e1f3a39bfaba15f9cf1a430f14bcedd0

Sharing

Copy URL Twitter E-mail

General

Target

e1f3a39bfaba15f9cf1a430f14bcedd0
Size

236KB
MD5

e1f3a39bfaba15f9cf1a430f14bcedd0
SHA1

d3a1053cefcb13bd0e5fc3899fa1394db287eb1f
SHA256

d65c60ac3a6a6a4ce519c43e9fe7363011d7fa55e039a6e1bb41abd87e23185b
SHA512

28e95a403507c6f90f680d654f84653f499ffdc7968dafc29efa2ee80cf6a819f7997334dfce7acb2364e0fab229a1312ad1df8055ca0b320c2994f412db3f58
SSDEEP

6144:YROFWe9TBCpsWxu8zQg2SkPG2VACf0Ohm:YROT9Tosl8L2fG2VACcd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1f3a39bfaba15f9cf1a430f14bcedd0

Files

e1f3a39bfaba15f9cf1a430f14bcedd0
.dll windows:4 windows x86 arch:x86

a1230578a06a5f4be2f9b9ef0aa8a756

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

xpcom

NS_GetComponentManager
NS_GetServiceManager
NS_CStringGetMutableData
NS_StringGetMutableData
NS_Free
NS_StringSetIsVoid
NS_UTF16ToCString
NS_CStringSetDataRange
NS_Alloc
NS_CStringGetData
NS_StringGetData
NS_StringSetDataRange
NS_StringCopy
NS_CStringSetData
NS_StringSetData
NS_CStringToUTF16
NS_StringContainerInit
NS_CStringContainerInit2
NS_CStringContainerFinish
NS_CStringCopy
NS_CStringContainerInit
NS_StringContainerInit2
NS_StringContainerFinish

nspr4

PR_AtomicIncrement
PR_Now
PR_FormatTimeUSEnglish
PR_ExplodeTime
PR_AtomicDecrement
PR_GetEnv
PR_sscanf
PR_LocalTimeParameters

plc4

PL_strcmp
PL_Base64Encode
PL_strdup

kernel32

GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetProcAddress
GetCurrentProcessId
OpenProcess
GetSystemTimeAsFileTime
GetCurrentProcess
GetProcessTimes
CloseHandle
FreeLibrary
LoadLibraryA

mozcrt19

_adjust_fdiv
_amsg_exit
_initterm_e
__CppXcptFilter
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
strcpy
memset
realloc
malloc
memcpy
memmove
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_initterm
??3@YAXPAX@Z
??2@YAPAXI@Z
strcmp
fputs
__iob_func
strlen
memcmp
_snprintf
free

Exports

Exports

NSGetModule

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a1230578a06a5f4be2f9b9ef0aa8a756

Headers

DLL Characteristics

File Characteristics

Imports

xpcom

nspr4

plc4

kernel32

mozcrt19

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 50KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 912B

.reloc Size: 4KB - Virtual size: 3KB

.text Size: 144KB - Virtual size: 144KB

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 912B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 144KB - Virtual size: 144KB