WeChat.exe

First submission 2024-02-04 18:32:15

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 1896.0 KB (1941504 bytes)
Compile time: 2023-12-19 10:31:29
MD5: a0bd608ceaeaf94b99f28d79041382f5
SHA1: 23ed9df3979f436c693ad4881935aa411b56fd6a
SHA256: 11de48379db2a0c14204eb068d20c73573d3e0b243c78b1a104fd92d00d007d0
Import Hash : baa93d47220682c04d92f7797d9224ce
Sections 6 .rsrc .idata bwvpumfi rhomgffe
Directories 2 import resource
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://82.157.254.217:8080/WeChat.exe VirusTotal Report 82.157.254.217 VirusTotal Report 2024-02-04 18:32:15

PE Sections 6 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
0x1000 0x204000 630784 23373c38e357666b37e31e182b9408befb6bcda4 5c452a4e1a15ab78cb8c6727f610e301
.rsrc 0x205000 0x6d5c0 40960 18e489fe50d958cd9ceb04841cf7561555fe5279 d34d0df1aa877cf07e01efe71d501938
.idata 0x273000 0x1000 4096 6f6c70b32c941c252b5bdd0c704b7ba82cc8fb6c 864cbf59c07b909a5635e224f74380a3
0x274000 0xfb000 4096 6886507b30c0987bbf3c321e64ef28e9e84b7d31 48b3eb0e7b865a32fd79557e51f86ad2
bwvpumfi 0x36f000 0x132000 1253376 3443a678276f88d3b9b6f10e024213898ac6d7e3 d2019ce0ae516cbc40d18da6787c5681
rhomgffe 0x4a1000 0x1000 4096 d4111b7b95aaa7655edb83893efa6228479e549a 3d7b349c8fb009170f758c39f4ed9c10

PE Resources 11

Name Language Sublanguage Offset Size Data
TEXTINCLUDE LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x206de8 337
WAVE LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x20a000 5192
RT_CURSOR LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x20b598 308
RT_BITMAP LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x209450 324
RT_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x49fb80 1128
RT_MENU LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x208418 644
RT_DIALOG LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x207f60 396
RT_STRING LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x209e68 36
RT_GROUP_CURSOR LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x208b30 34
RT_GROUP_ICON LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x4a00aa 20
RT_MANIFEST LANG_NEUTRAL SUBLANG_NEUTRAL 0x4a00be 461

Strings analysis - File found

Library
COMCTL32.dll
KERNEL32.dll

Import functions

Name Latest seen MD5
1.exe 2023-06-05 18:50:02 0b24028737fa029d0c75ec0195cd60ce
version.dll 2023-06-16 22:40:04 f22a5983af3ce0b2954fcb55e7791fa1
fdfdf.exe 2023-07-26 18:31:04 e4dfb7e8f38049fab4a2279d32f067b9
install.exe 2023-09-11 07:32:03 c9a2e54e8501a2f6dd57255225999b40
DMkgboszm4eg0DuiObJi4mYehYGIic23 2023-10-12 08:43:03 8a301509dc309dc02d9e20f1a1528ea1
1.exe 2023-10-12 08:42:09 daa6927927e1bca2658f418b63a1627f
moto.exe 2024-01-23 11:49:11 2eafb4926d78feb0b61d5b995d0fe6ee
lada.exe 2024-01-28 12:03:02 a70d2d94d0ee6e7ef1404eb9e6a1454d
hram.exe 2024-01-31 16:01:02 8471d656e237482c2011472da91e9c2a
ladas.exe 2024-02-02 12:28:02 7de366bf40d96088d70067f5c277dd4e
merso.exe 2024-02-02 18:26:02 cb378d121a58ae73110a584dcc30a4c7
dota.exe 2024-02-04 23:25:03 b46be07a8fd4967547ffeeb11358946c