QimenPlat[.]Entity[.]Hanson[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

QimenPlat.Entity.Hanson.dll
Size

8KB
MD5

50593744bd7f7e5864c6ee3b893f6f55
SHA1

0cdbb093de4088b659900fb37c5fca7e2bbf2da4
SHA256

8762fc561fc106141c10f939e251d65d7d51d8ca7d51f3e22a55be520855cd50
SHA512

bfa9cd468030c191641055c0a09fcabc04a26adc8f7afdaa7ca4b500b5774cff15ca8c75f5ec49a8f7e35a6b3a561aba07e11bf56c4ad019813e21eeb9ce1d08
SSDEEP

96:mpK/6N6yagkJZ9awIUTFGSCkJHKPaFrwW5u:JoafZKUTFGSCkJThwW5u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
QimenPlat.Entity.Hanson.dll

Files

QimenPlat.Entity.Hanson.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

H:\DotNet\QimenPlat\QimenPlat.Entity.Hanson\obj\Debug\QimenPlat.Entity.Hanson.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ