DnsClient[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

DnsClient.dll
Size

134KB
MD5

1b5c27a7e07689a62e0a1f0124e9005b
SHA1

40027e3d5e8c9d673897ed5c5ab4c6ec311e0f97
SHA256

7efdfb1984ad84ada278f9b9d221c85ca4802f5511b62f75a8e4280d30fbac66
SHA512

808412dd0b47444f18dff5a766bc34d597b1f868f1e657f5da6fe534cc97181a544833edcb900b170347e2674be578a9bb5875a3ec2b81de11c860c2cbf4f742
SSDEEP

3072:iu2vKNNS2EXXoTsQG5K+SFjkKkB9nJk0MqlY3VxhSH4C:yvKNNSq57Nkv+0M3SH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DnsClient.dll

Files

DnsClient.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\1\s\src\DnsClient\obj\Release\net45\DnsClient.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ