038c5fc75ebd67d9802f88e24ecde4e672e240869bbf63b626632fd857a17bb5

Sharing

Copy URL

Twitter E-mail

General

Target

038c5fc75ebd67d9802f88e24ecde4e672e240869bbf63b626632fd857a17bb5
Size

2.4MB
MD5

d30e888743b4cdf7f6900aa6767e1517
SHA1

4346604ff452714bc5328e514a6105081c2d6bd7
SHA256

038c5fc75ebd67d9802f88e24ecde4e672e240869bbf63b626632fd857a17bb5
SHA512

c2e51506974a5d33e6d4dd2c9c347232bdb5a022fc0f9038e3d0440d40a9eb24f3f784c11ab2d2c81c532981cb60b2ef89da5c5db612dda82d55414335a5d6df
SSDEEP

49152:vTg7b3WiUhLqc4tXOexzWGD/ks7RiuJh0VIBwzl4O65r9g3tPHX/U5TuuxXH:v0PGiAcx3RiuJhkFltirmNX/U

Score

1^/10

Malware Config

Signatures

Files

038c5fc75ebd67d9802f88e24ecde4e672e240869bbf63b626632fd857a17bb5
.exe windows:6 windows x86 arch:x86

fcb7832b325a76914e1d1ba6d1c28afc

Code Sign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00 UTC

Not After

22/02/2024, 23:59 UTC

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00 UTC

Not After

10/02/2026, 12:00 UTC

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00 UTC

Not After

22/10/2028, 12:00 UTC

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00 UTC

Not After

22/02/2024, 23:59 UTC

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00 UTC

Not After

21/11/2033, 23:59 UTC

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00 UTC

Not After

22/03/2037, 23:59 UTC

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00 UTC

Not After

09/11/2031, 23:59 UTC

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

be:d4:f9:56:ba:ed:ce:05:69:6e:57:2b:0e:c2:ca:1d:f9:b4:8a:2e:e1:cc:7b:57:04:24:88:39:f3:79:7f:1b
Signer

Actual PE Digest

be:d4:f9:56:ba:ed:ce:05:69:6e:57:2b:0e:c2:ca:1d:f9:b4:8a:2e:e1:cc:7b:57:04:24:88:39:f3:79:7f:1b

Digest Algorithm

sha256

PE Digest Matches

false

58:67:3b:46:e1:3f:f7:04:52:c2:dc:73:6f:5d:fd:46:ab:01:37:97
Signer

Actual PE Digest

58:67:3b:46:e1:3f:f7:04:52:c2:dc:73:6f:5d:fd:46:ab:01:37:97

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Tools\agent\workspace\WeChatUpdate\WechatUpdate\Release\WeChatUpdate.pdb

Imports

kernel32

GetSystemTimeAsFileTime
WriteConsoleW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetThreadId
CreateSemaphoreA
CreateEventA
GetModuleHandleA
WaitForSingleObjectEx
ReleaseSemaphore
SetEvent
LocalFree
FormatMessageA
CreateFileA
SetEndOfFile
SetLastError
MapViewOfFileEx
UnmapViewOfFile
CreateFileMappingA
GetEnvironmentVariableW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFileTime
GetFullPathNameW
SetFilePointerEx
DeviceIoControl
MoveFileExW
SetWaitableTimer
CreateWaitableTimerW
OpenEventA
WaitForMultipleObjectsEx
ResetEvent
Thread32First
Thread32Next
AreFileApisANSI
GetFileSizeEx
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
FreeLibrary
GetWindowsDirectoryW
GetSystemInfo
DeleteFileW
GetTimeZoneInformation
SetFileAttributesW
GetSystemDirectoryW
GetVersionExW
CopyFileW
GetFileAttributesW
FindClose
RemoveDirectoryW
FindNextFileW
WritePrivateProfileStringW
FindFirstFileW
GetFileInformationByHandle
GetProcAddress
LoadLibraryW
GetLogicalDriveStringsW
lstrlenW
QueryDosDeviceW
TerminateThread
SetUnhandledExceptionFilter
GetCurrentProcessId
GetModuleFileNameW
GetSystemDefaultUILanguage
GlobalUnlock
GetModuleHandleW
GlobalLock
GlobalFree
GlobalAlloc
FreeResource
GetTickCount
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
ReleaseMutex
CreateMutexW
TerminateProcess
GetPrivateProfileStringW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetFileSize
CreateThread
ReadConsoleA
SetConsoleMode
LoadLibraryA
ConvertFiberToThread
DeleteFiber
WaitForSingleObject
GetTempPathW
DosDateTimeToFileTime
GetFileType
SystemTimeToFileTime
GetCurrentDirectoryW
CloseHandle
DuplicateHandle
CreateFileW
SetFilePointer
WriteFile
GetCurrentProcess
ReadFile
CreateDirectoryW
FindResourceW
LoadResource
FindResourceExW
LockResource
SizeofResource
WideCharToMultiByte
GetLocalTime
Sleep
MultiByteToWideChar
GetCurrentThreadId
GetShortPathNameW
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetConsoleCtrlHandler
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStdHandle
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
SetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
RtlUnwind
MulDiv
GetACP
ExitProcess
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
CreateEventW
InitializeCriticalSectionAndSpinCount
OutputDebugStringW
IsDebuggerPresent
GetCPInfo
CompareStringEx
GetStringTypeW
GetLocaleInfoEx
LCMapStringEx
EncodePointer
FileTimeToSystemTime
HeapSize
InitializeCriticalSectionEx
HeapFree
QueryPerformanceFrequency
QueryPerformanceCounter
GetExitCodeThread
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock

user32

GetWindowThreadProcessId
PostMessageW
SendMessageW
GetDC
TranslateAcceleratorW
LoadStringW
GetUserObjectInformationW
GetProcessWindowStation
CreateAcceleratorTableW
InvalidateRgn
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
GetCaretPos
IsWindow
SwitchToThisWindow
GetSysColor
SetCaretPos
HideCaret
ShowCaret
CreateCaret
CharPrevW
PostQuitMessage
MoveWindow
GetWindowRect
FillRect
DrawTextW
ReleaseDC
TranslateMessage
SetFocus
PostThreadMessageA
DispatchMessageW
ShowWindow
GetSystemMetrics
GetWindow
GetMessageW
GetCursorPos
IsIconic
PtInRect
KillTimer
UpdateLayeredWindow
IsZoomed
GetClientRect
SetWindowLongW
SetCursor
LoadCursorW
ClientToScreen
SetTimer
CreateWindowExW
SetWindowRgn
EqualRect
GetWindowLongW
DestroyWindow
SetWindowPos
BringWindowToTop
FindWindowW
UnregisterClassW
EnableWindow
IntersectRect
SetRect
wsprintfW
DefWindowProcW
MessageBoxW
GetPropW
RegisterClassExW
LoadAcceleratorsW
GetKeyState
GetUpdateRect
BeginPaint
EndPaint
IsRectEmpty
InvalidateRect
MapWindowPoints
ScreenToClient
GetFocus
SetCapture
ReleaseCapture
GetParent
GetMonitorInfoW
MonitorFromWindow
SetLayeredWindowAttributes
LoadImageW
RegisterClassW
GetClassInfoExW
CallWindowProcW
OffsetRect
InflateRect
wvsprintfW
CharNextW
SetPropW

gdi32

SetWindowOrgEx
GetTextMetricsW
CreateRoundRectRgn
RestoreDC
GetClipBox
ExtSelectClipRgn
StretchBlt
SetStretchBltMode
SetBkColor
ExtTextOutW
CreatePenIndirect
MoveToEx
LineTo
SetBkMode
GetObjectA
SetTextColor
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
GetDeviceCaps
SaveDC
CreateFontIndirectW
RoundRect
CreateSolidBrush
DeleteObject
GetObjectW
Rectangle
CreatePen
DeleteDC
GetStockObject
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
CreateDIBSection
SetDIBColorTable
CreateRectRgnIndirect
BitBlt
CombineRgn
SelectClipRgn

advapi32

DeregisterEventSource
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
LookupPrivilegeValueW
AdjustTokenPrivileges
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
DuplicateTokenEx
RegQueryValueExW
GetTokenInformation
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegisterEventSourceW
CryptSignHashW
ReportEventW
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptEnumProvidersW
CryptExportKey

shell32

SHCreateDirectoryExW
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CLSIDFromProgID
CLSIDFromString
OleLockRunning
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree

gdiplus

GdiplusShutdown
GdipBitmapUnlockBits
GdipGetImageHeight
GdipGetImagePaletteSize
GdipCloneImage
GdipAlloc
GdiplusStartup
GdipCreateBitmapFromStream
GdipDrawImageI
GdipCreateBitmapFromScan0
GdipGetImageWidth
GdipDisposeImage
GdipGetImagePixelFormat
GdipFree
GdipBitmapLockBits
GdipCreateFromHDC
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipDrawString
GdipSetTextRenderingHint
GdipCreateLineBrushI
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipGetImagePalette

shlwapi

PathRemoveFileSpecW
PathFileExistsW

dbghelp

MiniDumpWriteDump

msimg32

AlphaBlend

userenv

GetAllUsersProfileDirectoryW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

comctl32

_TrackMouseEvent
ord17

ws2_32

closesocket
WSASetLastError
send
recv
WSAGetLastError
WSACleanup

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext
ImmNotifyIME

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertFreeCertificateContext
CertOpenStore

bcrypt

BCryptGenRandom

Exports

Exports

__ASSERT

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 523KB - Virtual size: 522KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fcb7832b325a76914e1d1ba6d1c28afc

Code Sign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

be:d4:f9:56:ba:ed:ce:05:69:6e:57:2b:0e:c2:ca:1d:f9:b4:8a:2e:e1:cc:7b:57:04:24:88:39:f3:79:7f:1bSigner

58:67:3b:46:e1:3f:f7:04:52:c2:dc:73:6f:5d:fd:46:ab:01:37:97Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

gdiplus

shlwapi

dbghelp

msimg32

userenv

version

comctl32

ws2_32

oleaut32

imm32

crypt32

bcrypt

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 523KB - Virtual size: 522KB

.data Size: 17KB - Virtual size: 36KB

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 109KB - Virtual size: 109KB

We care about your privacy.

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

be:d4:f9:56:ba:ed:ce:05:69:6e:57:2b:0e:c2:ca:1d:f9:b4:8a:2e:e1:cc:7b:57:04:24:88:39:f3:79:7f:1b
Signer

58:67:3b:46:e1:3f:f7:04:52:c2:dc:73:6f:5d:fd:46:ab:01:37:97
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 523KB - Virtual size: 522KB

.data
Size: 17KB - Virtual size: 36KB

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 109KB - Virtual size: 109KB