Lskj[.]Expression[.]dll | Triage

Sharing

General

Target

Lskj.Expression.dll
Size

23KB
MD5

5edc8965d2733b44f857571d6a7edae5
SHA1

93f6fd076d7efa11e8a0f4a8400b0e129c554251
SHA256

d3c9082726f289d7dd4d8068c3551697498c435097c53b1ddc693e0b3adfd45e
SHA512

a66a169c23a7b1ae973428d89a62694c69f9eb74a7b609d29b9b5a66af3166aafe26e0cc0ab92409aa479e582d242c929fca3e74e266baba9c5ceae17d8d6e4f
SSDEEP

384:VKwnK/ReL76iTUAoIcUscrKIzeeTfmOkoQDHARUxuPT:VKwOTmecrpdzUxAT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Lskj.Expression.dll

Files

Lskj.Expression.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\VisualStudio2013\WorkProject\Lskj_WebErp_7.0\Lskj.Expression\obj\Release\Lskj.Expression.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ