4372c6f62b7996bdd8a527f460b3134e954bf9ed739144cce82c623ddfe41940

Sharing

Copy URL Twitter E-mail

General

Target

4372c6f62b7996bdd8a527f460b3134e954bf9ed739144cce82c623ddfe41940
Size

80KB
MD5

e20b6efc4d84705685f1af3ee6a21a49
SHA1

d7c6cc1ad92240c35fcc301b7613388b36e6d031
SHA256

4372c6f62b7996bdd8a527f460b3134e954bf9ed739144cce82c623ddfe41940
SHA512

dfc72cadd9139b546768a2f53636eb42cbf482fa2cd1dc3456d353ba9cdb29cc08e7b55d2b0a3fecb254da222fc0c2968690319bf7841c5ffd57e793ca96c46c
SSDEEP

1536:XqafS89ffT/+rIsn/g+p4ua8eGtybvaYh0sKVz41rr8v2j7:aeS1ra7oYhXKVz4r8v2j7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4372c6f62b7996bdd8a527f460b3134e954bf9ed739144cce82c623ddfe41940

Files

4372c6f62b7996bdd8a527f460b3134e954bf9ed739144cce82c623ddfe41940
.dll windows:4 windows x86 arch:x86

3fc76c7e9510c1962b6b2e10b7059833

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\buildbot\win32-comm-central-nightly\build\objdir-tb\mozilla\nss\nssutil\nssutil3.pdb

Imports

plc4

PL_strncasecmp
PL_strcasecmp
PL_strpbrk
PL_strlen

plds4

PL_FreeArenaPool
PL_FinishArenaPool
PL_ArenaAllocate
PL_HashTableDestroy
PL_ClearArenaPool
PL_HashTableLookup
PL_CompareValues
PL_NewHashTable
PL_HashTableAdd
PL_ArenaGrow
PL_ArenaRelease
PL_InitArenaPool
PL_HashTableLookupConst

nspr4

PR_GetError
PR_Assert
PR_LocalTimeParameters
PR_FormatTime
PR_GetEnv
PR_GetLibraryFilePathname
PR_GetDirectorySeparator
PR_LoadLibraryWithFlags
PR_NewLock
PR_NewCondVar
PR_NotifyAllCondVar
PR_NotifyCondVar
PR_GetCurrentThread
PR_Lock
PR_WaitCondVar
PR_Unlock
PR_DestroyCondVar
PR_DestroyLock
PR_Free
PR_Realloc
PR_Malloc
PR_SetError
PR_Calloc
PR_ImplodeTime
PR_GMTParameters
PR_ExplodeTime

mozcrt19

strlen
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
strcat
strstr
strrchr
memcmp
strcmp
strchr
toupper
isalnum
isalpha
tolower
isdigit
memcpy
memset
_putenv
strcpy

kernel32

IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
SetEnvironmentVariableA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange

Exports

Exports

ATOB_AsciiToData_Util
ATOB_ConvertAsciiToItem_Util
BTOA_ConvertItemToAscii_Util
BTOA_DataToAscii_Util
CERT_GenTime2FormattedAscii_Util
DER_AsciiToTime_Util
DER_DecodeTimeChoice_Util
DER_EncodeTimeChoice_Util
DER_Encode_Util
DER_GeneralizedDayToAscii_Util
DER_GeneralizedTimeToTime_Util
DER_GetInteger_Util
DER_GetUInteger
DER_LengthLength
DER_Lengths_Util
DER_SetUInteger
DER_StoreHeader
DER_TimeChoiceDayToAscii_Util
DER_TimeToGeneralizedTimeArena_Util
DER_TimeToGeneralizedTime_Util
DER_TimeToUTCTime_Util
DER_UTCDayToAscii_Util
DER_UTCTimeToAscii_Util
DER_UTCTimeToTime_Util
NSSBase64Decoder_Create_Util
NSSBase64Decoder_Destroy_Util
NSSBase64Decoder_Update_Util
NSSBase64Encoder_Create_Util
NSSBase64Encoder_Destroy_Util
NSSBase64Encoder_Update_Util
NSSBase64_DecodeBuffer_Util
NSSBase64_EncodeItem_Util
NSSRWLock_Destroy_Util
NSSRWLock_HaveWriteLock_Util
NSSRWLock_LockRead_Util
NSSRWLock_LockWrite_Util
NSSRWLock_New_Util
NSSRWLock_UnlockRead_Util
NSSRWLock_UnlockWrite_Util
NSS_GetAlgorithmPolicy
NSS_Get_SECOID_AlgorithmIDTemplate_Util
NSS_Get_SEC_AnyTemplate_Util
NSS_Get_SEC_BMPStringTemplate_Util
NSS_Get_SEC_BitStringTemplate_Util
NSS_Get_SEC_BooleanTemplate_Util
NSS_Get_SEC_EnumeratedTemplate
NSS_Get_SEC_GeneralizedTimeTemplate_Util
NSS_Get_SEC_IA5StringTemplate_Util
NSS_Get_SEC_IntegerTemplate_Util
NSS_Get_SEC_NullTemplate_Util
NSS_Get_SEC_ObjectIDTemplate_Util
NSS_Get_SEC_OctetStringTemplate_Util
NSS_Get_SEC_PointerToAnyTemplate_Util
NSS_Get_SEC_PointerToEnumeratedTemplate
NSS_Get_SEC_PointerToGeneralizedTimeTemplate
NSS_Get_SEC_PointerToOctetStringTemplate_Util
NSS_Get_SEC_PrintableStringTemplate
NSS_Get_SEC_SequenceOfAnyTemplate
NSS_Get_SEC_SequenceOfObjectIDTemplate
NSS_Get_SEC_SetOfAnyTemplate_Util
NSS_Get_SEC_SkipTemplate
NSS_Get_SEC_T61StringTemplate
NSS_Get_SEC_UTF8StringTemplate_Util
NSS_Get_SEC_UniversalStringTemplate
NSS_Get_sgn_DigestInfoTemplate_Util
NSS_PutEnv_Util
NSS_SecureMemcmp
NSS_SetAlgorithmPolicy
PORT_Alloc_Util
PORT_ArenaAlloc_Util
PORT_ArenaGrow_Util
PORT_ArenaMark_Util
PORT_ArenaRelease_Util
PORT_ArenaStrdup_Util
PORT_ArenaUnmark_Util
PORT_ArenaZAlloc_Util
PORT_FreeArena_Util
PORT_Free_Util
PORT_GetError_Util
PORT_ISO88591_UTF8Conversion
PORT_LoadLibraryFromOrigin
PORT_NewArena_Util
PORT_Realloc_Util
PORT_RegExpCaseSearch
PORT_RegExpSearch
PORT_RegExpValid
PORT_SetError_Util
PORT_SetUCS2_ASCIIConversionFunction_Util
PORT_SetUCS2_UTF8ConversionFunction_Util
PORT_SetUCS4_UTF8ConversionFunction_Util
PORT_Strdup_Util
PORT_UCS2_ASCIIConversion_Util
PORT_UCS2_UTF8Conversion_Util
PORT_UCS4_UTF8Conversion
PORT_ZAlloc_Util
PORT_ZFree_Util
SECITEM_AllocItem_Util
SECITEM_ArenaDupItem_Util
SECITEM_CompareItem_Util
SECITEM_CopyItem_Util
SECITEM_DupItem_Util
SECITEM_FreeItem_Util
SECITEM_Hash
SECITEM_HashCompare
SECITEM_ItemsAreEqual_Util
SECITEM_ReallocItem
SECITEM_ZfreeItem_Util
SECOID_AddEntry_Util
SECOID_CompareAlgorithmID_Util
SECOID_CopyAlgorithmID_Util
SECOID_DestroyAlgorithmID_Util
SECOID_FindOIDByMechanism
SECOID_FindOIDByTag_Util
SECOID_FindOIDTagDescription_Util
SECOID_FindOIDTag_Util
SECOID_FindOID_Util
SECOID_GetAlgorithmTag_Util
SECOID_Init
SECOID_KnownCertExtenOID
SECOID_SetAlgorithmID_Util
SECOID_Shutdown
SEC_ASN1DecodeInteger_Util
SEC_ASN1DecodeItem_Util
SEC_ASN1Decode_Util
SEC_ASN1DecoderAbort_Util
SEC_ASN1DecoderClearFilterProc_Util
SEC_ASN1DecoderClearNotifyProc_Util
SEC_ASN1DecoderFinish_Util
SEC_ASN1DecoderSetFilterProc_Util
SEC_ASN1DecoderSetNotifyProc_Util
SEC_ASN1DecoderStart_Util
SEC_ASN1DecoderUpdate_Util
SEC_ASN1EncodeInteger_Util
SEC_ASN1EncodeItem_Util
SEC_ASN1EncodeUnsignedInteger_Util
SEC_ASN1Encode_Util
SEC_ASN1EncoderAbort_Util
SEC_ASN1EncoderClearNotifyProc_Util
SEC_ASN1EncoderClearStreaming_Util
SEC_ASN1EncoderClearTakeFromBuf_Util
SEC_ASN1EncoderFinish_Util
SEC_ASN1EncoderSetNotifyProc_Util
SEC_ASN1EncoderSetStreaming_Util
SEC_ASN1EncoderSetTakeFromBuf_Util
SEC_ASN1EncoderStart_Util
SEC_ASN1EncoderUpdate_Util
SEC_ASN1LengthLength_Util
SEC_QuickDERDecodeItem_Util
SEC_StringToOID
SGN_CompareDigestInfo_Util
SGN_CopyDigestInfo_Util
SGN_CreateDigestInfo_Util
SGN_DecodeDigestInfo
SGN_DestroyDigestInfo_Util
UTIL_SetForkState

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3fc76c7e9510c1962b6b2e10b7059833

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

plc4

plds4

nspr4

mozcrt19

kernel32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 784B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 784B

.reloc
Size: 4KB - Virtual size: 2KB