3ef9d42adef1b72d56491e9aec0d5ae0567b7ada448ae971718f6d2b6a7d7017

Sharing

Copy URL

Twitter E-mail

General

Target

3ef9d42adef1b72d56491e9aec0d5ae0567b7ada448ae971718f6d2b6a7d7017
Size

352KB
MD5

feb75cafc7bffb9c493f768c717aa6e2
SHA1

bdbc9d29bf1ef9acc86b401c1a55add3cc3c2163
SHA256

3ef9d42adef1b72d56491e9aec0d5ae0567b7ada448ae971718f6d2b6a7d7017
SHA512

2cfb7dc61dc316a04e40059975324dc70fee35914c5b41bcab8a8619763f810d4df3dc592b52d4c0105fc7a938896e8d237badd15026b4ce273f43127c526b3a
SSDEEP

6144:GUMllvOd+BGG6dMVWfpUwFygo5zUM38MEB561D+H3nXH3C:GnvOd+BGG6WVWfpf0gmzYB5pH3nXH3C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ef9d42adef1b72d56491e9aec0d5ae0567b7ada448ae971718f6d2b6a7d7017

Files

3ef9d42adef1b72d56491e9aec0d5ae0567b7ada448ae971718f6d2b6a7d7017
.dll windows:4 windows x86 arch:x86

56ed15a990d58148d7b09af9a12bb6bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\buildbot\win32-comm-aurora-nightly\build\objdir-tb\mozilla\nss\nssckbi\nssckbi.pdb

Imports

plc4

PL_strlen

plds4

PL_ArenaAllocate
PL_HashTableEnumerateEntries
PL_HashTableLookup
PL_HashTableRemove
PL_HashTableAdd
PL_HashTableDestroy
PL_CompareValues
PL_NewHashTable
PL_FinishArenaPool
PL_InitArenaPool

nspr4

PR_CallOnce
PR_GetThreadPrivate
PR_SetThreadPrivate
PR_NewThreadPrivateIndex
PR_Free
PR_Calloc
PR_Unlock
PR_Lock
PR_DestroyLock
PR_NewLock

mozcrt19

_crt_debugger_hook
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__CppXcptFilter
_adjust_fdiv
_amsg_exit
memcpy
memset
memcmp
memmove
_encode_pointer
_malloc_crt
free
_encoded_null
_decode_pointer
_initterm
_initterm_e

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange

Exports

Exports

C_GetFunctionList

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56ed15a990d58148d7b09af9a12bb6bd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

plc4

plds4

nspr4

mozcrt19

kernel32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 268KB - Virtual size: 267KB

.data Size: 24KB - Virtual size: 21KB

.rsrc Size: 4KB - Virtual size: 776B

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 268KB - Virtual size: 267KB

.data
Size: 24KB - Virtual size: 21KB

.rsrc
Size: 4KB - Virtual size: 776B

.reloc
Size: 12KB - Virtual size: 11KB