App_Web_tqkzhiqd[.]dll[.]vir | Triage

Sharing

Copy URL Twitter E-mail

General

Target

App_Web_tqkzhiqd.dll.vir
Size

7KB
MD5

0dbc3828f0aea77260fba10da48a204a
SHA1

7935e9c9b1f1affd76d78cf53a832da6e4c925e0
SHA256

a5f520ca52d84216eefd54f3e166cd63c153f3d1943a25b39e8b3730286d033e
SHA512

ab3d165f5aa3123df0228b7d9c3524a2bc4f2e57f24c1628fb583e45b4102bda2aaf28a9dc291c4e5b4bacd9f827110ca82b08d915ac6531c8147fee5791ee4b
SSDEEP

48:6xgzfjSIIIIYwMjp1OEtzbljjSLtA/afQMx6XZ0NGMQuJZfSbYes5RI9AfKfCuJV:LP1lzxSLtxhNe4+ZVJ4jIuJpMC49JS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
App_Web_tqkzhiqd.dll.vir

Files

App_Web_tqkzhiqd.dll.vir
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\lb.site\19a3e04a\54fec9d0\App_Web_tqkzhiqd.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ