fe49c1c3152557908335578d46c4148fcd4318635955da510d82f583c3afea40 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fe49c1c3152557908335578d46c4148fcd4318635955da510d82f583c3afea40
Size

884KB
MD5

13d08f894be253d609b03d2ab055a535
SHA1

9811fc49076baf3fdb0a0e746844378a317fbf28
SHA256

fe49c1c3152557908335578d46c4148fcd4318635955da510d82f583c3afea40
SHA512

c4b8916d5b3b103d8a2a4c581a87b1f9ad800cab3a73c6794283c8076c0fde4e8ba1a5105301c573fa1fd1dac344b097bd0cc7fb5f5bae3176e2bfb76f711ed2
SSDEEP

24576:w5OXg0Edu3pBdqTUeLbBYOHig2vkA6LW4e7CKNqU:w5OHYu3rsUe3BYOH83ae1Nn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe49c1c3152557908335578d46c4148fcd4318635955da510d82f583c3afea40

Files

fe49c1c3152557908335578d46c4148fcd4318635955da510d82f583c3afea40
.dll windows:4 windows x86

da11d508fec06e7bdf0c398e2ba3e2bd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

rasapi32

RasHangUpA

user32

SetClipboardData

gdi32

OffsetViewportOrgEx

winmm

waveOutRestart

winspool.drv

DocumentPropertiesA

advapi32

RegCloseKey

shell32

Shell_NotifyIconA

ole32

CLSIDFromProgID

oleaut32

VariantCopy

comctl32

ImageList_Read

ws2_32

WSACleanup

wininet

InternetCloseHandle

comdlg32

GetFileTitleA

Exports

Exports

HuaxiaVolcanoInstall

Sections

.text
Size: 871KB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE