b5dd51e304939c4c16ad445a71e1040c946c3aac1a8e2947a94cb98b23bc590a

Sharing

Copy URL

Twitter E-mail

General

Target

b5dd51e304939c4c16ad445a71e1040c946c3aac1a8e2947a94cb98b23bc590a
Size

1019KB
MD5

5f6842d24d2a3cb3d79477f6735d29c6
SHA1

2b55c92d625d1d5fae95f1918661ec3873e96b5d
SHA256

b5dd51e304939c4c16ad445a71e1040c946c3aac1a8e2947a94cb98b23bc590a
SHA512

435260fff6d2408fe2a0c3d9c45e3c2054c14a0ab699dc90e8575c198c578832f5b9fc73adb80ccdf70cce30971e088c33a6fbff4d4a5416db693ad0a151f0ef
SSDEEP

12288:MfiAvRgp/uPfGxVH5qFE45rk64sXQLd0/EYSJAUxQC70:MfFvRgpM0VHIg6ed/YSJAU170

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b5dd51e304939c4c16ad445a71e1040c946c3aac1a8e2947a94cb98b23bc590a

Files

b5dd51e304939c4c16ad445a71e1040c946c3aac1a8e2947a94cb98b23bc590a
.exe windows:5 windows x86 arch:x86

8452c0bce5929a2ce9d9c437b4d837b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\cpp-project\wechat-tools\WechatWinFor3.2.1Sandbox\Release\WeChat.pdb

Imports

kernel32

GetPrivateProfileStringW
GetShortPathNameW
GetModuleFileNameW
LoadLibraryW
GetLastError
GetProcAddress
GetVersionExW
GetSystemInfo
GetTempPathW
MultiByteToWideChar
CreateToolhelp32Snapshot
SetLastError
InterlockedIncrement
HeapSize
ReadConsoleW
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
Process32FirstW
Process32NextW
CloseHandle
TerminateProcess
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
WideCharToMultiByte
OutputDebugStringW
OutputDebugStringA
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
GetProcessHeap
EnumSystemLocalesW
IsValidLocale
SetStdHandle
GetConsoleMode
GetConsoleCP
GetACP
GetStdHandle
ExitProcess
HeapFree
HeapReAlloc
HeapAlloc
LoadLibraryExW
RtlUnwind
FindNextFileW
FindFirstFileExW
FindClose
SetFilePointerEx
FlushFileBuffers
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
CreateEventW
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
HeapSetInformation
VirtualAllocEx
VirtualQueryEx
GetModuleHandleA
LocalFree
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
InitializeCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
CreateThread
TerminateJobObject
SetInformationJobObject
GetUserDefaultLangID
GetUserDefaultLCID
DuplicateHandle
UnregisterWaitEx
RegisterWaitForSingleObject
GetExitCodeProcess
GetThreadContext
WriteProcessMemory
CreateFileMappingW
MapViewOfFile
AssignProcessToJobObject
FreeLibrary
GetFileType
SetHandleInformation
ProcessIdToSessionId
GetProcessHandleCount
VirtualFree
SignalObjectAndWait
CreateMutexW
UnmapViewOfFile
CreateFileW
GetFileAttributesW
GetLongPathNameW
QueryDosDeviceW
VirtualProtectEx
VirtualFreeEx
CreateJobObjectW
CreateNamedPipeW
CreateRemoteThread
CreateProcessW
ReadProcessMemory
GetModuleHandleExW
DebugBreak
lstrlenW
GetCurrentDirectoryW
SearchPathW
GetNativeSystemInfo
WriteFile
FormatMessageA
RaiseException
VirtualQuery
RtlCaptureStackBackTrace
GetCommandLineW
ReadFile
QueryPerformanceFrequency

user32

DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
CloseDesktop
CloseWindowStation
CreateDesktopW
GetThreadDesktop
CreateWindowStationW
SetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW
GetSystemMetrics
DeferWindowPos
CallWindowProcW
DestroyWindow
SetWindowPos
SendMessageW
BeginDeferWindowPos
SetParent
EndDeferWindowPos
UpdateWindow
EnableWindow
MessageBoxW
GetWindowLongW
DefWindowProcW
AdjustWindowRectEx
IsWindowVisible
CreateWindowExW
RegisterClassExW
ShowWindow
IsRectEmpty
LoadCursorW
SetWindowLongW
GetClientRect
BeginPaint
EndPaint
SetWindowTextW

gdi32

CreateSolidBrush
CreateFontW

advapi32

GetTokenInformation
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
GetAce
GetKernelObjectSecurity
GetLengthSid
GetSecurityDescriptorSacl
SetKernelObjectSecurity
SetTokenInformation
SetSecurityInfo
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SystemFunction036
RevertToSelf
RegDisablePredefinedCache
CopySid
CreateWellKnownSid
CreateRestrictedToken
DuplicateToken
DuplicateTokenEx
EqualSid
RegCreateKeyExW
GetSecurityInfo
SetEntriesInAclW
ConvertSidToStringSidW
SetThreadToken
CreateProcessAsUserW
LookupPrivilegeValueW

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHCreateDirectoryExW
ShellExecuteW

ole32

CoTaskMemFree

oleaut32

SysStringLen
SysAllocStringLen
SysFreeString
SysAllocString

shlwapi

PathRemoveFileSpecW
PathAppendW
PathFileExistsW

winmm

timeGetTime

dbghelp

SymGetSearchPathW
SymSetSearchPathW
SymInitialize
SymSetOptions
SymFromAddr
SymGetLineFromAddr64

Exports

Exports

CLInfo
GetHandleVerifier
IsSandboxedProcess

Sections

.text
Size: 337KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 418KB - Virtual size: 417KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8452c0bce5929a2ce9d9c437b4d837b4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

winmm

dbghelp

Exports

Exports

Sections

.text Size: 337KB - Virtual size: 336KB

.rdata Size: 157KB - Virtual size: 156KB

.data Size: 5KB - Virtual size: 14KB

.gfids Size: 1024B - Virtual size: 876B

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 418KB - Virtual size: 417KB

.reloc Size: 86KB - Virtual size: 88KB

.text
Size: 337KB - Virtual size: 336KB

.rdata
Size: 157KB - Virtual size: 156KB

.data
Size: 5KB - Virtual size: 14KB

.gfids
Size: 1024B - Virtual size: 876B

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 418KB - Virtual size: 417KB

.reloc
Size: 86KB - Virtual size: 88KB