4b3fb757f1da66365467da57cf11029d7c129572ff268f3c636d1b48dd00f04c | Triage

Sharing

General

Target

4b3fb757f1da66365467da57cf11029d7c129572ff268f3c636d1b48dd00f04c
Size

997KB
MD5

dbead33f584c16b6fdaada20664cff65
SHA1

b2d3b0a8390412ee78a34cd0614e1f6dde229f3b
SHA256

4b3fb757f1da66365467da57cf11029d7c129572ff268f3c636d1b48dd00f04c
SHA512

577ceecf10144233588ad416537f2599b925588bf9fc47d03b439a3ec68569a8d50a5a2d5060bd809d1f81c7cff18c55a6e2648ebf3a632e239b831fe3d9ce6c
SSDEEP

24576:XwpNJiuSufkASWYqmM8Apqs2jeTBr4NbthPjtTaMBX:AVgtIYqm9YqHtNbthPjtTFX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b3fb757f1da66365467da57cf11029d7c129572ff268f3c636d1b48dd00f04c

Files

4b3fb757f1da66365467da57cf11029d7c129572ff268f3c636d1b48dd00f04c
.dll windows:4 windows x86

c8e1091cd36ea419818768aa5eb93f14

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

wsprintfA

gdi32

MoveToEx

winmm

midiStreamRestart

winspool.drv

DocumentPropertiesA

advapi32

RegQueryValueA

shell32

Shell_NotifyIconA

ole32

CoTaskMemAlloc

oleaut32

VarDateFromStr

comctl32

ImageList_GetImageInfo

ws2_32

inet_ntoa

comdlg32

GetFileTitleA

Exports

Exports

HuaxiaVolcanoInstall

Sections

.text
Size: 983KB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE