afdcac0f958422edc29482732100953e56e068731df91fb4c2a5b20773e1d227

Sharing

Copy URL Twitter E-mail

General

Target

afdcac0f958422edc29482732100953e56e068731df91fb4c2a5b20773e1d227
Size

1.4MB
MD5

0b37e43716e47deeb1d4253533b9d121
SHA1

57fd781688e073cf987605928e7b2f4ccfbbca14
SHA256

afdcac0f958422edc29482732100953e56e068731df91fb4c2a5b20773e1d227
SHA512

bc37f5c75eab1123eaee7deb141820a1a60defc29dd5eed105712041ed1c69b2b0ad95ac12706a0f3f3bceee5a994907e7c8e628e63fc54875b834e3eb5352b5
SSDEEP

24576:LkbV664YqH60nFZZ82rq4/LeCKBl9eYmmM63lN:LZTjKT3Zl

Score

N/A

Malware Config

Signatures

Files

afdcac0f958422edc29482732100953e56e068731df91fb4c2a5b20773e1d227
.exe windows x86

50de5006ea86f415974ab846d21c8c55

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mozglue

_Z23DllBlocklist_Initializej
_ZN7mozilla18IsWin32kLockedDownEv
_ZN7mozilla19MapRemoteViewOfFileEPvS0_yS0_mmm
_ZN7mozilla5mscom6detail21EndProcessRuntimeInitEv
_ZN7mozilla5mscom6detail23BeginProcessRuntimeInitEv
_ZN7mozilla9TimeStamp3NowEb
_aligned_free
_aligned_malloc
_wcsdup
calloc
free
malloc
moz_xmalloc
realloc
strdup

ntdll

NtOpenFile
NtQueryInformationProcess
NtQueryVirtualMemory
NtUnmapViewOfSection
RtlAcquireSRWLockExclusive
RtlAllocateHeap
RtlCompareMemory
RtlEqualUnicodeString
RtlGetVersion
RtlInitUnicodeString
RtlReleaseSRWLockExclusive
VerSetConditionMask

api-ms-win-crt-convert-l1-1-0

_ltoa
_strtod_l
_strtoi64_l
_strtoui64_l
strtod
strtol
strtoul
wcrtomb_s
wcstod
wcstol
wcstoul

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron
_putenv
_wgetenv
getenv

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath_s

api-ms-win-crt-math-l1-1-0

__setusermatherr
_fdopen

api-ms-win-crt-private-l1-1-0

memchr
memcmp
memcpy
memmove
strrchr
wcschr

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
__p__acmdln
__sys_nerr
_assert
_beginthreadex
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_atexit
_errno
_exit
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_register_thread_local_exe_atexit_callback
_set_app_type
_set_invalid_parameter_handler
abort
exit
signal
strerror_s

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsnprintf_s
__stdio_common_vsnwprintf_s
__stdio_common_vsprintf
__stdio_common_vsscanf
__stdio_common_vswprintf
_close
_dup
_fileno
_open
_wfopen
_write
fclose
fflush
fgets
fputc
fputs
freopen
fwrite

api-ms-win-crt-string-l1-1-0

_isctype_l
_iswalpha_l
_iswcntrl_l
_iswdigit_l
_iswlower_l
_iswprint_l
_iswpunct_l
_iswspace_l
_iswupper_l
_iswxdigit_l
_strcoll_l
_stricmp
_strnicmp
_strxfrm_l
_tolower_l
_toupper_l
_towlower_l
_towupper_l
_wcscoll_l
_wcsicmp
_wcsnicmp
_wcsxfrm_l
islower
isspace
isupper
iswctype
iswspace
isxdigit
memset
strcmp
strcpy
strlen
strncmp
tolower
towlower
towupper
wcscmp
wcscpy
wcscpy_s
wcslen
wcsncmp
wcspbrk
wcstok_s

advapi32

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
CopySid
CreateProcessAsUserW
CreateRestrictedToken
CreateWellKnownSid
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
DeregisterEventSource
DuplicateToken
DuplicateTokenEx
EqualSid
GetAce
GetKernelObjectSecurity
GetLengthSid
GetSecurityDescriptorSacl
GetSecurityInfo
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
InitializeAcl
InitializeSecurityDescriptor
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegDisablePredefinedCache
RegGetValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegisterEventSourceW
ReportEventW
RevertToSelf
SetEntriesInAclW
SetKernelObjectSecurity
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityInfo
SetThreadToken
SetTokenInformation
SystemFunction036

shell32

CommandLineToArgvW

kernel32

AcquireSRWLockExclusive
AssignProcessToJobObject
AttachConsole
CloseHandle
CreateEventW
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateJobObjectW
CreateMutexW
CreateNamedPipeW
CreateProcessW
CreateRemoteThread
CreateThread
CreateToolhelp32Snapshot
DebugBreak
DeleteCriticalSection
DeleteProcThreadAttributeList
DuplicateHandle
EncodePointer
EnterCriticalSection
ExpandEnvironmentStringsW
FileTimeToSystemTime
FlsAlloc
FlsGetValue
FlsSetValue
FlushInstructionCache
FreeEnvironmentStringsW
FreeLibrary
GetCommandLineW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSizeEx
GetFileType
GetLastError
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetProcAddress
GetProcessHandleCount
GetProcessHeaps
GetProcessId
GetQueuedCompletionStatus
GetStartupInfoA
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadId
GetThreadPriority
GetTickCount
GetUserDefaultLCID
GetUserDefaultLangID
GetUserDefaultLocaleName
GetVersionExW
GetVolumePathNameW
HeapDestroy
HeapSetInformation
InitOnceExecuteOnce
InitializeCriticalSection
InitializeCriticalSectionEx
InitializeProcThreadAttributeList
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalAlloc
LocalFree
MapViewOfFile
MultiByteToWideChar
OpenFileMappingW
OpenProcess
OutputDebugStringA
PostQueuedCompletionStatus
Process32FirstW
Process32NextW
ProcessIdToSessionId
QueryFullProcessImageNameW
QueryPerformanceCounter
QueryPerformanceFrequency
QueryThreadCycleTime
RaiseException
ReadFile
ReadProcessMemory
RegisterWaitForSingleObject
ReleaseSRWLockExclusive
ResetEvent
ResumeThread
SearchPathW
SetDllDirectoryW
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetHandleInformation
SetInformationJobObject
SetLastError
SetThreadPriority
SetUnhandledExceptionFilter
SignalObjectAndWait
Sleep
SleepConditionVariableSRW
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateJobObject
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
TryEnterCriticalSection
TzSpecificLocalTimeToSystemTime
UnhandledExceptionFilter
UnmapViewOfFile
UnregisterWaitEx
UpdateProcThreadAttribute
VerifyVersionInfoA
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualProtect
VirtualProtectEx
VirtualQuery
VirtualQueryEx
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteFile
WriteProcessMemory
lstrlenW

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
___mb_cur_max_func
__initialize_lconv_for_unsigned_char
__pctype_func
_configthreadlocale
_create_locale
_free_locale
localeconv
setlocale

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_strftime_l
_tzset

api-ms-win-crt-multibyte-l1-1-0

_mbtowc_l

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Exports

Exports

GetHandleVerifier
IsSandboxedProcess
NativeNtBlockSet_Write

Sections

.text
Size: 889KB - Virtual size: 888KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 137B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gcc_exc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 375KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50de5006ea86f415974ab846d21c8c55

Headers

DLL Characteristics

File Characteristics

Imports

mozglue

ntdll

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

advapi32

shell32

kernel32

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 889KB - Virtual size: 888KB

.rdata Size: 101KB - Virtual size: 100KB

.buildid Size: 512B - Virtual size: 137B

.data Size: 512B - Virtual size: 13KB

.gcc_exc Size: 9KB - Virtual size: 9KB

.tls Size: 512B - Virtual size: 12B

.rsrc Size: 375KB - Virtual size: 375KB

.reloc Size: 42KB - Virtual size: 41KB

.text
Size: 889KB - Virtual size: 888KB

.rdata
Size: 101KB - Virtual size: 100KB

.buildid
Size: 512B - Virtual size: 137B

.data
Size: 512B - Virtual size: 13KB

.gcc_exc
Size: 9KB - Virtual size: 9KB

.tls
Size: 512B - Virtual size: 12B

.rsrc
Size: 375KB - Virtual size: 375KB

.reloc
Size: 42KB - Virtual size: 41KB