SqlClrPayload[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SqlClrPayload.dll
Size

2KB
MD5

1bbb616d19f536925913e8de917bb211
SHA1

636f3b90fd0b23de8be421b07ee1c2226ed85e23
SHA256

9c9117b034fa2314df763a655f7011785749b29fdffeb62c87d3299238f7c07b
SHA512

2d4c24cabda48b0fecc61dccddb0b97e0fb9d81ccebf9613a72f781a57bae63cb154f82f52eb85180fc736130ac43167594a6babccd1e6b1327ef239fa0f5190

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume3/$Recycle.Bin/S-1-5-21-1159581898-2029943322-2268025737-2727/$RNC412D/embedded/framework/data/SqlClrPayload/v4.5/SqlClrPayload.dll

Files

SqlClrPayload.dll
.zip

Password: India@2023@@
Device/HarddiskVolume3/$Recycle.Bin/S-1-5-21-1159581898-2029943322-2268025737-2727/$RNC412D/embedded/framework/data/SqlClrPayload/v4.5/SqlClrPayload.dll
.dll windows:4 windows x86 arch:x86

Password: India@2023@@

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
manifest.json