57d2555438d69ce2f31f38bf0[.]exe | Triage

Sharing

General

Target

57d2555438d69ce2f31f38bf0.exe
Size

1.4MB
MD5

b0eeb9ddc03bb0f2ef677fc1c756cc4e
SHA1

40d5349e77c4e01a0c1d2628616301ce21f8e479
SHA256

57d2555438d69ce2f31f38bf09ac7fc3b536d272aa3eb50701d9e14a5f8bb425
SHA512

ca9f9bad72b45d56f80fb5b199414246ffcd20afa2a4ef55a94bd3ada547077e995e4b6e6568d814a94b4661053afc892847e7d71eec3e18b582f5d0c921cb87
SSDEEP

24576:N58E90z5gLu8fV75D2rD8k8wdlVQal04rztQkpa5WSLTt9mCAzpjUT6k7MVOVTaH:dygLuMVYrDFLl0z7gSL2xQ6kEIehZv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

57d2555438d69ce2f31f38bf0.exe

Files

57d2555438d69ce2f31f38bf0.exe
.dll windows x86

60bf07b9c86f69fcc0ddc563f1fd1f37

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

rasapi32

RasHangUpA

user32

EmptyClipboard

gdi32

SetStretchBltMode

winmm

midiStreamStop

winspool.drv

DocumentPropertiesA

advapi32

RegQueryValueA

shell32

Shell_NotifyIconA

ole32

OleRun

oleaut32

VarR8FromBool

comctl32

ImageList_GetImageCount

ws2_32

ntohl

wininet

InternetCloseHandle

comdlg32

GetFileTitleA

Exports

Exports

HuaxiaVolcanoInstall

Sections

.text
Size: 1.4MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE