58a0ef629af8133ae73f021dea578400b288e25f8e9c5ed8bdf596787a7ee81d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

58a0ef629af8133ae73f021dea578400b288e25f8e9c5ed8bdf596787a7ee81d
Size

1.1MB
MD5

2856b9b7f2d98f7b3daf59161f11ea3a
SHA1

c58a2d9c94c7990f4246a916bb49b31e66184823
SHA256

58a0ef629af8133ae73f021dea578400b288e25f8e9c5ed8bdf596787a7ee81d
SHA512

1f71ced5f43bb484868162610f55f855e77ab832b56973c1df3cb43db5543d19687dcdfc738eb5d7d7a3b150d0345cac568d5b686ac86a41b046afe80dceef5b
SSDEEP

24576:ZsdeqOB8Qf3J0s2Xay+HKCHBzEiqI6n4SKLfUmH:edeqOBLPJ0bXazKWBzZV6n4iM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
58a0ef629af8133ae73f021dea578400b288e25f8e9c5ed8bdf596787a7ee81d

Files

58a0ef629af8133ae73f021dea578400b288e25f8e9c5ed8bdf596787a7ee81d
.dll windows:5 windows x86

1599bce874467a991a2f45e7f416e083

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

SetWindowsHookExA

gdi32

MoveToEx

winmm

waveOutWrite

winspool.drv

ClosePrinter

advapi32

RegQueryValueA

shell32

Shell_NotifyIconA

ole32

CoTaskMemAlloc

oleaut32

VarDateFromStr

comctl32

ImageList_Draw

ws2_32

closesocket

comdlg32

GetFileTitleA

Exports

Exports

FFHuaxiaVolcanoInstall
HuaxiaVolcanoInstall

Sections

.text
Size: 1.1MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE