wxDriver64[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

wxDriver64.dll
Size

27KB
MD5

b6823688c7f0645daad6c9ce7cb8b75c
SHA1

bb340190bca8afc079c7c169c284ab419ef27607
SHA256

294b2f1d271953a6d4d6d9325898a79ea674ecd9eac6db8e3cda68d9c26efb7a
SHA512

1333642e08bd70e5f29295e3f21c8e49a85829ba2ee427cf28690be5efe1a91d4f31f140979c8defcd3fecb1591a1030366bf552d8a80e81530cb33a719afd05
SSDEEP

384:z4ecx+GjwA2l1I8JUl+Y7kDk+OtjC3fldVfTwXo2ve0jUhJRvNd5ezFNp08cPs1:dPIyI+OhC3y4Yohhd5eJNz8e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
wxDriver64.dll

Files

wxDriver64.dll
.dll windows:6 windows x64 arch:x64

ad7b96d48b0c66de31ea03e0cff536e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\VS2019C++\MyWeChatRobot\Release\socket\wxDriver64.pdb

Imports

kernel32

GetCurrentProcessId
GetModuleHandleW
GetModuleFileNameW
CreateToolhelp32Snapshot
Process32FirstW
lstrcmpW
Process32NextW
CreateProcessW
CreateRemoteThread
WaitForSingleObject
GetExitCodeThread
VirtualAllocEx
WriteProcessMemory
GetProcAddress
GetCurrentProcess
DuplicateHandle
SetUnhandledExceptionFilter
CloseHandle
VirtualFreeEx
OpenProcess
Sleep
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
UnhandledExceptionFilter

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler
memset
memcpy
__std_type_info_destroy_list
__std_exception_copy
_CxxThrowException
__std_exception_destroy
memmove

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_onexit_table
_seh_filter_dll
_initterm_e
_initterm
_cexit
_initialize_narrow_environment
_invalid_parameter_noinfo_noreturn
_execute_onexit_table

api-ms-win-crt-filesystem-l1-1-0

_wstat64i32

api-ms-win-crt-heap-l1-1-0

_callnewh
realloc
free
malloc

Exports

Exports

new_wechat
start_listen
stop_listen

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad7b96d48b0c66de31ea03e0cff536e9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

msvcp140

ntdll

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 14KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 108B

.text
Size: 15KB - Virtual size: 14KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 108B