28e107554c3827f312be7c1d094556cd6879df90ab0b992f683c4b0a20fded29

Sharing

Copy URL Twitter E-mail

General

Target

28e107554c3827f312be7c1d094556cd6879df90ab0b992f683c4b0a20fded29
Size

12KB
MD5

d511a96b2be99f8dda5d27045c0445e5
SHA1

5b82a6f02b298f2a8acf612f09091822bf7a1f3d
SHA256

28e107554c3827f312be7c1d094556cd6879df90ab0b992f683c4b0a20fded29
SHA512

9f03b85d359ed430e522dc1c55215a792bd5921f4b54e0a9ca3a0da1163fbc1a61bd21c83bb33adbfae702b5709e047729f6bde8d1a61ed4cfaf271253e2784d
SSDEEP

192:OG1RE24kX5Z+4zXW4bUtXLs3XEVR6y5fJZe5CzKWW:N1pGCW4bUaUV55fJjzKW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28e107554c3827f312be7c1d094556cd6879df90ab0b992f683c4b0a20fded29

Files

28e107554c3827f312be7c1d094556cd6879df90ab0b992f683c4b0a20fded29
.dll windows:4 windows x86 arch:x86

6e1621767a968608b531d82ee76a8e82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\builds\moz2_slave\mozilla-central-win32-nightly\build\obj-firefox\xpcom\stub\xpcom.pdb

Imports

xul

NS_GetComponentManager_P
NS_LogCtor_P
NS_GetDebug_P
NS_GetComponentRegistrar_P
NS_LogDtor_P
NS_LogTerm_P
NS_CycleCollectorSuspect_P
NS_GetXPTCallStub_P
NS_Alloc_P
NS_ShutdownXPCOM_P
NS_CStringGetIsVoid_P
NS_GetServiceManager_P
NS_CStringContainerInit2_P
NS_StringCloneData_P
NS_StringContainerInit_P
NS_LogCOMPtrAddRef_P
NS_CStringContainerInit_P
NS_LogInit_P
NS_CStringContainerFinish_P
NS_LogCOMPtrRelease_P
NS_InitXPCOM2_P
NS_CStringCopy_P
NS_StringGetIsVoid_P
NS_CStringToUTF16_P
NS_CStringGetMutableData_P
NS_NewLocalFile_P
NS_Realloc_P
NS_CStringSetIsVoid_P
NS_NewNativeLocalFile_P
NS_DestroyXPTCallStub_P
NS_GetMemoryManager_P
NS_Free_P
NS_LogRelease_P
NS_CStringGetData_P
NS_CycleCollectorSuspect2_P
NS_StringGetMutableData_P
NS_GetTraceRefcnt_P
NS_InvokeByIndex_P
NS_StringCopy_P
NS_CStringCloneData_P
NS_LogAddRef_P
NS_StringGetData_P
NS_StringContainerInit2_P
NS_StringSetDataRange_P
NS_DebugBreak_P
NS_StringSetData_P
NS_CycleCollectorForget_P
NS_UTF16ToCString_P
NS_CStringSetDataRange_P
NS_CStringSetData_P
NS_StringContainerFinish_P
NS_StringSetIsVoid_P
NS_CycleCollectorForget2_P

mozcrt19

_except_handler4_common
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
memcpy
_onexit

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

Exports

Exports

NS_Alloc
NS_CStringCloneData
NS_CStringContainerFinish
NS_CStringContainerInit
NS_CStringContainerInit2
NS_CStringCopy
NS_CStringGetData
NS_CStringGetIsVoid
NS_CStringGetMutableData
NS_CStringSetData
NS_CStringSetDataRange
NS_CStringSetIsVoid
NS_CStringToUTF16
NS_CycleCollectorForget
NS_CycleCollectorForget2
NS_CycleCollectorSuspect
NS_CycleCollectorSuspect2
NS_DebugBreak
NS_DestroyXPTCallStub
NS_Free
NS_GetComponentManager
NS_GetComponentRegistrar
NS_GetDebug
NS_GetFrozenFunctions
NS_GetMemoryManager
NS_GetServiceManager
NS_GetTraceRefcnt
NS_GetXPTCallStub
NS_InitXPCOM2
NS_InvokeByIndex
NS_LogAddRef
NS_LogCOMPtrAddRef
NS_LogCOMPtrRelease
NS_LogCtor
NS_LogDtor
NS_LogInit
NS_LogRelease
NS_LogTerm
NS_NewLocalFile
NS_NewNativeLocalFile
NS_Realloc
NS_RegisterXPCOMExitRoutine
NS_ShutdownXPCOM
NS_StringCloneData
NS_StringContainerFinish
NS_StringContainerInit
NS_StringContainerInit2
NS_StringCopy
NS_StringGetData
NS_StringGetIsVoid
NS_StringGetMutableData
NS_StringSetData
NS_StringSetDataRange
NS_StringSetIsVoid
NS_UTF16ToCString
NS_UnregisterXPCOMExitRoutine

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e1621767a968608b531d82ee76a8e82

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

xul

mozcrt19

kernel32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 912B

.reloc Size: 1024B - Virtual size: 812B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 912B

.reloc
Size: 1024B - Virtual size: 812B