c138cefd45c8013085d9d2af6c3575a1c68a01887b72aa00e821ab43b4e80589 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c138cefd45c8013085d9d2af6c3575a1c68a01887b72aa00e821ab43b4e80589
Size

1.0MB
MD5

79f844a36d42755793b7c93bbb8896fc
SHA1

a68c54c96b73d41894fc4960aee10fd6a51cff8b
SHA256

c138cefd45c8013085d9d2af6c3575a1c68a01887b72aa00e821ab43b4e80589
SHA512

46f3d1888b4f000442ca9c0f8bb00bfeaf68f7c78dade19e7e9e31fb961e21b57b63374477586938e3b580dcedb7829d142a6d9354f7c5ad34654af86d956261
SSDEEP

24576:l/0D05EawgcAo7aS//YtVLLAG5IEuffIa1O:lSZk/o9YtpzZulO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c138cefd45c8013085d9d2af6c3575a1c68a01887b72aa00e821ab43b4e80589

Files

c138cefd45c8013085d9d2af6c3575a1c68a01887b72aa00e821ab43b4e80589
.dll windows:4 windows x86

5fd5e4e216cee6cdaac34db5e6281d6b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

rasapi32

RasHangUpA

user32

SetClipboardData

gdi32

SetPolyFillMode

winmm

waveOutRestart

winspool.drv

ClosePrinter

advapi32

RegQueryValueA

shell32

ShellExecuteA

ole32

CoTaskMemAlloc

oleaut32

VarDateFromStr

comctl32

ImageList_Create

ws2_32

recv

wininet

InternetCloseHandle

comdlg32

GetFileTitleA

Exports

Exports

HuaxiaVolcanoInstall

Sections

.text
Size: 1.0MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE