736117fe02f8a8771c89df8b6d7cde021f04e1f966aa1dc78450e956ff8d8f69 | Triage

Sharing

General

Target

736117fe02f8a8771c89df8b6d7cde021f04e1f966aa1dc78450e956ff8d8f69
Size

589KB
MD5

44e7df9677030d7077878f84481c190f
SHA1

11b7dbd055ab6f45c9bf73451a33eb80323f5b8e
SHA256

736117fe02f8a8771c89df8b6d7cde021f04e1f966aa1dc78450e956ff8d8f69
SHA512

5fa49b8479363966fff1be56ab61a8705f4babfaa61ec7d32ea4d71d49632a365df804a0136d2c75b3e06b0175f7103d4b6be0ce687ccac793f87f9550ef1042
SSDEEP

12288:jn/DxEfpQ0zwJknLYQRs/kIJt+i+1PcePTUVstI/xFPvoDiCWqZj:bbxEfpDnLR9IJUiGhLxIDgGCWqZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
736117fe02f8a8771c89df8b6d7cde021f04e1f966aa1dc78450e956ff8d8f69

Files

736117fe02f8a8771c89df8b6d7cde021f04e1f966aa1dc78450e956ff8d8f69
.dll windows x86

496c9b38cb0c3ec22f75700161ec8ecf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

SetParent

gdi32

GetSystemPaletteEntries

winmm

midiStreamRestart

winspool.drv

ClosePrinter

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

CLSIDFromProgID

oleaut32

SafeArrayGetElement

comctl32

ord17

ws2_32

inet_ntoa

comdlg32

GetSaveFileNameA

Exports

Exports

HuaxiaVolcanoInstall

Sections

.text
Size: 565KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE