SWeChatRobot[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

SWeChatRobot.dll
Size

378KB
MD5

904fb01952b125764ccc3b7d10498d03
SHA1

31f1f5f13c55592976b7be6c0c9e9effa780722f
SHA256

f4e2335a7580e60aeb565bdc240a50362a5dcf981805eaa514bb379c199bc3b8
SHA512

8af4aaa5b89787f6e5be37c1cbd254e70730d239d33295a76aa7a265786bbf7f5def043dd2ba2c658b41f8146819471611e338b922882b2054b4ef1f70a313ae
SSDEEP

6144:XnRFlwtUVrdp6hpIXGO7k7Ds58KPnCq8IzbfRe3yD0c5BDlx/yAff6xyXtkQMB7C:XnHwgrf6hpI2Og7SIRIzbfRe3yD0c5Bx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SWeChatRobot.dll

Files

SWeChatRobot.dll
.dll windows:6 windows x86 arch:x86

4d8501147f6feaa7e7bac6812cf7c6d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\VS2019C++\MyWeChatRobot\Release\socket\SWeChatRobot.pdb

Imports

kernel32

WideCharToMultiByte
Sleep
WriteProcessMemory
GetCurrentProcess
GetCurrentProcessId
CreateThread
CloseHandle
WaitForSingleObject
MultiByteToWideChar
lstrcpyW
CreateFileW
WriteFile
GetModuleFileNameA
VirtualProtect
GetModuleHandleA
AttachConsole
ReadProcessMemory
AllocConsole
lstrcmpW
GetModuleFileNameW
GetSystemTimeAsFileTime
SetLastError
GetFileAttributesW
FindFirstFileW
FindClose
FindNextFileW
GetTickCount
FreeConsole
FindFirstFileExW
GetFullPathNameW
GetTempPathA
OutputDebugStringA
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetWindowsDirectoryA
GetComputerNameA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetCurrentThreadId
RtlCaptureStackBackTrace
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
IsDebuggerPresent
QueryPerformanceCounter
InitializeSListHead
GetStdHandle

user32

PostThreadMessageW
TranslateMessage
GetMessageW
DispatchMessageW

msvcp140

?_Xinvalid_argument@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Xbad_alloc@std@@YAXXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?_Xbad_function_call@std@@YAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@PAV32@@Z
?copyfmt@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEAAV12@ABV12@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

socket
recvfrom
getsockopt
__WSAFDIsSet
htons
inet_pton
connect
send
closesocket
recv
WSAStartup
WSAGetLastError
getsockname
select
accept
ioctlsocket
sendto
listen
bind
setsockopt

dbghelp

SymFromAddr
MakeSureDirectoryPathExists
SymSetOptions
SymCleanup
SymInitialize

vcruntime140

__current_exception
__current_exception_context
_except_handler4_common
__std_type_info_destroy_list
memmove
_purecall
__std_exception_copy
__std_terminate
__std_exception_destroy
__CxxFrameHandler3
memset
memcpy
memchr
_CxxThrowException
strchr
strrchr

api-ms-win-crt-runtime-l1-1-0

_getpid
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
terminate
_initterm
_initterm_e
raise
signal
_invalid_parameter_noinfo_noreturn
perror
abort
strerror_s
_set_errno
_errno

api-ms-win-crt-stdio-l1-1-0

fflush
fclose
fputc
__stdio_common_vsprintf_s
fgetc
_sopen_dispatch
_write
_close
__stdio_common_vsprintf
fwrite
fgetpos
__stdio_common_vfprintf
__acrt_iob_func
__stdio_common_vswprintf_s
_popen
_pclose
setvbuf
ungetc
fsetpos
fread
_fseeki64
freopen_s
_get_stream_buffer_pointers
fseek
putchar
ftell
_wfopen

api-ms-win-crt-filesystem-l1-1-0

_unlink
_stat64i32
_lock_file
_access
remove
rename
_mkdir
_unlock_file
_wstat64
_waccess

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-heap-l1-1-0

calloc
malloc
_callnewh
free

api-ms-win-crt-math-l1-1-0

_dsign
_fdopen
_dclass

api-ms-win-crt-convert-l1-1-0

_wtoi
strtol
wcstombs_s
mbstowcs_s
strtoll
strtoull
strtod
strtoul
atoi

api-ms-win-crt-time-l1-1-0

_time64
_localtime64_s
_gmtime64_s
_mktime64
_difftime64
_ftime64

api-ms-win-crt-string-l1-1-0

strncmp
strncpy

api-ms-win-crt-environment-l1-1-0

getenv

Exports

Exports

UnHookAll
http_close
http_start

Sections

.text
Size: 276KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d8501147f6feaa7e7bac6812cf7c6d6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcp140

version

ws2_32

dbghelp

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

Exports

Exports

Sections

.text Size: 276KB - Virtual size: 276KB

.rdata Size: 83KB - Virtual size: 82KB

.data Size: 2KB - Virtual size: 66KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 276KB - Virtual size: 276KB

.rdata
Size: 83KB - Virtual size: 82KB

.data
Size: 2KB - Virtual size: 66KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 15KB - Virtual size: 14KB