MessagePack[.]dll | Triage

Sharing

General

Target

MessagePack.dll
Size

283KB
MD5

f88445014fc07eeef8503f7ab61844df
SHA1

45325f1b7d4f8c566ec57e4edffda3d54fcaf365
SHA256

5a63f30dd234b7cb73fd7da563e171219c89f5e989e9208abc7d18a1b5430676
SHA512

22b35328111de0053b3c732a71f2171047a2c5a96c7d2b60ed1136cc720226b94f43d8385cc28c94330f7863a9cf93f3600e507faf2adafed89bace3958fe09a
SSDEEP

6144:ByheKGb5T4wBGR95BH+PEAAycXsKwwgZxg:MhGCw/A5XO7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MessagePack.dll

Files

MessagePack.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\1\s\obj\MessagePack\Release\netcoreapp2.1\MessagePack.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ