47097142f3fe575833de930a2d8b8066a929df7ed6acd5c11876407b85bebe6a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

47097142f3fe575833de930a2d8b8066a929df7ed6acd5c11876407b85bebe6a
Size

1.1MB
MD5

005c1da9e4bf6cccc30b9bd5aa8d0afe
SHA1

889e2471f90cee7000a897eda9207befbc542b8f
SHA256

47097142f3fe575833de930a2d8b8066a929df7ed6acd5c11876407b85bebe6a
SHA512

0b141217c95492e131df8e1182b607f09b7d5aafb41a34565de28a9afe86d5a918d8fcd93e001eace426eddbd67a2fffd54ce8040977e5b3f23379e74582a638
SSDEEP

24576:etgZGV6Lb2gZ2qU5jZKv87A/cli+iSuRXf5ZYnNCj8G/6sX3Tse:vwwLqgvUOWi/jtR6NCjQ4Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47097142f3fe575833de930a2d8b8066a929df7ed6acd5c11876407b85bebe6a

Files

47097142f3fe575833de930a2d8b8066a929df7ed6acd5c11876407b85bebe6a
.dll windows:5 windows x86

1599bce874467a991a2f45e7f416e083

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

SetWindowsHookExA

gdi32

MoveToEx

winmm

waveOutWrite

winspool.drv

ClosePrinter

advapi32

RegQueryValueA

shell32

Shell_NotifyIconA

ole32

CoTaskMemAlloc

oleaut32

VarDateFromStr

comctl32

ImageList_Draw

ws2_32

closesocket

comdlg32

GetFileTitleA

Exports

Exports

FFHuaxiaVolcanoInstall
HuaxiaVolcanoInstall

Sections

.text
Size: 1.1MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE