.exe
.exe windows:6 windows x64 arch:x64

836685b44600a233721784f3d46f1e5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\deno\deno\target\release\deps\deno.pdb

Imports

powrprof

CallNtPowerInformation

iphlpapi

GetAdaptersAddresses

bcrypt

BCryptGenRandom

ntdll

RtlUnwindEx
RtlPcToFileHeader
RtlCaptureStackBackTrace
RtlDeleteFunctionTable
RtlAddFunctionTable
VerSetConditionMask
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtCreateFile
NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx
RtlUnwind

advapi32

EventSetInformation
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
EventWriteTransfer
RegQueryValueExW
EventRegister
RegCloseKey
SystemFunction036

d3dcompiler_47

D3DCompile

dbghelp

SymSetOptions
SymInitialize
SymGetLineFromAddr64
SymFromAddr
StackWalk64
SymFunctionTableAccess64
SymGetModuleBase64
SymSetSearchPathW
SymGetSearchPathW

kernel32

EnumSystemLocalesW
LCMapStringW
CompareStringW
GetConsoleOutputCP
GetFileSizeEx
IsValidLocale
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
FindFirstFileExW
GetUserDefaultLCID
SetStdHandle
GetLocaleInfoW
CreateSymbolicLinkW
GetTimeFormatW
GetDateFormatW
GetCommandLineA
GetCPInfo
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
EncodePointer
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetLastError
GetCommandLineW
CloseHandle
WaitForSingleObject
GetExitCodeProcess
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SwitchToThread
GetCurrentProcessId
lstrlenW
SetConsoleMode
SetConsoleCursorPosition
TryAcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockShared
OpenProcess
GetStdHandle
GetFileInformationByHandleEx
GetConsoleMode
WakeAllConditionVariable
SleepConditionVariableSRW
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
LoadLibraryExW
CreateEventA
FindClose
SetCurrentDirectoryW
SetEnvironmentVariableW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetErrorMode
SetThreadErrorMode
LoadLibraryW
TerminateProcess
RegisterWaitForSingleObject
GetProcessId
CreateToolhelp32Snapshot
Process32First
Process32Next
ReadFile
GetConsoleScreenBufferInfo
ResetEvent
WaitForMultipleObjects
FreeLibrary
SetFileTime
TryAcquireSRWLockExclusive
GetOverlappedResult
WriteFile
CancelIoEx
SetFileCompletionNotificationModes
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
WaitForSingleObjectEx
CreateFileW
CreateSemaphoreW
ReadDirectoryChangesW
ReleaseSemaphore
CancelIo
GetSystemInfo
Sleep
GetModuleHandleA
SetFileInformationByHandle
WakeConditionVariable
GetConsoleCursorInfo
SetConsoleCursorInfo
ReadConsoleInputW
FillConsoleOutputCharacterA
FillConsoleOutputAttribute
GetFileInformationByHandle
TlsGetValue
TlsSetValue
SetLastError
GetEnvironmentVariableW
WriteConsoleW
GetCurrentProcess
GetCurrentThread
ReleaseMutex
GetCurrentDirectoryW
LoadLibraryA
CreateMutexA
TlsAlloc
GetModuleHandleW
FormatMessageW
GetTempPathW
GetModuleFileNameW
DeviceIoControl
FlushFileBuffers
DuplicateHandle
GetFinalPathNameByHandleW
SetFilePointerEx
FindNextFileW
CreateDirectoryW
ReadConsoleW
InitializeCriticalSection
SetHandleInformation
CreateProcessW
CreateNamedPipeW
CreateEventW
ExitProcess
TryEnterCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
FindFirstFileW
DeleteFileW
MoveFileExW
RemoveDirectoryW
IsProcessorFeaturePresent
CreateHardLinkW
SetFileAttributesW
CopyFileExW
CreateThread
UnregisterWaitEx
SetConsoleTextAttribute
GetDiskFreeSpaceA
GetSystemTimes
GlobalMemoryStatusEx
GetVersionExA
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
WideCharToMultiByte
SystemTimeToFileTime
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetTempPathA
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
GetFullPathNameW
HeapCreate
AreFileApisANSI
DeleteCriticalSection
GetCurrentThreadId
GetLocaleInfoEx
GetTimeZoneInformation
GetThreadTimes
GetTempFileNameA
GetFileType
VerifyVersionInfoW
VirtualAlloc
VirtualFree
IsDebuggerPresent
TlsFree
QueryThreadCycleTime
GetThreadPriority
SetThreadPriority
VirtualProtect
InitOnceExecuteOnce
SetUnhandledExceptionFilter
GetNativeSystemInfo
GetDynamicTimeZoneInformation
GetUserGeoID
GetGeoInfoW
InitializeConditionVariable
OpenThread
SuspendThread
GetThreadContext
ResumeThread
CreateSemaphoreA
ResolveLocaleName
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDateFormatEx
GetTimeFormatEx
GetCurrencyFormatEx
GetNumberFormatEx
InitializeCriticalSectionAndSpinCount
InterlockedPushEntrySList
RaiseException
GetStartupInfoW
InitializeSListHead
SetEvent
UnhandledExceptionFilter

ole32

CoTaskMemFree

shell32

SHGetKnownFolderPath

ws2_32

send
sendto
recvfrom
WSASocketW
setsockopt
bind
getaddrinfo
recv
WSAStartup
getsockname
WSACleanup
listen
getpeername
shutdown
WSASend
accept
connect
getsockopt
freeaddrinfo
ioctlsocket
socket
WSAGetLastError
WSAIoctl
closesocket

winmm

timeGetTime

Exports

Exports

CrashForExceptionInNonABICompliantCodeRange

Sections

.text
Size: 30.0MB - Virtual size: 30.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22.1MB - Virtual size: 22.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 135KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 109KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

836685b44600a233721784f3d46f1e5d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

powrprof

iphlpapi

bcrypt

ntdll

advapi32

d3dcompiler_47

dbghelp

kernel32

ole32

shell32

ws2_32

winmm

Exports

Exports

Sections

.text Size: 30.0MB - Virtual size: 30.0MB

.rdata Size: 22.1MB - Virtual size: 22.1MB

.data Size: 135KB - Virtual size: 254KB

.pdata Size: 1.2MB - Virtual size: 1.2MB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 109KB - Virtual size: 4KB

.reloc Size: 169KB - Virtual size: 168KB

.text
Size: 30.0MB - Virtual size: 30.0MB

.rdata
Size: 22.1MB - Virtual size: 22.1MB

.data
Size: 135KB - Virtual size: 254KB

.pdata
Size: 1.2MB - Virtual size: 1.2MB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 109KB - Virtual size: 4KB

.reloc
Size: 169KB - Virtual size: 168KB