5f7257ffe4b73a9a6ae96d0726114d429e8d028309c5d59d37ad995554a0c0d0

Sharing

Copy URL Twitter E-mail

General

Target

5f7257ffe4b73a9a6ae96d0726114d429e8d028309c5d59d37ad995554a0c0d0
Size

2.5MB
MD5

1299456adefe7eb168d1be1613057670
SHA1

b0dc697e1ba161c0972a52efb7fb7cf7325faadb
SHA256

5f7257ffe4b73a9a6ae96d0726114d429e8d028309c5d59d37ad995554a0c0d0
SHA512

155947a76365c2158e5980e09aeac099749ba276287e40e38c9a617fdbd0ad49af744dbdefa96143e628370bbaba92489a6f8d09a707e9adf4503f2faaa5c438
SSDEEP

49152:jpry+2CN/u2c4HXOxaWyC7Kpg/QuJm5mP46lkUyxemCZtPHXWX3TKMZxXH:jpG+jNQaWQuJm4XlkfpUNXWX9

Score

1^/10

Malware Config

Signatures

Files

5f7257ffe4b73a9a6ae96d0726114d429e8d028309c5d59d37ad995554a0c0d0
.exe windows:6 windows x86 arch:x86

490fe87c9a9bfbacc8aec4d95cb59ed1

Code Sign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

22/02/2024, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

22/02/2024, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:5d:2f:b5:59:8d:da:b3:72:a2:e9:82:0e:92:4b:70:08:04:13:db:8e:6a:c3:a9:30:5d:1e:e4:5b:53:c5:c9
Signer

Actual PE Digest

2b:5d:2f:b5:59:8d:da:b3:72:a2:e9:82:0e:92:4b:70:08:04:13:db:8e:6a:c3:a9:30:5d:1e:e4:5b:53:c5:c9

Digest Algorithm

sha256

PE Digest Matches

false

7b:d6:13:8c:a7:70:fe:af:5e:7b:7c:67:77:ef:eb:ec:14:2e:36:bf
Signer

Actual PE Digest

7b:d6:13:8c:a7:70:fe:af:5e:7b:7c:67:77:ef:eb:ec:14:2e:36:bf

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Tools\agent\workspace\WeChatUpdate\WechatUpdate\Release\WeChatUpdate.pdb

Imports

kernel32

CopyFileW
GetSystemTimeAsFileTime
WriteConsoleW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetThreadId
CreateSemaphoreA
CreateEventA
GetModuleHandleA
WaitForSingleObjectEx
ReleaseSemaphore
SetEvent
LocalFree
FormatMessageA
CreateFileA
SetEndOfFile
SetLastError
MapViewOfFileEx
UnmapViewOfFile
CreateFileMappingA
GetEnvironmentVariableW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFileTime
GetFullPathNameW
SetFilePointerEx
DeviceIoControl
MoveFileExW
SetWaitableTimer
CreateWaitableTimerW
OpenEventA
WaitForMultipleObjectsEx
ResetEvent
Thread32First
Thread32Next
AreFileApisANSI
GetFileSizeEx
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
GetWindowsDirectoryW
GetSystemInfo
DeleteFileW
GetTimeZoneInformation
SetFileAttributesW
GetSystemDirectoryW
GetVersionExW
GetFileAttributesW
FreeLibrary
FindClose
RemoveDirectoryW
FindNextFileW
WritePrivateProfileStringW
FindFirstFileW
GetFileInformationByHandle
GetProcAddress
LoadLibraryW
GetLogicalDriveStringsW
lstrlenW
QueryDosDeviceW
TerminateThread
SetUnhandledExceptionFilter
GetCurrentProcessId
GetModuleFileNameW
GetSystemDefaultUILanguage
GlobalUnlock
GetModuleHandleW
GlobalLock
GlobalFree
GlobalAlloc
FreeResource
GetTickCount
OpenMutexW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
ReleaseMutex
CreateMutexW
TerminateProcess
GetPrivateProfileStringW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetFileSize
CreateThread
ReadConsoleA
SetConsoleMode
LoadLibraryA
ConvertFiberToThread
DeleteFiber
WaitForSingleObject
GetTempPathW
DosDateTimeToFileTime
GetFileType
SystemTimeToFileTime
GetCurrentDirectoryW
CloseHandle
DuplicateHandle
CreateFileW
SetFilePointer
WriteFile
GetCurrentProcess
ReadFile
CreateDirectoryW
FindResourceW
LoadResource
FindResourceExW
LockResource
SizeofResource
WideCharToMultiByte
GetLocalTime
Sleep
MultiByteToWideChar
GetCurrentThreadId
GetShortPathNameW
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetConsoleCtrlHandler
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStdHandle
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
SetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
RtlUnwind
MulDiv
GetACP
ExitProcess
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
CreateEventW
InitializeCriticalSectionAndSpinCount
OutputDebugStringW
IsDebuggerPresent
GetCPInfo
CompareStringEx
GetStringTypeW
GetLocaleInfoEx
LCMapStringEx
FileTimeToSystemTime
EncodePointer
HeapSize
InitializeCriticalSectionEx
HeapFree
QueryPerformanceFrequency
QueryPerformanceCounter
GetExitCodeThread
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock

user32

GetWindowThreadProcessId
PostMessageW
SendMessageW
GetDC
LoadStringW
GetUserObjectInformationW
GetProcessWindowStation
CreateAcceleratorTableW
InvalidateRgn
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
GetCaretPos
GetSysColor
IsWindow
SwitchToThisWindow
EnableWindow
SetCaretPos
HideCaret
ShowCaret
CreateCaret
CharPrevW
MoveWindow
GetWindowRect
FillRect
DrawTextW
ReleaseDC
TranslateMessage
SetFocus
PostThreadMessageA
DispatchMessageW
ShowWindow
GetSystemMetrics
GetWindow
GetMessageW
GetCursorPos
IsIconic
PtInRect
KillTimer
UpdateLayeredWindow
IsZoomed
GetClientRect
SetWindowLongW
SetCursor
LoadCursorW
ClientToScreen
SetTimer
CreateWindowExW
SetWindowRgn
EqualRect
GetWindowLongW
DestroyWindow
SetPropW
SetWindowPos
BringWindowToTop
FindWindowW
UnregisterClassW
PostQuitMessage
IntersectRect
SetRect
wsprintfW
DefWindowProcW
MessageBoxW
GetPropW
RegisterClassExW
LoadAcceleratorsW
GetKeyState
GetUpdateRect
BeginPaint
EndPaint
IsRectEmpty
InvalidateRect
MapWindowPoints
ScreenToClient
GetFocus
SetCapture
ReleaseCapture
GetParent
GetMonitorInfoW
MonitorFromWindow
SetLayeredWindowAttributes
LoadImageW
RegisterClassW
GetClassInfoExW
CallWindowProcW
OffsetRect
InflateRect
wvsprintfW
CharNextW
TranslateAcceleratorW

gdi32

SetWindowOrgEx
GetTextMetricsW
CreateRoundRectRgn
RestoreDC
GetClipBox
ExtSelectClipRgn
StretchBlt
SetStretchBltMode
SetBkColor
ExtTextOutW
CreatePenIndirect
MoveToEx
LineTo
SetBkMode
GetObjectA
SetTextColor
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
GetDeviceCaps
SaveDC
CreateFontIndirectW
RoundRect
CreateSolidBrush
DeleteObject
GetObjectW
Rectangle
CreatePen
DeleteDC
GetStockObject
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
CreateDIBSection
SetDIBColorTable
CreateRectRgnIndirect
BitBlt
CombineRgn
SelectClipRgn

advapi32

DeregisterEventSource
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
LookupPrivilegeValueW
AdjustTokenPrivileges
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
DuplicateTokenEx
RegQueryValueExW
GetTokenInformation
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegisterEventSourceW
CryptSignHashW
ReportEventW
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptEnumProvidersW
CryptExportKey

shell32

SHCreateDirectoryExW
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CLSIDFromProgID
CLSIDFromString
OleLockRunning
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree

gdiplus

GdiplusStartup
GdipCloneImage
GdipGetImagePaletteSize
GdiplusShutdown
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipAlloc
GdipBitmapUnlockBits
GdipDrawImageI
GdipCreateBitmapFromScan0
GdipGetImageWidth
GdipDisposeImage
GdipGetImagePixelFormat
GdipFree
GdipBitmapLockBits
GdipCreateFromHDC
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipDrawString
GdipSetTextRenderingHint
GdipCreateLineBrushI
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipGetImagePalette

shlwapi

PathRemoveFileSpecW
PathFileExistsW

dbghelp

MiniDumpWriteDump

msimg32

AlphaBlend

userenv

GetAllUsersProfileDirectoryW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

comctl32

_TrackMouseEvent
ord17

ws2_32

closesocket
WSASetLastError
send
recv
WSAGetLastError
WSACleanup

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext
ImmNotifyIME

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertFreeCertificateContext
CertOpenStore

bcrypt

BCryptGenRandom

Exports

Exports

__ASSERT

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 523KB - Virtual size: 522KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

490fe87c9a9bfbacc8aec4d95cb59ed1

Code Sign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

2b:5d:2f:b5:59:8d:da:b3:72:a2:e9:82:0e:92:4b:70:08:04:13:db:8e:6a:c3:a9:30:5d:1e:e4:5b:53:c5:c9Signer

7b:d6:13:8c:a7:70:fe:af:5e:7b:7c:67:77:ef:eb:ec:14:2e:36:bfSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

gdiplus

shlwapi

dbghelp

msimg32

userenv

version

comctl32

ws2_32

oleaut32

imm32

crypt32

bcrypt

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 523KB - Virtual size: 522KB

.data Size: 17KB - Virtual size: 36KB

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 115KB - Virtual size: 115KB

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

2b:5d:2f:b5:59:8d:da:b3:72:a2:e9:82:0e:92:4b:70:08:04:13:db:8e:6a:c3:a9:30:5d:1e:e4:5b:53:c5:c9
Signer

7b:d6:13:8c:a7:70:fe:af:5e:7b:7c:67:77:ef:eb:ec:14:2e:36:bf
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 523KB - Virtual size: 522KB

.data
Size: 17KB - Virtual size: 36KB

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 115KB - Virtual size: 115KB