PowerOrder[.]dll | Triage

Sharing

General

Target

PowerOrder.dll
Size

5.2MB
MD5

9efc4336f2c211f51ff4498b16226567
SHA1

7811fd7b9d6f8dbc70c5dad1351de3c5aa1fb43a
SHA256

7057dc55cb60012fdd330400507cb203a45c77e2d7f05ba41432f4ced398c38a
SHA512

ddb9bdae0ce4049971feb3043804c76b5c0d4734ad0d66fe74a76ed6714ef2f9e096193f5400b9b5ca7a2c1595e110f6d9ffa6dcb89b5eb5f465d1c7c81bb528
SSDEEP

98304:fXKgRPUk000000dgqkYNBAZkH+C+OO+8OOJ+Kiz:ft+C+OO+8OOJ+Kiz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PowerOrder.dll

Files

PowerOrder.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ