86be5e83cc6ea546b3b7d9c12751a08fb125cf3573184e7c022209cbe1473853N

Sharing

Copy URL Twitter E-mail

General

Target

86be5e83cc6ea546b3b7d9c12751a08fb125cf3573184e7c022209cbe1473853N
Size

1.5MB
MD5

d8e82d1737dd89a209f86dcd40ec16f0
SHA1

0cab3ecf0df969416612b3f426793075f2980ad5
SHA256

86be5e83cc6ea546b3b7d9c12751a08fb125cf3573184e7c022209cbe1473853
SHA512

ef5691ca91b8e0f94d214f3346d17e7ffb80de9ddd526dd9ed139fd63615a96b7c24faf98a1349904fed892c81bd31f112880e13c84c1ec79cb775374e5a02a8
SSDEEP

12288:PGXqbh+huoH/uLJOyo937vGFWxwFJI+yeuVb8r+ZP712Ii+51cjVWtVj5J:PGXSh+hl2JOt934J7Z6bQaj1BvUm9J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
86be5e83cc6ea546b3b7d9c12751a08fb125cf3573184e7c022209cbe1473853N

Files

86be5e83cc6ea546b3b7d9c12751a08fb125cf3573184e7c022209cbe1473853N
.exe windows:6 windows x86 arch:x86

2c8decd177a93d80f4af35ab8ab532b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

z:\build\build\src\obj-firefox\toolkit\crashreporter\client\crashreporter.pdb

Imports

nss3

HASH_Create
HASH_Update
HASH_End
HASH_Begin
NSS_Initialize
HASH_Destroy

kernel32

GetLastError
LockResource
GlobalAlloc
DeleteFileW
GlobalFree
CloseHandle
LoadLibraryW
CreateThread
LoadResource
FindResourceW
GetProcAddress
GlobalLock
LocalFree
VerSetConditionMask
CreateProcessW
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
VerifyVersionInfoW
GlobalUnlock
MoveFileW
CreateEventW
GetSystemTimeAsFileTime
GetCurrentProcess
FormatMessageW
GetCurrentThreadId
SetEvent
ResetEvent
GetCurrentProcessId
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObjectEx
SetUnhandledExceptionFilter
GetSystemTime
IsDebuggerPresent
MultiByteToWideChar
GetFileAttributesW
WaitForSingleObject
GetModuleFileNameW
FindNextFileW
FindFirstFileW
CompareFileTime
SizeofResource
CreateDirectoryW
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter

user32

CheckDlgButton
GetWindowTextW
EnableWindow
EndPaint
BeginPaint
ChildWindowFromPoint
InvalidateRect
DialogBoxParamW
GetSysColorBrush
DrawTextW
IsClipboardFormatAvailable
GetDlgItem
GetClientRect
GetWindowLongW
CallWindowProcW
PostMessageW
GetWindowRect
GetFocus
GetDC
MessageBoxW
GetPropW
FillRect
SendMessageW
EndDialog
RemovePropW
SetWindowTextW
ShowWindow
OpenClipboard
SetTimer
CloseClipboard
SetDlgItemTextW
MapWindowPoints
GetDlgItemTextW
SendDlgItemMessageW
GetSysColor
DialogBoxIndirectParamW
IsWindowEnabled
MoveWindow
IsDlgButtonChecked
SetFocus
SetPropW
GetClipboardData
LoadIconW
SetWindowLongW

gdi32

SelectObject
GetStockObject
GetTextExtentPoint32W
SetBkMode
SetTextColor

advapi32

RegCreateKeyW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyW
RegDeleteValueW
RegSetValueExW

comctl32

InitCommonControlsEx

ole32

CoCreateGuid

shell32

SHGetFolderPathW

wininet

HttpAddRequestHeadersW
InternetReadFile
InternetConnectW
InternetCloseHandle
HttpOpenRequestW
HttpSendRequestW
InternetCrackUrlW
HttpQueryInfoW
InternetOpenW
InternetQueryDataAvailable

shlwapi

PathAppendW

msvcp140

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_BADOFF@std@@3_JB
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Xlength_error@std@@YAXPBD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z

vcruntime140

__std_exception_destroy
_except_handler4_common
memcpy
memset
_CxxThrowException
__std_exception_copy
__vcrt_InitializeCriticalSectionEx
__CxxFrameHandler3
strstr
memmove
memchr
wcsrchr
_purecall
memcmp

api-ms-win-crt-runtime-l1-1-0

_configure_wide_argv
abort
_invalid_parameter_noinfo_noreturn
__p___argc
_invalid_parameter_noinfo
_controlfp_s
terminate
_errno
_register_thread_local_exe_atexit_callback
_c_exit
_exit
_initterm_e
exit
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
__p___wargv
_register_onexit_function
_initialize_onexit_table

api-ms-win-crt-stdio-l1-1-0

setvbuf
fgetc
fclose
__stdio_common_vfscanf
fputs
fgets
__stdio_common_vsprintf
_get_stream_buffer_pointers
_wfopen_s
__stdio_common_vswprintf_s
ungetc
fflush
_set_fmode
fsetpos
__stdio_common_vfprintf
fwrite
__p__commode
__stdio_common_vsprintf_s
fputc
_fseeki64
fgetpos

api-ms-win-crt-time-l1-1-0

strftime
_localtime64
_gmtime64
_time64

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-environment-l1-1-0

_wgetenv
getenv
_putenv

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc
_set_new_mode

api-ms-win-crt-string-l1-1-0

_strdup
wcsncpy_s

api-ms-win-crt-math-l1-1-0

__setusermatherr
_dtest
modf
ceil
_except1

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-convert-l1-1-0

wcstol

api-ms-win-crt-utility-l1-1-0

rand

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.4MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2c8decd177a93d80f4af35ab8ab532b6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

nss3

kernel32

user32

gdi32

advapi32

comctl32

ole32

shell32

wininet

shlwapi

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

Sections

.text Size: 82KB - Virtual size: 82KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 1024B - Virtual size: 1KB

.gfids Size: 512B - Virtual size: 96B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 33KB - Virtual size: 32KB

.reloc Size: 1.4MB - Virtual size: 2.2MB

.text
Size: 82KB - Virtual size: 82KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 1024B - Virtual size: 1KB

.gfids
Size: 512B - Virtual size: 96B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 33KB - Virtual size: 32KB

.reloc
Size: 1.4MB - Virtual size: 2.2MB