fb44d5fae171924284bf51c91bbbdbb3477dfa17bc49d69011a4a7a2cc649b11

Sharing

Copy URL Twitter E-mail

General

Target

fb44d5fae171924284bf51c91bbbdbb3477dfa17bc49d69011a4a7a2cc649b11
Size

193KB
MD5

cdd72a1bd116f3939c3e91fc28065ec4
SHA1

d996c5e590b5c3716604b31f5e3bd85f29071f8e
SHA256

fb44d5fae171924284bf51c91bbbdbb3477dfa17bc49d69011a4a7a2cc649b11
SHA512

f9ad58de91b187f4909fb6a71307862d5a6c58df8040e083f839cf237e2fd5dc4f1c36a941dc5de98f69461c63a0948743204df2ca22ed52cd413090bb9d84a9
SSDEEP

3072:l5SuNu7cK1t9e9+SyzVo/WDQSdgfKj3HF342gmH7FdMWtAyMnri3a6dlxfyNDyzN:l9yWWXWc4unt0At1qmz

Score

N/A

Malware Config

Signatures

Files

fb44d5fae171924284bf51c91bbbdbb3477dfa17bc49d69011a4a7a2cc649b11
.dll windows x64

8a0f2bf48e65cdd5878c995bb60f0346

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mozsqlite3

sqlite3_finalize
sqlite3_column_bytes
sqlite3_reset
sqlite3_column_blob
sqlite3_step
sqlite3_bind_text
sqlite3_bind_int
sqlite3_bind_blob
sqlite3_prepare_v2
sqlite3_open_v2
sqlite3_free
sqlite3_mprintf
sqlite3_busy_timeout
sqlite3_exec
sqlite3_file_control
sqlite3_column_int
sqlite3_close

nss3

_NSSUTIL_GetSecmodName
SEC_QuickDERDecodeItem_Util
NSS_Get_SEC_OctetStringTemplate_Util
NSS_SecureMemcmp
_SGN_VerifyPKCS1DigestInfo
DER_Encode_Util
SGN_CreateDigestInfo_Util
SGN_DestroyDigestInfo_Util
SECOID_FindOIDByMechanism
PL_HashTableEnumerateEntries
NSSUTIL_DoModuleDBFunction
PORT_Strdup_Util
PR_IntervalNow
PR_MillisecondsToInterval
PR_GetCurrentThread
PR_Now
PR_Access
PR_NewMonitor
PR_DestroyMonitor
PR_EnterMonitor
PR_ExitMonitor
_NSSUTIL_UTF8ToWide
_NSSUTIL_Access
PR_smprintf
_NSSUTIL_EvaluateConfigDir
PL_strncasecmp
NSSUTIL_ArgFetchValue
NSSUTIL_ArgStrip
NSSUTIL_ArgSkipParameter
NSSUTIL_ArgGetLabel
NSSUTIL_ArgDecodeNumber
NSSUTIL_ArgIsBlank
NSSUTIL_ArgHasFlag
SECITEM_CompareItem_Util
PR_Free
PR_SetError
PR_CallOnce
UTIL_SetForkState
SECOID_Shutdown
PR_smprintf_free
PR_Sleep
DER_SetUInteger
PR_SecondsToInterval
SECITEM_HashCompare
PL_CompareValues
PL_HashTableLookupConst
PL_HashTableLookup
PL_HashTableRemove
PL_HashTableAdd
PL_HashTableDestroy
PL_NewHashTable
PORT_ArenaAlloc_Util
PORT_GetError_Util
PORT_ArenaGrow_Util
PORT_Realloc_Util
PR_DestroyLock
PR_NewLock
SECOID_DestroyAlgorithmID_Util
SECOID_GetAlgorithmTag_Util
SECOID_CopyAlgorithmID_Util
SECOID_SetAlgorithmID_Util
DER_GetInteger_Util
SEC_ASN1EncodeInteger_Util
SEC_ASN1EncodeItem_Util
SEC_ASN1DecodeItem_Util
SECITEM_ZfreeItem_Util
SECITEM_DupItem_Util
SECITEM_ItemsAreEqual_Util
SECITEM_AllocItem_Util
PORT_ZFree_Util
PORT_ZAlloc_Util
SECITEM_FreeItem_Util
SECITEM_CopyItem_Util
PORT_ArenaZAlloc_Util
PORT_FreeArena_Util
PORT_NewArena_Util
NSS_Get_SECOID_AlgorithmIDTemplate_Util
NSS_Get_SEC_ObjectIDTemplate_Util
NSS_Get_SEC_BitStringTemplate_Util
NSS_Get_SEC_AnyTemplate_Util
PR_GetEnvSecure
PR_GetDirectorySeparator
PR_Unlock
PR_Lock
PORT_Free_Util
PORT_Alloc_Util
PR_GetLibraryFilePathname
PR_FindFunctionSymbol
PR_UnloadLibrary
PR_LoadLibraryWithFlags
PR_GetEnv
SECOID_Init
PORT_SetError_Util
PR_snprintf
PL_strcasecmp

mozglue

malloc
free

kernel32

InitializeSListHead
GetTempPathA
WideCharToMultiByte
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
IsDebuggerPresent

vcruntime140

memset
memcmp
memcpy
__std_type_info_destroy_list
__C_specific_handler
strrchr

api-ms-win-crt-string-l1-1-0

strlen
islower
strcpy
strcmp
isupper
isdigit

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

api-ms-win-crt-filesystem-l1-1-0

_wchmod

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit

Exports

Exports

C_GetFunctionList
FC_GetFunctionList
NSC_GetFunctionList
NSC_ModuleDBFunc

Sections

.text
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a0f2bf48e65cdd5878c995bb60f0346

Headers

DLL Characteristics

File Characteristics

Imports

mozsqlite3

nss3

mozglue

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 153KB - Virtual size: 152KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 1024B - Virtual size: 3KB

.pdata Size: 7KB - Virtual size: 7KB

.gfids Size: 512B - Virtual size: 16B

.rsrc Size: 1024B - Virtual size: 816B

.reloc Size: 512B - Virtual size: 428B

.text
Size: 153KB - Virtual size: 152KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 1024B - Virtual size: 3KB

.pdata
Size: 7KB - Virtual size: 7KB

.gfids
Size: 512B - Virtual size: 16B

.rsrc
Size: 1024B - Virtual size: 816B

.reloc
Size: 512B - Virtual size: 428B