plugin-container[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

plugin-container.exe
Size

273KB
MD5

e428725ae38bf1803cccbf348d280d39
SHA1

b68defad7a4d89c32a053958d5660dd707a36e7a
SHA256

70ad689e89c97476474f209a802167eb058dce71c7eebe83fa633c8920b24461
SHA512

b784473bf0c2930991be50f19969a0e2c29be9021283fd52a5ec476b69bb060fa35a83a73f2198425c1f9da282e98263eef902fbe4d1ed5d06db5420510a2061
SSDEEP

3072:6RXrKiHPiho+TURzc1Dl4U9vbPTrdLjJCIfkAHU2Ie+Q4aK5eL1P5:4eiHPWm0DlxrHdJ9jvcURB

Score

1^/10

Malware Config

Signatures

Files

plugin-container.exe
.exe windows x86

128a62ac8fe4c2914cbafbd14593433b

Code Sign

f3:75:f9:1d:3d:e5:d0:e2
Certificate

Issuer

CN=Mozilla Fake CA

Not Before

25/09/2015, 14:02

Not After

12/06/2035, 14:02

Subject

CN=Mozilla Fake SPC

d9:9c:a7:7c:15:d5:9d:e9:12:17:51:04:76:db:bf:f0:44:4d:e3:da
Signer

Actual PE Digest

d9:9c:a7:7c:15:d5:9d:e9:12:17:51:04:76:db:bf:f0:44:4d:e3:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
IsDebuggerPresent
CloseHandle
RaiseException
WaitForSingleObject
Sleep
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetVersionExW
GetNativeSystemInfo
GetModuleFileNameW
GetProcessHandleCount
VirtualFree
GetCurrentProcessId
FreeLibrary
HeapSetInformation
GetCurrentDirectoryW
GetFileType
SignalObjectAndWait
CreateFileW
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleExW
SetLastError
GetComputerNameW
LocalFree
GetSystemDirectoryW
GetLastError
GetVolumeInformationW
TerminateProcess
VerifyVersionInfoW
SetDllDirectoryW
LoadLibraryExA
GetProcAddress
GetModuleHandleW
GetModuleHandleA
VirtualProtectEx
VirtualAllocEx
FlushInstructionCache
ExpandEnvironmentStringsW
SetEnvironmentVariableW
GetEnvironmentVariableW
VerSetConditionMask
GetCurrentProcess
MultiByteToWideChar
SetHandleInformation
VirtualQuery
GetCommandLineW
EncodePointer
DecodePointer
HeapFree
HeapAlloc
HeapReAlloc
IsProcessorFeaturePresent
LoadLibraryExW
ExitProcess
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetStartupInfoW
WriteFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStringTypeW
RtlUnwind
OutputDebugStringW

winmm

timeGetTime

advapi32

RegDisablePredefinedCache
RevertToSelf
GetLengthSid
OpenProcessToken
ConvertStringSidToSidW
SetTokenInformation
ConvertSidToStringSidW
LookupAccountNameW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

Exports

Exports

?ProvideLogFunction@sandboxing@mozilla@@YAXP6AXPBD00_NI@Z@Z
?moz_Xinvalid_argument@std@@YAXPBD@Z
?moz_Xlength_error@std@@YAXPBD@Z
?moz_Xout_of_range@std@@YAXPBD@Z
?moz_Xoverflow_error@std@@YAXPBD@Z
?moz_Xruntime_error@std@@YAXPBD@Z
?mozalloc_abort@@YAXQBD@Z
?mozalloc_handle_oom@@YAXI@Z
?mozalloc_set_oom_abort_handler@@YAXP6AXI@Z@Z
IsSandboxedProcess
_TargetCreateNamedPipeW@36
_TargetCreateProcessA@44
_TargetCreateProcessW@44
_TargetGdiDllInitialize@12
_TargetGetStockObject@8
_TargetNtCreateEvent@24
_TargetNtCreateFile@48
_TargetNtCreateKey@32
_TargetNtMapViewOfSection@44
_TargetNtOpenEvent@16
_TargetNtOpenFile@28
_TargetNtOpenKey@16
_TargetNtOpenKeyEx@20
_TargetNtOpenProcess@20
_TargetNtOpenProcessToken@16
_TargetNtOpenProcessTokenEx@20
_TargetNtOpenThread@20
_TargetNtOpenThreadToken@20
_TargetNtOpenThreadTokenEx@24
_TargetNtQueryAttributesFile@12
_TargetNtQueryFullAttributesFile@12
_TargetNtSetInformationFile@24
_TargetNtSetInformationThread@20
_TargetNtUnmapViewOfSection@12
_TargetRegisterClassW@8
g_handles_to_close
g_interceptions
g_nt
g_originals
g_shared_IPC_size
g_shared_delayed_integrity_level
g_shared_delayed_mitigations
g_shared_policy_size
g_shared_section
moz_xcalloc
moz_xmalloc
moz_xrealloc
moz_xstrdup

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

128a62ac8fe4c2914cbafbd14593433b

Code Sign

f3:75:f9:1d:3d:e5:d0:e2Certificate

d9:9c:a7:7c:15:d5:9d:e9:12:17:51:04:76:db:bf:f0:44:4d:e3:daSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winmm

advapi32

Exports

Exports

Sections

.text Size: 143KB - Virtual size: 142KB

.rdata Size: 109KB - Virtual size: 109KB

.data Size: 6KB - Virtual size: 18KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 9KB - Virtual size: 8KB

f3:75:f9:1d:3d:e5:d0:e2
Certificate

d9:9c:a7:7c:15:d5:9d:e9:12:17:51:04:76:db:bf:f0:44:4d:e3:da
Signer

.text
Size: 143KB - Virtual size: 142KB

.rdata
Size: 109KB - Virtual size: 109KB

.data
Size: 6KB - Virtual size: 18KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 9KB - Virtual size: 8KB