26079aeededa7543f5535f1f1bcda47fbcb712499051c567390f992e6921d0d1

Sharing

Copy URL

Twitter E-mail

General

Target

26079aeededa7543f5535f1f1bcda47fbcb712499051c567390f992e6921d0d1
Size

975KB
MD5

3ad453eaa203430bd41812d91636095a
SHA1

86e9caad8f6c9426e105e0d33ec93e3ded4629f5
SHA256

26079aeededa7543f5535f1f1bcda47fbcb712499051c567390f992e6921d0d1
SHA512

77655d3a6421256efe434a355090e07df0b48d7f2ee5192c42e8add3b665690f8262b95c9dec05b8e5085d6ea77f57450aa9094887040dcd99004bff28dd74ab
SSDEEP

24576:06GYy4a+ywVViR3b/L9YtKQFVsus6bijFGvTH7+MA33WRXc:aB+ywVVsdYtKQ0us6bigTbK9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26079aeededa7543f5535f1f1bcda47fbcb712499051c567390f992e6921d0d1

Files

26079aeededa7543f5535f1f1bcda47fbcb712499051c567390f992e6921d0d1
.exe windows:5 windows x86 arch:x86

dfdfd227888ac792a3de8218f112a269

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Tools\agent\workspace\WeChatUpdate\WechatUpdate\Release\WeChatUpdate.pdb

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalLock
GetModuleHandleW
GlobalUnlock
GetSystemDefaultUILanguage
GetModuleFileNameW
SetUnhandledExceptionFilter
QueryDosDeviceW
lstrlenW
GetLogicalDriveStringsW
TerminateThread
LoadLibraryW
GetProcAddress
WritePrivateProfileStringW
GetShortPathNameW
RemoveDirectoryW
FreeResource
GetVersionExW
GetSystemDirectoryW
SetFileAttributesW
GetPrivateProfileStringW
GetTimeZoneInformation
GetSystemInfo
GetWindowsDirectoryW
FreeLibrary
CopyFileW
GetSystemTimeAsFileTime
WriteConsoleW
GetTickCount
OpenMutexW
MoveFileExW
GetFileAttributesW
Process32FirstW
DeleteFileW
Process32NextW
Sleep
CreateToolhelp32Snapshot
OpenProcess
ReleaseMutex
CreateMutexW
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
GetFileSize
CreateThread
WaitForSingleObject
GetTempPathW
DosDateTimeToFileTime
GetFileType
WideCharToMultiByte
SystemTimeToFileTime
GetCurrentDirectoryW
MultiByteToWideChar
DuplicateHandle
GetCurrentProcess
SetEndOfFile
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetStdHandle
GetModuleHandleExW
SetStdHandle
RtlUnwind
ReadFile
CreateDirectoryW
FindResourceW
LoadResource
FindResourceExW
LockResource
SizeofResource
FlushFileBuffers
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
HeapDestroy
DecodePointer
GetLocalTime
HeapAlloc
RaiseException
CloseHandle
HeapReAlloc
GetLastError
HeapSize
GetCurrentThreadId
CreateFileW
FindClose
SetFilePointer
InitializeCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
OutputDebugStringA
WriteFile
FindNextFileW
LoadLibraryExW
GetThreadTimes
InterlockedDecrement
InterlockedIncrement
MulDiv
GetACP
ExitProcess
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
ResetEvent
SetEvent
OutputDebugStringW
IsDebuggerPresent
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
SetLastError
EncodePointer
QueryPerformanceCounter
EnterCriticalSection
HeapFree
FindFirstFileW
WaitForSingleObjectEx
GetCurrentThread

user32

PostMessageW
GetWindowThreadProcessId
MoveWindow
GetWindowRect
SetWindowPos
ReleaseDC
DrawTextW
FillRect
GetDC
SendMessageW
PostQuitMessage
TranslateMessage
SetFocus
PostThreadMessageA
DispatchMessageW
ShowWindow
GetSystemMetrics
GetWindow
GetMessageW
GetCursorPos
CreateAcceleratorTableW
InvalidateRgn
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
GetCaretPos
GetSysColor
SetCaretPos
IsWindow
SwitchToThisWindow
BringWindowToTop
FindWindowW
UnregisterClassW
EnableWindow
wsprintfW
DefWindowProcW
GetPropW
RegisterClassExW
LoadAcceleratorsW
LoadStringW
TranslateAcceleratorW
SetPropW
DestroyWindow
GetWindowLongW
EqualRect
SetWindowRgn
CreateWindowExW
SetTimer
ClientToScreen
LoadCursorW
SetCursor
SetWindowLongW
GetClientRect
IsZoomed
UpdateLayeredWindow
KillTimer
PtInRect
IsIconic
GetKeyState
GetUpdateRect
BeginPaint
EndPaint
IsRectEmpty
InvalidateRect
MapWindowPoints
ScreenToClient
GetFocus
SetCapture
ReleaseCapture
GetParent
GetMonitorInfoW
MonitorFromWindow
MessageBoxW
SetLayeredWindowAttributes
LoadImageW
RegisterClassW
GetClassInfoExW
CallWindowProcW
OffsetRect
InflateRect
wvsprintfW
IntersectRect
CharNextW
SetRect
CharPrevW
CreateCaret
ShowCaret
HideCaret

gdi32

CreateCompatibleBitmap
CreateDIBSection
SetDIBColorTable
CreateRectRgnIndirect
CombineRgn
BitBlt
SelectObject
CreateCompatibleDC
GetStockObject
DeleteDC
CreatePen
Rectangle
GetObjectW
DeleteObject
CreateSolidBrush
RoundRect
CreateFontIndirectW
SaveDC
RestoreDC
SetWindowOrgEx
GetTextMetricsW
CreateRoundRectRgn
SelectClipRgn
GetClipBox
ExtSelectClipRgn
StretchBlt
SetStretchBltMode
SetBkColor
ExtTextOutW
CreatePenIndirect
MoveToEx
LineTo
SetBkMode
GetObjectA
SetTextColor
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
GetDeviceCaps

advapi32

GetSidSubAuthorityCount
RegQueryValueExW
DuplicateTokenEx
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
GetTokenInformation
GetSidSubAuthority
RegSetValueExW
OpenProcessToken
RegOpenKeyExW

shell32

SHGetSpecialFolderLocation
SHCreateDirectoryExW
ShellExecuteExW
ShellExecuteW
SHFileOperationW
SHGetPathFromIDListW

ole32

CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CreateStreamOnHGlobal

gdiplus

GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipBitmapLockBits
GdipFree
GdipGetImagePixelFormat
GdipDisposeImage
GdipAlloc
GdipGetImagePalette
GdipBitmapUnlockBits
GdipCloneImage
GdipGetImagePaletteSize
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdiplusStartup
GdipGetImageWidth
GdipCreateBitmapFromStream
GdipDrawImageI
GdipCreateLineBrushI
GdipSetTextRenderingHint
GdiplusShutdown
GdipCreateFromHDC
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipDrawString

shlwapi

PathFileExistsW
PathRemoveFileSpecW

dbghelp

MiniDumpWriteDump

wininet

InternetCloseHandle
HttpSendRequestW
InternetOpenW
HttpOpenRequestW
InternetConnectW

msimg32

AlphaBlend

userenv

GetAllUsersProfileDirectoryW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

comctl32

_TrackMouseEvent
ord17

oleaut32

SysFreeString
VariantInit
SysAllocString
VariantClear

imm32

ImmGetContext
ImmReleaseContext
ImmNotifyIME
ImmSetCompositionWindow

Sections

.text
Size: 617KB - Virtual size: 617KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 102KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dfdfd227888ac792a3de8218f112a269

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

gdiplus

shlwapi

dbghelp

wininet

msimg32

userenv

version

comctl32

oleaut32

imm32

Sections

.text Size: 617KB - Virtual size: 617KB

.rdata Size: 163KB - Virtual size: 162KB

.data Size: 9KB - Virtual size: 18KB

.gfids Size: 1024B - Virtual size: 696B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 102KB - Virtual size: 104KB

.text
Size: 617KB - Virtual size: 617KB

.rdata
Size: 163KB - Virtual size: 162KB

.data
Size: 9KB - Virtual size: 18KB

.gfids
Size: 1024B - Virtual size: 696B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 102KB - Virtual size: 104KB