fc104078d41601c76870d7d3fcc82523d40ce321451e2de903cf7e435770940b

Sharing

Copy URL Twitter E-mail

General

Target

fc104078d41601c76870d7d3fcc82523d40ce321451e2de903cf7e435770940b
Size

922KB
MD5

c6bfded0a5a34b590ff5aa5d4a03e1e3
SHA1

3ecb78353a7295da3264ea2f5c907598b1ec3f7f
SHA256

fc104078d41601c76870d7d3fcc82523d40ce321451e2de903cf7e435770940b
SHA512

339b2876ccb31844de582099c131d0a726c5d4f01ee17f9817774c8e9b2e9dc2b39ff3d8336ee55d33c4b566dbfd5fa2dbdac0b6e0d848e2487307b727086cf7
SSDEEP

24576:NAdMXy0NJ0iJdtRji0kjIG7wLfrjmlP6GUEbmoVZ26RKKtGbb+Jbe2znBF:NNnajIiwLfrjmlP6GUroVZfQKkbqy2zj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc104078d41601c76870d7d3fcc82523d40ce321451e2de903cf7e435770940b

Files

fc104078d41601c76870d7d3fcc82523d40ce321451e2de903cf7e435770940b
.dll windows:5 windows x86 arch:x86

c6c4b4e5cd939908edc3072333e3d435

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\workspace\6\wxwork_local_destop\package\LocalWXWorkPackage\ElectronWeworkSetup\InstallHelper\Release\InstallHelper.pdb

Imports

psapi

GetModuleFileNameExW
EnumProcessModules
GetModuleBaseNameW

kernel32

Sleep
GlobalAlloc
DeleteFileW
WriteFile
GetModuleHandleExW
CreateNamedPipeW
InitializeCriticalSection
GetTempPathW
GetCurrentThreadId
UnmapViewOfFile
DisconnectNamedPipe
OutputDebugStringW
GetLocalTime
WideCharToMultiByte
CreateFileMappingW
MapViewOfFile
ConnectNamedPipe
LoadLibraryW
FreeLibrary
ReadFile
IsBadWritePtr
GetStdHandle
CreatePipe
CreateProcessW
IsBadReadPtr
lstrcmpiW
GetLogicalDriveStringsW
lstrcmpW
LocalAlloc
CreateTimerQueueTimer
DeleteTimerQueueTimer
lstrlenW
GetUserDefaultUILanguage
GetFileAttributesW
GetCPInfo
GetCurrentThread
MapViewOfFileEx
GetFileSizeEx
FindFirstFileA
ReleaseSemaphore
FindNextFileA
SetEndOfFile
CreateMutexA
ReleaseMutex
GetModuleHandleA
CreateFileA
GetSystemInfo
SwitchToThread
SetFilePointerEx
CreateFileMappingA
RemoveDirectoryA
CreateDirectoryA
FormatMessageA
CreateSemaphoreA
GetTickCount
GetProcessTimes
GetSystemTimeAsFileTime
SetLastError
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
GetACP
GetModuleFileNameA
ExitProcess
ExitThread
RtlUnwind
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
VirtualProtect
VirtualFree
VirtualAlloc
LoadLibraryExW
GetModuleFileNameW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
ChangeTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
WaitForSingleObjectEx
AreFileApisANSI
MoveFileExW
GetStartupInfoW
GetVersion
GetSystemDirectoryW
FindClose
LeaveCriticalSection
RemoveDirectoryW
lstrcpynW
FindNextFileW
ResetEvent
EnterCriticalSection
FindFirstFileW
lstrcpyW
LocalFree
FindResourceW
LoadResource
FindResourceExW
GlobalFree
Process32FirstW
LockResource
Process32NextW
CreateToolhelp32Snapshot
WaitForMultipleObjects
TerminateProcess
InterlockedDecrement
GetLongPathNameW
SizeofResource
MultiByteToWideChar
CreateFileW
DeviceIoControl
ConvertThreadToFiber
GetModuleHandleW
GetCurrentProcessId
GetProcAddress
CreateThread
CloseHandle
TerminateThread
SetEvent
CreateEventW
OpenProcess
DuplicateHandle
GetVersionExW
WaitForSingleObject
DeleteFiber
GetCurrentProcess
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
ReadConsoleW
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
QueryPerformanceCounter
EncodePointer
TryEnterCriticalSection
IsDebuggerPresent

user32

LoadCursorW
DialogBoxParamW
GetParent
GetDesktopWindow
GetDlgItem
GetClientRect
BringWindowToTop
MapWindowPoints
GetMonitorInfoW
IsWindow
SetWindowTextW
EndDialog
SendMessageW
MonitorFromWindow
SetWindowPos
GetWindowRect
GetWindow
GetWindowLongW
wsprintfW
SetFocus
MoveWindow
DestroyWindow
PostMessageW
PostThreadMessageW
EndPaint
GetFocus
CallNextHookEx
GetSystemMetrics
UnhookWindowsHookEx
EnumThreadWindows
SetWindowsHookExW
GetAncestor
RegisterClassExW
UpdateLayeredWindow
SetScrollPos
SetTimer
KillTimer
BeginPaint
TrackMouseEvent
GetDlgItemTextW
GetWindowDC
DrawTextW
InvalidateRect
GetWindowTextW
GetMessageW
ScreenToClient
DispatchMessageW
ClientToScreen
RegisterClassW
TranslateMessage
FillRect
SetCursor
IsZoomed
PostQuitMessage
PtInRect
EnableWindow
GetDC
IsWindowVisible
ReleaseDC
GetCursorPos
DefWindowProcW
CallWindowProcW
CreateWindowExW
ShowWindow
GetClassNameW
SetWindowLongW
IsIconic

gdi32

GetStretchBltMode
SetStretchBltMode
TextOutW
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontW
CreateRectRgnIndirect
GetTextMetricsW
Rectangle
ExtSelectClipRgn
SetDCPenColor
SelectObject
GetStockObject
CreatePatternBrush
SetTextColor
SetBkMode
DeleteObject
DeleteDC
GetTextExtentPoint32W

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ReadEventLogA
CloseEventLog
OpenEventLogA
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
EqualSid
RegOpenKeyExA
RegQueryValueExW
SetTokenInformation
ConvertStringSidToSidW
CreateProcessAsUserW
GetLengthSid
DuplicateTokenEx
GetTokenInformation
RegCloseKey
RegQueryValueExA
RegOpenKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

shell32

CommandLineToArgvW
ShellExecuteW
SHGetSpecialFolderPathW
ShellExecuteExW
SHCreateDirectoryExW

ole32

CoCreateGuid
CoInitializeEx
OleRun
CLSIDFromProgID
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysAllocString
GetErrorInfo
SysFreeString

shlwapi

PathFileExistsW
StrStrIW

ws2_32

WSACleanup
closesocket
gethostbyname
sendto
htons
htonl
socket
WSAStartup

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

gdiplus

GdiplusShutdown
GdipCreateBitmapFromFile
GdipGetImageWidth
GdipFree
GdipCreateHBITMAPFromBitmap
GdipDisposeImage
GdipAlloc
GdipCloneImage
GdipGetImageHeight
GdiplusStartup
GdipDrawImageRectRectI
GdipCreateFromHDC
GdipDeleteGraphics

netapi32

Netbios
NetApiBufferFree
NetWkstaTransportEnum

Exports

Exports

AddRule
CanRemoveOldInstallDirPath
CheckClickFastInstall
CheckFileLocked
CheckInstallNotUniformPackageForCustomCorp
CheckInstallType
CreateCustomPage
CreateDownloaderPage
CreateFinishPage
CreateInstallPage
CreateUninstallFinishPage
CreateUninstallPage
CreateWelcomePage
DestroyWnd
DirVerify
DownloadUpdatePackage
EnforceFileWritable
FileNeedOverWrite
FindProcessByName
GenerateOldInstallDirPath
GentlyKillQQMusic
GetAutoStartAfterBoot
GetCheck
GetFileVersion
GetGUID
GetNetCardID
GetOSVersionStringInfo
GetParentProcessName
GetWXDriveInstallProgress
GoToNextPage
HandleCloseAllThirdSdkExe
HandleRegisterThirdSdk
HandleRemoveThirdSdkRegister
HandleUpdateLastPackageData
InitCompareMd5Dir
InitInstallDir
InitSkin
InitUninstallSkin
InitUpdateOrFastInstall
IsChineseSystem
IsQQMusicRunning
IsSystemVistaOrLater
IsSystemXPSp3OrLater
IsWin7OrLater
KillProcessbyPath
Log
MoveWindowRect
NeedReserveUserData
NeedRunAfterInstall
RTXCompareVersion
RemoveRule
Report
ReportInstallProgress
RunAppAsUser
SetCheck
SetDirectoryAndCheckDrive
SetDirectoryText
SetFocusWnd
SetIsForUninstall
SetProductLicenseUrl
SetProductName
SetWXWorkLocalPackageName
ShowCanNotInstallerInXpMessageBox
ShowMessageBox
ShowOSVersionTooLowMessageBox
ShowRTXExistLasterVersionMessageBox
ShowRTXExistVersionMessageBox
ShowRTXRunningMessageBox
ShowUninstallConfirmMessageBox
ShowUninstallWXWorkRunningMessageBox
TerminateProcessByName
TryToRenameDataFile
UIUpdateInstallProgress
UnInitSkin
UpdateUninstallProgress
encodeURIComponent

Sections

.text
Size: 719KB - Virtual size: 718KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6c4b4e5cd939908edc3072333e3d435

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

version

gdiplus

netapi32

Exports

Exports

Sections

.text Size: 719KB - Virtual size: 718KB

.rdata Size: 145KB - Virtual size: 145KB

.data Size: 13KB - Virtual size: 21KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1024B - Virtual size: 696B

.reloc Size: 37KB - Virtual size: 36KB

.text
Size: 719KB - Virtual size: 718KB

.rdata
Size: 145KB - Virtual size: 145KB

.data
Size: 13KB - Virtual size: 21KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1024B - Virtual size: 696B

.reloc
Size: 37KB - Virtual size: 36KB