3e5e7a9eb79fcf47b89ae19c5a1c0eaa

Sharing

Copy URL

Twitter E-mail

General

Target

3e5e7a9eb79fcf47b89ae19c5a1c0eaa
Size

112KB
MD5

3e5e7a9eb79fcf47b89ae19c5a1c0eaa
SHA1

35effd49cd9fbb3d91dee83de1595200f34d186b
SHA256

dbf7d84621d732ea4889e79534a7a93ff3db8019067f27a5313ddd368b9d9ede
SHA512

19518c2290d0d8cdc0f636020ba6f799bf5651cb72820e588cf0cc8b55a7a222689d8a6fd20c0b9f877c1bc08d6b486394e5108199147f02bebe4931c7953ce8
SSDEEP

1536:tOUxwi34FuLdtNdm2CUZSHEiA7Suk6e9yGzc6iltguGwZTsUGAx2O7ZGrDqCRKC:V3PMlZqtgpwZmAx2O7ZGPVRX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e5e7a9eb79fcf47b89ae19c5a1c0eaa

Files

3e5e7a9eb79fcf47b89ae19c5a1c0eaa
.dll windows:4 windows x86 arch:x86

50d63cfca8f2994c9b3b0fadc54066ea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

xpcom

NS_Alloc
NS_Free
NS_GetServiceManager
NS_UTF16ToCString
NS_CStringContainerFinish
NS_CStringContainerInit
NS_StringContainerInit
NS_StringContainerFinish
NS_StringContainerInit2
NS_CStringGetData

nspr4

PR_AtomicDecrement
PR_AtomicIncrement

msvcp71

?uncaught_exception@std@@YA_NXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@V312@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?_Nomemory@std@@YAXXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBD@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?push_back@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
DisableThreadLibraryCalls
QueryPerformanceFrequency
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetSystemInfo
LocalFree
LocalAlloc
ReleaseSemaphore
CreateSemaphoreA
ReleaseMutex
CreateMutexA
ResetEvent
SetEvent
CreateEventA
WaitForSingleObject
GetLastError
FreeLibrary
LoadLibraryA
GetVersionExA
GetModuleHandleA
GetProcAddress
OpenEventA
OpenProcess
WaitForMultipleObjects
CloseHandle
GetModuleFileNameA
InterlockedDecrement
GetCurrentProcessId
InterlockedIncrement

advapi32

InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityInfo

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

msvcr71

?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_initterm
free
_onexit
__dllonexit
??1type_info@@UAE@XZ
??8type_info@@QBEHABV0@@Z
??_V@YAXPAX@Z
??_U@YAPAXI@Z
_callnewh
malloc
memcpy
strcpy
strlen
sprintf
strncpy
tolower
_CxxThrowException
??0exception@@QAE@ABV0@@Z
_except_handler3
_purecall
??3@YAXPAX@Z
__CxxFrameHandler
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_strlwr
_beginthreadex

Exports

Exports

Install2A
InstallDOMPilot
InstallDOMPilotA
NSGetModule
UpdateCurrentURL

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50d63cfca8f2994c9b3b0fadc54066ea

Headers

File Characteristics

Imports

xpcom

nspr4

msvcp71

kernel32

advapi32

version

msvcr71

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 66KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 608B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 68KB - Virtual size: 66KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 608B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 9KB