08a710610d47850d32e0bfd10542953de75c88dbad9043089cd2eb5bcd1e1596

Sharing

Copy URL

Twitter E-mail

General

Target

08a710610d47850d32e0bfd10542953de75c88dbad9043089cd2eb5bcd1e1596
Size

121KB
MD5

16c19a57a72db16bb26c3fe31a3e8422
SHA1

89626adb297974fc042c0ba9fcf55b4ff8a5bda9
SHA256

08a710610d47850d32e0bfd10542953de75c88dbad9043089cd2eb5bcd1e1596
SHA512

2ea16e87f8f6fd7bfd01f08e32122eca254f2ef62fe04885111e512fbc71e9a588f4467e6ccac01e9bcf108979226be277ede6bb08c34c436696b674399911e0
SSDEEP

3072:YsrUUEkPyjNQ0woCbOoFrbT3kZZ54aQga6hAJ29ctWc:qAyjz2rbT0fa6iJ5W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08a710610d47850d32e0bfd10542953de75c88dbad9043089cd2eb5bcd1e1596

Files

08a710610d47850d32e0bfd10542953de75c88dbad9043089cd2eb5bcd1e1596
.dll windows:6 windows x64 arch:x64

1c7fa20fe94dd4a405ee296eaaf3c2f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\Users\wag\mozilla\comm-253\sm-obj\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb

Imports

nss3

DER_DecodeTimeChoice_Util
DER_SetUInteger
NSSBase64_EncodeItem_Util
NSSUTIL_ArgGetParamValue
NSSUTIL_ArgHasFlag
NSSUTIL_ArgParseCipherFlags
NSSUTIL_ArgParseModuleSpec
NSSUTIL_ArgParseSlotFlags
NSSUTIL_ArgParseSlotInfo
NSSUTIL_ArgReadLong
NSSUTIL_MkModuleSpec
NSSUTIL_MkNSSString
NSSUTIL_MkSlotString
NSSUTIL_Quote
NSS_Get_SECOID_AlgorithmIDTemplate_Util
NSS_Get_SEC_AnyTemplate_Util
NSS_Get_SEC_BitStringTemplate_Util
NSS_Get_SEC_ObjectIDTemplate_Util
NSS_Get_SEC_OctetStringTemplate_Util
PL_CompareValues
PL_HashTableAdd
PL_HashTableDestroy
PL_HashTableEnumerateEntries
PL_HashTableLookup
PL_HashTableRemove
PL_NewHashTable
PORT_Alloc_Util
PORT_ArenaAlloc_Util
PORT_ArenaMark_Util
PORT_ArenaRelease_Util
PORT_ArenaStrdup_Util
PORT_ArenaUnmark_Util
PORT_ArenaZAlloc_Util
PORT_DestroyCheapArena
PORT_FreeArena_Util
PORT_Free_Util
PORT_GetError_Util
PORT_InitCheapArena
PORT_NewArena_Util
PORT_Realloc_Util
PORT_SetError_Util
PORT_Strdup_Util
PORT_ZAlloc_Util
PR_Access
PR_CallOnce
PR_Close
PR_Delete
PR_DestroyLock
PR_DestroyMonitor
PR_EnterMonitor
PR_ExitMonitor
PR_FindFunctionSymbol
PR_FindSymbol
PR_Free
PR_GetDirectorySeparator
PR_GetEnvSecure
PR_GetError
PR_GetLibraryFilePathname
PR_LoadLibrary
PR_LoadLibraryWithFlags
PR_Lock
PR_MkDir
PR_NewLock
PR_NewMonitor
PR_Now
PR_OpenFile
PR_Read
PR_SetError
PR_UnloadLibrary
PR_Unlock
PR_Write
PR_htonl
PR_ntohl
PR_smprintf
PR_smprintf_free
SECITEM_AllocItem_Util
SECITEM_CompareItem_Util
SECITEM_CopyItem_Util
SECITEM_DupItem_Util
SECITEM_FreeItem_Util
SECITEM_HashCompare
SECITEM_ItemsAreEqual_Util
SECITEM_ZfreeItem_Util
SECOID_FindOIDByTag_Util
SECOID_FindOIDTag_Util
SECOID_GetAlgorithmTag_Util
SECOID_Init
SECOID_SetAlgorithmID_Util
SECOID_Shutdown
SEC_ASN1EncodeInteger_Util
SEC_ASN1EncodeItem_Util
SEC_QuickDERDecodeItem_Util

kernel32

DisableThreadLibraryCalls
FlushFileBuffers
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter

vcruntime140

__C_specific_handler
__std_type_info_destroy_list
memcmp
memcpy
memmove
memset
strrchr

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
_close
_get_osfhandle
_lseek
_open
_read
_write
fwrite

api-ms-win-crt-runtime-l1-1-0

_cexit
_configure_narrow_argv
_errno
_execute_onexit_table
_getpid
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_seh_filter_dll
abort

api-ms-win-crt-filesystem-l1-1-0

_stat64i32
_unlink

api-ms-win-crt-string-l1-1-0

_strdup
strcat
strcmp
strcpy
strlen
strncmp
tolower

api-ms-win-crt-heap-l1-1-0

calloc
free
malloc

api-ms-win-crt-environment-l1-1-0

getenv

Exports

Exports

legacy_AddSecmodDB
legacy_DeleteSecmodDB
legacy_Open
legacy_ReadSecmodDB
legacy_ReleaseSecmodDBData
legacy_SetCryptFunctions
legacy_Shutdown

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.voltbl
Size: 512B - Virtual size: 14B

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c7fa20fe94dd4a405ee296eaaf3c2f6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

nss3

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 100KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 3KB - Virtual size: 2KB

.00cfg Size: 512B - Virtual size: 40B

.voltbl Size: 512B - Virtual size: 14B

.rsrc Size: 1024B - Virtual size: 880B

.reloc Size: 512B - Virtual size: 112B

.text
Size: 100KB - Virtual size: 100KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 3KB - Virtual size: 2KB

.00cfg
Size: 512B - Virtual size: 40B

.voltbl
Size: 512B - Virtual size: 14B

.rsrc
Size: 1024B - Virtual size: 880B

.reloc
Size: 512B - Virtual size: 112B