af67c7d2f341ced9a4ecf88d2d736d9e34c9292c1b2a276f6067bb7e9ebfe92b | Triage

Sharing

General

Target

af67c7d2f341ced9a4ecf88d2d736d9e34c9292c1b2a276f6067bb7e9ebfe92b
Size

1.7MB
MD5

9eeb8f7487522c7bbc387c0f41285a8f
SHA1

8fc463f78caea8b4ca98c1cdaca9f7113bffc00b
SHA256

af67c7d2f341ced9a4ecf88d2d736d9e34c9292c1b2a276f6067bb7e9ebfe92b
SHA512

2c9f189f3e2c7db2ae6ef1ea78162d11ac7c5280b4a66b29d452a547ed33d07e1766b56c9527972cc5d82d3881e7adf33fc1a8b6e370f8c6074c9620b6859801
SSDEEP

49152:vlOj7TXgufTZNgITbOYbGullnlfTZ8MIKswkY+YZBR3T7wR:EbLHgIOYXnlbZnIKA/WD3Ty

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
af67c7d2f341ced9a4ecf88d2d736d9e34c9292c1b2a276f6067bb7e9ebfe92b

Files

af67c7d2f341ced9a4ecf88d2d736d9e34c9292c1b2a276f6067bb7e9ebfe92b
.dll windows x86

561e1469448aba827fec692e0581d7f0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

rasapi32

RasHangUpA

user32

CloseClipboard

gdi32

SetStretchBltMode

winmm

midiStreamRestart

winspool.drv

DocumentPropertiesA

advapi32

RegQueryValueA

shell32

ShellExecuteA

ole32

RevokeDragDrop

oleaut32

VarDateFromStr

comctl32

ImageList_GetImageInfo

ws2_32

recv

wininet

InternetCloseHandle

comdlg32

GetFileTitleA

Exports

Exports

HuaxiaVolcanoInstall

Sections

.text
Size: 1.7MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE