072732682ce9d7e369c4736fdd899da83d91629cd0d9636722fa84e6652b1b75

Sharing

Copy URL Twitter E-mail

General

Target

072732682ce9d7e369c4736fdd899da83d91629cd0d9636722fa84e6652b1b75
Size

108KB
MD5

03cd96f99d1292732dbaf162df4389f9
SHA1

bd6122e666031b8fb3cb7f301b03537fcb59d9ca
SHA256

072732682ce9d7e369c4736fdd899da83d91629cd0d9636722fa84e6652b1b75
SHA512

0f5e8f69cbfa34fba04a0b9cd15fcaf6bee1d193ee73b8f9592d0f2f1424920e01395317cf87ff79ee968c512b1bdda4ed748becaae56194c92e7cfc1af23b01
SSDEEP

3072:4MvWhwsZv2J89x43Obsl9OBOmr3/j63eJ2:4MvWyU9+3TZ3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
072732682ce9d7e369c4736fdd899da83d91629cd0d9636722fa84e6652b1b75

Files

072732682ce9d7e369c4736fdd899da83d91629cd0d9636722fa84e6652b1b75
.dll windows:4 windows x86 arch:x86

97808e5ce5fe9e4e4fee447b498fbea2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\bb-slave\win32\obj-instantbird\purple\purplexpcom\src\purplexpcom.pdb

Imports

xpcom

NS_GetServiceManager
NS_GetComponentManager
NS_UTF16ToCString
NS_CStringGetMutableData
NS_StringGetData
NS_StringSetDataRange
NS_StringContainerInit2
NS_StringCopy
NS_StringContainerFinish
NS_CStringToUTF16
NS_StringContainerInit
NS_CStringSetIsVoid
NS_CStringSetDataRange
NS_CStringSetData
NS_CStringCopy
NS_Free
NS_CStringContainerFinish
NS_CStringGetData
NS_Alloc
NS_CStringContainerInit
NS_CStringContainerInit2

mozalloc

moz_xmalloc
moz_xrealloc
moz_realloc
moz_malloc
moz_free

nspr4

PR_sscanf
PR_Available
PR_Close
PR_Read
PR_CreateSocketPollFd
PR_DestroySocketPollFd
PR_Now

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange

purple

purple_account_get_username
purple_account_set_string
purple_account_get_password
purple_blist_add_buddy
purple_account_set_enabled
purple_account_get_alias
purple_account_get_connection
purple_account_set_alias
purple_account_set_password
purple_buddy_get_icon
purple_buddy_get_presence
purple_buddy_get_alias
purple_account_supports_offline_message
purple_blist_add_contact
purple_notify_user_info_add_pair
purple_unescape_html
purple_buddy_icon_get_full_path
purple_notify_user_info_new
purple_presence_is_online
purple_blist_alias_buddy
serv_alias_buddy
purple_account_remove_buddy
purple_presence_is_status_primitive_active
purple_account_is_connected
purple_buddy_get_group
purple_presence_get_idle_time
purple_presence_is_available
purple_blist_remove_buddy
purple_str_seconds_to_string
purple_buddy_get_account
purple_group_new
purple_group_get_name
purple_blist_node_set_ui_data
purple_blist_node_get_ui_data
purple_presence_is_idle
purple_notify_user_info_destroy
purple_buddy_get_name
purple_blist_add_group
purple_notify_user_info_get_entries
purple_conversation_get_name
purple_cmd_do_command
purple_conversation_destroy
purple_conversation_get_title
purple_conversation_get_account
purple_conv_im_send
purple_conv_im_set_type_again
purple_savedstatus_get_type
purple_conversation_get_gc
serv_send_typing
purple_conv_im_start_send_typed_timeout
purple_conv_im_get_type_again
purple_prefs_get_bool
purple_conv_im_get_typing_state
purple_conversation_get_im_data
purple_find_buddy
purple_conv_chat_send
purple_conv_chat_has_left
purple_conv_chat_get_users
purple_conv_chat_get_topic
purple_conversation_get_chat_data
purple_conv_chat_get_nick
purple_savedstatus_get_default
purple_global_proxy_set_info
purple_savedstatus_activate
purple_blist_node_get_type
purple_blist_get_root
purple_savedstatus_set_type
purple_plugins_get_protocols
purple_savedstatus_get_message
purple_savedstatus_set_message
purple_core_quit
g_hash_table_destroy
purple_core_get_version
purple_savedstatus_set_offline
purple_savedstatus_is_idleaway
g_memdup
purple_dnsquery_get_port
purple_dnsquery_get_host
g_slist_append
purple_debug_set_ui_ops
purple_conversation_get_type
purple_eventloop_set_ui_ops
purple_set_blist
g_hash_table_new
purple_prefs_observe
purple_cmd_register
purple_blist_new
purple_core_init
purple_prefs_set_ui_ops
purple_debug_with_location
purple_util_set_user_dir
purple_dnsquery_set_ui_ops
purple_gettext_set_ui_ops
purple_core_set_ui_ops
purple_accounts_set_ui_ops
purple_connections_set_ui_ops
purple_accounts_get_handle
purple_signal_connect
purple_connections_get_handle
purple_connection_get_account
purple_blist_get_handle
purple_blist_set_ui_ops
purple_signals_disconnect_by_handle
purple_blist_load
purple_conversations_set_ui_ops
purple_conv_chat_cb_find
purple_conversations_get_handle
purple_savedstatus_set_idleaway
purple_idle_set
purple_network_set_available_callback
purple_network_configuration_changed
purple_account_option_get_text
purple_account_option_get_type
purple_account_option_get_list
purple_account_option_get_default_int
purple_account_option_get_default_string
purple_account_option_get_default_bool
purple_account_option_get_masked
purple_account_option_get_setting
purple_account_user_split_get_default_value
purple_accounts_find
purple_account_user_split_get_text
purple_account_user_split_get_separator
purple_account_user_split_get_reverse
purple_proxy_info_set_type
purple_proxy_info_new
purple_proxy_info_set_password
purple_proxy_info_set_port
purple_proxy_info_set_host
purple_proxy_info_set_username
purple_notify_user_info_entry_get_label
purple_notify_user_info_entry_get_type
purple_notify_user_info_entry_get_value
purple_accounts_delete
purple_accounts_add
g_free
g_strdup
g_hash_table_new_full
purple_account_set_connection
purple_account_get_remember_password
purple_account_new
purple_account_set_proxy_info
g_hash_table_insert
g_str_equal
purple_account_set_remember_password
serv_join_chat
purple_connection_get_prpl
purple_account_set_bool
purple_account_add_buddy
purple_buddy_new
g_str_hash
purple_conversation_new
purple_utf8_strip_unprintables
purple_savedstatus_get_current
purple_normalize
g_hash_table_lookup
purple_savedstatus_is_offline
purple_account_set_int
purple_conv_im_stop_send_typed_timeout

mozcrt19

_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_except_handler4_common
_initterm
_encoded_null
free
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
fread
_wfopen
fseek
ftell
memset
fclose
__clean_type_info_names_internal
_initterm_e
_snprintf
memcmp
strlen
memcpy
memmove
strcmp
_time64
strtol
_purecall
_malloc_crt

Exports

Exports

NSModule

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97808e5ce5fe9e4e4fee447b498fbea2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

xpcom

mozalloc

nspr4

kernel32

purple

mozcrt19

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 960B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 960B

.reloc
Size: 8KB - Virtual size: 6KB