e:\bb-slave\win32\obj-instantbird\purple\libpurple\purple.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d019755a0d5152dc47be7168b9466d6ddb90ee17aa66dc7cdd827ea9ab05fdbf.dll
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
d019755a0d5152dc47be7168b9466d6ddb90ee17aa66dc7cdd827ea9ab05fdbf.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
d019755a0d5152dc47be7168b9466d6ddb90ee17aa66dc7cdd827ea9ab05fdbf
-
Size
1.9MB
-
MD5
dfa8c8d993aad0f3ed92c0275f7d4a25
-
SHA1
a072fd2f05879fa868d0d703b2d5690258f905c2
-
SHA256
d019755a0d5152dc47be7168b9466d6ddb90ee17aa66dc7cdd827ea9ab05fdbf
-
SHA512
5d9c65624662d54a4f8d6925c0ee416b5661fef47aef88902c70898fffeaccf079b80e36bfe916f5bfb8a9059fd7f15fbf9d87c53875838c62497b77937f1964
-
SSDEEP
49152:jVpvXcj+d2/hTqW7TqlX8qvB0F8z1DEp5d0FoQB5i8cSr71LOQ7:jVY+OTqqTqlX8qeF35dw7B5TcSr71K
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d019755a0d5152dc47be7168b9466d6ddb90ee17aa66dc7cdd827ea9ab05fdbf
Files
-
d019755a0d5152dc47be7168b9466d6ddb90ee17aa66dc7cdd827ea9ab05fdbf.dll windows:4 windows x86 arch:x86
15309276fadb0817ff34857b5f19936a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
IsDebuggerPresent
GetModuleHandleA
GetEnvironmentVariableW
ExpandEnvironmentStringsW
GetModuleFileNameW
GetSystemTimeAsFileTime
GetExitCodeProcess
CreateSemaphoreA
ReleaseSemaphore
CloseHandle
GetSystemInfo
MoveFileExW
GetFileAttributesW
WideCharToMultiByte
GetACP
MultiByteToWideChar
IsDBCSLeadByteEx
IsValidCodePage
GetCPInfo
LocalFree
GetLocaleInfoA
FormatMessageW
LoadLibraryW
DeleteCriticalSection
GetCurrentProcess
DuplicateHandle
ReleaseMutex
WaitForSingleObject
TlsAlloc
SetEvent
GetCurrentThread
InitializeCriticalSection
TlsSetValue
Sleep
CreateEventA
LeaveCriticalSection
SetThreadPriority
EnterCriticalSection
TlsGetValue
CreateMutexA
InterlockedCompareExchange
InterlockedExchangeAdd
GetVersionExA
CreateThread
GetModuleHandleW
FreeLibrary
GetProcAddress
GetTimeZoneInformation
FormatMessageA
GlobalFree
GetThreadLocale
InterlockedExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetLastError
user32
PeekMessageA
MessageBoxA
MsgWaitForMultipleObjectsEx
wsock32
gethostname
htonl
ntohl
ntohs
htons
inet_addr
WSAGetLastError
closesocket
socket
bind
recv
sendto
setsockopt
recvfrom
__WSAFDIsSet
select
shutdown
accept
getsockname
WSAStartup
inet_ntoa
gethostbyname
WSACleanup
send
connect
getsockopt
ioctlsocket
listen
advapi32
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
GetUserNameW
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA
nss3
CERT_GetDefaultCertDB
nspr4
PR_Close
PR_GetError
PR_ImportTCPSocket
PR_Read
PR_Write
PR_GetErrorText
PR_SetSocketOption
PR_GetErrorTextLength
ssl3
SSL_ForceHandshake
SSL_ResetHandshake
SSL_ImportFD
SSL_SetURL
SSL_AuthCertificateHook
SSL_OptionSet
ws2_32
WSAAddressToStringA
WSAIoctl
mozcrt19
_getpid
_getcwd
_strdup
_lseek
_except_handler4_common
__clean_type_info_names_internal
_crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
__CppXcptFilter
_adjust_fdiv
_amsg_exit
wcscmp
exit
wcscat
_wfindfirst64i32
_findclose
_wfindnext64i32
_wfullpath
_open
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
_ctime64
srand
strcspn
isalpha
printf
strspn
atol
memchr
floor
_gmtime64
abs
fopen
_stat64i32
_snprintf
___mb_cur_max_func
strcmp
_time64
_errno
fwrite
fclose
memcpy
sprintf
memset
strlen
memmove
strchr
fseek
fread
strrchr
atoi
rand
strncmp
sscanf
strcpy
strtol
strncpy
vsprintf
strstr
strtoul
_localtime64
isalnum
tolower
isgraph
isxdigit
isspace
isdigit
strftime
fputs
_commit
iscntrl
_mktime64
_vsnprintf
_close
abort
_read
_write
strtod
strerror
localeconv
isupper
toupper
islower
strpbrk
realloc
free
calloc
malloc
strcat
__iob_func
fflush
strcoll
strxfrm
wcschr
getenv
_exit
fprintf
vfprintf
_wcreat
_waccess
_wunlink
_wfreopen
_wopen
_wchmod
_wmkdir
_wfopen
_wstat64i32
wcslen
feof
memcmp
ferror
_stricmp
bsearch
qsort
_strnicmp
_endthreadex
_beginthreadex
wcscpy
Exports
Exports
__oldXMLWDcompatibility
__xmlBufferAllocScheme
__xmlDefaultBufferSize
__xmlDefaultSAXHandler
__xmlDefaultSAXLocator
__xmlDeregisterNodeDefaultValue
__xmlDoValidityCheckingDefaultValue
__xmlErrEncoding
__xmlGenericError
__xmlGenericErrorContext
__xmlGetWarningsDefaultValue
__xmlIndentTreeOutput
__xmlKeepBlanksDefaultValue
__xmlLastError
__xmlLineNumbersDefaultValue
__xmlLoadExtDtdDefaultValue
__xmlOutputBufferCreateFilenameValue
__xmlParserDebugEntities
__xmlParserInputBufferCreateFilenameValue
__xmlParserVersion
__xmlPedanticParserDefaultValue
__xmlRaiseError
__xmlRegisterNodeDefaultValue
__xmlSaveNoEmptyTags
__xmlSimpleError
__xmlStructuredError
__xmlSubstituteEntitiesDefaultValue
__xmlTreeIndentString
g_access
g_allocator_free
g_allocator_new
g_array_append_vals
g_array_free
g_array_insert_vals
g_array_new
g_array_prepend_vals
g_array_remove_index
g_array_remove_index_fast
g_array_remove_range
g_array_set_size
g_array_sized_new
g_array_sort
g_array_sort_with_data
g_ascii_digit_value
g_ascii_dtostr
g_ascii_formatd
g_ascii_strcasecmp
g_ascii_strdown
g_ascii_strncasecmp
g_ascii_strtod
g_ascii_strtoll
g_ascii_strtoull
g_ascii_strup
g_ascii_table
g_ascii_tolower
g_ascii_toupper
g_ascii_xdigit_value
g_assert_warning
g_atexit
g_atomic_int_add
g_atomic_int_compare_and_exchange
g_atomic_int_exchange_and_add
g_atomic_int_get
g_atomic_int_set
g_atomic_pointer_compare_and_exchange
g_atomic_pointer_get
g_atomic_pointer_set
g_basename
g_bit_nth_lsf
g_bit_nth_msf
g_bit_storage
g_blow_chunks
g_boxed_copy
g_boxed_free
g_boxed_type_register_static
g_build_filename
g_build_filenamev
g_build_path
g_build_pathv
g_byte_array_append
g_byte_array_free
g_byte_array_new
g_byte_array_prepend
g_byte_array_remove_index
g_byte_array_remove_index_fast
g_byte_array_remove_range
g_byte_array_set_size
g_byte_array_sized_new
g_byte_array_sort
g_byte_array_sort_with_data
g_cclosure_marshal_VOID__PARAM
g_cclosure_marshal_VOID__VOID
g_cclosure_new
g_cclosure_new_object
g_cclosure_new_object_swap
g_cclosure_new_swap
g_child_watch_add
g_child_watch_add_full
g_child_watch_funcs
g_child_watch_source_new
g_chmod
g_clear_error
g_closure_add_finalize_notifier
g_closure_add_invalidate_notifier
g_closure_add_marshal_guards
g_closure_get_type
g_closure_invalidate
g_closure_invoke
g_closure_new_object
g_closure_new_simple
g_closure_ref
g_closure_remove_finalize_notifier
g_closure_remove_invalidate_notifier
g_closure_set_marshal
g_closure_set_meta_marshal
g_closure_sink
g_closure_unref
g_convert
g_convert_error_quark
g_convert_with_fallback
g_convert_with_iconv
g_creat
g_datalist_clear
g_datalist_foreach
g_datalist_get_flags
g_datalist_id_get_data
g_datalist_id_remove_no_notify
g_datalist_id_set_data_full
g_datalist_init
g_datalist_set_flags
g_datalist_unset_flags
g_dataset_destroy
g_dataset_foreach
g_dataset_id_get_data
g_dataset_id_remove_no_notify
g_dataset_id_set_data_full
g_dir_close
g_dir_open
g_dir_open_utf8
g_dir_read_name
g_dir_read_name_utf8
g_dir_rewind
g_direct_equal
g_direct_hash
g_dpgettext
g_enum_complete_type_info
g_enum_get_value
g_enum_get_value_by_name
g_enum_get_value_by_nick
g_enum_register_static
g_error_copy
g_error_free
g_error_matches
g_error_new
g_error_new_literal
g_file_error_from_errno
g_file_error_quark
g_file_get_contents
g_file_get_contents_utf8
g_file_read_link
g_file_test
g_file_test_utf8
g_filename_display_basename
g_filename_display_name
g_filename_from_uri
g_filename_from_uri_utf8
g_filename_from_utf8
g_filename_from_utf8_utf8
g_filename_to_uri
g_filename_to_uri_utf8
g_filename_to_utf8
g_filename_to_utf8_utf8
g_flags_complete_type_info
g_flags_get_first_value
g_flags_get_value_by_name
g_flags_get_value_by_nick
g_flags_register_static
g_fopen
g_fprintf
g_free
g_freopen
g_get_application_name
g_get_charset
g_get_codeset
g_get_current_time
g_get_filename_charsets
g_get_host_name
g_get_language_names
g_get_prgname
g_get_real_name
g_get_real_name_utf8
g_get_user_name
g_get_user_name_utf8
g_getenv
g_getenv_utf8
g_gstring_get_type
g_gtype_get_type
g_hash_table_destroy
g_hash_table_find
g_hash_table_foreach
g_hash_table_foreach_remove
g_hash_table_foreach_steal
g_hash_table_get_keys
g_hash_table_get_type
g_hash_table_get_values
g_hash_table_insert
g_hash_table_iter_get_hash_table
g_hash_table_iter_init
g_hash_table_iter_next
g_hash_table_iter_remove
g_hash_table_iter_steal
g_hash_table_lookup
g_hash_table_lookup_extended
g_hash_table_new
g_hash_table_new_full
g_hash_table_ref
g_hash_table_remove
g_hash_table_remove_all
g_hash_table_replace
g_hash_table_size
g_hash_table_steal
g_hash_table_steal_all
g_hash_table_unref
g_iconv
g_iconv_close
g_iconv_open
g_idle_add
g_idle_add_full
g_idle_funcs
g_idle_remove_by_data
g_idle_source_new
g_initially_unowned_get_type
g_int_equal
g_int_hash
g_intern_static_string
g_intern_string
g_list_alloc
g_list_append
g_list_concat
g_list_copy
g_list_delete_link
g_list_find
g_list_find_custom
g_list_first
g_list_foreach
g_list_free
g_list_free_1
g_list_index
g_list_insert
g_list_insert_before
g_list_insert_sorted
g_list_insert_sorted_with_data
g_list_last
g_list_length
g_list_nth
g_list_nth_data
g_list_nth_prev
g_list_pop_allocator
g_list_position
g_list_prepend
g_list_push_allocator
g_list_remove
g_list_remove_all
g_list_remove_link
g_list_reverse
g_list_sort
g_list_sort_with_data
g_locale_from_utf8
g_locale_to_utf8
g_log
g_log_default_handler
g_log_remove_handler
g_log_set_always_fatal
g_log_set_default_handler
g_log_set_fatal_mask
g_log_set_handler
g_logv
g_lstat
g_main_context_acquire
g_main_context_add_poll
g_main_context_check
g_main_context_default
g_main_context_dispatch
g_main_context_find_source_by_funcs_user_data
g_main_context_find_source_by_id
g_main_context_find_source_by_user_data
g_main_context_get_poll_func
g_main_context_is_owner
g_main_context_iteration
g_main_context_new
g_main_context_pending
g_main_context_prepare
g_main_context_query
g_main_context_ref
g_main_context_release
g_main_context_remove_poll
g_main_context_set_poll_func
g_main_context_unref
g_main_context_wait
g_main_context_wakeup
g_main_current_source
g_main_depth
g_main_loop_get_context
g_main_loop_is_running
g_main_loop_new
g_main_loop_quit
g_main_loop_ref
g_main_loop_run
g_main_loop_unref
g_malloc
g_malloc0
g_markup_collect_attributes
g_markup_error_quark
g_markup_escape_text
g_markup_parse_context_end_parse
g_markup_parse_context_free
g_markup_parse_context_get_element
g_markup_parse_context_get_element_stack
g_markup_parse_context_get_position
g_markup_parse_context_new
g_markup_parse_context_parse
g_markup_printf_escaped
g_markup_vprintf_escaped
g_mem_chunk_alloc
g_mem_chunk_alloc0
g_mem_chunk_clean
g_mem_chunk_destroy
g_mem_chunk_free
g_mem_chunk_info
g_mem_chunk_new
g_mem_chunk_print
g_mem_chunk_reset
g_mem_gc_friendly
g_mem_is_system_malloc
g_mem_profile
g_mem_set_vtable
g_memdup
g_mkdir
g_mkdir_with_parents
g_mkstemp_utf8
g_nullify_pointer
g_object_add_toggle_ref
g_object_add_weak_pointer
g_object_class_find_property
g_object_class_install_property
g_object_class_list_properties
g_object_class_override_property
g_object_compat_control
g_object_connect
g_object_disconnect
g_object_force_floating
g_object_freeze_notify
g_object_get
g_object_get_data
g_object_get_property
g_object_get_qdata
g_object_get_valist
g_object_interface_find_property
g_object_interface_install_property
g_object_interface_list_properties
g_object_is_floating
g_object_new
g_object_new_valist
g_object_newv
g_object_notify
g_object_ref
g_object_ref_sink
g_object_remove_toggle_ref
g_object_remove_weak_pointer
g_object_run_dispose
g_object_set
g_object_set_data
g_object_set_data_full
g_object_set_property
g_object_set_qdata
g_object_set_qdata_full
g_object_set_valist
g_object_steal_data
g_object_steal_qdata
g_object_thaw_notify
g_object_unref
g_object_watch_closure
g_object_weak_ref
g_object_weak_unref
g_once_impl
g_once_init_enter
g_once_init_enter_impl
g_once_init_leave
g_open
g_param_spec_boolean
g_param_spec_boxed
g_param_spec_char
g_param_spec_double
g_param_spec_enum
g_param_spec_flags
g_param_spec_float
g_param_spec_get_blurb
g_param_spec_get_name
g_param_spec_get_nick
g_param_spec_get_qdata
g_param_spec_get_redirect_target
g_param_spec_gtype
g_param_spec_int
g_param_spec_int64
g_param_spec_internal
g_param_spec_long
g_param_spec_object
g_param_spec_override
g_param_spec_param
g_param_spec_pointer
g_param_spec_pool_insert
g_param_spec_pool_list
g_param_spec_pool_list_owned
g_param_spec_pool_lookup
g_param_spec_pool_new
g_param_spec_pool_remove
g_param_spec_ref
g_param_spec_ref_sink
g_param_spec_set_qdata
g_param_spec_set_qdata_full
g_param_spec_sink
g_param_spec_steal_qdata
g_param_spec_string
g_param_spec_types
g_param_spec_uchar
g_param_spec_uint
g_param_spec_uint64
g_param_spec_ulong
g_param_spec_unichar
g_param_spec_unref
g_param_spec_value_array
g_param_type_register_static
g_param_value_convert
g_param_value_defaults
g_param_value_set_default
g_param_value_validate
g_param_values_cmp
g_parse_debug_string
g_path_get_basename
g_path_get_dirname
g_path_is_absolute
g_path_skip_root
g_pattern_match
g_pattern_match_simple
g_pattern_match_string
g_pattern_spec_equal
g_pattern_spec_free
g_pattern_spec_new
g_pointer_type_register_static
g_prefix_error
g_print
g_printerr
g_printf
g_printf_string_upper_bound
g_propagate_error
g_propagate_prefixed_error
g_ptr_array_add
g_ptr_array_foreach
g_ptr_array_free
g_ptr_array_new
g_ptr_array_remove
g_ptr_array_remove_fast
g_ptr_array_remove_index
g_ptr_array_remove_index_fast
g_ptr_array_remove_range
g_ptr_array_set_size
g_ptr_array_sized_new
g_ptr_array_sort
g_ptr_array_sort_with_data
g_qsort_with_data
g_quark_from_static_string
g_quark_from_string
g_quark_to_string
g_quark_try_string
g_queue_clear
g_queue_copy
g_queue_delete_link
g_queue_find
g_queue_find_custom
g_queue_foreach
g_queue_free
g_queue_get_length
g_queue_index
g_queue_init
g_queue_insert_after
g_queue_insert_before
g_queue_insert_sorted
g_queue_is_empty
g_queue_link_index
g_queue_new
g_queue_peek_head
g_queue_peek_head_link
g_queue_peek_nth
g_queue_peek_nth_link
g_queue_peek_tail
g_queue_peek_tail_link
g_queue_pop_head
g_queue_pop_head_link
g_queue_pop_nth
g_queue_pop_nth_link
Sections
.text Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 620KB - Virtual size: 617KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 24KB - Virtual size: 129KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 968B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 92KB - Virtual size: 90KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ