dotnet_loader[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dotnet_loader.bin
Size

3.1MB
MD5

ff2bee4a2606d3c8f0af57de171af3c9
SHA1

504123cdecd225e999f0d44e43d874a91f35c6e0
SHA256

7a2f296746c0ef1567faa12e7fe1902c4d74efda27045a5e4593fa91943dff9b
SHA512

79818fc728fc407bcc84d5b3e4feb32601a8887dca9d9ddb9ac4a44686be5613dbc622c679106c9e18202fd7c480dea9c7ce575194b69d901d3c5b373248d0fe
SSDEEP

49152:cl3YiJGAZ+JOBhXPMvH5siyKGDvGRwCcG6uwoKUph9wR:clo0IkBlMv5sm2Gw26kKow

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dotnet_loader.bin

Files

dotnet_loader.bin
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ