6ecdee9fad59465a96e3bc0dcc82a8bd57bb8def6ea0acdcfdca04d3c189a427

Sharing

Copy URL Twitter E-mail

General

Target

6ecdee9fad59465a96e3bc0dcc82a8bd57bb8def6ea0acdcfdca04d3c189a427
Size

276KB
MD5

071e8eaad33f655d2f18164067bd66e0
SHA1

13a29efc01b4d3bb54d37daffec3cc899098f63e
SHA256

6ecdee9fad59465a96e3bc0dcc82a8bd57bb8def6ea0acdcfdca04d3c189a427
SHA512

88ca418143570899d7df35f2272f8b370e67d774feaf4eff1c3c6ae2bce95de56c1297e84f84607d71d5e2416832598656229ae54288b02ebb76a373447e39d7
SSDEEP

6144:Rwo+p6vAd6ELlYE7/hAZUvPucYE05eLCjEMoDyuIV:DpJ8hiU+HwMoD9K

Score

N/A

Malware Config

Signatures

Files

6ecdee9fad59465a96e3bc0dcc82a8bd57bb8def6ea0acdcfdca04d3c189a427
.dll windows x86

6a2422fabafae21d8f622856b213fa93

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gkgfx

??0nsRect@@QAE@HHHH@Z

xpcom_core

?sCanonicalVTable@nsObsoleteACString@@2PBXB
??1nsACString_internal@@QAE@XZ
??0nsQueryReferent@@QAE@PAVnsIWeakReference@@PAI@Z
??0nsGetInterface@@QAE@PAVnsISupports@@PAI@Z
?ToNewUnicode@@YAPAGABVnsAString_internal@@@Z
?AssignASCII@nsSubstring@@QAEXPBDI@Z
?Assign@nsSubstring@@QAEXABVnsAString_internal@@@Z
?Equals@nsSubstring@@QBEHABV1@@Z
?Equals@nsSubstring@@QBEHABVnsAString_internal@@@Z
?Equals@nsSubstring@@QBEHPBG@Z
?AppendASCIItoUTF16@@YAXPBDAAVnsAString_internal@@@Z
??1nsVoidArray@@UAE@XZ
??0nsVoidArray@@QAE@XZ
?AssignWithConversion@nsString@@QAEXPBDH@Z
?StripChars@nsString@@QAEXPBD@Z
?ToInteger@nsString@@QBEHPAHI@Z
?ToNewCString@@YAPADABVnsAString_internal@@@Z
?assign_from_gs_contractid_with_error@nsCOMPtr_base@@QAEXABVnsGetServiceByContractIDWithError@@ABUnsID@@@Z
?assign_from_qi_with_error@nsCOMPtr_base@@QAEXABVnsQueryInterfaceWithError@@ABUnsID@@@Z
NS_Free_P
?AppendUTF8toUTF16@@YAXABVnsACString_internal@@AAVnsAString_internal@@@Z
??1nsCOMArray_base@@IAE@XZ
?NS_GetWeakReference@@YAPAVnsIWeakReference@@PAVnsISupports@@PAI@Z
??0nsCreateInstanceByCID@@QAE@ABUnsID@@PAVnsISupports@@PAI@Z
?AppendObject@nsCOMArray_base@@IAEHPAVnsISupports@@@Z
?RemoveElementAt@nsVoidArray@@QAEHH@Z
?AppendElement@nsVoidArray@@QAEHPAX@Z
?ElementAt@nsVoidArray@@QBEPAXH@Z
?assign_from_gs_cid_with_error@nsCOMPtr_base@@QAEXABVnsGetServiceByCIDWithError@@ABUnsID@@@Z
?FindChar@nsSubstring@@QBEHGI@Z
?Mid@nsString@@QBEIAAV1@II@Z
nsUnescape
??0nsCreateInstanceByContractID@@QAE@PBDPAVnsISupports@@PAI@Z
?NS_NewISupportsArray@@YAIPAPAVnsISupportsArray@@@Z
?RemoveElement@nsVoidArray@@QAEHPAX@Z
??1nsAutoLock@@QAE@XZ
??0nsAutoLock@@QAE@PAUPRLock@@@Z
?NS_NewGenericModule2@@YAIPBUnsModuleInfo@@PAPAVnsIModule@@@Z
?assign_from_gs_contractid@nsCOMPtr_base@@QAEXVnsGetServiceByContractID@@ABUnsID@@@Z
?assign_from_helper@nsCOMPtr_base@@QAEXABVnsCOMPtr_helper@@ABUnsID@@@Z
?Find@nsString@@QBEHPBDHHH@Z
?Assign@nsSubstring@@QAEXABV1@@Z
?Assign@nsSubstring@@QAEXPBGI@Z
?ReplaceASCII@nsSubstring@@QAEXIIPBDI@Z
?RemoveObjectAt@nsCOMArray_base@@IAEHH@Z
??0nsSupportsWeakReference@@QAE@XZ
??1nsSupportsWeakReference@@IAE@XZ
?GetWeakReference@nsSupportsWeakReference@@UAGIPAPAVnsIWeakReference@@@Z
?sCanonicalVTable@nsObsoleteAString@@2PBXB
??1nsAString_internal@@QAE@XZ
??1nsCOMPtr_base@@QAE@XZ
?assign_with_AddRef@nsCOMPtr_base@@QAEXPAVnsISupports@@@Z
?assign_from_qi@nsCOMPtr_base@@QAEXVnsQueryInterface@@ABUnsID@@@Z
?assign_from_gs_cid@nsCOMPtr_base@@QAEXVnsGetServiceByCID@@ABUnsID@@@Z
?EmptyString@@YAABVnsString@@XZ
?Find@nsString@@QBEHABV1@HH@Z
?EqualsASCII@nsSubstring@@QBEHPBDI@Z
?LowerCaseEqualsASCII@nsSubstring@@QBEHPBDI@Z
?Replace@nsSubstring@@QAEXIIABVnsSubstringTuple@@@Z
?Replace@nsSubstring@@QAEXIIPBGI@Z
?sEmptyBuffer@?$nsCharTraits@G@@2PBGB
?Equals@nsAString_internal@@QBEHABV1@@Z

nspr4

PR_DestroyLock
PR_Lock
PR_Unlock
PR_snprintf
PR_NewLock
PR_AtomicIncrement
PR_AtomicDecrement

plc4

PL_strfree

msvcp71

?_Nomemory@std@@YAXXZ

msvcr71

_onexit
__dllonexit
_except_handler3
__CppXcptFilter
_adjust_fdiv
??3@YAXPAX@Z
free
_callnewh
malloc
_purecall
strlen
_initterm

kernel32

DisableThreadLibraryCalls

Exports

Exports

NSGetModule

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6a2422fabafae21d8f622856b213fa93

Headers

File Characteristics

Imports

gkgfx

xpcom_core

nspr4

plc4

msvcp71

msvcr71

kernel32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 48B

.rsrc Size: 4KB - Virtual size: 896B

.reloc Size: 4KB - Virtual size: 3KB

.text Size: 208KB - Virtual size: 208KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 48B

.rsrc
Size: 4KB - Virtual size: 896B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 208KB - Virtual size: 208KB