emotet | payload_carved[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

payload_carved.dll
Size

167KB
MD5

fe43e3595e8e79f086fe9b367e8d7005
SHA1

fbc5f7531e7dd3969e41b81c77c91f93ab5625d4
SHA256

98b9bd9da1ad5c48dc82f3c7152494217823514b5fc6d5b8e53b9b5a8dec5f7a
SHA512

781442da825d382964747248cc2162fad7afabfa97069a0eda7da04fe2578de9ab6b4e90d00272c67ad00a117f8fc62519e7aaab1b58adc253165a8d29325fde
SSDEEP

3072:gab7+a6RKcswmok6hxrFO/DjPehy+e6kylW8G:fQ1sw7hxZObqX3

Score

10^/10

emotet

Malware Config

Signatures

Emotet family
emotet

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
payload_carved.dll

Files

payload_carved.dll
.dll regsvr32 windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

DllRegisterServer

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ