Reformer[.]HengShengETC[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Reformer.HengShengETC.dll
Size

26KB
MD5

2042985127d3e4d77d8ca579515ad69b
SHA1

d89f2dc8e21517513911e523ed9abd1fb03bb0b5
SHA256

1effc5487f91c5a23d42323019cd743e23a9f3e760e89a13ffeb6ee01337e277
SHA512

41bd40cca44e21871158f1cf076ccb44e4d77b4867c71dfe399fe892b7de45b5331ec708ba03526e9c4c395670bdf7c4417c604d6c0d76efec9b435ef2bd017b
SSDEEP

768:UzCV2Vj3Ig7r3vbHZE43xo+Gpvppf59+Y:UzCVWDIg7r3jHZE4307pv+Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Reformer.HengShengETC.dll

Files

Reformer.HengShengETC.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\jenkins01\workspace\ACS4.0\ACS_V4.2.3_2\Reformer.HengShengETC\obj\Debug\Reformer.HengShengETC.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ