General

Malware Config

Signatures

Files

• wx0840558555a454ed_10000_installer.exe

  .exe windows x64

  1c03e97e05bb8f7f8ca2623a046588cc

  
  

  Code Sign

  0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40

  Certificate

  Issuer

  CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  25-11-2020 00:00

  Not After

  22-02-2024 23:59

  Subject

  CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  11-02-2011 12:00

  Not After

  10-02-2026 12:00

  Subject

  CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22-10-2013 12:00

  Not After

  22-10-2028 12:00

  Subject

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6

  Certificate

  Issuer

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  25-11-2020 00:00

  Not After

  22-02-2024 23:59

  Subject

  CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a

  Certificate

  Issuer

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Not Before

  21-09-2022 00:00

  Not After

  21-11-2033 23:59

  Subject

  CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  23-03-2022 00:00

  Not After

  22-03-2037 23:59

  Subject

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-08-2022 00:00

  Not After

  09-11-2031 23:59

  Subject

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  72:49:1b:8b:9f:0f:94:f2:50:91:78:6b:44:35:15:3a:4c:74:de:a6:84:c0:a3:dd:13:b6:78:81:be:b5:a6:86

  Signer

  Actual PE Digest

  72:49:1b:8b:9f:0f:94:f2:50:91:78:6b:44:35:15:3a:4c:74:de:a6:84:c0:a3:dd:13:b6:78:81:be:b5:a6:86

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

  16-03-2023 08:07

  Valid: true

  Chain 1

  CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  b2:dd:d0:56:8d:11:16:72:9f:c9:e3:b6:0a:ec:8a:89:75:c5:ac:a9

  Signer

  Actual PE Digest

  b2:dd:d0:56:8d:11:16:72:9f:c9:e3:b6:0a:ec:8a:89:75:c5:ac:a9

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

  23-03-2023 16:11

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  wldap32

  ord211

  ord46

  ord60

  ord45

  ord50

  ord41

  ord22

  ord26

  ord27

  ord32

  ord33

  ord35

  ord79

  ord30

  ord200

  ord301

  ord217

  ord143

  normaliz

  IdnToAscii

  crypt32

  CertFreeCertificateChainEngine

  CertCloseStore

  CertEnumCertificatesInStore

  CertFindCertificateInStore

  CertFreeCertificateContext

  CryptStringToBinaryA

  PFXImportCertStore

  CryptDecodeObjectEx

  CertAddCertificateContextToStore

  CertFindExtension

  CertGetNameStringA

  CryptQueryObject

  CertCreateCertificateChainEngine

  CertGetCertificateChain

  CertFreeCertificateChain

  CertOpenStore

  ws2_32

  gethostbyname

  WSAStartup

  send

  WSACloseEvent

  WSACreateEvent

  WSAEnumNetworkEvents

  WSAEventSelect

  WSAResetEvent

  WSAWaitForMultipleEvents

  closesocket

  WSAGetLastError

  recv

  bind

  connect

  getpeername

  getsockname

  getsockopt

  htons

  ntohs

  setsockopt

  socket

  WSASetLastError

  WSAIoctl

  WSACleanup

  __WSAFDIsSet

  select

  accept

  htonl

  listen

  getaddrinfo

  freeaddrinfo

  recvfrom

  sendto

  ioctlsocket

  shutdown

  gethostname

  kernel32

  GetActiveProcessorCount

  DecodePointer

  GetProcAddress

  IsProcessorFeaturePresent

  DeleteCriticalSection

  GetModuleHandleW

  FreeLibrary

  WideCharToMultiByte

  CreateProcessA

  GetDriveTypeW

  GetExitCodeProcess

  GetCommandLineA

  HeapFree

  HeapSize

  GlobalFree

  HeapReAlloc

  HeapAlloc

  HeapDestroy

  GetProcessHeap

  TerminateProcess

  GetCommandLineW

  LocalFree

  GetCurrentDirectoryW

  GetFileSize

  GetTickCount

  GlobalUnlock

  GlobalLock

  lstrlenW

  GetACP

  ExitProcess

  MulDiv

  CreateDirectoryW

  GetFileAttributesW

  LocalFileTimeToFileTime

  SetFilePointer

  SetFileTime

  SystemTimeToFileTime

  FormatMessageW

  InitializeCriticalSectionAndSpinCount

  VerSetConditionMask

  GetCurrentProcessId

  VerifyVersionInfoW

  GlobalAlloc

  GetLocalTime

  lstrcmpiW

  lstrcpynW

  lstrcpyW

  ReleaseSRWLockExclusive

  AcquireSRWLockExclusive

  EnterCriticalSection

  LeaveCriticalSection

  SleepEx

  QueryPerformanceFrequency

  GetSystemDirectoryA

  LoadLibraryA

  QueryPerformanceCounter

  Sleep

  SetLastError

  MoveFileExA

  WaitForSingleObjectEx

  GetEnvironmentVariableA

  GetStdHandle

  GetFileType

  WaitForMultipleObjects

  CreateFileA

  GetFullPathNameW

  SetEndOfFile

  GetTempPathW

  SetFilePointerEx

  MoveFileExW

  CreateDirectoryExW

  InitializeCriticalSection

  CreateMutexW

  ReleaseMutex

  GetSystemInfo

  ReleaseSemaphore

  CreateSemaphoreW

  UnmapViewOfFile

  CreateFileMappingW

  MapViewOfFile

  VirtualQuery

  GetFileInformationByHandle

  DeleteFileW

  SetFileAttributesW

  GetCurrentThreadId

  GetSystemDirectoryW

  MoveFileW

  FindClose

  FindFirstFileW

  FindNextFileW

  VirtualAlloc

  VirtualFree

  CreateEventW

  SetEvent

  CreateDirectoryA

  GetPrivateProfileStringA

  GetPrivateProfileIntA

  SwitchToThread

  CopyFileW

  GetVersionExW

  AreFileApisANSI

  TryEnterCriticalSection

  HeapCreate

  GetDiskFreeSpaceW

  OutputDebugStringA

  LockFile

  GetFullPathNameA

  UnlockFileEx

  HeapValidate

  GetTempPathA

  GetDiskFreeSpaceA

  GetFileAttributesA

  OutputDebugStringW

  FlushViewOfFile

  DeleteFileA

  HeapCompact

  UnlockFile

  LockFileEx

  GetSystemTimeAsFileTime

  GetSystemTime

  FormatMessageA

  FlushFileBuffers

  RtlVirtualUnwind

  GlobalMemoryStatus

  FlushConsoleInputBuffer

  GetFileInformationByHandleEx

  GetCPInfoExW

  InitOnceComplete

  InitOnceBeginInitialize

  InitializeSRWLock

  GetExitCodeThread

  GetNativeSystemInfo

  RtlPcToFileHeader

  FreeLibraryWhenCallbackReturns

  RtlUnwind

  CreateThreadpoolWork

  SubmitThreadpoolWork

  CloseThreadpoolWork

  GetModuleHandleExW

  InitializeConditionVariable

  WakeConditionVariable

  WakeAllConditionVariable

  SleepConditionVariableCS

  SleepConditionVariableSRW

  EncodePointer

  RaiseException

  Process32FirstW

  GetDiskFreeSpaceExW

  Process32NextW

  GetFileAttributesExW

  OpenMutexA

  GetLastError

  MultiByteToWideChar

  CreateToolhelp32Snapshot

  OpenProcess

  GetModuleHandleA

  WaitForSingleObject

  CreateMutexA

  GetLocaleInfoW

  InitializeCriticalSectionEx

  PeekNamedPipe

  CreatePipe

  DeviceIoControl

  GetCurrentProcess

  GetLogicalDrives

  GlobalMemoryStatusEx

  GetPhysicallyInstalledSystemMemory

  FindResourceW

  LoadResource

  LockResource

  FreeResource

  WriteFile

  SizeofResource

  CloseHandle

  CreateFileW

  GetModuleFileNameW

  GetFileSizeEx

  ReadFile

  GetStringTypeW

  GetCPInfo

  InitializeSListHead

  LCMapStringEx

  ResetEvent

  RtlCaptureContext

  RtlLookupFunctionEntry

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  GetStartupInfoW

  RtlUnwindEx

  InterlockedPushEntrySList

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  LoadLibraryExW

  CreateThread

  ExitThread

  FreeLibraryAndExitThread

  SystemTimeToTzSpecificLocalTime

  FileTimeToSystemTime

  SetConsoleCtrlHandler

  GetConsoleCP

  SetEnvironmentVariableW

  GetConsoleMode

  ReadConsoleW

  GetConsoleOutputCP

  GetDateFormatW

  GetTimeFormatW

  CompareStringW

  LCMapStringW

  SetFileInformationByHandle

  IsValidLocale

  GetUserDefaultLCID

  EnumSystemLocalesW

  SetStdHandle

  GetTimeZoneInformation

  SetConsoleMode

  ReadConsoleInputW

  IsValidCodePage

  GetOEMCP

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  WriteConsoleW

  FindFirstFileExW

  LoadLibraryW

  SignalObjectAndWait

  user32

  FillRect

  SetRect

  CreatePopupMenu

  DestroyMenu

  EnableMenuItem

  AppendMenuW

  TrackPopupMenu

  CreateCaret

  DrawTextW

  CharPrevW

  GetWindowRgn

  IsWindowEnabled

  MoveWindow

  UpdateLayeredWindow

  MessageBoxW

  SetWindowRgn

  SetWindowLongPtrW

  GetWindowLongPtrW

  AdjustWindowRectEx

  GetPropW

  SetPropW

  GetMenu

  EnableWindow

  SetCaretPos

  GetCaretPos

  ClientToScreen

  UpdateWindow

  EqualRect

  SetWindowTextW

  GetWindowTextW

  GetWindowTextLengthW

  GetCaretBlinkTime

  GetClassInfoExW

  RegisterClassExW

  RegisterClassW

  wsprintfA

  PostQuitMessage

  DefWindowProcW

  wsprintfW

  InflateRect

  LoadCursorW

  SetCursor

  GetMonitorInfoW

  MonitorFromWindow

  HideCaret

  GetWindow

  GetParent

  SetWindowLongW

  GetWindowLongW

  PtInRect

  IsRectEmpty

  OffsetRect

  UnionRect

  IntersectRect

  GetSysColor

  MapWindowPoints

  ScreenToClient

  GetCursorPos

  GetWindowRect

  GetClientRect

  InvalidateRect

  GetUpdateRect

  EndPaint

  BeginPaint

  KillTimer

  SetTimer

  ReleaseCapture

  SetCapture

  GetKeyState

  GetFocus

  GetActiveWindow

  SetFocus

  CharNextW

  IsZoomed

  IsIconic

  IsWindowVisible

  SetWindowPos

  DestroyWindow

  IsWindow

  CreateWindowExW

  PostMessageW

  DispatchMessageW

  TranslateMessage

  GetMessageW

  EnumDisplayDevicesW

  GetDC

  GetSystemMetrics

  ReleaseDC

  ShowWindow

  FindWindowW

  DrawTextA

  CreateAcceleratorTableW

  InvalidateRgn

  GetGUIThreadInfo

  SetForegroundWindow

  GetKeyboardLayout

  GetKeyNameTextW

  MapVirtualKeyExW

  CharUpperW

  LoadImageW

  ShowCaret

  GetProcessWindowStation

  CallWindowProcW

  GetUserObjectInformationW

  SendMessageW

  gdi32

  SetBkColor

  SetBkMode

  StretchBlt

  SetStretchBltMode

  SetTextColor

  GetObjectA

  SelectClipRgn

  TextOutW

  GdiFlush

  CreatePatternBrush

  GetTextExtentPointA

  GetBitmapBits

  SetBitmapBits

  ExtSelectClipRgn

  GetTextExtentPoint32W

  GetDeviceCaps

  GetClipBox

  GetCharABCWidthsW

  CreateSolidBrush

  CreateRectRgnIndirect

  CreatePenIndirect

  CombineRgn

  CreateDIBSection

  PtInRegion

  CreateRectRgn

  CreateRoundRectRgn

  SetWindowOrgEx

  GetObjectW

  MoveToEx

  BitBlt

  CreateCompatibleBitmap

  CreateCompatibleDC

  CreateDIBitmap

  CreateFontIndirectW

  CreatePen

  DeleteDC

  DeleteObject

  GetStockObject

  AddFontMemResourceEx

  RemoveFontMemResourceEx

  Rectangle

  RestoreDC

  SaveDC

  SelectObject

  CloseEnhMetaFile

  CreateEnhMetaFileW

  GetEnhMetaFileHeader

  PlayEnhMetaFile

  LineTo

  GetTextMetricsW

  shell32

  SHGetPathFromIDListW

  SHGetSpecialFolderPathW

  SHGetFolderPathW

  DragQueryFileW

  CommandLineToArgvW

  SHBrowseForFolderW

  SHGetFolderPathA

  ShellExecuteExW

  ole32

  CoInitializeEx

  CoCreateGuid

  CoCreateInstance

  DoDragDrop

  CoUninitialize

  ReleaseStgMedium

  CreateStreamOnHGlobal

  CLSIDFromString

  CLSIDFromProgID

  OleLockRunning

  CoInitialize

  OleDuplicateData

  CoTaskMemFree

  oleaut32

  SysStringLen

  SysAllocStringLen

  VariantClear

  VariantInit

  SysFreeString

  SysAllocString

  advapi32

  CryptReleaseContext

  RegQueryValueExW

  RegDeleteValueW

  ReportEventW

  RegisterEventSourceW

  DeregisterEventSource

  CryptGenRandom

  CryptAcquireContextW

  RegQueryValueExA

  RegOpenKeyExA

  SetSecurityDescriptorDacl

  InitializeSecurityDescriptor

  CryptEncrypt

  CryptImportKey

  CryptDestroyKey

  CryptDestroyHash

  CryptHashData

  CryptCreateHash

  CryptGetHashParam

  RegSetValueExW

  CryptAcquireContextA

  LookupPrivilegeValueW

  AdjustTokenPrivileges

  OpenProcessToken

  RegCloseKey

  RegDeleteKeyW

  RegCreateKeyExW

  RegEnumKeyExW

  RegOpenKeyExW

  comctl32

  InitCommonControlsEx

  ord17

  _TrackMouseEvent

  gdiplus

  GdipRotateMatrix

  GdipTranslateMatrix

  GdipDeleteMatrix

  GdipCreateMatrix

  GdipAddPathArc

  GdipAddPathLine

  GdipDeletePath

  GdipCreatePath

  GdipFree

  GdipAlloc

  GdiplusShutdown

  GdiplusStartup

  GdipGetImageHeight

  GdipCreatePen1

  GdipSetStringFormatTrimming

  GdipSetStringFormatLineAlign

  GdipSetStringFormatAlign

  GdipSetStringFormatFlags

  GdipCloneStringFormat

  GdipDeleteStringFormat

  GdipMeasureString

  GdipDrawString

  GdipDeleteFont

  GdipCreateFontFromLogfontA

  GdipCreateFontFromDC

  GdipDrawImageRectRect

  GdipFillPath

  GdipFillRectangleI

  GdipDeleteBrush

  GdipImageGetFrameDimensionsCount

  GdipSetPenMode

  GdipSetPenDashStyle

  GdipLoadImageFromStream

  GdipCloneImage

  GdipDisposeImage

  GdipCreateImageAttributes

  GdipDisposeImageAttributes

  GdipSetImageAttributesColorMatrix

  GdipCreateFromHDC

  GdipDeleteGraphics

  GdipReleaseDC

  GdipStringFormatGetGenericTypographic

  GdipCreateSolidFill

  GdipImageGetFrameDimensionsList

  GdipImageGetFrameCount

  GdipImageSelectActiveFrame

  GdipGetPropertyItemSize

  GdipGetPropertyItem

  GdipDrawImageRectI

  GdipTranslateWorldTransform

  GdipRotateWorldTransform

  GdipCreatePen2

  GdipSetPenStartCap

  GdipSetPenEndCap

  GdipGetImageGraphicsContext

  GdipCreateBitmapFromScan0

  GdipDrawLine

  GdipDrawImageI

  GdipDrawRectangleI

  GdipResetWorldTransform

  GdipSetSmoothingMode

  GdipSetTextRenderingHint

  GdipSetInterpolationMode

  GdipGetImageWidth

  GdipSetWorldTransform

  GdipDeletePen

  GdipDrawPath

  imm32

  ImmReleaseContext

  ImmSetCompositionWindow

  ImmGetContext

  shlwapi

  PathAppendW

  winhttp

  WinHttpQueryDataAvailable

  WinHttpConnect

  WinHttpSetTimeouts

  WinHttpSendRequest

  WinHttpWriteData

  WinHttpGetProxyForUrl

  WinHttpGetIEProxyConfigForCurrentUser

  WinHttpCloseHandle

  WinHttpSetOption

  WinHttpOpenRequest

  WinHttpReadData

  WinHttpQueryHeaders

  WinHttpAddRequestHeaders

  WinHttpOpen

  WinHttpReceiveResponse

  WinHttpCrackUrl

  bcrypt

  BCryptGenRandom

  netapi32

  Netbios

  Sections

  .text

  Size: 3.1MB - Virtual size: 3.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 980KB - Virtual size: 980KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 194KB - Virtual size: 221KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 139KB - Virtual size: 139KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  _RDATA

  Size: 512B - Virtual size: 244B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .QMGuid

  Size: 512B - Virtual size: 32B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1.9MB - Virtual size: 1.9MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 34KB - Virtual size: 33KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ