HEUR-Backdoor[.]MSIL[.]WebShell[.]gen-2a568d345c86dad767578ebc3af974d7a78a2fee2ba168262f4925289bb7099b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

HEUR-Backdoor.MSIL.WebShell.gen-2a568d345c86dad767578ebc3af974d7a78a2fee2ba168262f4925289bb7099b
Size

19KB
MD5

2aa1479dd08da8e2d73c648754e350cf
SHA1

b102f3432ed0f45f9f889a07e50599eb249ac975
SHA256

2a568d345c86dad767578ebc3af974d7a78a2fee2ba168262f4925289bb7099b
SHA512

7adbeba0329d404bc4271513dd294a44c3acdac9df83b4be9b25813a02f44b5ada9e4288c1d1f7d1c5b2ff11fba11bb604ee2698e8a71a75166253cc36858fab
SSDEEP

384:AlYi6JrLxEjp5hXc9U7alQm/ykDC7gRLzcta8sk+Ic3C9:AlYi69UUQmE7gRLBXIc3C9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HEUR-Backdoor.MSIL.WebShell.gen-2a568d345c86dad767578ebc3af974d7a78a2fee2ba168262f4925289bb7099b

Files

HEUR-Backdoor.MSIL.WebShell.gen-2a568d345c86dad767578ebc3af974d7a78a2fee2ba168262f4925289bb7099b
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\root\6cfba526\5d28cd39\App_Web_qdprb34q.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ