7b312cbd21b8235004bdb307690a98b5

Sharing

Copy URL Twitter E-mail

General

Target

7b312cbd21b8235004bdb307690a98b5
Size

388KB
MD5

7b312cbd21b8235004bdb307690a98b5
SHA1

8a75ef3f32cc2be624ac76b23f09da651fbb11c4
SHA256

6c9e1a51f715c6942dae57b758cfad3e8e633ef1b2154df14658dd09c12ab587
SHA512

b33a1d332dff45c65d879b33a7fd321f73d4802fee3d73ed0e6c9c5d7ec811ce0172db9252ed0219965a90ac9c40ac81a8493d99707414f896be9a912c90d66c
SSDEEP

6144:Dq/r12C4DjRelRYjM+vsKisU10SaAU4Oi4b+XlkAhIYjLzuVPsuOu5WMT:m/r/2jRCYjM+vsuUnLOISILzu5UYWMT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7b312cbd21b8235004bdb307690a98b5

Files

7b312cbd21b8235004bdb307690a98b5
.dll windows:4 windows x86 arch:x86

0f95617f8ca0f9209f324c0bb613a053

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Projects\work\RTCPlatform\trunk\External\mozillaSrc\mozilla\obj-Windows-5.1-i386-release\nsprpub\pr\src\nspr4.pdb

Imports

advapi32

AllocateAndInitializeSid
CopySid
GetLengthSid
GetTokenInformation
OpenProcessToken
FreeSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor

wsock32

recvfrom
sendto
send
recv
connect
accept
select
__WSAFDIsSet
setsockopt
getpeername
getsockname
shutdown
listen
bind
inet_ntoa
closesocket
WSAStartup
WSACleanup
gethostname
getsockopt
WSAGetLastError
ntohl
ioctlsocket
ntohs
htons
getprotobynumber
getprotobyname
gethostbyaddr
gethostbyname
htonl
socket

winmm

timeGetTime

msvcr80

_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_encode_pointer
_time64
_stat64i32
_access
_mbspbrk
_mbsdec
_mbsinc
_beginthreadex
_exit
_environ
qsort
_stricmp
strpbrk
isalpha
_mktime64
_localtime64
strncmp
_errno
strerror
realloc
calloc
malloc
strrchr
strstr
getenv
memset
strchr
isdigit
strtoul
strtol
isspace
tolower
memchr
sprintf
abort
free
fwrite
fflush
fopen
setvbuf
__iob_func
fclose
sscanf
memcpy
atoi
_strdup
strftime
_putenv

kernel32

GetCurrentProcessId
GetCurrentThreadId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedCompareExchange
OpenFileMappingA
GetTickCount
QueryPerformanceCounter
OpenSemaphoreA
LeaveCriticalSection
UnlockFile
LockFile
RemoveDirectoryA
CreateDirectoryA
MoveFileA
GetHandleInformation
SetHandleInformation
GetFileInformationByHandle
FindFirstFileA
GetFullPathNameA
GetDriveTypeA
DeleteFileA
FindNextFileA
FindClose
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
ResumeThread
SuspendThread
SetThreadPriority
GetCurrentThread
DuplicateHandle
TlsFree
TlsAlloc
GetThreadContext
ReleaseSemaphore
CreateSemaphoreA
GetCurrentProcess
UnmapViewOfFile
MapViewOfFile
FormatMessageA
CreateFileMappingA
GetVersionExA
TerminateProcess
WaitForSingleObject
GetExitCodeProcess
CreateProcessA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
TlsSetValue
DeleteCriticalSection
InitializeCriticalSection
TlsGetValue
Sleep
GetStdHandle
CreatePipe
CloseHandle
GlobalMemoryStatus
InterlockedExchange
GetSystemInfo
MultiByteToWideChar
GetModuleHandleA
GetModuleFileNameA
GetProcAddress
FreeLibrary
GetLastError
SetLastError
WideCharToMultiByte
LoadLibraryA
LoadLibraryW
DebugBreak
EnterCriticalSection
OutputDebugStringA

Exports

Exports

GetExecutionEnvironment
LL_MaxInt
LL_MaxUint
LL_MinInt
LL_Zero
PRP_DestroyNakedCondVar
PRP_NakedBroadcast
PRP_NakedNotify
PRP_NakedWait
PRP_NewNakedCondVar
PRP_TryLock
PR_Abort
PR_Accept
PR_AcceptRead
PR_Access
PR_AddToCounter
PR_AddWaitFileDesc
PR_AllocFileDesc
PR_Assert
PR_AtomicAdd
PR_AtomicDecrement
PR_AtomicIncrement
PR_AtomicSet
PR_AttachSharedMemory
PR_AttachThread
PR_AttachThreadGCAble
PR_Available
PR_Available64
PR_Bind
PR_BlockClockInterrupts
PR_BlockInterrupt
PR_CEnterMonitor
PR_CExitMonitor
PR_CNotify
PR_CNotifyAll
PR_CSetOnMonitorRecycle
PR_CWait
PR_CallOnce
PR_CallOnceWithArg
PR_Calloc
PR_CancelJob
PR_CancelWaitFileDesc
PR_CancelWaitGroup
PR_CeilingLog2
PR_ChangeFileDescNativeHandle
PR_Cleanup
PR_ClearInterrupt
PR_ClearThreadGCAble
PR_Close
PR_CloseDir
PR_CloseFileMap
PR_CloseSemaphore
PR_CloseSharedMemory
PR_Connect
PR_ConnectContinue
PR_ConvertIPv4AddrToIPv6
PR_CreateAlarm
PR_CreateCounter
PR_CreateFileMap
PR_CreateIOLayer
PR_CreateIOLayerStub
PR_CreateMWaitEnumerator
PR_CreateOrderedLock
PR_CreatePipe
PR_CreateProcess
PR_CreateProcessDetached
PR_CreateSocketPollFd
PR_CreateStack
PR_CreateThread
PR_CreateThreadGCAble
PR_CreateThreadPool
PR_CreateTrace
PR_CreateWaitGroup
PR_DecrementCounter
PR_Delete
PR_DeleteSemaphore
PR_DeleteSharedMemory
PR_DestroyAlarm
PR_DestroyCondVar
PR_DestroyCounter
PR_DestroyLock
PR_DestroyMWaitEnumerator
PR_DestroyMonitor
PR_DestroyOrderedLock
PR_DestroyPollableEvent
PR_DestroyProcessAttr
PR_DestroyRWLock
PR_DestroySem
PR_DestroySocketPollFd
PR_DestroyStack
PR_DestroyTrace
PR_DestroyWaitGroup
PR_DetachProcess
PR_DetachSharedMemory
PR_DetachThread
PR_DisableClockInterrupts
PR_EmulateAcceptRead
PR_EmulateSendFile
PR_EnableClockInterrupts
PR_EnterMonitor
PR_EnumerateAddrInfo
PR_EnumerateHostEnt
PR_EnumerateThreads
PR_EnumerateWaitGroup
PR_ErrorInstallCallback
PR_ErrorInstallTable
PR_ErrorLanguages
PR_ErrorToName
PR_ErrorToString
PR_ExitMonitor
PR_ExplodeTime
PR_ExportFileMapAsString
PR_FD_CLR
PR_FD_ISSET
PR_FD_NCLR
PR_FD_NISSET
PR_FD_NSET
PR_FD_SET
PR_FD_ZERO
PR_FileDesc2NativeHandle
PR_FindFunctionSymbol
PR_FindFunctionSymbolAndLibrary
PR_FindNextCounterQname
PR_FindNextCounterRname
PR_FindNextTraceQname
PR_FindNextTraceRname
PR_FindSymbol
PR_FindSymbolAndLibrary
PR_FloorLog2
PR_FormatTime
PR_FormatTimeUSEnglish
PR_Free
PR_FreeAddrInfo
PR_FreeFileDesc
PR_FreeLibraryName
PR_GMTParameters
PR_GetAddrInfoByName
PR_GetCanonNameFromAddrInfo
PR_GetConnectStatus
PR_GetCounter
PR_GetCounterHandleFromName
PR_GetCounterNameFromHandle
PR_GetCurrentThread
PR_GetDefaultIOMethods
PR_GetDescType
PR_GetDirectorySeparator
PR_GetDirectorySepartor
PR_GetEnv
PR_GetError
PR_GetErrorText
PR_GetErrorTextLength
PR_GetFileInfo
PR_GetFileInfo64
PR_GetFileMethods
PR_GetGCRegisters
PR_GetHostByAddr
PR_GetHostByName
PR_GetIPNodeByName
PR_GetIdentitiesLayer
PR_GetInheritedFD
PR_GetInheritedFileMap
PR_GetLayersIdentity
PR_GetLibraryFilePathname
PR_GetLibraryName
PR_GetLibraryPath
PR_GetMemMapAlignment
PR_GetMonitorEntryCount
PR_GetNameForIdentity
PR_GetNumberOfProcessors
PR_GetOSError
PR_GetOpenFileInfo
PR_GetOpenFileInfo64
PR_GetPageShift
PR_GetPageSize
PR_GetPathSeparator
PR_GetPeerName
PR_GetPhysicalMemorySize
PR_GetPipeMethods
PR_GetProtoByName
PR_GetProtoByNumber
PR_GetRandomNoise
PR_GetSP
PR_GetSockName
PR_GetSocketOption
PR_GetSpecialFD
PR_GetStackSpaceLeft
PR_GetSysfdTableMax
PR_GetSystemInfo
PR_GetTCPMethods
PR_GetThreadAffinityMask
PR_GetThreadID
PR_GetThreadPriority
PR_GetThreadPrivate
PR_GetThreadScope
PR_GetThreadState
PR_GetThreadType
PR_GetTraceEntries
PR_GetTraceHandleFromName
PR_GetTraceNameFromHandle
PR_GetTraceOption
PR_GetUDPMethods
PR_GetUniqueIdentity
PR_ImplodeTime
PR_ImportFile
PR_ImportFileMapFromString
PR_ImportPipe
PR_ImportTCPSocket
PR_ImportUDPSocket
PR_IncrementCounter
PR_Init
PR_Initialize
PR_InitializeNetAddr
PR_Initialized
PR_Interrupt
PR_IntervalNow
PR_IntervalToMicroseconds
PR_IntervalToMilliseconds
PR_IntervalToSeconds
PR_IsNetAddrType
PR_JoinJob
PR_JoinThread
PR_JoinThreadPool
PR_KillProcess
PR_Listen
PR_LoadLibrary
PR_LoadLibraryWithFlags
PR_LoadStaticLibrary
PR_LocalTimeParameters
PR_Lock
PR_LockFile
PR_LockOrderedLock
PR_LogFlush
PR_LogPrint
PR_MakeDir
PR_Malloc
PR_MemMap
PR_MemUnmap
PR_MicrosecondsToInterval
PR_MillisecondsToInterval
PR_MkDir
PR_NetAddrToString
PR_NewCondVar
PR_NewLock
PR_NewLogModule
PR_NewMonitor
PR_NewNamedMonitor
PR_NewPollableEvent
PR_NewProcessAttr
PR_NewRWLock
PR_NewSem
PR_NewTCPSocket
PR_NewTCPSocketPair
PR_NewThreadPrivateIndex
PR_NewUDPSocket
PR_NormalizeTime
PR_Notify
PR_NotifyAll
PR_NotifyAllCondVar
PR_NotifyCondVar
PR_Now
PR_Open
PR_OpenAnonFileMap
PR_OpenDir
PR_OpenFile
PR_OpenSemaphore
PR_OpenSharedMemory
PR_OpenTCPSocket
PR_OpenUDPSocket
PR_ParseTimeString
PR_Poll
PR_PopIOLayer
PR_PostSem
PR_PostSemaphore
PR_ProcessAttrSetCurrentDirectory
PR_ProcessAttrSetInheritableFD
PR_ProcessAttrSetInheritableFileMap
PR_ProcessAttrSetStdioRedirect
PR_ProcessExit
PR_PushIOLayer
PR_QueueJob
PR_QueueJob_Accept
PR_QueueJob_Connect
PR_QueueJob_Read
PR_QueueJob_Timer
PR_QueueJob_Write
PR_RWLock_Rlock
PR_RWLock_Unlock
PR_RWLock_Wlock
PR_Read
PR_ReadDir
PR_Realloc
PR_RecordTraceEntries
PR_Recv
PR_RecvFrom
PR_Rename
PR_ResetAlarm
PR_ResetProcessAttr
PR_ResumeAll
PR_RmDir
PR_ScanStackPointers
PR_SecondsToInterval
PR_Seek
PR_Seek64
PR_Select
PR_Send
PR_SendFile
PR_SendTo
PR_SetAlarm
PR_SetCPUAffinityMask
PR_SetConcurrency
PR_SetCounter
PR_SetEnv
PR_SetError
PR_SetErrorText
PR_SetFDCacheSize
PR_SetFDInheritable
PR_SetLibraryPath
PR_SetLogBuffering
PR_SetLogFile
PR_SetNetAddr
PR_SetPollableEvent
PR_SetSocketOption
PR_SetStdioRedirect
PR_SetSysfdTableSize
PR_SetThreadAffinityMask
PR_SetThreadDumpProc
PR_SetThreadGCAble
PR_SetThreadPriority
PR_SetThreadPrivate
PR_SetThreadRecycleMode
PR_SetTraceOption
PR_ShowStatus
PR_Shutdown
PR_ShutdownThreadPool
PR_Sleep
PR_Socket
PR_StackPop
PR_StackPush
PR_Stat
PR_StringToNetAddr
PR_SubtractFromCounter
PR_SuspendAll
PR_Sync
PR_TLockFile
PR_TestAndEnterMonitor
PR_TestAndLock
PR_ThreadScanStackPointers
PR_TicksPerSecond
PR_Trace
PR_TransmitFile
PR_USPacificTimeParameters
PR_UnblockClockInterrupts
PR_UnblockInterrupt
PR_UnloadLibrary
PR_Unlock
PR_UnlockFile
PR_UnlockOrderedLock
PR_VersionCheck
PR_Wait
PR_WaitCondVar
PR_WaitForPollableEvent
PR_WaitProcess
PR_WaitRecvReady
PR_WaitSem
PR_WaitSemaphore
PR_Write
PR_Writev
PR_Yield
PR_cnvtf
PR_dtoa
PR_fprintf
PR_htonl
PR_htonll
PR_htons
PR_ntohl
PR_ntohll
PR_ntohs
PR_smprintf
PR_smprintf_free
PR_snprintf
PR_sprintf_append
PR_sscanf
PR_strtod
PR_sxprintf
PR_vfprintf
PR_vsmprintf
PR_vsnprintf
PR_vsprintf_append
PR_vsxprintf
PT_FPrintStats
SetExecutionEnvironment
_PR_AddSleepQ
_PR_CreateThread
_PR_DelSleepQ
_PR_GetPrimordialCPU
_PR_MD_FREE_CV
_PR_MD_NEW_CV
_PR_MD_NOTIFYALL_CV
_PR_MD_NOTIFY_CV
_PR_MD_UNLOCK
_PR_MD_WAIT_CV
_PR_NativeCreateThread
_pr_push_ipv6toipv4_layer
_pr_test_ipv6_socket
libVersionPoint

Sections

.text
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0f95617f8ca0f9209f324c0bb613a053

Headers

File Characteristics

PDB Paths

Imports

advapi32

wsock32

winmm

msvcr80

kernel32

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 109KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 6KB

.text Size: 228KB - Virtual size: 228KB

.text
Size: 112KB - Virtual size: 109KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 228KB - Virtual size: 228KB