2b46a9dc9624576e8ac27ad9279bd5b8

Sharing

Copy URL Twitter E-mail

General

Target

2b46a9dc9624576e8ac27ad9279bd5b8
Size

966KB
MD5

2b46a9dc9624576e8ac27ad9279bd5b8
SHA1

bbdea2b29a462d64741636cd27d7d98ce2a16015
SHA256

b0148e51d8aa46ae3fd83db014c8f05446c7b6d482d24f5c23ca6761c8f46567
SHA512

90c57d119cd0ee51f1e0be6a5653be8982602f8a973e2ccaf184cae7f88a6671b669ba18868ccfb20f42bc41d890cb12465c4e8802829056a89bd173ec1f7a00
SSDEEP

12288:q5Kfkp5sNc5XwvqYoYpLxPLoq2XhPb1xA0T0P13+/+b00Zo6w8XxPjT754w+WKu:wKqYoYpLxMPhPZDe3pZol8FL541T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b46a9dc9624576e8ac27ad9279bd5b8

Files

2b46a9dc9624576e8ac27ad9279bd5b8
.exe windows:6 windows x86 arch:x86

d8c325728f74c895c58fef3ed240f72c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mozglue

_Z23DllBlocklist_Initializej
_ZN7mozilla18IsWin32kLockedDownEv
moz_xmalloc
mozalloc_abort

shell32

CommandLineToArgvW

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron
getenv

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath_s

api-ms-win-crt-heap-l1-1-0

_aligned_free
_aligned_malloc
_set_new_mode
calloc
free
malloc
realloc

api-ms-win-crt-private-l1-1-0

memchr
memcmp
memcpy
memmove
wcschr

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
__p__acmdln
__sys_nerr
_assert
_beginthreadex
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_atexit
_errno
_exit
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_register_thread_local_exe_atexit_callback
_set_app_type
_set_invalid_parameter_handler
abort
exit
signal
strerror
strerror_s

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsnprintf_s
__stdio_common_vsnwprintf_s
__stdio_common_vsprintf
__stdio_common_vsscanf
__stdio_common_vswprintf
_close
_open
_write
fflush
fputc
fputs
fwrite

api-ms-win-crt-string-l1-1-0

_isctype_l
_iswalpha_l
_iswcntrl_l
_iswdigit_l
_iswlower_l
_iswprint_l
_iswpunct_l
_iswspace_l
_iswupper_l
_iswxdigit_l
_strcoll_l
_strnicmp
_strxfrm_l
_tolower_l
_toupper_l
_towlower_l
_towupper_l
_wcscoll_l
_wcsdup
_wcsicmp
_wcsnicmp
_wcsxfrm_l
islower
isspace
isupper
iswctype
iswspace
isxdigit
memset
strcmp
strlen
strncmp
towupper
wcscmp
wcslen
wcsncmp
wcstok_s

advapi32

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
CopySid
CreateProcessAsUserW
CreateRestrictedToken
CreateWellKnownSid
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
DuplicateToken
DuplicateTokenEx
EqualSid
GetAce
GetKernelObjectSecurity
GetLengthSid
GetSecurityDescriptorSacl
GetSecurityInfo
GetTokenInformation
InitializeAcl
InitializeSecurityDescriptor
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDisablePredefinedCache
RegOpenKeyExW
RegQueryValueExW
RevertToSelf
SetEntriesInAclW
SetKernelObjectSecurity
SetSecurityDescriptorDacl
SetSecurityInfo
SetThreadToken
SetTokenInformation
SystemFunction036

kernel32

AcquireSRWLockExclusive
AssignProcessToJobObject
CloseHandle
CreateEventW
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateJobObjectW
CreateMutexW
CreateNamedPipeW
CreateProcessW
CreateRemoteThread
CreateThread
CreateToolhelp32Snapshot
DebugBreak
DeleteCriticalSection
DuplicateHandle
EncodePointer
EnterCriticalSection
ExpandEnvironmentStringsW
FileTimeToSystemTime
FlsAlloc
FlsGetValue
FlsSetValue
FlushInstructionCache
FreeEnvironmentStringsW
FreeLibrary
GetCommandLineW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetEnvironmentVariableW
GetFileAttributesW
GetFileType
GetLastError
GetLongPathNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetProcAddress
GetProcessHandleCount
GetProcessHeaps
GetProcessId
GetQueuedCompletionStatus
GetStartupInfoA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadId
GetThreadPriority
GetTickCount
GetUserDefaultLCID
GetUserDefaultLangID
GetUserDefaultLocaleName
GetVersionExW
GetVolumePathNameW
HeapDestroy
HeapSetInformation
InitOnceExecuteOnce
InitializeCriticalSection
InitializeCriticalSectionEx
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalAlloc
LocalFree
MapViewOfFile
MultiByteToWideChar
OpenFileMappingW
OpenProcess
PostQueuedCompletionStatus
Process32FirstW
Process32NextW
ProcessIdToSessionId
QueryPerformanceCounter
QueryPerformanceFrequency
QueryThreadCycleTime
RaiseException
ReadProcessMemory
RegisterWaitForSingleObject
ReleaseSRWLockExclusive
ResetEvent
SearchPathW
SetDllDirectoryW
SetEnvironmentVariableW
SetEvent
SetHandleInformation
SetInformationJobObject
SetLastError
SetThreadPriority
SetUnhandledExceptionFilter
SignalObjectAndWait
Sleep
SleepConditionVariableSRW
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateJobObject
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
TryEnterCriticalSection
TzSpecificLocalTimeToSystemTime
UnhandledExceptionFilter
UnmapViewOfFile
UnregisterWaitEx
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualProtect
VirtualProtectEx
VirtualQuery
VirtualQueryEx
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteProcessMemory
lstrlenW

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
___mb_cur_max_func
__initialize_lconv_for_unsigned_char
__pctype_func
_configthreadlocale
_create_locale
_free_locale
localeconv
setlocale

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_strftime_l
_tzset

api-ms-win-crt-multibyte-l1-1-0

_mbtowc_l

api-ms-win-crt-convert-l1-1-0

_strtod_l
_strtoi64_l
_strtoui64_l
strtod
strtol
strtoul
wcrtomb_s
wcstod
wcstol
wcstoul

api-ms-win-crt-math-l1-1-0

__setusermatherr

Exports

Exports

GetHandleVerifier
IsSandboxedProcess
_ZSt19__throw_regex_errori

Sections

.text
Size: 847KB - Virtual size: 847KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 142B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gcc_exc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8c325728f74c895c58fef3ed240f72c

Headers

DLL Characteristics

File Characteristics

Imports

mozglue

shell32

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

advapi32

kernel32

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 847KB - Virtual size: 847KB

.rdata Size: 65KB - Virtual size: 65KB

.buildid Size: 512B - Virtual size: 142B

.data Size: 512B - Virtual size: 12KB

.gcc_exc Size: 9KB - Virtual size: 9KB

.tls Size: 512B - Virtual size: 12B

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 40KB - Virtual size: 39KB

.text
Size: 847KB - Virtual size: 847KB

.rdata
Size: 65KB - Virtual size: 65KB

.buildid
Size: 512B - Virtual size: 142B

.data
Size: 512B - Virtual size: 12KB

.gcc_exc
Size: 9KB - Virtual size: 9KB

.tls
Size: 512B - Virtual size: 12B

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 40KB - Virtual size: 39KB