DrpPrinter[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

DrpPrinter.dll
Size

344KB
MD5

501d15047ce2dc616bc748419beaa5f7
SHA1

0eb633167b75ef65d74843caef332b651fb6f222
SHA256

6c09cf4b8be1fc51db3f87f01da36de86f69b67cc92fccd57ba9ed364c5ecb0e
SHA512

6c5538c19061dbeafb8feebb2328b7e3a84d5328bbb731322ef317ae133323aa8d84aafdde7a823b40a692bc08931660c88f89a9434398979830e829e23f2133
SSDEEP

3072:SJL/89UxFA//cSCjtIkvaQMGf1r3GAF/2NdkV6U5ot73wNxxSq2BgZQVGTkZ6pGO:SJL8a6MSCjSAF+FUqkGPFrv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DrpPrinter.dll

Files

DrpPrinter.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

H:\DotNet\ERP7.NET\Hanson.Product.Erp7\Drp7\Hanson.Product.Erp7.Drp7.DrpPrinter\obj\Release\DrpPrinter.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 342KB - Virtual size: 341KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ