524acb9ba48b816a3de7d88614e346500d23da8b44dcee37179c09c9f0e14eb1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

524acb9ba48b816a3de7d88614e346500d23da8b44dcee37179c09c9f0e14eb1
Size

992KB
MD5

e13e7ece87740c86392fa3ce05ee8360
SHA1

9fbb2f2cb3e60b96e00f84aafd2b59681df4cf48
SHA256

524acb9ba48b816a3de7d88614e346500d23da8b44dcee37179c09c9f0e14eb1
SHA512

96c1934cf3c34e4da234848f0160d5a87965538243d043efb9915b23042e50f7ae3d37276e0dce0b3802f3c6a721460b385347cdedca83f94b8c2527f01632ba
SSDEEP

24576:xOLIXSX9oK+6AavMxUU8YU0ZlLC826hEk:xMSSXKK+6XMxmT0PLVhE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
524acb9ba48b816a3de7d88614e346500d23da8b44dcee37179c09c9f0e14eb1

Files

524acb9ba48b816a3de7d88614e346500d23da8b44dcee37179c09c9f0e14eb1
.dll windows:4 windows x86

c8e1091cd36ea419818768aa5eb93f14

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

wsprintfA

gdi32

MoveToEx

winmm

midiStreamRestart

winspool.drv

DocumentPropertiesA

advapi32

RegQueryValueA

shell32

Shell_NotifyIconA

ole32

CoTaskMemAlloc

oleaut32

VarDateFromStr

comctl32

ImageList_GetImageInfo

ws2_32

inet_ntoa

comdlg32

GetFileTitleA

Exports

Exports

HuaxiaVolcanoInstall

Sections

.text
Size: 978KB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE