AddIn[.]KS[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

AddIn.KS.dll
Size

40KB
MD5

cb0910d34162afae1c53a1e1f513a058
SHA1

c9adc93f8f1f8584e4db33b98df4a77dce33b98e
SHA256

fb221c389f2bad3adce386d39560288d866668d909c065cafdc0cb685cc4fc94
SHA512

040383f61496b723c4a0ba12783c5522b7d9a034141a9384729aec8c1cdb8354fd88b57fcee0f9a99b2751e8d3f276ebf1c63d794a700113d3dab0fa00d2b3c5
SSDEEP

768:FfH2pXbhhKS2FJPKe0iuafubT1okl+ex1j1:FuprhhKFJPmf1Xl+eXj1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AddIn.KS.dll

Files

AddIn.KS.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\WORK\mes\XYMES\AddIn.KS\obj\Debug\AddIn.KS.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ