683687dae42276c162ecb813223c4857381d999367a120c26867d9d17a767b9c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

683687dae42276c162ecb813223c4857381d999367a120c26867d9d17a767b9c
Size

1.1MB
MD5

95f7a787303815976af4ee5739a2b504
SHA1

e5bd94f521759e079f60b1b0b5c825f06eb091b4
SHA256

683687dae42276c162ecb813223c4857381d999367a120c26867d9d17a767b9c
SHA512

90ff0ed4f45418547e56764d97d3a87f49e638f449df6290093ed2b83e94a87aa9dc3b8eb75a73d7dfb9830621970d31ebeda92bc997265195709a872015675f
SSDEEP

24576:HgXaMrOpglZ6TqUizgy5yGHEoUDg8apAiMqwVeb:WaM6Gl5Ut7GkFOpAiMqa4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
683687dae42276c162ecb813223c4857381d999367a120c26867d9d17a767b9c

Files

683687dae42276c162ecb813223c4857381d999367a120c26867d9d17a767b9c
.dll windows:4 windows x86

cd72d5025deb45b931734895f2abe470

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

wsprintfA

gdi32

MoveToEx

winmm

midiStreamRestart

winspool.drv

DocumentPropertiesA

advapi32

RegSetValueExA

shell32

Shell_NotifyIconA

ole32

CoTaskMemAlloc

oleaut32

VarDateFromStr

comctl32

ImageList_GetImageInfo

ws2_32

inet_ntoa

comdlg32

GetFileTitleA

Exports

Exports

FFHuaxiaVolcanoInstall
HuaxiaVolcanoInstall

Sections

.text
Size: 1.1MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE