xweb_elf.dll

Description: WeChat

Authors: Copyright (C) 2025 Tencent WeChat Team. All rights reserved.

Version: 2.3.5.16965

Architecture: 64-bit

Operating System: Windows

SHA256: 3351bec8b7204acbcb58a33a458219b7

File Size: 1.2 MB

Uploaded At: Dec. 4, 2025, 6:18 a.m.

Views: 12

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: WriteProcessMemory, CreateRemoteThread

Exported Functions

  • ClearReportsBetween_ExportThunk (Ordinal: 1, Address: 0xba950)
  • CrashForException_ExportThunk (Ordinal: 2, Address: 0xba8e0)
  • DisableHook (Ordinal: 3, Address: 0xba440)
  • DrainLog (Ordinal: 4, Address: 0x1c2e0)
  • DumpHungProcessWithPtype_ExportThunk (Ordinal: 5, Address: 0xba960)
  • DumpProcessWithoutCrash (Ordinal: 6, Address: 0xba3c0)
  • GetApplyHookResult (Ordinal: 7, Address: 0x1bca0)
  • GetBlockedModulesCount (Ordinal: 8, Address: 0xba5a0)
  • GetCrashReports_ExportThunk (Ordinal: 9, Address: 0xba800)
  • GetCrashpadDatabasePath_ExportThunk (Ordinal: 10, Address: 0xba940)
  • GetHandleVerifier (Ordinal: 11, Address: 0x39ae0)
  • GetUniqueBlockedModulesCount (Ordinal: 12, Address: 0xba5b0)
  • InjectDumpForHungInput_ExportThunk (Ordinal: 13, Address: 0xba910)
  • IsBrowserProcess (Ordinal: 14, Address: 0x1ab80)
  • IsExtensionPointDisableSet (Ordinal: 15, Address: 0x1ab90)
  • IsThirdPartyInitialized (Ordinal: 16, Address: 0x1cee0)
  • RegisterLogNotification (Ordinal: 17, Address: 0x1c9f0)
  • RequestSingleCrashUpload_ExportThunk (Ordinal: 18, Address: 0xba7a0)
  • SetMetricsClientId (Ordinal: 19, Address: 0xba3d0)
  • SetUploadConsent_ExportThunk (Ordinal: 20, Address: 0xba900)
  • SignalInitializeCrashReporting (Ordinal: 21, Address: 0x1ab00)
  • SignalXWebElf (Ordinal: 22, Address: 0x1ab10)

Imported DLLs & Functions

KERNEL32.dll
  • AcquireSRWLockExclusive (Address: 0x180111de8)
  • CloseHandle (Address: 0x180111df0)
  • CompareStringW (Address: 0x180111df8)
  • CreateDirectoryW (Address: 0x180111e00)
  • CreateEventW (Address: 0x180111e08)
  • CreateFileW (Address: 0x180111e10)
  • CreateMutexW (Address: 0x180111e18)
  • CreateRemoteThread (Address: 0x180111e20)
  • CreateThread (Address: 0x180111e28)
  • DeleteCriticalSection (Address: 0x180111e30)
  • DeleteFileW (Address: 0x180111e38)
  • DuplicateHandle (Address: 0x180111e40)
  • EncodePointer (Address: 0x180111e48)
  • EnterCriticalSection (Address: 0x180111e50)
  • EnumSystemLocalesW (Address: 0x180111e58)
  • ExitProcess (Address: 0x180111e60)
  • ExpandEnvironmentStringsW (Address: 0x180111e68)
  • FileTimeToSystemTime (Address: 0x180111e70)
  • FindClose (Address: 0x180111e78)
  • FindFirstFileExW (Address: 0x180111e80)
  • FindNextFileW (Address: 0x180111e88)
  • FlsAlloc (Address: 0x180111e90)
  • FlsFree (Address: 0x180111e98)
  • FlsGetValue (Address: 0x180111ea0)
  • FlsSetValue (Address: 0x180111ea8)
  • FlushFileBuffers (Address: 0x180111eb0)
  • FormatMessageW (Address: 0x180111eb8)
  • FreeEnvironmentStringsW (Address: 0x180111ec0)
  • FreeLibrary (Address: 0x180111ec8)
  • GetACP (Address: 0x180111ed0)
  • GetCommandLineA (Address: 0x180111ee0)
  • GetCommandLineW (Address: 0x180111ee8)
  • GetConsoleMode (Address: 0x180111ef0)
  • GetConsoleOutputCP (Address: 0x180111ef8)
  • GetCPInfo (Address: 0x180111ed8)
  • GetCurrentDirectoryW (Address: 0x180111f00)
  • GetCurrentProcess (Address: 0x180111f08)
  • GetCurrentProcessId (Address: 0x180111f10)
  • GetCurrentThread (Address: 0x180111f18)
  • GetCurrentThreadId (Address: 0x180111f20)
  • GetDateFormatW (Address: 0x180111f28)
  • GetDriveTypeW (Address: 0x180111f30)
  • GetEnvironmentStringsW (Address: 0x180111f38)
  • GetEnvironmentVariableW (Address: 0x180111f40)
  • GetFileAttributesW (Address: 0x180111f48)
  • GetFileInformationByHandle (Address: 0x180111f50)
  • GetFileSizeEx (Address: 0x180111f58)
  • GetFileTime (Address: 0x180111f60)
  • GetFileType (Address: 0x180111f68)
  • GetFullPathNameW (Address: 0x180111f70)
  • GetLastError (Address: 0x180111f78)
  • GetLocaleInfoW (Address: 0x180111f88)
  • GetLocalTime (Address: 0x180111f80)
  • GetLongPathNameW (Address: 0x180111f90)
  • GetModuleFileNameW (Address: 0x180111f98)
  • GetModuleHandleA (Address: 0x180111fa0)
  • GetModuleHandleExW (Address: 0x180111fa8)
  • GetModuleHandleW (Address: 0x180111fb0)
  • GetNativeSystemInfo (Address: 0x180111fb8)
  • GetOEMCP (Address: 0x180111fc0)
  • GetProcAddress (Address: 0x180111fc8)
  • GetProcessHeap (Address: 0x180111fd0)
  • GetProcessId (Address: 0x180111fd8)
  • GetProductInfo (Address: 0x180111fe0)
  • GetStartupInfoW (Address: 0x180111fe8)
  • GetStdHandle (Address: 0x180111ff0)
  • GetStringTypeW (Address: 0x180111ff8)
  • GetSystemDirectoryW (Address: 0x180112000)
  • GetSystemInfo (Address: 0x180112008)
  • GetSystemTimeAsFileTime (Address: 0x180112010)
  • GetTempPathW (Address: 0x180112018)
  • GetThreadPriority (Address: 0x180112020)
  • GetTickCount (Address: 0x180112028)
  • GetTimeFormatW (Address: 0x180112030)
  • GetTimeZoneInformation (Address: 0x180112038)
  • GetUserDefaultLCID (Address: 0x180112040)
  • GetVersionExW (Address: 0x180112048)
  • GetWindowsDirectoryW (Address: 0x180112050)
  • GlobalMemoryStatusEx (Address: 0x180112058)
  • InitializeCriticalSectionAndSpinCount (Address: 0x180112068)
  • InitializeSListHead (Address: 0x180112070)
  • InitOnceExecuteOnce (Address: 0x180112060)
  • InterlockedFlushSList (Address: 0x180112078)
  • IsDebuggerPresent (Address: 0x180112080)
  • IsProcessorFeaturePresent (Address: 0x180112088)
  • IsValidCodePage (Address: 0x180112090)
  • IsValidLocale (Address: 0x180112098)
  • IsWow64Process (Address: 0x1801120a0)
  • K32GetMappedFileNameW (Address: 0x1801120a8)
  • LCMapStringW (Address: 0x1801120b0)
  • LeaveCriticalSection (Address: 0x1801120b8)
  • LoadLibraryExA (Address: 0x1801120c0)
  • LoadLibraryExW (Address: 0x1801120c8)
  • LocalFree (Address: 0x1801120d0)
  • LockFileEx (Address: 0x1801120d8)
  • MultiByteToWideChar (Address: 0x1801120e0)
  • OutputDebugStringA (Address: 0x1801120e8)
  • PeekNamedPipe (Address: 0x1801120f0)
  • QueryPerformanceCounter (Address: 0x1801120f8)
  • QueryPerformanceFrequency (Address: 0x180112100)
  • QueryThreadCycleTime (Address: 0x180112108)
  • RaiseException (Address: 0x180112110)
  • ReadConsoleW (Address: 0x180112118)
  • ReadFile (Address: 0x180112120)
  • ReadProcessMemory (Address: 0x180112128)
  • ReleaseMutex (Address: 0x180112130)
  • ReleaseSRWLockExclusive (Address: 0x180112138)
  • RemoveDirectoryW (Address: 0x180112140)
  • RemoveVectoredExceptionHandler (Address: 0x180112148)
  • ResetEvent (Address: 0x180112150)
  • RtlCaptureContext (Address: 0x180112158)
  • RtlCaptureStackBackTrace (Address: 0x180112160)
  • RtlLookupFunctionEntry (Address: 0x180112168)
  • RtlPcToFileHeader (Address: 0x180112170)
  • RtlUnwind (Address: 0x180112178)
  • RtlUnwindEx (Address: 0x180112180)
  • RtlVirtualUnwind (Address: 0x180112188)
  • SetEndOfFile (Address: 0x180112190)
  • SetEnvironmentVariableW (Address: 0x180112198)
  • SetEvent (Address: 0x1801121a0)
  • SetFilePointerEx (Address: 0x1801121a8)
  • SetLastError (Address: 0x1801121b0)
  • SetStdHandle (Address: 0x1801121b8)
  • SetThreadPriority (Address: 0x1801121c0)
  • SetUnhandledExceptionFilter (Address: 0x1801121c8)
  • Sleep (Address: 0x1801121d0)
  • SleepConditionVariableSRW (Address: 0x1801121d8)
  • SleepEx (Address: 0x1801121e0)
  • SwitchToThread (Address: 0x1801121e8)
  • SystemTimeToTzSpecificLocalTime (Address: 0x1801121f0)
  • TerminateProcess (Address: 0x1801121f8)
  • TlsAlloc (Address: 0x180112200)
  • TlsFree (Address: 0x180112208)
  • TlsGetValue (Address: 0x180112210)
  • TlsSetValue (Address: 0x180112218)
  • TryAcquireSRWLockExclusive (Address: 0x180112220)
  • UnhandledExceptionFilter (Address: 0x180112228)
  • UnlockFileEx (Address: 0x180112230)
  • UnmapViewOfFile (Address: 0x180112238)
  • UnregisterWaitEx (Address: 0x180112240)
  • VerifyVersionInfoW (Address: 0x180112250)
  • VerSetConditionMask (Address: 0x180112248)
  • VirtualAlloc (Address: 0x180112258)
  • VirtualFree (Address: 0x180112260)
  • VirtualProtect (Address: 0x180112268)
  • VirtualProtectEx (Address: 0x180112270)
  • VirtualQuery (Address: 0x180112278)
  • WaitForSingleObject (Address: 0x180112280)
  • WakeAllConditionVariable (Address: 0x180112288)
  • WakeConditionVariable (Address: 0x180112290)
  • WideCharToMultiByte (Address: 0x180112298)
  • WriteConsoleW (Address: 0x1801122a0)
  • WriteFile (Address: 0x1801122a8)
  • WriteProcessMemory (Address: 0x1801122b0)
ntdll.dll
  • NtClose (Address: 0x1801122c0)
  • NtCreateKey (Address: 0x1801122c8)
  • NtDeleteKey (Address: 0x1801122d0)
  • NtOpenKeyEx (Address: 0x1801122d8)
  • NtQueryValueKey (Address: 0x1801122e0)
  • NtSetValueKey (Address: 0x1801122e8)
  • RtlFormatCurrentUserKeyPath (Address: 0x1801122f0)
  • RtlFreeUnicodeString (Address: 0x1801122f8)
  • RtlInitUnicodeString (Address: 0x180112300)