8a2eae776fc8c7826c7b430c4edcd52cc131bca73481abb75821515686accb90 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8a2eae776fc8c7826c7b430c4edcd52cc131bca73481abb75821515686accb90
Size

732KB
MD5

5af0ef995e469ed50fcf3815b2ed2522
SHA1

29c2963efb00830f1c843f2e8dcd5ea046349dfa
SHA256

8a2eae776fc8c7826c7b430c4edcd52cc131bca73481abb75821515686accb90
SHA512

279550492100fb87883a8b4edf4f251a57211d25dc5d3b9320b42288286062e7a0491d2149718e5e8bfb589db948ede2108e9a8cd1c80f0d84f1dd6002b6b8e4
SSDEEP

12288:+UI3PSO0qrQ3e4OHO5rFHx8jis6rRg/GNPOM7WmzRG9FLCHOr7+q6F/ucj/i:jFqx4/5rFH6i3Rg/CfWiRGfLmGHur+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a2eae776fc8c7826c7b430c4edcd52cc131bca73481abb75821515686accb90

Files

8a2eae776fc8c7826c7b430c4edcd52cc131bca73481abb75821515686accb90
.dll windows:4 windows x86 arch:x86

496c9b38cb0c3ec22f75700161ec8ecf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

SetParent

gdi32

GetSystemPaletteEntries

winmm

midiStreamRestart

winspool.drv

ClosePrinter

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

CLSIDFromProgID

oleaut32

SafeArrayGetElement

comctl32

ord17

ws2_32

inet_ntoa

comdlg32

GetSaveFileNameA

Exports

Exports

HuaxiaVolcanoInstall

Sections

.text
Size: 707KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE