aa28f81828d566442dd7a19a5fe3d649bc244789fef4af625c51f54702125b84 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aa28f81828d566442dd7a19a5fe3d649bc244789fef4af625c51f54702125b84
Size

1.1MB
MD5

1a1314231fd79c68af878f226c987e89
SHA1

6cada26814f74a67e8c7f2839f70b2cb7f6cb15f
SHA256

aa28f81828d566442dd7a19a5fe3d649bc244789fef4af625c51f54702125b84
SHA512

0371f58daaaf6e38cd7b2d87ab46ec810922c4809ff7761686b836a99630116a84ad0ef6fec2dfd045e05b919f5187d7a9abdcb4de19aabe771faa5b04c31224
SSDEEP

24576:onTtIjX3gDSCoVPqcZ1TQIZSpPxUQz7kuYGsIKWSbY0Tl:oTAgDSCoNbzlIpeQz7kS860Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa28f81828d566442dd7a19a5fe3d649bc244789fef4af625c51f54702125b84

Files

aa28f81828d566442dd7a19a5fe3d649bc244789fef4af625c51f54702125b84
.dll windows:5 windows x86

1599bce874467a991a2f45e7f416e083

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

SetWindowsHookExA

gdi32

MoveToEx

winmm

waveOutWrite

winspool.drv

ClosePrinter

advapi32

RegQueryValueA

shell32

Shell_NotifyIconA

ole32

CoTaskMemAlloc

oleaut32

VarDateFromStr

comctl32

ImageList_Draw

ws2_32

closesocket

comdlg32

GetFileTitleA

Exports

Exports

FFHuaxiaVolcanoInstall
HuaxiaVolcanoInstall

Sections

.text
Size: 1.1MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE