f72f31db60ae0921d86ed7285bf477b81bac85f94f18c3e007e8fcb2dc1f432d

Sharing

Copy URL Twitter E-mail

General

Target

f72f31db60ae0921d86ed7285bf477b81bac85f94f18c3e007e8fcb2dc1f432d
Size

100KB
MD5

ee932f92b0e9d21e446ebf6a38162478
SHA1

07796ffabcbe3b477c7663dab789fd86286a9707
SHA256

f72f31db60ae0921d86ed7285bf477b81bac85f94f18c3e007e8fcb2dc1f432d
SHA512

470d373b53662b6c0761dccbe91c007b2b69d55f62188798b2e9058da10f669def4d9ac6c673393ec4d51ed8950b31e866fcffad0b2d166eaaeb77d5fa680867
SSDEEP

3072:5DMXq1Ez1e6OGPLey2e+smGcoJwxUAR8sR:SXlz1PLJ2erxci/Aes

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f72f31db60ae0921d86ed7285bf477b81bac85f94f18c3e007e8fcb2dc1f432d

Files

f72f31db60ae0921d86ed7285bf477b81bac85f94f18c3e007e8fcb2dc1f432d
.dll windows:4 windows x86 arch:x86

41c6dc881430bf601aa22dece65c80d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\buildbot\win32-comm-aurora-nightly\build\objdir-tb\mozilla\nss\nssdbm\nssdbm3.pdb

Imports

plc4

PL_strncasecmp
PL_strcasecmp

plds4

PL_HashTableAdd
PL_NewHashTable
PL_HashTableDestroy
PL_HashTableEnumerateEntries
PL_HashTableRemove
PL_HashTableLookup

nspr4

PR_GetError
PR_OpenFile
PR_MkDir
PR_Access
PR_CloseFileMap
PR_MemUnmap
PR_Write
PR_Read
PR_MemMap
PR_CreateFileMap
PR_NewLock
PR_Close
PR_Lock
PR_DestroyLock
PR_ntohl
PR_htonl
PR_Free
PR_UnloadLibrary
PR_GetEnv
PR_FindSymbol
PR_LoadLibrary
PR_Now
PR_Delete
PR_EnterMonitor
PR_ExitMonitor
PR_smprintf_free
PR_DestroyMonitor
PR_smprintf
PR_Unlock
PR_NewMonitor
PR_FindFunctionSymbol
PR_LoadLibraryWithFlags
PR_GetDirectorySeparator
PR_GetLibraryFilePathname
PR_CallOnce
PR_SetError

nssutil3

NSSBase64_EncodeItem_Util
PORT_Free_Util
PORT_Alloc_Util
PORT_ZAlloc_Util
NSS_Get_SECOID_AlgorithmIDTemplate_Util
PORT_FreeArena_Util
PORT_ArenaZAlloc_Util
PORT_NewArena_Util
PORT_SetError_Util
SECOID_SetAlgorithmID_Util
SEC_ASN1EncodeItem_Util
SECITEM_DupItem_Util
SECITEM_CompareItem_Util
PORT_ArenaStrdup_Util
PORT_ArenaMark_Util
PORT_ArenaUnmark_Util
PORT_ArenaRelease_Util
NSS_Get_SEC_AnyTemplate_Util
NSS_Get_SEC_BitStringTemplate_Util
NSS_Get_SEC_ObjectIDTemplate_Util
DER_DecodeTimeChoice_Util
SECITEM_AllocItem_Util
SECOID_Init
SECITEM_HashCompare
SECOID_Shutdown
SECITEM_ItemsAreEqual_Util
SECITEM_CopyItem_Util
DER_SetUInteger
NSS_Get_SEC_OctetStringTemplate_Util
PORT_Strdup_Util
SECOID_FindOIDTag_Util
SECITEM_FreeItem_Util
SECOID_FindOIDByTag_Util
PORT_ArenaAlloc_Util
PORT_GetError_Util
SECITEM_ZfreeItem_Util
SEC_ASN1EncodeInteger_Util
SEC_QuickDERDecodeItem_Util
SECOID_GetAlgorithmTag_Util
PORT_Realloc_Util

msvcr80

_unlink
_close
_read
_open
_write
_lseek
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
abort
memmove
_get_osfhandle
_stat64i32
_errno
strrchr
strncpy
isdigit
atoi
strcat
isspace
strcpy
tolower
memset
strncmp
getenv
memcmp
strlen
strcmp
memcpy
_getpid

mozutils

free
calloc
strdup
frex
malloc

kernel32

GetCurrentThreadId
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
FlushFileBuffers

Exports

Exports

legacy_AddSecmodDB
legacy_DeleteSecmodDB
legacy_Open
legacy_ReadSecmodDB
legacy_ReleaseSecmodDBData
legacy_SetCryptFunctions
legacy_Shutdown

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41c6dc881430bf601aa22dece65c80d1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

plc4

plds4

nspr4

nssutil3

msvcr80

mozutils

kernel32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB