bb385bc50168a3606e70fcd5c1e69b43e7c474a1e407566dd2f8329ee8949c21

Sharing

Copy URL Twitter E-mail

General

Target

bb385bc50168a3606e70fcd5c1e69b43e7c474a1e407566dd2f8329ee8949c21
Size

12KB
MD5

403632831649df7f0196a2ca51d8a171
SHA1

6cebd93cd60b8eed85929aa479867857dd6694d7
SHA256

bb385bc50168a3606e70fcd5c1e69b43e7c474a1e407566dd2f8329ee8949c21
SHA512

f1a62ef8b0fedda028c3337365c344fef6e3a036a0e247822a6da5d4fa94aea5e937be2501fc043988c606f162d1efd90cbc0fdef048b2cf21bbea33fd8a08f0
SSDEEP

192:wyryRkyBZQ6QKwktIMQk3X7MVlD6e5le9L1TqX:wyWa6EMdrMVlPML1mX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb385bc50168a3606e70fcd5c1e69b43e7c474a1e407566dd2f8329ee8949c21

Files

bb385bc50168a3606e70fcd5c1e69b43e7c474a1e407566dd2f8329ee8949c21
.dll windows:4 windows x86 arch:x86

241f013f36c51a6c0fa5dce559577a6c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\buildbot\win32-comm-central-nightly\build\objdir-tb\mozilla\xpcom\stub\xpcom.pdb

Imports

xul

NS_CStringContainerFinish_P
NS_CStringGetData_P
NS_CStringGetMutableData_P
NS_CStringCloneData_P
NS_CStringSetData_P
NS_CStringSetDataRange_P
NS_CStringCopy_P
NS_CStringContainerInit2_P
NS_CStringGetIsVoid_P
NS_CStringToUTF16_P
NS_UTF16ToCString_P
NS_CycleCollectorSuspect_P
NS_CycleCollectorForget_P
NS_CycleCollectorSuspect2_P
NS_CycleCollectorForget2_P
NS_CStringContainerInit_P
NS_StringGetIsVoid_P
NS_StringSetIsVoid_P
NS_StringCopy_P
NS_StringSetDataRange_P
NS_StringSetData_P
NS_StringCloneData_P
NS_StringGetMutableData_P
NS_StringGetData_P
NS_StringContainerFinish_P
NS_StringContainerInit2_P
NS_StringContainerInit_P
NS_InvokeByIndex_P
NS_DestroyXPTCallStub_P
NS_GetXPTCallStub_P
NS_LogCOMPtrRelease_P
NS_LogCOMPtrAddRef_P
NS_LogDtor_P
NS_LogCtor_P
NS_LogRelease_P
NS_LogAddRef_P
NS_LogInit_P
NS_LogTerm_P
NS_DebugBreak_P
NS_Free_P
NS_Realloc_P
NS_Alloc_P
NS_GetTraceRefcnt_P
NS_GetDebug_P
NS_NewNativeLocalFile_P
NS_NewLocalFile_P
NS_GetMemoryManager_P
NS_GetComponentRegistrar_P
NS_GetComponentManager_P
NS_GetServiceManager_P
NS_ShutdownXPCOM_P
NS_CStringSetIsVoid_P
NS_InitXPCOM2_P

msvcr80

_crt_debugger_hook
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
memcpy
_malloc_crt
_encode_pointer

mozutils

frex

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange
IsDebuggerPresent

Exports

Exports

NS_Alloc
NS_CStringCloneData
NS_CStringContainerFinish
NS_CStringContainerInit
NS_CStringContainerInit2
NS_CStringCopy
NS_CStringGetData
NS_CStringGetIsVoid
NS_CStringGetMutableData
NS_CStringSetData
NS_CStringSetDataRange
NS_CStringSetIsVoid
NS_CStringToUTF16
NS_CycleCollectorForget
NS_CycleCollectorForget2
NS_CycleCollectorSuspect
NS_CycleCollectorSuspect2
NS_DebugBreak
NS_DestroyXPTCallStub
NS_Free
NS_GetComponentManager
NS_GetComponentRegistrar
NS_GetDebug
NS_GetFrozenFunctions
NS_GetMemoryManager
NS_GetServiceManager
NS_GetTraceRefcnt
NS_GetXPTCallStub
NS_InitXPCOM2
NS_InvokeByIndex
NS_LogAddRef
NS_LogCOMPtrAddRef
NS_LogCOMPtrRelease
NS_LogCtor
NS_LogDtor
NS_LogInit
NS_LogRelease
NS_LogTerm
NS_NewLocalFile
NS_NewNativeLocalFile
NS_Realloc
NS_RegisterXPCOMExitRoutine
NS_ShutdownXPCOM
NS_StringCloneData
NS_StringContainerFinish
NS_StringContainerInit
NS_StringContainerInit2
NS_StringCopy
NS_StringGetData
NS_StringGetIsVoid
NS_StringGetMutableData
NS_StringSetData
NS_StringSetDataRange
NS_StringSetIsVoid
NS_UTF16ToCString
NS_UnregisterXPCOMExitRoutine

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 802B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

241f013f36c51a6c0fa5dce559577a6c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

xul

msvcr80

mozutils

kernel32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 802B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 802B