8b70b64f2a52a1077871aa2b5981ea1478786cbdcc4d7ec2b61b48bdc0dad083 | Triage

Sharing

General

Target

8b70b64f2a52a1077871aa2b5981ea1478786cbdcc4d7ec2b61b48bdc0dad083
Size

1.5MB
MD5

41d085710f39cbd602231c19064da772
SHA1

23952c9f39bf95cf3c23437192d4d120a0e3eb05
SHA256

8b70b64f2a52a1077871aa2b5981ea1478786cbdcc4d7ec2b61b48bdc0dad083
SHA512

207ea2f42b856142f230b66084a0a2853d924e4b0e5025f17e4fb23fc21f051f86d1c6dd9f6f7206613f4acf5fdd8a14180d36fc8d5579d3a7c06a330848f980
SSDEEP

24576:Ux1UBPEKrpVXeL84kzLSN/iprn/KpC4he+sstRg1dj7uk:73ukzLSlNhe+sMg/3L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b70b64f2a52a1077871aa2b5981ea1478786cbdcc4d7ec2b61b48bdc0dad083

Files

8b70b64f2a52a1077871aa2b5981ea1478786cbdcc4d7ec2b61b48bdc0dad083
.dll windows x86

60bf07b9c86f69fcc0ddc563f1fd1f37

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

rasapi32

RasHangUpA

user32

EmptyClipboard

gdi32

SetStretchBltMode

winmm

midiStreamStop

winspool.drv

DocumentPropertiesA

advapi32

RegQueryValueA

shell32

Shell_NotifyIconA

ole32

OleRun

oleaut32

VarR8FromBool

comctl32

ImageList_GetImageCount

ws2_32

ntohl

wininet

InternetCloseHandle

comdlg32

GetFileTitleA

Exports

Exports

HuaxiaVolcanoInstall

Sections

.text
Size: 1.5MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE