f20d4e5af0c295981fa2fabe792693301ec8abbdd9e282f00dcdc82070140f64

Sharing

Copy URL

Twitter E-mail

General

Target

f20d4e5af0c295981fa2fabe792693301ec8abbdd9e282f00dcdc82070140f64
Size

1.1MB
MD5

2224d6c8c2678acc9257abbdf16a4d6e
SHA1

42280d23a2c651708e12382cf11c0a03f24e6ea8
SHA256

f20d4e5af0c295981fa2fabe792693301ec8abbdd9e282f00dcdc82070140f64
SHA512

c9be022b6c27acc6126a3ccc9ef07dfe2ded4f0233571c3e271c206834a90b49ce5ed5526172ef70d15368026894c7a406ec52b8807a41f648b0cca0a66450e6
SSDEEP

24576:6uVv5n0BDe/dtc5MkpZGvpiZswhiTlhN/5dMP45yLwTRiaeAz6YYp2Bebqcg:34h4+XpyITiTHN/5dTJTM06YYpa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f20d4e5af0c295981fa2fabe792693301ec8abbdd9e282f00dcdc82070140f64

Files

f20d4e5af0c295981fa2fabe792693301ec8abbdd9e282f00dcdc82070140f64
.exe windows:5 windows x86 arch:x86

50a83d761873279ae5e00de13fa5f494

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Tools\agent\workspace\WeChatUpdate\WechatUpdate\Release\WeChatUpdate.pdb

Imports

kernel32

GlobalFree
GlobalLock
GetModuleHandleW
GlobalUnlock
GetSystemDefaultUILanguage
GetModuleFileNameW
SetUnhandledExceptionFilter
TerminateThread
QueryDosDeviceW
lstrlenW
GetLogicalDriveStringsW
LoadLibraryW
GetProcAddress
WritePrivateProfileStringW
GetShortPathNameW
RemoveDirectoryW
GlobalAlloc
GetVersionExW
GetSystemDirectoryW
SetFileAttributesW
GetTimeZoneInformation
DeleteFileW
GetSystemInfo
GetWindowsDirectoryW
FreeLibrary
CopyFileW
GetSystemTimeAsFileTime
WriteConsoleW
FreeResource
GetTickCount
OpenMutexW
GetFileAttributesW
Process32FirstW
Process32NextW
Sleep
CreateToolhelp32Snapshot
OpenProcess
ReleaseMutex
CreateMutexW
TerminateProcess
GetPrivateProfileStringW
InterlockedCompareExchange
InterlockedExchange
GetFileSize
CreateThread
WaitForSingleObject
GetTempPathW
DosDateTimeToFileTime
GetFileType
WideCharToMultiByte
SystemTimeToFileTime
GetCurrentDirectoryW
MultiByteToWideChar
DuplicateHandle
GetCurrentProcess
SetEndOfFile
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetStdHandle
GetModuleHandleExW
ExitThread
SetStdHandle
MoveFileExW
RtlUnwind
ReadFile
CreateDirectoryW
FindResourceW
LoadResource
FindResourceExW
LockResource
SizeofResource
FlushFileBuffers
GetCurrentProcessId
GetLocalTime
CloseHandle
GetCurrentThreadId
CreateFileW
FindClose
SetFilePointer
InitializeCriticalSection
LeaveCriticalSection
OutputDebugStringA
WriteFile
FindNextFileW
EnterCriticalSection
FindFirstFileW
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
LoadLibraryExW
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
InterlockedDecrement
InterlockedIncrement
MulDiv
GetACP
ExitProcess
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
ResetEvent
SetEvent
OutputDebugStringW
IsDebuggerPresent
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
SetLastError
EncodePointer
TryEnterCriticalSection
QueryPerformanceCounter
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
WaitForSingleObjectEx
GetCurrentThread
GetExitCodeThread

user32

PostMessageW
SendMessageW
GetWindowThreadProcessId
MoveWindow
GetWindowRect
SetWindowPos
ReleaseDC
DrawTextW
FillRect
IsWindow
EnableWindow
PostQuitMessage
TranslateMessage
SetFocus
PostThreadMessageA
DispatchMessageW
ShowWindow
GetSystemMetrics
GetWindow
GetMessageW
GetCursorPos
CreateAcceleratorTableW
InvalidateRgn
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
GetCaretPos
GetSysColor
SetCaretPos
SwitchToThisWindow
BringWindowToTop
FindWindowW
UnregisterClassW
GetDC
wsprintfW
DefWindowProcW
MessageBoxW
GetPropW
RegisterClassExW
LoadAcceleratorsW
LoadStringW
TranslateAcceleratorW
SetPropW
DestroyWindow
GetWindowLongW
EqualRect
SetWindowRgn
CreateWindowExW
SetTimer
ClientToScreen
LoadCursorW
SetCursor
SetWindowLongW
GetClientRect
IsZoomed
UpdateLayeredWindow
KillTimer
PtInRect
IsIconic
GetKeyState
GetUpdateRect
BeginPaint
EndPaint
IsRectEmpty
InvalidateRect
MapWindowPoints
ScreenToClient
GetFocus
SetCapture
ReleaseCapture
GetParent
GetMonitorInfoW
MonitorFromWindow
SetLayeredWindowAttributes
LoadImageW
RegisterClassW
GetClassInfoExW
CallWindowProcW
OffsetRect
InflateRect
wvsprintfW
IntersectRect
CharNextW
SetRect
CharPrevW
CreateCaret
ShowCaret
HideCaret

gdi32

CreateCompatibleBitmap
CreateDIBSection
SetDIBColorTable
CreateRectRgnIndirect
CombineRgn
BitBlt
SelectObject
CreateCompatibleDC
GetStockObject
DeleteDC
CreatePen
Rectangle
GetObjectW
DeleteObject
CreateSolidBrush
RoundRect
CreateFontIndirectW
SaveDC
RestoreDC
SetWindowOrgEx
GetTextMetricsW
CreateRoundRectRgn
SelectClipRgn
GetClipBox
ExtSelectClipRgn
StretchBlt
SetStretchBltMode
SetBkColor
ExtTextOutW
CreatePenIndirect
MoveToEx
LineTo
SetBkMode
GetObjectA
SetTextColor
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
GetDeviceCaps

advapi32

GetSidSubAuthority
RegSetValueExW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
GetSidSubAuthorityCount
RegOpenKeyExW
OpenProcessToken
DuplicateTokenEx
RegQueryValueExW
GetTokenInformation

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHCreateDirectoryExW
ShellExecuteExW
ShellExecuteW

ole32

CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CreateStreamOnHGlobal

gdiplus

GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipBitmapLockBits
GdipFree
GdipGetImagePixelFormat
GdipDisposeImage
GdipAlloc
GdipGetImagePalette
GdipBitmapUnlockBits
GdipCloneImage
GdipGetImagePaletteSize
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdiplusStartup
GdipGetImageWidth
GdipCreateBitmapFromStream
GdipDrawImageI
GdipCreateLineBrushI
GdipSetTextRenderingHint
GdiplusShutdown
GdipCreateFromHDC
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipDrawString

shlwapi

PathFileExistsW
PathRemoveFileSpecW

dbghelp

MiniDumpWriteDump

msimg32

AlphaBlend

userenv

GetAllUsersProfileDirectoryW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

comctl32

_TrackMouseEvent
ord17

oleaut32

SysFreeString
VariantInit
SysAllocString
VariantClear

imm32

ImmGetContext
ImmReleaseContext
ImmNotifyIME
ImmSetCompositionWindow

Sections

.text
Size: 644KB - Virtual size: 643KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 107KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

50a83d761873279ae5e00de13fa5f494

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

gdiplus

shlwapi

dbghelp

msimg32

userenv

version

comctl32

oleaut32

imm32

Sections

.text Size: 644KB - Virtual size: 643KB

.rdata Size: 172KB - Virtual size: 172KB

.data Size: 13KB - Virtual size: 21KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 107KB - Virtual size: 108KB

.text
Size: 644KB - Virtual size: 643KB

.rdata
Size: 172KB - Virtual size: 172KB

.data
Size: 13KB - Virtual size: 21KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 107KB - Virtual size: 108KB