f72f5f00bf932498579d61854b4fc6b0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

f72f5f00bf932498579d61854b4fc6b0N.exe
Size

187KB
MD5

f72f5f00bf932498579d61854b4fc6b0
SHA1

3d5b5e36797901e21e41da8db7dfcef993acf249
SHA256

50946c78a16281e1fc6eefb0f796514ed60375372c3a306798c409ec4c6c5b00
SHA512

20ec5292218f9f998ecf3dee1940c9d721a13c552c40218ddde16b6242598405004cb52018db296fb9dd2f479fdd34987e67ef64d200818697f1b6c5bdfa334e
SSDEEP

3072:DNyh/rJEbS9RZGa6B+7kTSvOD+M0FRP4HMQULqf0F5DW+pveBlwgIBEU22L:DNyhjKvrCXvFk65Dnhgx2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f72f5f00bf932498579d61854b4fc6b0N.exe

Files

f72f5f00bf932498579d61854b4fc6b0N.exe
.dll windows:5 windows x64 arch:x64

0b0c2d9bb32c2511600e9bfca2d911c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\builds\moz2_slave\cen-w64-ntly\build\obj-firefox\nss\softokn\softokn3.pdb

Imports

mozsqlite3

sqlite3_bind_text
sqlite3_bind_int
sqlite3_column_bytes
sqlite3_column_blob
sqlite3_step
sqlite3_column_int
sqlite3_prepare_v2
sqlite3_bind_blob
sqlite3_reset
sqlite3_finalize
sqlite3_open
sqlite3_busy_timeout
sqlite3_close
sqlite3_free
sqlite3_mprintf
sqlite3_exec

nssutil3

PORT_Realloc_Util
PORT_ArenaAlloc_Util
SECITEM_CopyItem_Util
PORT_SetError_Util
SECOID_FindOIDTag_Util
SECITEM_AllocItem_Util
PORT_FreeArena_Util
PORT_ArenaZAlloc_Util
PORT_NewArena_Util
PORT_Free_Util
PORT_Alloc_Util
NSS_Get_SECOID_AlgorithmIDTemplate_Util
PORT_Strdup_Util
SECOID_FindOIDByMechanism
SGN_DecodeDigestInfo
SGN_CreateDigestInfo_Util
DER_Encode_Util
SGN_DestroyDigestInfo_Util
PORT_GetError_Util
UTIL_SetForkState
SECOID_Shutdown
SECOID_Init
SECITEM_HashCompare
DER_SetUInteger
NSS_Get_SEC_OctetStringTemplate_Util
SEC_QuickDERDecodeItem_Util
PORT_ArenaGrow_Util
SECITEM_CompareItem_Util
SECOID_GetAlgorithmTag_Util
SEC_ASN1DecodeItem_Util
DER_GetInteger_Util
SEC_ASN1EncodeInteger_Util
SEC_ASN1EncodeItem_Util
SECOID_SetAlgorithmID_Util
SECOID_CopyAlgorithmID_Util
SECOID_DestroyAlgorithmID_Util
SECITEM_DupItem_Util
PORT_ZFree_Util
SECITEM_ZfreeItem_Util
PORT_ZAlloc_Util
SECITEM_FreeItem_Util
NSS_Get_SEC_AnyTemplate_Util
NSS_Get_SEC_BitStringTemplate_Util
NSS_Get_SEC_ObjectIDTemplate_Util

plc4

PL_strcasecmp
PL_strncasecmp

plds4

PL_HashTableLookupConst
PL_HashTableAdd
PL_NewHashTable
PL_CompareValues
PL_HashTableDestroy
PL_HashTableLookup
PL_HashTableRemove
PL_HashTableEnumerateEntries

nspr4

PR_FindFunctionSymbol
PR_AtomicDecrement
PR_DestroyLock
PR_UnloadLibrary
PR_Sleep
PR_AtomicIncrement
PR_NewLock
PR_SecondsToInterval
PR_Access
PR_IntervalNow
PR_MillisecondsToInterval
PR_ExitMonitor
PR_GetCurrentThread
PR_EnterMonitor
PR_Now
PR_DestroyMonitor
PR_NewMonitor
PR_smprintf
PR_Rename
PR_Delete
PR_Free
PR_SetError
PR_CallOnce
PR_Lock
PR_Unlock
PR_GetLibraryFilePathname
PR_GetDirectorySeparator
PR_LoadLibraryWithFlags
PR_GetEnv
PR_snprintf
PR_smprintf_free

mozcrt19

fputs
_open
strncat
_close
_chmod
malloc
free
strcmp
getenv
sprintf
strrchr
atoi
isdigit
islower
isupper
memset
memcmp
memcpy
strcat
_fdopen
_strdup
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__crt_debugger_hook
__CppXcptFilter
__C_specific_handler
_amsg_exit
_decode_pointer
_encoded_null
_initterm_e
_initterm
_malloc_crt
_encode_pointer
strncpy
strcpy
isspace
strstr
strchr
fprintf
fopen
fclose
fgets
strncmp
fwrite
strlen

kernel32

Sleep
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess

Exports

Exports

C_GetFunctionList
FC_GetFunctionList
NSC_GetFunctionList
NSC_ModuleDBFunc

Sections

.text
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b0c2d9bb32c2511600e9bfca2d911c7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mozsqlite3

nssutil3

plc4

plds4

nspr4

mozcrt19

kernel32

Exports

Exports

Sections

.text Size: 145KB - Virtual size: 144KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 7KB - Virtual size: 6KB

.rsrc Size: 1024B - Virtual size: 848B

.reloc Size: 1024B - Virtual size: 908B

.text
Size: 145KB - Virtual size: 144KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 1024B - Virtual size: 848B

.reloc
Size: 1024B - Virtual size: 908B