ThugClientV5obfbysolar[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ThugClientV5obfbysolar.dll
Size

2.4MB
MD5

9f6b2e3b06cbaf8728c4b097fa119024
SHA1

685916703e5b948c27f82c85ea355098cef754d7
SHA256

8a63513c148c4cc9ef2008eb1c87a7b0f8ea6986a3e6d0b82b10a43f8584f734
SHA512

212d2ee41a164d80469693be07a052f863d69fbf62c4b8e68cb11be2307a468f0bc7e4d1e9c03400efb451e667623aea47eddd7a6afe4fa073374f86ef438887
SSDEEP

12288:3NXfJeRGmgJgp41xgBLhDJa07LuzYapFy4I0Ez2f6I1:pfs6Op4LUJ4I0fff

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ThugClientV5obfbysolar.dll

Files

ThugClientV5obfbysolar.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ