Wednesday, August 21, 2013

Randomly named assemblies (.NET)

Randomly named assemblies (.NET)

When a .NET application (in my case it's SQL Management Studio, but I
think, it's more general issue) fails due to unhandled exception, I
receive a popup with a call stack and a list of loaded assemblies.
Among them I see 2 or 3 randomly named assemblies, which in all other
aspects look like copies of System.dll:



epovwbjf Assembly Version: 10.0.0.0 Win32 Version: 2.0.50727.5467
(Win7SP1GDR.050727-5400)
CodeBase:
file:///C:/Windows/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
l3kwu1p5 Assembly Version: 10.0.0.0 Win32 Version: 2.0.50727.5467
(Win7SP1GDR.050727-5400)
CodeBase:
file:///C:/Windows/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
9wpjdbe7 Assembly Version: 10.0.0.0 Win32 Version: 2.0.50727.5467
(Win7SP1GDR.050727-5400)
CodeBase:
file:///C:/Windows/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
Is this a normal behaviour or a sign of malware infection ? (I've tested
that dll via virustotal.com, it detected 0/46). Why does it happen (if
it's expected) and where can I learn more on it ?
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)