3aff61d722b19838df496096ce993c8f4c5c128e7da79b5384c2860c1672a5dc

Sharing

Copy URL

Twitter E-mail

General

Target

3aff61d722b19838df496096ce993c8f4c5c128e7da79b5384c2860c1672a5dc
Size

2.4MB
MD5

5f45bf38a3e706b0ad60d2692627955a
SHA1

803aee6b2d6fb3c4c0c9969da34015c57edf29fc
SHA256

3aff61d722b19838df496096ce993c8f4c5c128e7da79b5384c2860c1672a5dc
SHA512

389b1d72bce9d53c9db1c042757bbc8d0c8c24f85bf8e4c1b7ed67a39d33d8917408cc58a9911a8851358a7f608943c686e76bd9405d55e42c6e7d55ae0a2396
SSDEEP

49152:0Tg7b3WiUhLqc4tXOexzWGD/ks7RiuJh0VIBwzl4O65r9g3tPHX/U5TuuxXH:00PGiAcx3RiuJhkFltirmNX/U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3aff61d722b19838df496096ce993c8f4c5c128e7da79b5384c2860c1672a5dc

Files

3aff61d722b19838df496096ce993c8f4c5c128e7da79b5384c2860c1672a5dc
.exe windows:6 windows x86 arch:x86

fcb7832b325a76914e1d1ba6d1c28afc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Tools\agent\workspace\WeChatUpdate\WechatUpdate\Release\WeChatUpdate.pdb

Imports

kernel32

GetSystemTimeAsFileTime
WriteConsoleW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetThreadId
CreateSemaphoreA
CreateEventA
GetModuleHandleA
WaitForSingleObjectEx
ReleaseSemaphore
SetEvent
LocalFree
FormatMessageA
CreateFileA
SetEndOfFile
SetLastError
MapViewOfFileEx
UnmapViewOfFile
CreateFileMappingA
GetEnvironmentVariableW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFileTime
GetFullPathNameW
SetFilePointerEx
DeviceIoControl
MoveFileExW
SetWaitableTimer
CreateWaitableTimerW
OpenEventA
WaitForMultipleObjectsEx
ResetEvent
Thread32First
Thread32Next
AreFileApisANSI
GetFileSizeEx
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
FreeLibrary
GetWindowsDirectoryW
GetSystemInfo
DeleteFileW
GetTimeZoneInformation
SetFileAttributesW
GetSystemDirectoryW
GetVersionExW
CopyFileW
GetFileAttributesW
FindClose
RemoveDirectoryW
FindNextFileW
WritePrivateProfileStringW
FindFirstFileW
GetFileInformationByHandle
GetProcAddress
LoadLibraryW
GetLogicalDriveStringsW
lstrlenW
QueryDosDeviceW
TerminateThread
SetUnhandledExceptionFilter
GetCurrentProcessId
GetModuleFileNameW
GetSystemDefaultUILanguage
GlobalUnlock
GetModuleHandleW
GlobalLock
GlobalFree
GlobalAlloc
FreeResource
GetTickCount
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
ReleaseMutex
CreateMutexW
TerminateProcess
GetPrivateProfileStringW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetFileSize
CreateThread
ReadConsoleA
SetConsoleMode
LoadLibraryA
ConvertFiberToThread
DeleteFiber
WaitForSingleObject
GetTempPathW
DosDateTimeToFileTime
GetFileType
SystemTimeToFileTime
GetCurrentDirectoryW
CloseHandle
DuplicateHandle
CreateFileW
SetFilePointer
WriteFile
GetCurrentProcess
ReadFile
CreateDirectoryW
FindResourceW
LoadResource
FindResourceExW
LockResource
SizeofResource
WideCharToMultiByte
GetLocalTime
Sleep
MultiByteToWideChar
GetCurrentThreadId
GetShortPathNameW
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetConsoleCtrlHandler
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStdHandle
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
SetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
RtlUnwind
MulDiv
GetACP
ExitProcess
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
CreateEventW
InitializeCriticalSectionAndSpinCount
OutputDebugStringW
IsDebuggerPresent
GetCPInfo
CompareStringEx
GetStringTypeW
GetLocaleInfoEx
LCMapStringEx
EncodePointer
FileTimeToSystemTime
HeapSize
InitializeCriticalSectionEx
HeapFree
QueryPerformanceFrequency
QueryPerformanceCounter
GetExitCodeThread
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock

user32

GetWindowThreadProcessId
PostMessageW
SendMessageW
GetDC
TranslateAcceleratorW
LoadStringW
GetUserObjectInformationW
GetProcessWindowStation
CreateAcceleratorTableW
InvalidateRgn
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
GetCaretPos
IsWindow
SwitchToThisWindow
GetSysColor
SetCaretPos
HideCaret
ShowCaret
CreateCaret
CharPrevW
PostQuitMessage
MoveWindow
GetWindowRect
FillRect
DrawTextW
ReleaseDC
TranslateMessage
SetFocus
PostThreadMessageA
DispatchMessageW
ShowWindow
GetSystemMetrics
GetWindow
GetMessageW
GetCursorPos
IsIconic
PtInRect
KillTimer
UpdateLayeredWindow
IsZoomed
GetClientRect
SetWindowLongW
SetCursor
LoadCursorW
ClientToScreen
SetTimer
CreateWindowExW
SetWindowRgn
EqualRect
GetWindowLongW
DestroyWindow
SetWindowPos
BringWindowToTop
FindWindowW
UnregisterClassW
EnableWindow
IntersectRect
SetRect
wsprintfW
DefWindowProcW
MessageBoxW
GetPropW
RegisterClassExW
LoadAcceleratorsW
GetKeyState
GetUpdateRect
BeginPaint
EndPaint
IsRectEmpty
InvalidateRect
MapWindowPoints
ScreenToClient
GetFocus
SetCapture
ReleaseCapture
GetParent
GetMonitorInfoW
MonitorFromWindow
SetLayeredWindowAttributes
LoadImageW
RegisterClassW
GetClassInfoExW
CallWindowProcW
OffsetRect
InflateRect
wvsprintfW
CharNextW
SetPropW

gdi32

SetWindowOrgEx
GetTextMetricsW
CreateRoundRectRgn
RestoreDC
GetClipBox
ExtSelectClipRgn
StretchBlt
SetStretchBltMode
SetBkColor
ExtTextOutW
CreatePenIndirect
MoveToEx
LineTo
SetBkMode
GetObjectA
SetTextColor
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
GetDeviceCaps
SaveDC
CreateFontIndirectW
RoundRect
CreateSolidBrush
DeleteObject
GetObjectW
Rectangle
CreatePen
DeleteDC
GetStockObject
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
CreateDIBSection
SetDIBColorTable
CreateRectRgnIndirect
BitBlt
CombineRgn
SelectClipRgn

advapi32

DeregisterEventSource
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
LookupPrivilegeValueW
AdjustTokenPrivileges
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
DuplicateTokenEx
RegQueryValueExW
GetTokenInformation
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegisterEventSourceW
CryptSignHashW
ReportEventW
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptEnumProvidersW
CryptExportKey

shell32

SHCreateDirectoryExW
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CLSIDFromProgID
CLSIDFromString
OleLockRunning
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree

gdiplus

GdiplusShutdown
GdipBitmapUnlockBits
GdipGetImageHeight
GdipGetImagePaletteSize
GdipCloneImage
GdipAlloc
GdiplusStartup
GdipCreateBitmapFromStream
GdipDrawImageI
GdipCreateBitmapFromScan0
GdipGetImageWidth
GdipDisposeImage
GdipGetImagePixelFormat
GdipFree
GdipBitmapLockBits
GdipCreateFromHDC
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipDrawString
GdipSetTextRenderingHint
GdipCreateLineBrushI
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipGetImagePalette

shlwapi

PathRemoveFileSpecW
PathFileExistsW

dbghelp

MiniDumpWriteDump

msimg32

AlphaBlend

userenv

GetAllUsersProfileDirectoryW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

comctl32

_TrackMouseEvent
ord17

ws2_32

closesocket
WSASetLastError
send
recv
WSAGetLastError
WSACleanup

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext
ImmNotifyIME

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertFreeCertificateContext
CertOpenStore

bcrypt

BCryptGenRandom

Exports

Exports

__ASSERT

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 523KB - Virtual size: 522KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fcb7832b325a76914e1d1ba6d1c28afc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

gdiplus

shlwapi

dbghelp

msimg32

userenv

version

comctl32

ws2_32

oleaut32

imm32

crypt32

bcrypt

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 523KB - Virtual size: 522KB

.data Size: 17KB - Virtual size: 36KB

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 83KB - Virtual size: 83KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 523KB - Virtual size: 522KB

.data
Size: 17KB - Virtual size: 36KB

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 83KB - Virtual size: 83KB