SqlClrPayload[.]dll | Triage

Sharing

General

Target

SqlClrPayload.dll
Size

2KB
MD5

02e6bce422d3a3043757c2b7be6a9173
SHA1

ac60bbd3c12766d04800ff9d3dbc6e72dfeeb854
SHA256

8ca8021be3ed915ad6deb2c74acc752d8bd1134ef52ba1f52164889545a67e5a
SHA512

e315d5180595cdee3c3017b7b1d93950dab667013428f5fa4aacced60f2d69d11cf6f47e2a27c83c612b9296cea33ec3c160f195a7fb4758c59f18cc650c509a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume3/$Recycle.Bin/S-1-5-21-1159581898-2029943322-2268025737-2727/$RNC412D/embedded/framework/data/SqlClrPayload/v4.0/SqlClrPayload.dll

Files

SqlClrPayload.dll
.zip

Password: S@ndb0x!2023@@
Device/HarddiskVolume3/$Recycle.Bin/S-1-5-21-1159581898-2029943322-2268025737-2727/$RNC412D/embedded/framework/data/SqlClrPayload/v4.0/SqlClrPayload.dll
.dll windows x86

Password: S@ndb0x!2023@@

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
manifest.json