EMP[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

EMP.dll
Size

5.4MB
MD5

aec7619b9c5f2ad15822c3eb7ce74440
SHA1

fb62b664fe60af3c66b4bebf904f4c662c9d25d3
SHA256

463f2343ec0216284549c19ebe812e907f7f5e7e5449d907ae771f9a4cf39303
SHA512

8d185ec5a0b0960cf4cc0c524ffc2f9948c9551c1119503c77da9ead9e8115607b248745339c973f13e543acc9d7203d471566a41b6af33def81186fe2eb7ea0
SSDEEP

98304:GU5kJ9UTDOsxvUP0EDMeB6g60nMHE20Bt9CdL38+KJK/k7VOqX2lYQj:HvTjUP0EDonH0f9ClKokV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
EMP.dll

Files

EMP.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

EMP

Sections

EMP0
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

EMP1
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE