67949c4a35af46fb2e248d63ca064fde6e3675dbc5cd22e8cd48ca3972900f7f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

67949c4a35af46fb2e248d63ca064fde6e3675dbc5cd22e8cd48ca3972900f7f
Size

1.0MB
MD5

a68f8ffb2c577f9df9109219fc21fd13
SHA1

579105aeccda2ac8d066e04016aa3b3b17be4312
SHA256

67949c4a35af46fb2e248d63ca064fde6e3675dbc5cd22e8cd48ca3972900f7f
SHA512

89d2444608dc0526d6d29c3838b9274b0dce1d8073a10b932fc896b57dcd7d8f181ff6344b0c7704ef874b5e4104619d7899400c1f8baea8efd84401547242c1
SSDEEP

24576:XhDUc6BuONbux1R6aw3uFtl3JT1rY7aUiI7WB3JVurrl2gAs:XZkCU3u/l3JTZ6493JMrrKs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67949c4a35af46fb2e248d63ca064fde6e3675dbc5cd22e8cd48ca3972900f7f

Files

67949c4a35af46fb2e248d63ca064fde6e3675dbc5cd22e8cd48ca3972900f7f
.dll windows x86

c8e1091cd36ea419818768aa5eb93f14

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

wsprintfA

gdi32

MoveToEx

winmm

midiStreamRestart

winspool.drv

DocumentPropertiesA

advapi32

RegQueryValueA

shell32

Shell_NotifyIconA

ole32

CoTaskMemAlloc

oleaut32

VarDateFromStr

comctl32

ImageList_GetImageInfo

ws2_32

inet_ntoa

comdlg32

GetFileTitleA

Exports

Exports

FFHuaxiaVolcanoInstall
HuaxiaVolcanoInstall

Sections

.text
Size: 1.0MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE