11f1c78e3455e585c96d7e8139ffe2196fb21aca21f1a7512e4705e4e1c6ddda

Sharing

Copy URL Twitter E-mail

General

Target

11f1c78e3455e585c96d7e8139ffe2196fb21aca21f1a7512e4705e4e1c6ddda
Size

171KB
MD5

49419fa43d40a8eb24500935b7b10baf
SHA1

d0f3ec06f28c474706e532200dde73467e9cf458
SHA256

11f1c78e3455e585c96d7e8139ffe2196fb21aca21f1a7512e4705e4e1c6ddda
SHA512

f84ffea19a555884152917588496f877f1d8c84c34a8b87d090e73e0c597022b60d4e236c62d16ddaeaa22134ca4bea40bebf6bd3e9e96aa3ced718a82f98969
SSDEEP

3072:6ft/J8TpwFaQN37o7gpn8uJ0XBdeOec1Qfh0E7lhHNUL12R7bvI5s2oaTBffG8Ez:EXZoOn8u8Poc1QqEhhHaEGs2oaTBXG8E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11f1c78e3455e585c96d7e8139ffe2196fb21aca21f1a7512e4705e4e1c6ddda

Files

11f1c78e3455e585c96d7e8139ffe2196fb21aca21f1a7512e4705e4e1c6ddda
.dll windows:5 windows x86 arch:x86

54ab8113b8087f2d9b6a5d4d6929cbd0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\devel\KMXULRunner\obj-ia32browser-i686-pc-mingw32\mozglue\build\mozglue.pdb

Imports

kernel32

VerSetConditionMask
SearchPathW
CreateFileW
WriteFile
IsDebuggerPresent
OutputDebugStringA
EncodePointer
DecodePointer
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
GetCurrentThreadId
FlushInstructionCache
GetSystemInfo
VirtualAllocEx
VirtualProtectEx
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleHandleA
GetProcAddress
LoadLibraryExA
VerifyVersionInfoA
TerminateProcess
GetEnvironmentVariableA
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
VirtualAlloc
VirtualFree
DisableThreadLibraryCalls
QueryPerformanceCounter
QueryPerformanceFrequency
DeleteCriticalSection
GetProcessTimes
GetSystemTime
GetTickCount
GetSystemTimeAdjustment
GetModuleHandleW
SystemTimeToFileTime
GetCurrentProcessId
IsProcessorFeaturePresent
GetSystemTimeAsFileTime

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

msvcr120

getenv
_strnicmp
_purecall
memmove
ceil
_lock
_unlock
_calloc_crt
__dllonexit
_write
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
_except_handler4_common
__clean_type_info_names_internal
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_vsnprintf
wcsncpy
strncpy
strerror
memchr
_errno
_wopen
_lseeki64
malloc
_ltoa
wcstombs
_snprintf
memset
memcpy
_except_handler3
vfprintf
_fdopen
fclose
??_U@YAPAXI@Z
??_V@YAXPAX@Z
_strtoui64
_dup
strchr
isxdigit
??3@YAXPAX@Z
??2@YAPAXI@Z
_onexit
_stricmp
_open
_close
free
_read

msvcp120

??_7ios_base@std@@6B@
?_BADOFF@std@@3_JB
_Nan
_Inf
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@

Exports

Exports

??0Decimal@blink@@QAE@ABV01@@Z
??0Decimal@blink@@QAE@ABVEncodedData@01@@Z
??0Decimal@blink@@QAE@H@Z
??0Decimal@blink@@QAE@W4Sign@01@H_K@Z
??0SHA1Sum@mozilla@@QAE@XZ
??0TimeStampValue@mozilla@@AAE@_K0_N@Z
??4Decimal@blink@@QAEAAV01@ABV01@@Z
??8Decimal@blink@@QBE_NABV01@@Z
??9Decimal@blink@@QBE_NABV01@@Z
??DDecimal@blink@@QBE?AV01@ABV01@@Z
??GDecimal@blink@@QBE?AV01@ABV01@@Z
??GDecimal@blink@@QBE?AV01@XZ
??GTimeStampValue@mozilla@@QBE_KABV01@@Z
??HDecimal@blink@@QBE?AV01@ABV01@@Z
??KDecimal@blink@@QBE?AV01@ABV01@@Z
??MDecimal@blink@@QBE_NABV01@@Z
??NDecimal@blink@@QBE_NABV01@@Z
??ODecimal@blink@@QBE_NABV01@@Z
??PDecimal@blink@@QBE_NABV01@@Z
??XDecimal@blink@@QAEAAV01@ABV01@@Z
??YDecimal@blink@@QAEAAV01@ABV01@@Z
??YTimeStampValue@mozilla@@QAEAAV01@_J@Z
??ZDecimal@blink@@QAEAAV01@ABV01@@Z
??ZTimeStampValue@mozilla@@QAEAAV01@_J@Z
??_0Decimal@blink@@QAEAAV01@ABV01@@Z
??_FDecimal@blink@@QAEXXZ
?CheckQPC@TimeStampValue@mozilla@@ABE_KABV12@@Z
?ComputeProcessUptime@TimeStamp@mozilla@@CA_KXZ
?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z
?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z
?DllBlocklist_Initialize@@YAXXZ
?DllBlocklist_SetInXPCOMLoadOnMainThread@@YAX_N@Z
?DllBlocklist_WriteNotes@@YAXPAX@Z
?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z
?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ
?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z
?HashBytes@mozilla@@YAIPBXI@Z
?IsFloat32Representable@mozilla@@YA_NN@Z
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z
?ProcessCreation@TimeStamp@mozilla@@SA?AV12@AA_N@Z
?RecordProcessRestart@TimeStamp@mozilla@@SAXXZ
?ResolutionInTicks@BaseTimeDurationPlatformUtils@mozilla@@SA_JXZ
?Shutdown@TimeStamp@mozilla@@SAXXZ
?Startup@TimeStamp@mozilla@@SAXXZ
?TicksFromMilliseconds@BaseTimeDurationPlatformUtils@mozilla@@SA_JN@Z
?ToExponential@DoubleToStringConverter@double_conversion@@QBE_NNHPAVStringBuilder@2@@Z
?ToFixed@DoubleToStringConverter@double_conversion@@QBE_NNHPAVStringBuilder@2@@Z
?ToPrecision@DoubleToStringConverter@double_conversion@@QBE_NNHPA_NPAVStringBuilder@2@@Z
?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z
?ToSecondsSigDigits@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z
?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z
?Unused@mozilla@@3Uunused_t@1@B
?abs@Decimal@blink@@QBE?AV12@XZ
?alignOperands@Decimal@blink@@CA?AUAlignedOperands@12@ABV12@0@Z
?avx2_enabled@sse_private@mozilla@@3_NA
?avx_enabled@sse_private@mozilla@@3_NA
?ceil@Decimal@blink@@QBE?AV12@XZ
?compareTo@Decimal@blink@@ABE?AV12@ABV12@@Z
?compress@LZ4@Compression@mozilla@@SAIPBDIPAD@Z
?compressLimitedOutput@LZ4@Compression@mozilla@@SAIPBDIPADI@Z
?decompress@LZ4@Compression@mozilla@@SA_NPBDIPADIPAI@Z
?decompress@LZ4@Compression@mozilla@@SA_NPBDPADI@Z
?decompressPartial@LZ4@Compression@mozilla@@SA_NPBDIPADIPAI@Z
?finish@SHA1Sum@mozilla@@QAEXAAY0BE@E@Z
?floor@Decimal@blink@@QBE?AV12@XZ
?fromDouble@Decimal@blink@@SA?AV12@N@Z
?fromString@Decimal@blink@@SA?AV12@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?gChaosFeatures@detail@mozilla@@3W4ChaosFeature@2@A
?gChaosModeCounter@detail@mozilla@@3V?$Atomic@I$01X@2@A
?gTwoCharEscapes@detail@mozilla@@3QBDB
?infinity@Decimal@blink@@SA?AV12@W4Sign@12@@Z
?kBase10MaximalLength@DoubleToStringConverter@double_conversion@@2HB
?mmx_enabled@sse_private@mozilla@@3_NA
?nan@Decimal@blink@@SA?AV12@XZ
?remainder@Decimal@blink@@QBE?AV12@ABV12@@Z
?round@Decimal@blink@@QBE?AV12@XZ
?sse2_enabled@sse_private@mozilla@@3_NA
?sse3_enabled@sse_private@mozilla@@3_NA
?sse4_1_enabled@sse_private@mozilla@@3_NA
?sse4_2_enabled@sse_private@mozilla@@3_NA
?sse4a_enabled@sse_private@mozilla@@3_NA
?sse_enabled@sse_private@mozilla@@3_NA
?ssse3_enabled@sse_private@mozilla@@3_NA
?toDouble@Decimal@blink@@QBENXZ
?toString@Decimal@blink@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?toString@Decimal@blink@@QBE_NPADI@Z
?update@SHA1Sum@mozilla@@QAEXPBXI@Z
?zero@Decimal@blink@@SA?AV12@W4Sign@12@@Z
MOZ_Z_adler32
MOZ_Z_adler32_combine
MOZ_Z_compress
MOZ_Z_compress2
MOZ_Z_compressBound
MOZ_Z_crc32
MOZ_Z_crc32_combine
MOZ_Z_deflate
MOZ_Z_deflateBound
MOZ_Z_deflateCopy
MOZ_Z_deflateEnd
MOZ_Z_deflateInit2_
MOZ_Z_deflateInit_
MOZ_Z_deflateParams
MOZ_Z_deflatePending
MOZ_Z_deflatePrime
MOZ_Z_deflateReset
MOZ_Z_deflateResetKeep
MOZ_Z_deflateSetDictionary
MOZ_Z_deflateSetHeader
MOZ_Z_deflateTune
MOZ_Z_get_crc_table
MOZ_Z_gzbuffer
MOZ_Z_gzclearerr
MOZ_Z_gzclose
MOZ_Z_gzclose_r
MOZ_Z_gzclose_w
MOZ_Z_gzdirect
MOZ_Z_gzdopen
MOZ_Z_gzeof
MOZ_Z_gzerror
MOZ_Z_gzflush
MOZ_Z_gzgetc_
MOZ_Z_gzgets
MOZ_Z_gzoffset
MOZ_Z_gzoffset64
MOZ_Z_gzopen
MOZ_Z_gzopen64
MOZ_Z_gzopen_w
MOZ_Z_gzprintf
MOZ_Z_gzputc
MOZ_Z_gzputs
MOZ_Z_gzread
MOZ_Z_gzrewind
MOZ_Z_gzseek
MOZ_Z_gzseek64
MOZ_Z_gzsetparams
MOZ_Z_gztell
MOZ_Z_gztell64
MOZ_Z_gzungetc
MOZ_Z_gzvprintf
MOZ_Z_gzwrite
MOZ_Z_inflate
MOZ_Z_inflateBack
MOZ_Z_inflateBackEnd
MOZ_Z_inflateBackInit_
MOZ_Z_inflateCopy
MOZ_Z_inflateEnd
MOZ_Z_inflateGetDictionary
MOZ_Z_inflateGetHeader
MOZ_Z_inflateInit2_
MOZ_Z_inflateInit_
MOZ_Z_inflateMark
MOZ_Z_inflatePrime
MOZ_Z_inflateReset
MOZ_Z_inflateReset2
MOZ_Z_inflateResetKeep
MOZ_Z_inflateSetDictionary
MOZ_Z_inflateSync
MOZ_Z_inflateSyncPoint
MOZ_Z_inflateUndermine
MOZ_Z_uncompress
MOZ_Z_uncompress2
MOZ_Z_zError
MOZ_Z_zlibCompileFlags
MOZ_Z_zlibVersion
_aligned_free
_aligned_malloc
_expand
_malloc_message
_malloc_options
_msize
_recalloc
_strdup
_wcsdup
adler32_z
calloc
crc32_z
deflateGetDictionary
free
frex
gMozillaPoisonBase
gMozillaPoisonSize
gMozillaPoisonValue
gzfread
gzfwrite
gzgetc
inflateCodesUsed
inflateValidate
jemalloc_free_dirty_pages
jemalloc_purge_freed_pages
jemalloc_stats
malloc
malloc_good_size
malloc_usable_size
mozPoisonValueInit
posix_memalign
realloc
strdup
strndup
wcsdup

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54ab8113b8087f2d9b6a5d4d6929cbd0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

version

msvcr120

msvcp120

Exports

Exports

Sections

.text Size: 130KB - Virtual size: 130KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 1KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 952B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 130KB - Virtual size: 130KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 1KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 952B

.reloc
Size: 3KB - Virtual size: 3KB